Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Real Name Registration Will there be privacy? K.P. Chow 1, Echo P. Zhang 1, S.H. Hou 2 & F. Xu 3 July 2013 Hong Kong 1 1 University of Hong Kong 2 2.

Similar presentations


Presentation on theme: "1 Real Name Registration Will there be privacy? K.P. Chow 1, Echo P. Zhang 1, S.H. Hou 2 & F. Xu 3 July 2013 Hong Kong 1 1 University of Hong Kong 2 2."— Presentation transcript:

1 1 Real Name Registration Will there be privacy? K.P. Chow 1, Echo P. Zhang 1, S.H. Hou 2 & F. Xu 3 July 2013 Hong Kong 1 1 University of Hong Kong 2 2 University of Science and Technology, Beijing 3 3 Institute of Information Engineering, CAS

2 Real-Name System When a user wants to register an account on a blog, website or bulletin board system, he is required to offer identification credentials including their real name to the network service center One may use an on-line pseudonym, however, the person’s real identity would be available if rules or laws are broken CISC2

3 3 Where is real-name system implemented? CISC

4 South Korea The first country implemented real-name system Since 28 Jun 2009, 35 Korea websites have implemented a name registration system according to the newly amended Information and Communications Network Act (Choi Jin-sil Law) CISC4

5 Why real-name system in Korea? Implemented after the suicide of Choi Jin-sil ( 崔真实 ) which was said related to malicious comments about her on Internet bulletin boards On 23 Aug 2012, the Constitutional Court of Korea ruled unanimously that the real-name requirements is unconstitutional, citing such provision’s violation of freedom of speech in cyberspace CISC5

6 The Korea Constitutional Court said The system has not been beneficial to the public, …, number of illegal or malicious postings online has not decreased Instead, users moved to foreign Websites Also prevent foreigners from expressing their opinions online CISC6

7 7 Who’s next? CISC

8 The China Development 2002 李希光 proposed “Anonymous should be prohibited on the Internet” CISC8 http://www.chuanmeijia.com/zt/mingrentang/lixiguang/

9 Since 2002 2003: “real-name registration” at the cyber cafe 2004: real-name registration website appeared 2005: real-name registration for website administrators 2005: real-name registration for QQ group creators and administrators CISC9

10 From 2008 2008: MIIT (Ministry of Industry and Information Technology) proposed real-name registration 2012: sina.com, sohu.com, 163.com and blog.qq.com implemented real- name registration 2013: Chinese government announced real-name registration be implemented by June 2014 CISC10

11 11 How the real-name registration be implemented? CISC

12 Some requirements Allows indirect real-name registration –“ 后台实名、前台匿名 ” 的实名制度 (real- name at the back, pseudonym at the web) Practical issues: –Large number of users –Cost to implement should low CISC12

13 Who should be responsible for the registration? Public security (Police)? Government department(s)? Websites or service providers? Independent authority? CISC13

14 Real-Name Registration Our Proposal Multiple parties involved –User (U) –Registration center (RC) –Independent authority (IA) –Personal data storage center (PDSC) Components –User real-name registration (RN) –User web-name registration (WN)

15 Real-Name Registration Encryption Scheme Use Shamir’s Secret Sharing Scheme 2 out of 3: 3 parties sharing the secret and any 2 parties together can decryption the secret The 3 parties: User (U), Independent Authority (IA) and Registration Center (RC) To retrieve the real-name –For crime case, the Police can request the Court to order the IA and RC to retrieve the real-name –For personal reason, the User can request the Registration Center to retrieve the real-name

16 User Real-Name Registration Registration Center (RC) Key Server (x i0, y i0 ) Data Storage Server User (U) 1. Submit Personal Authentication Information (PAI) 3. Destroy the PAI 2.1. E pkID (PAI) 2.2a (x i1, y i1 ) Private Data Storage Center (PDSC) Independent Authority (IA) 2.2b (x i2, y i2 ) 2.2c (x i3, y i3 )

17 User real-name registration 1.REGISTRATION: User connect to the Registration Center using a secure channel and Private Authentication Information (PAI) are submitted to the Registration Center 2.AUTHENTICATION: Registration Center authenticate the identity of the User using the submitted Private Authentication Information (PAI), and then encrypted the PAI

18 User real-name registration (Authentication) (2.1) Assign Web-user name (WN) to each user (2.2) Build public-secret key pair (pk ID, sk ID ) and 2-degree polynomial f ID for each user such that f ID (0)=sk ID (2.3) Use pk ID to encrypt user Personal Authentication Information (PAI) and store (Web-user name WN, pk ID, encrypted PAI) in PDSC (2.4) Generate 4 pairs (x ik, y ik ) such that k=0…3, f ID (x ik )=y ik on the Key Server in PDSC, keep (x i0, y i0 ) in Key Server and distribute the other 3 pairs to the User, Registration Center and the Independent Authority (2.5) Return the Web-user name (WN) to the user (2.6) In RC, destroy the user Private Authentication Information (PAI) but keep the (Web-user name WN, f ID ) Note that we use the polynomial for secret sharing of the sk ID,please refer to Shamir’s Secret Sharing Scheme or the supplementary

19 User Web-name Registration Website (Service Provider) Website (Service Provider) Key Server Data Storage Server User (U) 1. Service Request 2.1. Verify the identity (Ask the question about PAI) 3. Submit N answers (and among them there’s only one correct answer) and the Web-name (WN) 5. Encrypt N answers with pk ID 2.2. Send the WN and the question 7. Compare the submitted answer and the retrieved answer, If there’s one and only one correct answer matching the record, return success, otherwise return fail. PDSC 4. Based on WN, retrieve the pk ID 6. Retrieve the encrypted answer w.r.t. WN

20 User Web-name Registration at the Service Provider 1.The User requests to use the service at Service Provider with Web-user name (WN) 2.The Server Provider asks questions based on Personal Authentication Information (PAI), question sent to both the User and the PDSC 3.The User sends N answers (only 1 is correct) to the Key Server at PDSC 4.The Key Storage Server based on the Web-user name WN, retrieves the pk ID and encrypts the N answers, and then sends the encrypted answers to the Data Storage Server. 5.The Data Storage Server compares the encrypted answers with the stored data in the Data Storage Server, if exactly one answer is matched, the Web-user name WN is authenticated

21 Some Properties 1.User A cannot pretend to be User B because he cannot give a right answer about User B’s Personal Authentication Information (PAI) 2.Users can see their own PAIs but others cannot 3.For a crime case, the Police can make a request to the Court to order the RC and IA to retrieve the Real-name of the user (RN): –For example, the Police wants to investigate the user “ 剑客 ” and makes a request to the Court to order RC and IA to retrieve the real-name of “ 剑客 ”. Based on the input from RC and IA, PDSC constructs the polynomial f 剑客 (.), find the secret key sk 剑客 by computing f 剑客 (0) and then retrieves the identity of the Web-name user “ 剑客 ”.

22 22 Thank You


Download ppt "1 Real Name Registration Will there be privacy? K.P. Chow 1, Echo P. Zhang 1, S.H. Hou 2 & F. Xu 3 July 2013 Hong Kong 1 1 University of Hong Kong 2 2."

Similar presentations


Ads by Google