In invitation-based systems, a user is allowed to join upon receipt of a certain number of invitations from the existing members. The system administrator approves the new membership if he authenticates the inviters and the invitations, knowing who is invited by whom. However, the inviter-invitee relationship is privacy-sensitive information and can be exploited for inference attacks: The invitee’s profile (e.g., political view or location) might leak through the inviters’ profiles. To cope with this problem, we propose Inonymous, an anonymous invitation-based system where the administrator and the existing members do not know who is invited by whom. We formally define and prove the inviter anonymity against honest but curious adversaries and the information theoretic unforgeability of invitations. Inonymous is efficiently scalable in the sense that once a user joins the system, he can immediately act as an inviter, without re-keying and imposing overhead on the existing members. We also present InonymouX, an anonymous cross-network invitation-based system where users join one network (e.g., Twitter) using invitations of members of another network (e.g., Facebook).
CITATION STYLE
Boshrooyeh, S. T., & Küpçü, A. (2017). Inonymous: Anonymous invitation-based system. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10436 LNCS, pp. 219–235). Springer Verlag. https://doi.org/10.1007/978-3-319-67816-0_13
Mendeley helps you to discover research relevant for your work.