Twelfth ACM Workshop on Hot Topics in Networks (HotNets-XII)
November 22, 2013
Through cross-site authentication schemes such as OAuth and OpenID, users increasingly rely on popular social networking sites for their digital identities — but use of these identities brings privacy and tracking risks. We propose Crypto-Book, an extension to existing digital identity infrastructures that offers privacy-preserving, digital identities through the use of public key cryptography and ring signatures. Crypto-Book builds a privacy-preserving cryptographic layer atop existing social network identities, via third-party key servers that convert social network identities into public/private key- pairs on demand. Using linkable ring signatures, these key-pairs along with the public keys of other identities create unique pseudonyms untraceable back to the owner yet can resist anonymous abuse.
Our proof-of-concept implementation of Crypto-Book creates public/private key pairs for Facebook users, and includes a private key pickup protocol based on E-mail. We present Black Box, a case study application that uses Crypto-Book for accountable anonymous whistle-blowing. Black Box allows users to sign files deniably using ring signatures, using a list of arbitrary Facebook users — who need not consent or even be aware of this use — as an explicit anonymity set.