Luận văn thạc sĩ Khoa học máy tính: Attribute-based pseudonymity for privacy-preserving authentication in cloud services

HO CHI MINH CITY UNIVERSITY OF TECHNOLOGY

NGUYEN ANH KHOI

ATTRIBUTE-BASED PSEUDONYMITY FOR PRESERVING AUTHENTICATION IN CLOUD SERVICES

PRIVACY-Major: COMPUTER SCIENCE Major code: 8480101

MASTER’S THESIS

HO CHI MINH CITY, January 2024

TECHNOLOGY – VIETNAM NATIONAL UNIVERSITY HO CHI MINH CITY

Scientific Instructor :Dr Truong Tuan AnhReviewer 1 : Dr Phan Trong Nhan

Reviewer 2 : Assoc Prof Dr Nguyen Tuan Dang

Master thesis defended at Ho Chi Minh City University Of Technology – Vietnam National University Ho Chi Minh City

Date 30 Month 1 Year 2014

Master thesis evaluation council consist of (Full name and title) 1.Chairman: Assoc Prof Dr Le Hong Trang

2.Secrectary: Dr Nguyen Thi Ai Thao3.Reviewer 1: Dr Phan Trong Nhan

4.Reviewer 2: Assoc Prof Dr Nguyen Tuan Dang5.Member: Assoc Prof Dr Nguyen Van Vu

Master thesis evaluation council and Head of Faculty’s confirmation after Master thesis’ correction (if any):

ENGINEERING

VIETNAM NATIONAL UNIVERSITY HO CHI MINH CITY

HO CHI MINH CITY UNIVERSITY OF TECHNOLOGY

THE SOCIALIST REPUBLIC OF VIETNAM Independence -Freedom - Happiness

MASTER THESIS MISSION

TOPIC: Attribute-Based Pseudonymity For Privacy-Preserving Authentication In

trong các dịch vụ đám mây

MISSION AND DETAIL: Propose and evaluate an attribute-based preserving authentication scheme for cloud services Develop proposed signature scheme that allows service providers to authenticate users based on their attributes while preserving user privacy and ensuring compliance with pseudonyms and access control policies

INSTRUCTOR: Dr Truong Tuan Anh

Ho Chi Minh city, April 2nd 2024 INSTRUCTOR

DEAD OF FACULTY OF COMPUTER SCIENCE AND ENGINEERING

(Name and Signature)

ACKNOWLEDGEMENTS

I would like to express my deepest gratitude to all those who have supported and guided me throughout the completion of this thesis Firstly, I am immensely thankful to Dr Truong Tuan Anh for his invaluable guidance, expertise, and encouragement throughout this research journey His insightful feedback and constructive criticism have played a crucial role in shaping this thesis

I would also like to extend my gratitude to the faculty members of the International Master Program for their dedication to education and for providing a conducive learning environment Their lectures, discussions, and academic resources have broadened my knowledge and enriched my understanding of the subject matter

Lastly, I would like to acknowledge the support and encouragement from my friends and family Their unwavering belief in my abilities and their unconditional support have been a constant source of motivation throughout this endeavor.

ABSTRACT

Attribute-based Authentication plays a crucial role in efficiently managing cloud-based services within the rapidly expanding market environment, providing scalable fine-grained access control settings However, the adoption of such authentication mechanisms often compromises privacy preservation The direct linkage between a user's attributes and their identity, spread across multiple service-providing organizations, raises concerns To address these concerns, various solutions have been proposed, including Privacy Attribute-based credentials (Privacy-ABCs) Privacy-ABCs offer pseudonym-based authentication, enabling users to establish anonymity through pseudonyms embedded with attributes Nevertheless, Privacy-ABCs necessitate selective disclosure of attribute values to service providers, limiting their applicability Alternatively, solutions like Mesh signatures and Attribute-based signatures (ABS) do not require selective disclosure but lack the capability to create pseudonyms for concealing real identities

This paper presents a novel pseudonym-based signature scheme that combines key features from Privacy Attribute-based credentials The scheme facilitates the self-generation of unlinkable pseudonyms, ensuring anonymity for users while integrating a secret sharing mechanism akin to Attribute-based signatures and Mesh signatures This integration enables efficient attribute verification Moreover, the proposed scheme offers verifiable delegation, allowing users to share specific attributes in accordance with a service provider's policy By merging the strengths of different approaches, this scheme provides a comprehensive solution that addresses the limitations of existing methods

