Computer Networks 45 (2004) 483–503

www.elsevier.com/locate/comnet

Security enhanced accountable anonymous PKI certificatesfor mobile e-commerce

D. Critchlow *,1, N. Zhang

Department of Computer Science, University of Manchester, Oxford Road, Manchester, Lancastershire M13 9PL, UK

Received 23 May 2003; received in revised form 23 November 2003; accepted 5 February 2004

Available online 10 April 2004

Responsible Editor: G. Schaefer

Abstract

This paper presents enhancements to an anonymous public-key certificate scheme originally intended for anonymous

and fair document exchange. The appropriate use of these certificates may enable a party with access to a mobile phone

and/or laptop computer to conduct multiple mobile e-commerce transactions anonymously yet accountably and

thereby reduce the risk of developing a pseudonymous on-line profile. We propose modifications to the existing scheme

to solve a recognised security flaw. The proof of rightful ownership of the anonymous/real public-key certificate pre-

sented to obtain a (further) anonymous public-key certificate is presently achieved with a single piece of evidence, i.e.

the private key associated with the presented certificate. Should an adversary compromise this key, then the adversary

may obtain anonymous certificates in the rightful owner’s name. Our proposal minimises the risk of an adversary

obtaining anonymous certificates with a compromised private key.

� 2004 Elsevier B.V. All rights reserved.

Keywords: Anonymity; E-commerce; Internet; Privacy; Security

1. Introduction

E-commerce, and in particular on-line shop-

ping, has become an accessible alternative to the

High Street. Some of the reasons for the growth ofon-line shopping are the availability of affordable

home computers and Internet access coupled with

the promoted benefits of discounted goods/services

* Corresponding author. Tel.: +44-161-2756270.

E-mail addresses: critchld@cs.man.ac.uk (D. Critchlow),

nzhang@cs.man.ac.uk (N. Zhang).1 The author is a holder of a Departmental Scholarship and

IEE Vodafone Scholarship.

1389-1286/$ - see front matter � 2004 Elsevier B.V. All rights reserv

doi:10.1016/j.comnet.2004.02.010

and the convenience of shopping from home. As

this form of commerce has become more prolific,

so have the associated security problems, the most

notable, via media coverage, being the lack of

security of financial transactions and the loss ofprivacy. Much has been done to minimise the risks

associated with on-line financial transactions with

the application of encrypted links between the

consumer (client) and vendor (server). Many on-

line vendors offer assurances as to the security of

their Internet credit card transaction systems and

offer consumers who are still wary the alternative

of giving their card details over the phone. As aconsequence, consumers are now afforded the

ed.

484 D. Critchlow, N. Zhang / Computer Networks 45 (2004) 483–503

same sense of security for on-line shopping as they

are for shopping with their credit card on the High

Street. However, whereas the High Street allows

consumers to browse and purchase goods with

anonymity, it is a requirement of on-line shopping

that consumers identify themselves by name andoften home address. Transmitting this sensitive

information over an unregulated network may

leave the consumers’ privacy vulnerable to attacks.

To illustrate these potential threats to privacy

we refer to a simplified mobile e-commerce infra-

structure shown in Fig. 1 that serves as an illus-

tration. There are several notable parties in our

mobile e-commerce model.The User (or consumer), who has access to a

mobile phone (and/or laptop computer), may

connect to the Internet via the Mobile Phone

Network (MPN) and an Internet Service Provider

(ISP). The User may then contact a multiplicity of

Certification Authorities (CAs), numerous vendors

and the User’s bank (providing e-banking facili-

ties). There is also an Adversary (or Attacker),whom we describe as an unauthorised party able to

observe MPN and Internet traffic. Each of these

entities may launch attacks against the User, which

represents a threat to the User’s privacy. In order

for us to understand the type of threats posed by

User

Mobile PhonNetwork

Certificate Authority

CertificaAuthori

Attacker

In

Fig. 1. Mobile e-comme

each entity, we first discuss how information on

wired and wireless networks is vulnerable to at-

tacks and the countermeasures currently applied.

There are three basic attributes of information

that must be protected in order to safeguard Users’

privacy: Confidentiality, Accuracy and Availabil-ity [1]. Each of these attributes is vulnerable to a

particular type of loss:

• Disclosure is the loss of Confidentiality. It indi-

cates that an information source has the poten-

tial to release information to unauthorised

parties. The loss of confidentiality is usually

recognised as the biggest potential risk to pri-vacy.

• Destruction/Corruption is the loss of Accuracy

or Integrity. It indicates that unauthorised

changes have been made to information. Such

changes may be the result of a human error, a

malicious attack, or the underlying system/net-

work unreliability. The loss of integrity is less

often associated with the loss of privacy; it is,nevertheless, a form of intrusion.

