Crypto-Book: An Architecture for Privacy Preserving Online Identities

John Maheswaran, David Isaac Wolinsky, Bryan Ford
Yale University

Twelfth ACM Workshop on Hot Topics in Networks (HotNets-XII)
November 22, 2013


Through cross-site authentication schemes such as OAuth and OpenID, users increasingly rely on popular social networking sites for their digital identities — but use of these identities brings privacy and tracking risks. We propose Crypto-Book, an extension to existing digital identity infrastructures that offers privacy-preserving, digital identities through the use of public key cryptography and ring signatures. Crypto-Book builds a privacy-preserving cryptographic layer atop existing social network identities, via third-party key servers that convert social network identities into public/private key- pairs on demand. Using linkable ring signatures, these key-pairs along with the public keys of other identities create unique pseudonyms untraceable back to the owner yet can resist anonymous abuse.

Our proof-of-concept implementation of Crypto-Book creates public/private key pairs for Facebook users, and includes a private key pickup protocol based on E-mail. We present Black Box, a case study application that uses Crypto-Book for accountable anonymous whistle-blowing. Black Box allows users to sign files deniably using ring signatures, using a list of arbitrary Facebook users — who need not consent or even be aware of this use — as an explicit anonymity set.

Paper: PDF

This material is based upon work supported by the Defense Advanced Research Projects Agency (DARPA) SAFER contract N66001-11-C-4018. Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of DARPA.