A Language Framework for Privacy-Preserving Attribute-Based Authentication

Existing cryptographic realizations of privacy-friendly authentication mechanisms such as anonymous credentials, minimal disclosure tokens, self-blindable credentials, and group signatures vary largely in the features they offer and in how these features are realized. Some features such as revocation or deanonymization even require the combination of several cryptographic protocols. These differences and the complexity of the cryptographic protocols hinder the deployment of these mechanisms for practical applications and also make it almost impossible to switch the underlying cryptographic algorithms once the application has been designed. In this paper, we aim to bridge this gap and simplify the design and deployment of privacy-friendly authentication mechanisms. We unify the different concepts and features and define privacy-preserving attribute-based credentials (Privacy-ABCs), provide a language framework in XML schema, and give a semantics to describe the effect of the different transactions in a privacy-friendly authentication system using Privacy-ABCs. Our language framework enables application developers to use Privacy-ABCs with their different features without having to consider the specific cryptographic algorithms under the hood, similarly as they do today for digital signatures, where they do not need to worry about the particulars of the RSA and DSA algorithms either.

A shortened version of this paper entitled "Concepts and Languages for Privacy-Preserving Attributed-Based Authentication" has appeared in "Policies and Research in Identity Managment", Proc. 3rd IFIP WG 11.6 Working Conference on Policies & Research in Identity Management "IDMAN," London, United Kingdom, IFIP Advances in Information and Communication Technology, vol. 396 (2013) pp. 34-52.