The proposed pseudonym-based signature scheme contributes to enhancing privacy preservation in attribute-based authentication for cloud services It offers users the ability to establish anonymous identities, safeguarding their sensitive information behind pseudonyms Furthermore, the scheme ensures attribute verification through secret sharing techniques, enhancing security and trust in the authentication process The verifiable delegation feature provides flexibility for attribute sharing, aligning with service providers' policies and facilitating efficient access control Overall, this proposed scheme presents a comprehensive approach

towards privacy-preserving attribute-based authentication in the context of cloud services.

TÓM TẮT

Xác thực dựa theo thuộc tính đóng góp một vai trò quan trọng trong việc quản lý hiệu quả các dịch vụ thuộc hệ thống đám mây thuộc nền thị trường đang được mở rộng nhanh chóng, cung cấp cho những thiết lập kiểm soát truy cập có thể mở rộng Tuy nhiên, sự áp dụng các cơ chế thường gây xâm nhập đến sự bảo đảm an toàn cá nhân Mối liên kết trực tiếp giữa các thuộc tính và danh tính của người dùng bị lan truyền đến các tổ chức cung cấp dịch vụ gây nên mối lo ngại này Để đối ứng các mối lo này, nhiều phương pháp xử lý khác nhau đã được đề xuất đến, trong đó bao gồm hệ thống chứng thực dựa theo thuộc tính cá nhân (Privacy Attribute Based Credential - Privacy-ABCs) Privacy-ABCs cung cấp hệ thống xác thực dựa theo bí danh, cho phép người dùng thiết lập tính ẩn danh qua các bí danh được nhúng từ các thuộc tính Tuy nhiên, Privacy-ABCs đòi hỏi sự tiết lộ các giá trị thuộc tính cho các nhà cung cấp dịch vụ, hạn chế khả năng ứng dụng của chúng Ngoài ra, các giải pháp như Chữ ký lưới (Mesh signature) và Chữ ký dựa trên thuộc tính (Attribute Based Signature - ABS) không yêu cầu tiết lộ có chọn lọc nhưng thiếu khả năng tạo bí danh để che giấu danh tính thực

Bài viết này trình bày một hệ thống chữ ký dựa trên bút danh mới kết hợp các tính năng chính từ thông tin xác thực dựa trên Privacy-ABCs Hệ thống này tạo điều kiện cho việc tự tạo các bút danh không thể liên kết, đảm bảo tính ẩn danh cho người dùng đồng thời tích hợp cơ chế chia sẻ bí mật giống ABS và Mesh signature Sự tích hợp này cho phép xác minh thuộc tính một cách hiệu quả Hơn nữa, hệ thống này cung cấp khả năng ủy quyền có thể kiểm chứng, cho phép người dùng chia sẻ các thuộc tính cụ thể theo chính sách của nhà cung cấp dịch vụ Bằng cách kết hợp những điểm mạnh của các phương pháp khác nhau, sơ đồ này cung cấp một giải pháp toàn diện nhằm giải quyết những hạn chế của các phương pháp hiện có.

PLEDGE:

I solemnly pledge and affirm that this thesis represents my own original work All sources used in this research have been duly acknowledged and referenced Furthermore, I affirm that the findings and conclusions presented in this thesis are based on a comprehensive analysis of the data and adhere to the highest standards of academic integrity

I understand the importance of academic honesty and the consequences of plagiarism Therefore, I have taken great care to ensure that all information, data, and ideas from external sources are properly cited and attributed I have also adhered to the ethical guidelines and regulations set forth by the Faculty

I am committed to upholding the principles of intellectual honesty, integrity, and professionalism throughout my academic and professional journey I pledge to continue fostering a culture of responsible research and to strive for excellence in all future endeavors