• Denial of Service is the loss of Availability. It

is the most visible of the losses. Availability is

considered the most important attribute in ser-

vice-oriented businesses. The loss of availability

Internet

e

te ty

ternet Service Provider

Vendor

E -Bank

rce infrastructure.

D. Critchlow, N. Zhang / Computer Networks 45 (2004) 483–503 485

as a threat to privacy may not be immediately

apparent. Denial of rightful access to informa-

tion and services may be viewed as a form of

intrusion. Furthermore, the loss of a service

that ensures privacy through the protection ofeither confidentiality and/or integrity may then

result directly in the loss of privacy.

Each of these losses may result from particulartypes of attacks. The ETSi technical specification

on UMTS security threats [2] may be referred to

for a detailed list of threats applicable to both

wired and wireless networks. There are five basic

security services already in use designed to secure

private communications. These are Confidential-

ity, Integrity Checking, Authentication, Non-

repudiation and Accountability. We brieflydescribe each in turn:

• Confidentiality provides privacy for messages

and stored data by making the information

non-readable to observers. This is usuallyachieved through the application of symmetric

(or secret) key encryption.

• Integrity checking provides assurance that any

unauthorised alteration of a message can be de-

tected.

• Authentication provides assurance that a party

is indeed who it claims to be.

• Non-repudiation provides protection from asender or receiver of a message falsely denying

that a message was sent or received.

• Accountability provides evidence of an entity’s

actions via an audit trail.

At present, the security services implemented on

the MPN enable secure mobile communications by

providing message, signalling and subscription data

confidentiality, location confidentiality and

authentication [3]. The security services available on

the Internet enable secure private communications

to varying degrees depending on the type ofschemes applied. User privacy encompasses the

confidentiality of a User’s identity and location

(address) as well as the messages sent and received

by the User. It has become common practice for

Users to have a pseudonym for on-line use rather

then their real-world identity, which provides the

User with some identity privacy. A pseudonym

combined with a global style e-mail address, e.g.

hotmail.com, which contains no geographical

information, provides further privacy in that the

User’s on-line identity and location are not easily

linked to their real-world identity and location.However, all on-line connections have an IP ad-

dress, which may be used to identify an individual

machine and its location. A User accessing the In-

ternet via an ISP is assigned a temporary IP address

by the ISP. The ISP has a pool of temporary IP

addresses that belong to the organisation. It assigns

the first available IP address to a User as she logs on

and returns the IP address to the pool when theUser logs off. This system provides the User with

some location privacy since the IP address seen on-

line belongs to the ISP. Message confidentiality is

achieved through the application of encryption.

There are other security benefits associated with

the use of encryption. Symmetric (or secret-

key) encryption provides message confidentiality,

authentication and integrity. Asymmetric (or pub-lic-key) encryption enables entity authentication,

sender non-repudiation and symmetric key agree-

ment or transportation. Both types of encryption

are subject to various cryptanalysis attacks. The

objective of each attack is the same, namely to de-

duce the message or private communication. The

security of the secret key is the corner stone of

encryption schemes. The schemes are renderedineffective by a compromised secret key [4,5]. The

vulnerabilities of each scheme may be reduced by

making the ‘cost’ of the effort (time, money and/or

computational power) required to launch an effec-

tive attack exceed the value of the rewards.

Achieving User privacy is an important security

requirement in e-commerce activities. Referring to

Fig. 1, the MPN operator is aware of the User’sidentity, her home address, present location and

message traffic. However, the relationship between

the User and the MPN operator is a trusted one

where the operator assures the User of her privacy,

i.e. sensitive data is disclosed only to approved

third parties such as a Legal Authority. The MPN

operator also undertakes to protect the User’s

privacy by preventing disclosure of sensitiveinformation to unauthorised parties through the

application of the security services discussed

486 D. Critchlow, N. Zhang / Computer Networks 45 (2004) 483–503

above, e.g. the prevention of eavesdropping by an

Adversary. The motivation for this privacy pro-

tection is financial. The MPN operator is a com-

mercial organisation motivated by financial gain.

