Presentation is loading. Please wait.

Presentation is loading. Please wait.

Real Name Registration Will there be privacy?

Similar presentations


Presentation on theme: "Real Name Registration Will there be privacy?"— Presentation transcript:

1 Real Name Registration Will there be privacy?
22-March-2004 Real Name Registration Will there be privacy? K.P. Chow1, Echo P. Zhang1, S.H. Hou2 & F. Xu3 July 2013 Hong Kong 1University of Hong Kong 2University of Science and Technology, Beijing 3Institute of Information Engineering, CAS 1

2 Real-Name System When a user wants to register an account on a blog, website or bulletin board system, he is required to offer identification credentials including their real name to the network service center One may use an on-line pseudonym, however, the person’s real identity would be available if rules or laws are broken CISC

3 Where is real-name system implemented?
CISC

4 South Korea The first country implemented real-name system
Since 28 Jun 2009, 35 Korea websites have implemented a name registration system according to the newly amended Information and Communications Network Act (Choi Jin-sil Law) CISC

5 Why real-name system in Korea?
Implemented after the suicide of Choi Jin-sil (崔真实) which was said related to malicious comments about her on Internet bulletin boards On 23 Aug 2012, the Constitutional Court of Korea ruled unanimously that the real-name requirements is unconstitutional, citing such provision’s violation of freedom of speech in cyberspace CISC

6 The Korea Constitutional Court said
The system has not been beneficial to the public, …, number of illegal or malicious postings online has not decreased Instead, users moved to foreign Websites Also prevent foreigners from expressing their opinions online CISC

7 Who’s next? CISC

8 The China Development 2002 李希光 proposed “Anonymous should be prohibited on the Internet” CISC

9 Since 2002 2003: “real-name registration” at the cyber cafe
2004: real-name registration website appeared 2005: real-name registration for website administrators 2005: real-name registration for QQ group creators and administrators CISC

10 From 2008 2008: MIIT (Ministry of Industry and Information Technology) proposed real-name registration 2012: sina.com, sohu.com, 163.com and blog.qq.com implemented real-name registration 2013: Chinese government announced real-name registration be implemented by June 2014 CISC

11 How the real-name registration be implemented?
CISC

12 Some requirements Allows indirect real-name registration
“后台实名、前台匿名”的实名制度 (real-name at the back, pseudonym at the web) Practical issues: Large number of users Cost to implement should low CISC

13 Who should be responsible for the registration?
Public security (Police)? Government department(s)? Websites or service providers? Independent authority? CISC

14 Real-Name Registration Our Proposal
Multiple parties involved User (U) Registration center (RC) Independent authority (IA) Personal data storage center (PDSC) Components User real-name registration (RN) User web-name registration (WN)

15 Real-Name Registration Encryption Scheme
Use Shamir’s Secret Sharing Scheme 2 out of 3: 3 parties sharing the secret and any 2 parties together can decryption the secret The 3 parties: User (U), Independent Authority (IA) and Registration Center (RC) To retrieve the real-name For crime case, the Police can request the Court to order the IA and RC to retrieve the real-name For personal reason, the User can request the Registration Center to retrieve the real-name

16 User Real-Name Registration
Data Storage Server 2.1. E pkID(PAI) 3. Destroy the PAI Registration Center (RC) 2.2a (xi1, yi1) Key Server (xi0, yi0) 1. Submit Personal Authentication Information (PAI) 2.2b (xi2, yi2) User (U) 2.2c (xi3, yi3) Private Data Storage Center (PDSC) Independent Authority (IA)

17 User real-name registration
REGISTRATION: User connect to the Registration Center using a secure channel and Private Authentication Information (PAI) are submitted to the Registration Center AUTHENTICATION: Registration Center authenticate the identity of the User using the submitted Private Authentication Information (PAI), and then encrypted the PAI

18 User real-name registration (Authentication)
(2.1) Assign Web-user name (WN) to each user (2.2) Build public-secret key pair (pkID, skID) and 2-degree polynomial fID for each user such that fID(0)=skID (2.3) Use pkID to encrypt user Personal Authentication Information (PAI) and store (Web-user name WN, pkID, encrypted PAI) in PDSC (2.4) Generate 4 pairs (xik, yik) such that k=0…3, fID(xik)=yik on the Key Server in PDSC, keep (xi0, yi0) in Key Server and distribute the other 3 pairs to the User, Registration Center and the Independent Authority (2.5) Return the Web-user name (WN) to the user (2.6) In RC, destroy the user Private Authentication Information (PAI) but keep the (Web-user name WN, fID) Note that we use the polynomial for secret sharing of the skID ,please refer to Shamir’s Secret Sharing Scheme or the supplementary

19 User Web-name Registration
6. Retrieve the encrypted answer w.r.t. WN 4. Based on WN, retrieve the pkID 5. Encrypt N answers with pkID Data Storage Server Key Server 2.2. Send the WN and the question PDSC 7. Compare the submitted answer and the retrieved answer, If there’s one and only one correct answer matching the record, return success, otherwise return fail. Website (Service Provider) 1. Service Request 2.1. Verify the identity (Ask the question about PAI) User (U) 3. Submit N answers (and among them there’s only one correct answer) and the Web-name (WN)

20 User Web-name Registration at the Service Provider
The User requests to use the service at Service Provider with Web-user name (WN) The Server Provider asks questions based on Personal Authentication Information (PAI), question sent to both the User and the PDSC The User sends N answers (only 1 is correct) to the Key Server at PDSC The Key Storage Server based on the Web-user name WN, retrieves the pkID and encrypts the N answers, and then sends the encrypted answers to the Data Storage Server. The Data Storage Server compares the encrypted answers with the stored data in the Data Storage Server, if exactly one answer is matched, the Web-user name WN is authenticated

21 Some Properties User A cannot pretend to be User B because he cannot give a right answer about User B’s Personal Authentication Information (PAI) Users can see their own PAIs but others cannot For a crime case, the Police can make a request to the Court to order the RC and IA to retrieve the Real-name of the user (RN): For example, the Police wants to investigate the user “剑客” and makes a request to the Court to order RC and IA to retrieve the real-name of “剑客”. Based on the input from RC and IA, PDSC constructs the polynomial f剑客(.), find the secret key sk剑客 by computing f剑客(0) and then retrieves the identity of the Web-name user “剑客”.

22 22-March-2004 Thank You 22


Download ppt "Real Name Registration Will there be privacy?"

Similar presentations


Ads by Google