Nguyen Anh Khoi April 2nd, 2024

TABLE OF CONTENTS

1 INTRODUCTION 1

A Authentication in Cloud services 5

B Role-based access control for authentication in Cloud services 6

C Privacy problem in Authentication 9

2 RESEARCH STATEMENT 11

3 RELATED WORKS 13

A The notion of identity confidentiality (Pfitzmann and Hansen, 2008) 13

B Privacy-Attribute based credentials (Privacy-ABCs) 14

C Attribute-based signature (ABS) and Mesh signature 16

D Attribute-based pseudonymity for privacy-preserving authentication in cloud services 18

a Certification Authorities’ trustworthiness 40

b Secure channel reliability 40

c Credential management 41

d Keys management 41

D Comparison with other works 41

TABLE OF FIGURES

Figure 1.1 Three types of Cloud Services 1

Figure 1.2 Four different environments of cloud services 4

Figure 1.3 Overview of how RBAC works 7

Figure 1.4 Fine-grained Access Control described inside a smart healthcare system 8

Figure 1.5 Illustration of ABAC concept, and how the admin is able to know every information of the user 11

Figure 3.1 Illustration of the definition of anonymity 13

Figure 3.2 An example of how Privacy-ABCs work, illustrated between two person figures 14

Figure 3.3 Illustration of how ABS works 17

Figure 4.1 Illustration of a Pseudonym system 20

Figure 4.2 Application of Pseudonym System in requesting access 21

Figure 4.3 Mathematical graph of the Elliptic Curve algorithm 22

Figure 4.4 Illustration of the general flow between three sides 24

Figure 4.5 The graph from Fig 4.4 summarized the processes into function names 25

Figure 4.6 Illustration of the KeyGen flow 26

Figure 4.7 Illustration of the CreGen flow 27

Figure 4.8 Illustration of the PseuGen flow 28

Figure 4.9 Illustration of the Sign flow (1/3) 30

Figure 4.10 Illustration of the Sign flow (2/3) 31

Figure 4.11 Illustration of the Sign flow (3/3) 32

Figure 4.12 Illustration of the SignCheck flow 35

Figure 4.13 Illustration of the Revoke flow 37

Figure 5.1 Result of 20 attempts tested on the system 38

Figure 6.1 Summary of the flow that provides input value for SignCheck 39

1 INTRODUCTION

everyone’s life, for the purpose of giving service to users the best and most convenient way, enhancing their experience In other words, it is a wide range of services that provides end-users and organizations access to resources and applications without any additional requirement other than the internet and any device that can connect to the internet (e.g personal computers, smart phones, tablets, and any other IoT devices)

Figure 1.1 Three types of Cloud Services

Source: Realvasi Digital Marketplace (2021)

Generally, there are three basic types of cloud services (Fig 1.1): Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS)[3]

SaaS consists of a variety of different services of storage and backups and web servers, as well as project management tools It provides a complete product that is run and managed by a service provider SaaS can be utilized to create a service using existing software solutions without the need to build and maintain one, which in return, people rather view SaaS like an end-user application SaaS is widely used in web-based mail services, office suites, platforms for communications such as team

messaging and video conferences, and more, with solutions which are available within SaaS Google Workspace is a popular service that falls into this category, containing a collection of Saas productivity tools, including popular applications like Gmail as a mailing service, Google Docs for document processing, Google Sheet for spreadsheets, and Google Slides for presentation purposes Dropbox and Zoom are also services which operate on SaaS, one being a cloud-based hosting service, giving user storage space on the cloud, the latter being a video conference and collaboration platform for host and joining video meetings

IaaS is a solution for cloud providers who want to manage SaaS tools without having to maintain it themselves, mainly scalability and cost-effective features It provides basic building blocks for cloud IT and access to networking features, computers and data storage spaces It offers scalable and reliable data storage for dynamic management, high performance computing power to effectively analyze large volumes of data and complex calculations, and reliable networking capabilities (e.g virtual networks, load balancers, firewalls, and VPN - virtual private networks) IaaS plays a significant role in handling big data and analytics workloads, with the necessary computing power and storage capability it provides, enabling businesses to make data-driven decisions It maintains all storage servers and networking hardware, eliminating the need for resource-intensive, on-site installations IaaS is widely used in services that provide scalable virtual machine, network and/or storage, one example being Amazon EC2 (Elastic Compute Cloud), one of many features of Amazon Web Service (AWS), implements scalable virtual servers in the cloud, allowing users to run applications and workloads on configurable virtual machine instances