Customer confidentiality is viewed as a means of

business retention and not business generation. Asimilar discussion may also apply to the User’s

ISP, E-Bank and the CAs. On-line Vendors, on the

other hand, view the exploitation of consumer

details as a means of revenue generation. It is a

condition of visiting their web sites that the Users

identify themselves and give their real-world

locations, and in doing so automatically consent to

their details being passed on to third parties, e.g.many web sites sell their client lists. More often,

Vendors use such identifying information to pro-

file Users’ interests in the guise of personalised

shopping, e.g. targeted advertising. Whilst such

activities take place on the High Street in the form

of store loyalty cards, the significant difference is

that joining the store loyalty scheme is not a

condition of shopping at that store. Arguably, on-line shopping is the modern day equivalent of mail

order. For this type of business to operate, it is

necessary to uniquely identify and verify the cre-

dential of each User so that orders may be pro-

gressed, payments collected and goods delivered.

The final entity in our mobile e-commerce infra-

structure is the Adversary, or Attacker, who for

various reasons including criminal intent or plaincuriosity, wishes to observe the User’s on-line

transactions with the intent of gleaning informa-

tion about the User’s identity, location, financial

status and lifestyle. In the real world, individuals

are allowed to go about their lawful business

unimpeded, and this includes shopping on the

High Street with a relatively high degree of pri-

vacy, given that the activity occurs in the publicdomain. Consumers have confidence that their

privacy is protected through the enactment of laws

reinforced by a judicial system that demands par-

ties demonstrate compliance with these laws, e.g.

everyone in the real world is held accountable for

their actions. Such laws are unenforceable on an

unregulated network such as the Internet. Whilst

Vendors have made best efforts to protect sensitivedata such as real-world names, addresses and

credit card details, an Adversary may freely ob-

serve on-line transactions and thus over time de-

velop on-line profiles on those individuals.

The aim of this paper is to present a scheme that

may enable a User with a mobile phone (and/or

laptop) to conduct multiple mobile e-commerce

transactions securely, anonymously and account-ably. The objective of our scheme is to protect the

User’s privacy and reduce the amount of infor-

mation that is used by third parties (vendors and

attackers) to develop on-line profiles whilst, at the

same time, ensuring that the User cannot abuse the

anonymity afforded to them through their use of

this scheme. In detail, Section 2 lists the require-

ments that such a privacy protection scheme mustmeet in order to reduce on-line profiling. Section 3

provides a survey of state-of-the-art proposals in-

tended to provide mobile phone and Internet users

with anonymity. Each proposal is assessed against

the privacy protection requirements listed Section

2. The survey demonstrates the need for more work

in this area. As a prelude to presenting our pro-

posal, Section 4 sets out and explains the formalnotation to be used in the remaining sections. Our

proposed scheme is described both by a narrative

and formal notation in Section 5. In Section 6

we give an analysis of our proposed scheme. We

compare our scheme to the original scheme as de-

scribed in [6] and to the design requirements listed

in Section 2. We give our conclusions in Section 7.

2. Requirements for anonymous PKI certificates

In order to prevent on-line profiling the solutionneeds to fulfil the following design requirements.

Each design requirement is denoted by [DRnum-ber: name] for later reference:

• The scheme should provide anonymity (denoted

as DR1: anonymity) in terms of ‘who’ (real and

on-line identity) and ‘where’ (location). By

denying a vendor or third party such informa-tion, they are unable to differentiate between

individual users. In this way the scheme has ‘un-

linked’ User identity and location from each

other and also from the data (sensitive informa-

tion). By removing any form of identification

(real world, on-line and location) the scheme de-

D. Critchlow, N. Zhang / Computer Networks 45 (2004) 483–503 487

nies a vendor or third party an identity to which

they may link information.

• The scheme should prevent the building of cus-

tomer profiles (denoted as DR2: customer profil-ing) including pseudonymous profiles byvendors and third parties. A vendor or a third

party may be able to observe communications

from a source that they may be able to identify

as an individual, e.g. if the same pseudonym is

used repeatedly by an individual, then that

pseudonym may be used to build a profile on

as it is an identifiable source. The act of build-

ing a profile involves observing and recordingthe User’s actions, which the User may interpret

as an invasion of her privacy.

• The scheme should provide accountability (de-

noted as DR3: accountability) to prevent mis-

use/abuse of anonymity. By accountability we

mean one of two things depending on the con-

text. The User is accountable for her actions de-

spite using an anonymous certificate. Should theUser abuse her anonymity, her anonymity is re-

voked and her real identity is revealed. A CA is

accountable for its actions via an audit trail,

which provides evidence of its actions. It must

be demonstrable that all involved parties may

be held accountable for their actions in order

to prevent one party denying responsibility by

claiming that the abuse has occurred due tothe intent or neglect of another. For parties to

be held accountable the evidence presented must

have the property of non-repudiation.

• The scheme should provide non-repudiation

(denoted as DR4: non-repudiation) for dispute

resolution. By non-repudiation we mean that a

party cannot deny its action when presented

with the evidence of their actions, i.e. a partycannot claim that the actions were performed

or partly performed by another.

