Security Protocols with Privacy and Anonymity of Users

Abstract

Security is very important for many Internet and mobile applications, but with the recent proliferation of tracking and profiling of users and unauthorized distribution of their personal data, user privacy is also becoming a very important issue. In addition, new technologies are introducing the possibility of innovative applications that require user anonymity. Privacy means that user identities and transactions are revealed and known only to transaction partners and only during the execution of the transaction. Anonymity, on the other hand, means that even transaction partners do not have access to that information. The requirements for providing standard security services, that require sharing of user identities and security credentials, are contrary to the requirements of privacy and anonymity. This paper describes an innovative solution to this problem: a design of extensions of standard security protocols – user authentication, key exchange protocol, and authorization protocol – to include privacy and even anonymity of users. The solution is based on the concept of a secure application proxy server, special cryptographic protocols, and encapsulated security objects. Keywords