PaaS provides databases, operating systems and programming languages for organizations and users that want to develop their own cloud services With these, it removes the need for organizations to manage any underlying structures such as hardware and operating systems, allowing them to focus on application deployment and management In PaaS, service providers manage the hardware, networking, and operating systems, while developers focus on application development and deployment In details, PaaS provides a preconfigured and managed platforms with

necessary infrastructures and tools, a development environment that allows developers to write, test, and debug their applications, managed database services such as relational database (e.g MySQL, SQL Server) or NoSQL databases (e.g MongoDB), which developers can leverage for their applications IaaS also provides scalability for applications, with mechanisms for load balancing and resource allocation, allowing applications to handle varying levels of traffic and different environments without manual intervention Last but not least, IaaS comes with support for collaboration and integration with other systems or third-party services and data sources, further enhancing application development PaaS is found in one of many AWS features, called AWS Elastic Beanstalk It is a fully managed service that makes it easy to deploy and run applications in multiple programming languages, able to handle infrastructure provisioning and auto-scaling

All three of these types of cloud services usually come together within a cloud service to fulfill complete cloud functionality Other than that, there are other types

cloud services which offer cloud-based security solutions, such as Firewall as a Service (FWaaS), Intrusion Detection and Prevention Systems as a Service (IDPSaaS), Secure Email Gateway as a Service, Web Application Firewall as a Service (WAFaaS), and Security Information and Event Management as a Service

one type of cloud service CDNs are a distributed network of servers located in various geological locations to deliver contents to users fast and efficiently, while also improving website performance, reducing bandwidth consumption, increased availability, and providing better user experience

Figure 1.2 Four different environments of cloud services

Source: Stackscale (2024)

Cloud services also come with different environments, depending on the needs: public, private, or a mix of both (e.g hybrid cloud and multi cloud) (Fig 1.2) Public cloud services are services that are made available for all users SaaS, IaaS and PaaS all provide public cloud services These services are often available to the general public or a large number of customers

Cloud services which the providers do not make it public otherwise are private cloud services These services are widely used by organizations and companies where their data are considered sensitive, for the services are only made available within the organization/company internal server, and are not accessible to external users With the infrastructure and resources dedicated solely for organizations, this environment satisfies organizations with specific compliances, good security, and performance

The mix variation such as Hybrid Cloud is widely used in organizations and companies that want to optimize the cost on their Cloud service needs, whereas mission-critical applications and data are stored in the Private Cloud side, while unusual traffic peaks and services overflowing are processed in the Public Cloud side A Hybrid Cloud is a flexible environment that integrates and orchestrates services from multiple providers, allowing data and applications to be shared in between

Multi Cloud environment, essentially like Hybrid Cloud but consists of a bigger number of Public Cloud and Private Cloud mixed together It can have as many Public and Private Cloud environments depending on an organization’s requirement An example involves using services from multiple cloud providers simultaneously, such as utilizing AWS for some applications while having Microsoft Azure for others This type of environment offers flexibility and it is getting more common over time, for its purpose being very dependable for large and complex projects that also require more complex solutions However, because of the complex characteristics of the Multi Cloud environment, it demands a special attention to security and management, which can be a challenge to organizations and companies As organizations increasingly adopt cloud services, understanding their types, features, and environments becomes vital for efficient and secure computing

A Authentication in Cloud services

Authentication plays a crucial role in cloud services by verifying the identity of users seeking access to a service Cloud service providers employ authentication mechanisms to establish trust and determine the legitimacy of user requests before granting access The authentication process safeguards cloud resources, protects user data, enforces access control policies, and ensures compliance with security standards By verifying the identity of users, authentication helps prevent unauthorized access, identity theft, and security breaches, thereby preserving the confidentiality, integrity, and availability of cloud-based systems and data

Authentication serves as a fundamental measure to differentiate malicious users from legitimate users, thereby mitigating potential harm to the system, the organization, and other authorized users It establishes a foundation of trust between cloud service providers and users, creating a secure environment where users can confidently access and utilize cloud services without compromising their data or resources Through robust authentication protocols, cloud service providers can authenticate users and grant access to their services while preventing unauthorized or malicious activities

