Information Technology Reference
In-Depth Information
k
1
) as a pseudonym.
But it is obvious, that this pseudonym does not hide any information (especially
the user identifier -
UID
) without additional measures. Given a pseudonym of
this form, the ID of the user which has been used to generate the pseudonym
can be easily retrieved by decrypting the block
EID
1
with key
k
1
. Replacing
the symmetric encryption by asymmetric encryption (in this paper RSA) solves
that problem. For simplicity of our notation, we will only display the public and
private exponents (
e
and
d
) of the public and private keys (
e, n
)and(
d, n
). So
for example E
e
(
m
) represents the asymmetric encryption of message
m
with the
public key (
e, n
).
More generally, a pseudonym
P
of an user identity (
UID
) is generated by
use of a function
f
parameterized with at least two parameters: the user identity
UID
and a secret key
k
. In our approach, this function
f
has to be a bijective
(one-to-one) one-way computation, more precisely an asymmetric encryption
function, and the key
k
is the public key (
e, n
). Hence the pseudonym results in
P
=
f
(
UID,k
)=E
e
(
UID
)
One may now directly use the unique Identifier (
EID
1
||
n
.
Since the public key (and its components) are random, two different users
may accidentally choose the same key. By concatenating E
e
(
UID
)and
e
||
k
=E
e
(
UID
)
||
e
||
n
we
ensure, that at least one of the components and hence the concatenation of the
components is globally unique. For details see the proof of uniqueness given later
on in this paper.
This scheme generates unique but nevertheless highly random pseudonyms
in a distributed environment. More precisely, each user can now generate his
pseudonym locally in his personal security environment (PSE), e.g. in his smart
card or his PDA (personal digital assistant). There is no need for any global
data (especially keys) or information interchange between issuing parties. The
only requirement is a unique identifier (
UID
- user identifier) for each user of
the system and a unique identifier for each PSE of the system, which may easily
be managed by the use of a hierarchical issuing structure. If smart cards are
used as a PSE, then the
ICCSN
(integrated chip card serial number [10]) - a
globally unique identifier which is stored in every smart card - can be used in
the generating process. So we do not need to distribute or manage any IDs at all.
One problem with using the
ICCSN
is, that this number may be used during
the authentication of the smart card (e.g. to derive the individual authentication
key of the card) or to manage black-lists of revoked or lost smart cards. In this
case, the card has to hold a user identifier, which cannot be linked to the holder of
the card. Nevertheless, by now only the need for a globally unique identifier shall
be emphasized, one concrete mechanism for such an identifier will be presented
in section 5.
The principle to generate unique and highly random pseudonyms is quite
easy (see figure 2 and figure 3):
||
1. The user (respectively his PSE) generates a key-pair for an asymmetric en-
cryption algorithm.
For the ease of description, we will focus on the RSA-System [11] in the
remainder of this paper. Other asymmetric encryption schemes will work as