• The scheme should maximally resist the acquisi-

tion of anonymous certificates by unauthorised

parties or attackers (denoted as DR5: authoriseduse). If an unauthorised party acquires an ano-

nymous certificate either by intentional actions

or neglect of an authorised party, the unauthor-ised party may abuse the anonymity service

provided by such certificate. The consequences

of such abuse are threefold. Firstly, the ano-

nymity of the User, in whose name the certifi-

cate was issued, may be revoked. Secondly,

the User may abuse the legitimate certificate

and deny this, e.g. the User may claim that

the ‘abused’ certificate was acquired and usedby another party without the User’s consent

or knowledge. Finally, the unauthorised party

may commit an illegal act safe in the knowledge

that they will not be held accountable for it.

Many of these design requirements are inter-

dependent. Intuitively, in order to achieve DR2:customer profiling, DR1: anonymity must be met;to achieve DR3: accountability, DR4: non-repudi-ation must be met; to achieve DR5: authorised use,both DR3: accountability and DR4: non-repudia-tion must be met. To be credible, the scheme must

meet all of the above stated requirements.

3. Related work

There are a number of proposed schemes de-

signed to provide anonymity through unlinkabil-

ity. Unlinkable credentials (or certificates) are a

means of providing users with anonymity, with

accountability via an audit trail. The work in [7]

presents a scheme for untraceable communications

and untraceable payments with unlinkable cre-dentials. However, the paper indicates that the

potential for a revocation mechanism to be

incorporated exists but remains future work, i.e.

the scheme does not provide accountability and so

does not meet DR3: accountability. A suite of two

protocols [6] for issuing and identity tracing of

anonymous public-key certificates provide ano-

nymity with accountability. A security weaknessmentioned by the authors of [6] is that if a User’s

private key(s) is compromised then an attacker

may obtain anonymous certificates. The User may

then be accountable for the actions and abuses of

the attacker. In this sense, this scheme is weak in

meeting the requirement DR5: authorised use.Another proposed scheme provides non-transfer-

able anonymous multi-show credentials with op-tional anonymity revocation [8], i.e. without a

revocation mechanism this scheme does not meet

DR3: accountability. The scheme claims to be

488 D. Critchlow, N. Zhang / Computer Networks 45 (2004) 483–503

efficient and practical. However, the authors note

that realising circular encryption (used as a means

to prevent certificate sharing) outside the random

oracle model is a challenging open issue. A further

scheme [9] is similar in nature to [6] and has been

designed specifically for e-commerce. The assur-ance of the anonymous certificates has been

accomplished by making them one-time only. In

order to make the number of certificates held by

the User manageable, ‘used’ (or redeemed) certifi-

cates are exchanged for new anonymous certifi-

cates by the vendor. This scheme places a great

deal of trust in the vendor and by inference does

not comply with DR2: customer profiling. Thereare also a number of schemes that aim to provide

anonymity services for mobile phone users [10–12].

The scheme presented in [10] uses a digital mix

inserted between the Visitor Location Register

(VLR) and the Home Location Register (HLR) of

the mobile phone infrastructure to provide the

User with anonymity in terms of identity and

location. When a User signs on to the network, themobile authentication protocol (challenge and re-

sponse) is performed via the VLR in the usual

manner except: (i) the VLR knows the mobile User

only by his pseudonym; and (ii) the HLR knows

the VLR by an anonymous return address only.

The visited network is authenticated to the User by

the home network through exchange of blind sig-

nature tokens. The disadvantages of the schemeare: (i) the authentication process has been ex-

tended and as a result may not be suitable for use

during base station hand-over; and (ii) the adop-

tion of this scheme would require significant

changes to the mobile phone infrastructure. The

proposal represented in [11] aims to provide the

User with anonymous access using a token-based

scheme. The scheme proposes the introduction ofa new business role, called the Customer Care

Agency (CCA), and a ticket based mechanism for

service access. The most obvious disadvantage of

this scheme is that the CCA is a trusted third party

and therefore represents a single point of failure in

terms of denial of service attacks. Direct Internet

Access (DIA) presented in [12] is another proposed

anonymous access method. It uses a temporarylocation identifier consisting of an IPv6 address

prefix provided by the MPN, with the lower part

of the address formed by a temporary identifier

(pseudonym), chosen by the User. Because the

temporary identifier is not registered with an

authority, the scheme lacks accountability, i.e.

DR3: accountability is not met. The schemes pro-

posed in [11,12] also suffer a further disadvantagein that they each require significant changes to the

mobile phone infrastructure.