The authentication process within cloud services typically begins with users initiating an authentication request to gain access to the service This commonly

involves a login interface where users input their usernames or IDs along with corresponding passwords This initial step ensures that users possess the necessary credentials to proceed with authentication Additionally, the assignment of static relationships between users and service providers plays a significant role in authentication Defining roles and associating users with specific roles facilitates access control and helps determine the level of user access rights Access control models, such as Role-based Access Control (RBAC), provide a structured framework for managing user roles and granting appropriate access privileges

B Role-based access control for authentication in Cloud services

mechanism that governs access to resources based on the concept of roles and permissions In RBAC, users are assigned specific roles, and each role is associated with a set of permissions that dictate the actions users can perform on designated resources This approach ensures that users possess the necessary access rights to fulfill their tasks effectively and efficiently RBAC not only facilitates access management but also enhances security by adhering to the principle of least privilege, wherein users are granted minimal permissions required for their authorized activities

RBAC has proven to be effective in many scenarios by streamlining access control and minimizing the risk of unauthorized access By assigning users to predefined roles and managing access permissions at the role level, RBAC simplifies the administration of user access rights This promotes scalability and reduces administrative overhead, making it a practical choice for organizations with moderate user populations and well-defined access requirements

However, RBAC faces challenges in cloud service environments where scalability and fine-grained access control are critical In cloud services, which often involve a large number of users and complex data access policies, traditional RBAC implementations may become impractical and inefficient The scalability challenge arises due to the sheer volume of users, roles, and permissions that need to be managed As the number of users increases, maintaining an extensive set of roles and associated permissions becomes cumbersome and difficult to manage effectively

Furthermore, cloud services often require fine-grained access control policies, where access privileges are defined at the level of individual data or resources In such cases, RBAC's rigid role-based approach may not provide the necessary flexibility to accommodate the granular access requirements The proliferation of roles and permissions can lead to a complex and redundant role structure, impeding the system's manageability and hindering efficient access control

To address these challenges, alternative approaches to RBAC have emerged in the context of cloud services (Fig 1.3) These approaches leverage advanced access control models that offer improved scalability and fine-grained control Solutions

policies based on various attributes and conditions By incorporating attributes such as user characteristics, resource properties, and environmental factors, these models enable fine-grained access control tailored to the specific requirements of cloud services

Figure 1.3 Overview of how RBAC works

Source: Author

Figure 1.4 Fine-grained Access Control described inside a smart healthcare system Source: Semantic Scholar (2018)

Traditional access control mechanisms, such as Role-Based Access Control (RBAC), have limitations in cloud service environments where scalability and fine-grained control are essential (Fig 1.4) To address these challenges, Attribute-Based Access Control (ABAC) has emerged as a more flexible solution ABAC enables access control decisions by evaluating complex rules against users' attribute sets, offering enhanced flexibility and granularity compared to traditional role-based approaches

ABAC operates based on the evaluation of attributes associated with users, resources, and contextual factors during the access request process Users are assigned attribute sets that encompass various characteristics such as name, gender, age, and organizational roles Additionally, attributes can include resource properties like sensitivity levels or classifications, as well as environmental factors like time or location By considering these attributes, ABAC provides a dynamic and context-aware authentication process

The evaluation of complex rules against users' attribute sets forms the basis of ABAC's access control decisions Service providers define rules that specify the conditions for granting access to objects or services These rules consider attribute

values associated with users, resources, and the contextual factors relevant to the access request By leveraging attribute-based evaluations, ABAC allows service providers to establish fine-grained access control policies tailored to the specific requirements of cloud services

In the ABAC model, service providers utilize the attribute values associated with users to verify their identities and assign appropriate privileges For instance, within an organization, if a user's attribute set includes a "department" attribute with the value "accountant," the user can be granted privileges to access and manipulate financial data ABAC empowers service providers to enforce access control based on the attributes relevant to the specific service, ensuring that only authorized users with matching attribute values are granted access

The attribute-based approach offers several advantages in cloud service authentication First, ABAC provides enhanced flexibility by allowing the inclusion of a wide range of attributes relevant to the authentication process This flexibility enables service providers to establish access control policies based on specific user characteristics, resource properties, and contextual factors, aligning access privileges with the unique requirements of cloud services

Furthermore, ABAC promotes granular access control by evaluating complex rules against attribute sets This enables service providers to define highly specific conditions for granting access to individual objects or services The fine-grained control offered by ABAC ensures that access privileges are precisely tailored to meet the security and compliance requirements of cloud services

C Privacy problem in Authentication

Attribute-Based Access Control (ABAC) has gained prominence as a promising approach for managing user authentication and fine-grained access control in cloud-based services However, the application of ABAC raises concerns regarding user privacy, particularly when it comes to the disclosure of sensitive attributes during the authentication process Attributes such as home addresses, national identification numbers, and phone numbers, which are considered private information, should be safeguarded and not indiscriminately distributed The

disclosure of such attributes can pose risks to user privacy and potentially lead to unauthorized profiling or misuse of personal information

While ABAC offers flexibility and granular access control, there is a need for caution to ensure that user privacy is adequately protected Cloud service providers should only request and collect the minimum set of attributes necessary for authentication purposes Requiring users to provide their entire attribute set may expose sensitive personal information unnecessarily Reducing the scope of attribute disclosure minimizes the risk of unauthorized access and unauthorized use of personal information

Moreover, ABAC implementations may involve the collection and aggregation of attributes from various sources to make access control decisions This process can potentially enable the creation of comprehensive user profiles or the correlation of attributes across different contexts The aggregation of attributes raises significant security concerns and increases the risk of privacy breaches Providers must adopt appropriate safeguards to protect user data, including strong encryption, secure data storage practices, and strict access controls to prevent unauthorized access to attribute repositories

To address these privacy concerns, cloud service providers need to prioritize trust and transparency They should clearly communicate the specific attributes required for authentication and inform users about how their personal information will be handled and protected Additionally, providers should implement privacy-preserving mechanisms, such as data anonymization or tokenization, to ensure that personally identifiable information is not exposed unnecessarily during the authentication process

It is essential to strike a balance between achieving effective authentication and preserving user privacy While ABAC holds promise for cloud service authentication, it is crucial to recognize and address the potential risks associated with attribute disclosure By implementing privacy-centric practices and minimizing the collection and use of sensitive attributes, cloud service providers can instill confidence in their users and demonstrate a commitment to protecting their privacy (Fig 1.5)

Figure 1.5 Illustration of ABAC concept, and how the admin is able to know every information of the user

Source: Author 2 RESEARCH STATEMENT

The objective of this research is to develop and implement a pseudonym-based privacy-preserving authentication system The system aims to enable users to access services while maintaining anonymity by using pseudonyms instead of their real identities Users have the ability to create and manage multiple pseudonyms, each representing different roles and permissions, which can be used across various organizations and service providers Importantly, these pseudonyms are unlinkable, ensuring that any attempts to correlate them would not reveal the users' real identities, while it can be used along with signing the user’s attributes and credentials to verify validation In case of misusers, these pseudonyms can be used during revoking those users’ access to reveal their identity if needed The service provider can manage these pseudonyms creation policies, such as how many pseudonyms a user can create and manage at a time, and the lifetime of each pseudonym

In the context of authentication for cloud-based services, the pseudonym system offers conditional privacy During the verification process, users are only required to anonymously sign a limited number of attributes with their pseudonyms Their real identities remain hidden, and the attributes used for verification cannot be used to trace or profile them Additionally, the system includes mechanisms for

revoking the privacy rights of misusers, allowing a trusted authority to retrieve their real identities if necessary

Compared to systems that lack pseudonym functionality, the proposed pseudonym-based privacy-preserving authentication system minimizes the risk of users' information being compromised By defining and identifying users through pseudonyms instead of traditional authentication methods, the chances of tracing and profiling individuals are significantly reduced

This pseudonym-based privacy preserving authentication system proposed in this paper aims to solve the following problem where:

- The users’ identities and attribute set must not be disclosed before, during, and after using the service Meaning that, users can access and use the services without any concern about disclosing their identity, or at least a minimum of attributes is disclosed but not enough for guaranteed identity disclosure throughout tracing and profiling methods This can be done effectively by generating unlinkable pseudonyms, users can access services and resources without revealing their real identities or disclosing a comprehensive set of attributes - The verifier does not need to know the users’ real identities nor the

whole attribute set, but can still prove trustworthiness through the users’ provided pseudonyms This can be done by acknowledging the users through their pseudonyms and only the required attributes is enough to gain trust and know who are being provided the services, whilst the users can keep their identities disclosed For example, from the first feature where a user provides his/her attributes and pseudonym, the service provider can consider whoever that pseudonym represents to have the valid attributes along with it