Of the schemes surveyed, the anonymous cer-

tificate solution [6] has the greatest potential to be

adapted to generic (mobile) e-commerce transac-

tions. The remainder of the paper will concentrate

on our work improving this particular scheme, i.e.

our extension to the work presented in [6] to en-hance the security of the solution.

4. Notation

The notation to be used throughout this paper

(adopted from [6]) is summarised as follows:

• ðpki;a; ski;aÞ is a pair of public and private keys

for a party Pi certified by a CA Aa. (pka; ska) witha single subscript is a pair of public and private

keys owned by a CA Aa.

• EkðxÞ denotes the cyphertext of a data item xencrypted with a key k. EkðxÞ is generated using

a public-key cryptosystem if the corresponding

decryption key is different from k, and using aconventional (symmetric) cryptosystem other-

wise.

• x; y denotes the concatenation of data items xand y.

• hðxÞ is a one-way hash function with the follow-

ing properties: for any x, it is easy to compute

hðxÞ; given hðxÞ, it is difficult to compute x;and given x, it is difficult to find x0 (x 6¼ x0) suchthat hðxÞ ¼ hðx0Þ.

• Pi ! Pj : m expresses that a party Pi sends a mes-

sage m to another party Pj through normal com-

munication channel.

• Pi !A Pj : m denotes anonymous message trans-

fers between Pi and Pj. It indicates two possible

cases:

(i) Pi sends m to Pj through an anonymouscommunication channel. This means that Piknows Pj’s address/identity, but Pj does not

D. Critchlow, N. Zhang / Computer Networks 45 (2004) 483–503 489

know Pi’s. If Pi requires Pj to respond to its

message, Pi needs to send to Pj m together

with an anonymous reply address. For exam-

ple, Pi’s address may be jondoe@some-

mail.com and Pj’s address may be Pj @cs.man.ac.uk.

(ii) Pi responds to an anonymous message from

Pj with m using the anonymous reply ad-

dress defined in Pj’s message. This means

that Pj knows Pi’s address/identity, but Pidoes not know Pj’s. In this instance, Pi’saddress may be Pi@cs.man.ac.uk and Pj’saddress may be another@somemail.com.Details of such anonymous communication

are to be found in [13–17].

Separate notation for each of the above two

cases has not been used since the appropri-

ate case may easily be deduced from the

context of the protocol presentation.

• Ci;b is an anonymous certificate of party Pi is-sued by a CA Ab, denoted as Ci;b ¼ ðAb;Ii;b; pki;b; ei;b; si;bÞ, where si;b (¼ EskbðhðAb; Ii;b;pki;b; ei;bÞÞ) is Ab’s signature, and Ii;b, pki;b and

ei;b are Pi’s pseudonym, public key and certifi-

cate expiration time, respectively. CRi;b is a real-

identity certificate of party Pi issued by a CA

Ab, denoted as CRi;b ¼ ðAb; IRi;b; pki;b; ei;b; si;bÞ,

where si;bð¼ Eskb ðhðAb; IRi;b; pki;b; ei;bÞÞÞ is Ab’s

signature, and IRi;b, pki;b and ei;b are Pi’s real iden-tity, public key and certificate expiration time,

respectively. We assume that every party knows

the public keys of all CAs.

5. Anonymous certificate issuing and real-identity

trace back

In this section we formally present and discuss

the two extended protocols, i.e. certificate issu-

ing and real-identity trace back, to facilitate

more secure accountable anonymous e-commerce

activities. Before that, we first explain our hy-

pothesis on which the modifications to the origi-

nal scheme presented in [6] are based and describe

the implications that our modifications have onthe overall working of the two protocols. Each

protocol is discussed and presented separately for

clarity.

5.1. Hypothesis

In the original scheme [6] it was assumed that

the User Pi may obtain anonymous certificates is-

sued directly or indirectly from a single real-iden-tity certificate. This resulted in Pi having a tree like

structure of certificates with one real-identity cer-

tificate as the root. If Pi had n real-identity certi-

ficates then there would be n corresponding

certificate trees for Pi. As discussed in Section 3,

one of the shortcomings of this scheme is that if an

attacker can compromise a single private key of Pi,he can then obtain anonymous certificates that arelinked to Pi. As a result, the attacker can imper-

sonate Pi and Pi would then be accountable for the

abuses committed by the attacker. In particular,

the compromise of a single key can lead to the

whole certificate graph being compromised. It is

therefore vitally important to have maximum

protection against private key compromise. Based

on this motivation, we propose a modification to[6] whereby the User may obtain an anonymous

certificate with two pieces of evidence, i.e. dem-

onstration of ownership of two private keys. We

hypothesise that it is more difficult for an adver-

sary to subvert a scheme that requires the pre-

sentation of two unique pieces of evidence, as

compared to a scheme that requires the presenta-

tion of just one piece of evidence. This evidencemay be the demonstration of rightful ownership of

the private keys associated with either:

• two real-identity certificates, or

• two anonymous certificates of the same genera-

tion.