- Have an effective revocation process in place to counter and prevent misusers This process comes from the pseudonyms system, where it allows issuing authorities to retrieve a misuser’s real identity Note that issuing authorities still have no right to obtain normal users’ identities if their behavior does not pose a threat to the system

Figure 3.1 Illustration of the definition of anonymity

Source: Author

Anonymity allows subjects within the anonymous set to interact freely with other entities while keeping their identities concealed During such interactions, the interacting parties are aware that they belong to distinct sets of entities but possess no specific information about each other's identities For instance, in an interaction between representatives from Group A and Group B, both individuals know only that they belong to different groups without disclosing their actual identities

However, applying this concept becomes challenging in service-oriented architectures, particularly when user accounts and sessions need to be maintained over the short, medium, or long term Cloud services, in particular, require certain

user information to establish trust and grant credentials for access Additionally, for cases involving malicious users, this proposed approach presents difficulties in identifying and preventing their activities Service providers lack sufficient data to effectively identify and prevent future misuses by such misusers Another limitation arises when the set consists of a small number of entities, making identification of the target entity relatively easy, rendering this approach ineffective in such cases

In service-oriented architectures, striking a balance between preserving user identity confidentiality and providing necessary information for authentication is essential Cloud service providers must retain some user information to establish trust and grant appropriate access credentials However, measures should be implemented to minimize unnecessary data disclosure and protect user identities Balancing these requirements ensures that user privacy is safeguarded while maintaining the integrity and security of cloud-based services

B Privacy-Attribute based credentials (Privacy-ABCs)

Attribute based credential (ABC) is a form of authentication mechanism that allows users to exclusively and selectively authenticate attributes for service access without revealing additional information Originally aimed to enhance privacy and

users to authenticate without revealing their actual identities or disclosing unnecessary personal information For example, a movie that requires an attribute representing the age value of 18 or over The customer can selectively authenticate his/her birthday and run a proof where “today - birthday > 18” Aside from his/her name and their birthday which were received, no additional information is disclosed These systems integrate attributes in the form of tuples (attributex, value) Within these systems, the users only need to disclose some attributes that they own instead of unnecessarily disclosing the whole attribute set Fig 3.2 illustrates this example:

Figure 3.2 An example of how Privacy-ABCs work, illustrated between two person figures

Source: Author

specific attributes or claims about themselves while keeping others attributes private This selective disclosure provides individuals with fine-grained control over the information they reveal, minimizing unnecessary exposure of personal data Therefore, within the verification process, Privacy-ABCs focuses on validating the attributes or claims made by the credentials, rather than confirming the individual's real identity This mechanism often relies on cryptographic techniques to ensure the privacy and integrity of the credentials Techniques such as zero-knowledge proofs, digital signatures, and encryption are employed to securely transfer and validate the credentials without exposing any sensitive information

developed by Microsoft Research It leverages cryptographic techniques to enable selective disclosure of information, allowing users to prove certain claims or attributes without revealing unnecessary details There are several aspects that U-Prove based on Privacy-ABCs Such are the features of selective disclosure to protect individuals and their privacy by limiting unnecessary exposure of personal information And the feature of Anonymity and Pseudonymity, which is the fundamental aspect of Privacy-ABCs with minimal linkability between different transactions or interactions U-Prove follows an unlinkable token principle, with a special type of public key and signature encoded within, and the cryptographic “wrapping” of the attributes prevents unwanted tracking of users through collusion within these tokens

Idemix (short for Identity Mixer) is a cryptographic technology developed by IBM that focuses on privacy-preserving identity management and selective attribute disclosure, giving the user an ability to “transform” themselves into unlinkable credentials, while such credentials only contain their attested attributes Both of these works in general allow users to obtain attributes from multiple issuing authorities while preventing authorities from learning the users’ attribute set

More importantly, Privacy-ABCs provide constructions to enable pseudonym generation and credential revocation, which in turn helps users generate pseudonyms with selected attributes and protect privacy by decoupling transactions from real-world identities, while it helps the system to obtain misusers’ identity in case of misbehavior for future misuse prevention

The main limitation of Privacy-ABCs schemes is that the attribute verification process involves the explicit disclosure of some attribute values Although only some attribute values are disclosed, for some cases, it can be enough to possibly narrow down the user’s identification and profiling process In other words, it still has a small risk of unintentionally disclosing a user’s whole attribute set and their identity from the disclosure of a limited amount of selected attributes

C Attribute-based signature (ABS) and Mesh signature

Attribute-based Signature (ABS) and Mesh Signature are cryptographic primitives that provide advanced signature schemes with unique properties These systems[12] provide attributes that are embedded into the signing keys in the form of descriptive elements Users are only known to hold what specific attributes, without any associated value What we get is signatures that attest not only the identity of the user who signed, but also the attributes that user claimed to be possessing The user who signed will also be in an anonymous state and is indistinguishable from other users whose attributes satisfy the predicate specified in the signature Misusers cannot forge signatures with attributes that they don’t possess even through aiming for collusion

signer to attach attributes to their signature These attributes can be associated with the signer's identity, role, or specific properties This provides fine-grained access

control and flexibility in verifying the authenticity and attributes of the signer ABS can be particularly useful in anonymous authentication and attribute-based messaging systems, and in scenarios where access control based on attributes is important, which is part of cloud computing environments It allows for efficient and flexible verification while preserving privacy and ensuring that only authorized parties can access the signed data

ABS proved to be useful in anonymous authentication and attribute-based messaging systems As an advantage, ABS enables users to prove that the embedded attribute set satisfies a predefined boolean function in the form of an access structure Fig 3.3 Illustrates the mechanism of ABS

Figure 3.3 Illustration of how ABS works

Source: Author

collaborate and produce a collective signature on a document or message It provides a means for distributed signing, where each signer contributes their partial signature, and the final signature is a combination of these partial signatures The distinguishing feature of Mesh Signature is its ability to withstand collusion attacks Even if a subset of the signers colludes and tries to produce a fraudulent signature on a different message, Mesh Signature prevents such attacks by ensuring that all signers must participate in the signing process to generate a valid collective signature

Mesh Signature schemes follow a similar approach since users can prove the possession of attribute sets with respect to a specific access tree structure These schemes, similar to ABS, give the user an ability to sign anonymously This scheme is popularly used in Internet of Things (IoT) technology However, Mesh signature schemes allow collusion between users, where a set of users can jointly sign with collective attributes This feature is undesirable and should be limited by service providers

Compared to Privacy-ABCs in terms of privacy, ABS and Mesh signature can achieve higher guarantees, since the attributes are not disclosed in any way However, the main and important limitation of ABS and Mesh signature is they do not support pseudonymity, which Privacy-ABCs provide

D Attribute-based pseudonymity for privacy-preserving authentication in cloud services

Attribute-based pseudonymity is a concept that contributes to preserving authentication in cloud services It involves the use of pseudonyms and attributes to protect the real-world identities of users while enabling secure access to cloud resources It is a technique employed in cloud services to authenticate users while preserving their privacy and anonymity, where traditional authentication mechanisms often rely on revealing personal identifiers or real-world identities, which may raise privacy concerns and expose sensitive information

privacy-This proposal is based on the work[16] In this approach, users are assigned pseudonyms that are used during the authentication process instead of their real identities These pseudonyms can be generated randomly or derived from specific attributes associated with the users The work aims to be the cornerstone for scalable fine-grained access control within the growing market of cloud services It proposes a pseudonym-based signature scheme combined with embedded attributes that can be verified according to a predefined access tree structure without disclosing the attributes The scheme allows the user to be able to generate an unlimited amount of pseudonyms, while their attribute set is kept private Service providers can verify the compliance of the attributes according to an access tree structure without disclosing the exact attributes within the pseudonyms The proposed scheme also provides conditional attribute delegation - similar to Mesh signatures where users use their attribute to sign a signature with a wider attribute set - and enables the verifier (the service provider) to choose which attributes are shareable between users

Attribute-based pseudonymity in privacy-preserving authentication provides several benefits It allows users to access cloud services without revealing their real identities, reducing the risk of identity theft, profiling, or unauthorized tracking It