It is worth noting that the combination of onereal and one anonymous certificate has not been

listed as permissible evidence. This is because a

real certificate and an anonymous certificate are of

different generations and therefore possess differ-

ent levels of anonymity assurance. The real cer-

tificate has no anonymity assurance since it may be

linked to the real identity of the User. The com-

bination of a real certificate and an anonymouscertificate may be used to obtain a further anon-

ymous child certificate, however, the anonymity

assurance of the anonymous child certificate is no

490 D. Critchlow, N. Zhang / Computer Networks 45 (2004) 483–503

more than its parent anonymous certificate. A

similar discussion applies to the use of anonymous

certificates of different generations: a combination

of, say, a first generation anonymous certificate

and a third generation anonymous certificate will

produce a fourth generation anonymous certificatewith the anonymity assurance of a second gener-

ation anonymous certificate. Since the benefit to

the User of developing a graph with depth (as

opposed to breadth) is that the anonymous cer-

tificates towards the bottom of the graph posses

more anonymity assurance than those towards the

top (since the anonymous certificates at the bot-

tom of the graph are the most difficult to link tothe User’s identity), it is these certificates that the

User will use most often for anonymous e-com-

merce transactions. Since the development of the

graph is under the User’s sole control to ensure

unlinkability, it is the User’s responsibility to en-

sure that the parent certificates are of the same

generation. This certificate management problem

may be alleviated through the use of a graphicalrepresentation of the User’s certificate graph. Once

the ‘leaf’ certificates have been ‘contaminated with

history’, i.e. have been used for on-line transac-

tions in a similar manner to ‘classical’ PKI certifi-

Ci,a_2R

Ci,a_1R

Ci,b_1

Ci,b_2

Ci,c_1

Ci,c_2

Ci,n_1

Ci,n_2

Aa_1 Aa_2

Fig. 2. Certifica

cates and may be subject to on-line profiling, the

User revokes these certificates and moves up one

generation to use the parent certificates for anon-

ymous e-commerce transactions. The degree of

acceptable ‘contamination’ within a User’s certifi-

cate graph is yet to be quantified and remains opento the User’s perception.

The resulting graph, fully populated, may look

similar to that shown in Fig. 2 below. Note that

only the granted rights of the parent certificates

determine the depth of the graph.

Based on our hypothesis (i.e. it is harder for an

adversary to subvert a scheme that requires the

demonstration of ownership of two private keys ascompared to a scheme that requires the demon-

stration of ownership of just one private key), we

modify and present the certificate issuing and

identity trace back protocols in the following

subsections. We introduce the concept of ‘primary

parental certificate’ and ‘secondary parental cer-

tificate’. A primary parental certificate is used to

determine the granted rights that are inherited bythe child certificate. The secondary parental cer-

tificate is used for authentication only. We discuss

the significance of this difference in Sections 6.1.2

and 6.2.2. The User may decide which of her cer-

Ci,a_3R

Ci,b_3

Ci,c_3

Ci,n_3

Aa_3

te graph.

D. Critchlow, N. Zhang / Computer Networks 45 (2004) 483–503 491

tificates are to be the primary and secondary

during child certificate issuance.

5.2. Certificate issuing protocol

Our Certificate Issuing Protocol requiring thepresentation of two certificates in order to obtain a

further anonymity certificate is illustrated in Table

1. The protocol items and their definitions are

given in Table 2, and stored items are listed in

Table 3.

We now describe our issuing protocol that

comprises four stages consisting of six transac-

tions. Referring to Table 1, let us assume the UserPi wishes to obtain a new anonymous certificate

Ci;b 1 from CA Ab 1 based on the presentation of

two existing anonymous certificates Ci;a 1 and Ci;a 2

issued by two different CAs Aa 1 and Aa 2, respec-

tively.

• In stage 1, Pi sends Ab 1 via an anonymous com-

munication channel its request which includesthe identities Aa 1 and Aa 2 plus items Xi;a 1

and Xi;a 2, verifiable only by their respective

issuing CAs, the new public key pki;b 1 to be cer-

tified, the seed sei;b 1 used for the (message hash

and) generation of the session symmetrical key

and the session number sni;b 1.

• In stage 2, Ab 1 forwards Xi;a 1 and Xi;a 2 to Aa 1

and Aa 2, , respectively, via an anonymous com-munication channel.

• In stage 3, Aa 1 verifies Xi;a 1 to authenticate Pi’srequest, grants Ab 1 a right for issuing a certifi-

cate to Pi and returns this right to Ab 1. Aa 2 per-

forms a similar task during this stage.

• In stage 4, Ab 1 issues a new anonymous certifi-

cate to Pi based on the granted rights.

Table 1

Issuing protocol

STAGE 1 T1 Pi !A Ab 1

STAGE 2 T2 Ab 1 !A Aa 1

T3 Ab 1 !A Aa 2

STAGE 3 T4 Aa 1 !A Ab 1

T5 Aa 2 !A Ab 1

STAGE 4 T6 Ab 1 !A Pi

Note that Pi is anonymous to Ab 1, and Ab 1 is

anonymous to Aa 1 and Aa 2. Aa 1 and Aa 2 are not

aware of each other’s involvement in the issuing

process.

5.2.1. Issuing protocol in detail

We assume that the User Pi possesses a mini-

mum of three real-identity PKI certificates issued

by three separate CAs: Aa 1, Aa 2 and Aa 3. By

using three separate CAs the User minimises the

possibility of any one (compromised) CA linking

and abusing two real-identity certificates and any

subsequent anonymous child certificates. In order

to ease the communications and processing burdenplaced on a CA, Aj, the number of certificates that

may be obtained by a User, Pi, is controlled

through the imposition of three constants: mlj, mcjand ei;j. mlj specifies the maximum number of

levels (or generations) that may exist using a real-

identity certificate as the root of the certificate

graph. mcj specifies the maximum number of child

certificates that may be issued to Pi using either areal-identity or anonymous certificate as the par-

ent. ei;j specifies the expiration time of a certificate.

mlj and ei;j are passed down to child certificates in

the form of granted rights, and mcj is determined

by each issuing CA. A detailed explanation of mlj,mcj and ei;j may be found in [6]. The following

gives a detailed description of the protocol.

STAGE 1: The User Pi decides a new pair ofpublic and private keys (pki;b 1, ski;b 1) and chooses

two random numbers sni;b 1 and sei;b 1. sni;b 1 is

used as the current session number. sei;b 1 is a se-

cret number (or seed) used to calculate a unique

session key ki;b 1 used for secure communication

between parental and child CAs. Pi then computes

ki;b 1, aui;a 1, aui;a 2, Xi;a 1, Xi;a 2, constructs the

Epkb 1ðAa 1; pki;b 1; sei;b 1; sni;b 1;Xi;a 1;Aa 2;Xi;a 2Þ

Xi;a 1

Xi;a 2

sni;b 1;Eki;b 1ðsrAa 1i;b 1 Þ

sni;b 1;Eki;b 1ðsrAa 2i;b 1 Þ

Ci;b 1

Table 2

Issuing protocol items and definitions

Item Definition

Pi The User

Epkb 1 Cyphertext generated using public key of Ab 1

Ab 1 Name of CA Ab 1

Aa n Name of nth CA at level ‘a’ of the certificate

graph (where 1 < n6 total number of certifi-

cates at that specific level)

pki;b 1 Public key of User Pi to be certified by Ab 1

sei;b 1 Secret number randomly chosen by User Pi,used to generate session key ki;b 1

sni;b 1 Session number randomly chosen by User PiXi;a 1 Epka 1ðIi;a 1; aui;a 1ÞXi;a 2 Epka 2ðIi;a 2; aui;a 2; ID CHECK ONLYÞIi;a 1 User’s ID as known to Aa 1

Ii;a 2 User’s ID as known to Aa 2

aui;a 1 Eski;a 1 (Aa 1, Ii;a 1, sni;b, ki;b 1), User’s authenti-

cation token for Ci;a 1

aui;a 2 Eski;a 2 (Aa 2, Ii;a 2, sni;b, ki;b 1), User’s authenti-

cation token for Ci;a 2

Eski;a 1 Cyphertext generated using User’s secret key

shared with Aa 1

Eski;a 2 Cyphertext generated using User’s secret key

shared with Aa 2

ki;b 1 Session key generated by the User, where

ki;b 1 ¼ hðAb 1, pki;b 1, sei;b 1)

srAa 1i;b 1 Eska 1 (sni;b 1, ki;b 1, grAa 1

i;b 1 ), confirmation that the

granted rights are indeed given by Aa 1

srAa 2i;b 1 Eska 2 (sni;b 1, ki;b 1, grAa 2

i;b 1 ), confirmation that the

granted rights are indeed given by Aa 2

grAa 1i;b 1 Granted right comprising (sti;b 1, lei;b 1) given by

Aa 1 to Ab 1 to issue a certificate

grAa 2i;b 1 Granted right comprising (PASS/FAIL) given

by Aa 2 to Ab 1 to issue a certificate

sti;b 1 Remaining number of allowable certificate levels

within the certificate graph originating from the

parent certificate Ci;a 1, i.e. sti;b 1 ¼ ðsti;a 1 � 1Þ. Ifthe parent certificate is a real-identity certificate,

i.e. CRi;a 1, then sti;b 1 ¼ ðmli;a 1 � 1Þ, where mli;a 1

is the maximum number of allowable levels in a

certificate graph originating from CRi;a 1

lei;b 1 Granted expiration time of certificate Ci;b 1, and

lei;b 1 < lei;a 1

Ci;b 1 Pi’s certificate issued by Ab 1, i.e.

Ci;b 1 ¼ ðAb 1; Ii;b 1; pki;b 1; ei;b 1; si;b 1Þei;b 1 Expiration time of certificate Ci;b 1 chosen by

Ab 1 such that ei;b 1 < lei;b 1

si;b 1 Eskb 1ðhðAb 1; Ii;b 1; pki;b 1; ei;b 1ÞÞ, Ab 1’s signature

on the certificate Ci;b 1 to certify that the

certificate is indeed issued by Ab 1

Table 3

Issuing protocol stored items

For each certificate issued by Ab 1, Ab 1 stores:

Ci;b 1 : sni;b 1, Aa 1, Aa 2, sei;b 1, srAa 1i;b 1 , sr

Aa 2i;b 1 .

If any child certificates are subsequently requested, then:

Ci;c n : sni;c n; ki;c n; lei;c n; aui;c n, where n denotes the nthchild certificate issued by Ab 1.

Note that lei;c n is not generated and stored if the parent

certificate Ci;b 1 is a secondary parental certificate.

492 D. Critchlow, N. Zhang / Computer Networks 45 (2004) 483–503

message in Transaction T1 and sends it to Ab 1.Xi;a 1, which is encrypted with Aa 1’s public key

pka 1, is to allow only Aa 1 to know Pi’s pseudo-

identity Ii;a 1. Similarly Xi;a 2, encrypted with Aa 2’spublic key pka 2, is to allow only Aa 2 to know Pi’spseudoidentity Ii;a 2. aui;a 1 is the cyphertext gen-

erated with Pi’s secret key ski;a 1 (corresponding to

pki;a 1 and shared with Aa 1) to allow Aa 1 to

authenticate Pi. Similarly, aui;a 2 generated with

Pi’s secret key ski;a 2 (corresponding to pki;a 2) is to

allow Aa 2 to authenticate Pi.It should be emphasised that Xi;a 1 is a secure

way for Ab 1 to acquire from Aa 1 the approval to

certify the public key pki;b 1, and issue the anony-

mous certificate Ci;b 1 without letting Aa 1 know

pki;b 1. A similar reasoning applies to Xi;a 2.

STAGE 2: Ab 1 decrypts Pi’s message with key

skb 1 and verifies that Aa 1 and Aa 2 are both valid

CAs. If this verification fails, Ab 1 terminates the

protocol run and returns the message ‘No Certifi-

cation’ to Pi using the following transaction:

Ab 1 !A Pi: sni;b 1, Eki;b 1(sni;b 1, ‘No certification’).

If the verification is successful, Ab 1 saves all the

items and forwards Xi;a 1 to Aa 1 (in Transaction

T2) and Xi;a 2 to Aa 2 (in transaction T3).

STAGE 3: Upon receipt of T2, Aa 1 performs

the following operations. Aa 1 decrypts Xi;a 1 with

ska 1 and verifies that identity Ii;a 1 has a certificateCi;a 1 issued and held by Aa 1 and Ci;a 1 has not

expired or been revoked. If the verification is

successful, Aa 1 decrypts aui;a 1 in Xi;a 1 with key

pki;a 1 in Ci;a 1 to obtain A0a 1, I

0i;a 1, sni;b 1 and ki;b 1.

Aa 1 then checks that A0a 1 ¼ Aa 1 and I 0i;a 1 ¼ Ii;a 1.

If the result of the check is positive Aa 1 has evi-

dence that suggests the request was indeed origi-

nated by Pi. Aa 1 then performs the followingchecks against the granted right gri;a 1 ¼ ðsti;a 1;lei;a 1Þ in Ci;a 1:

Verification I3.1: Is sti;a 1 > 1? That is, is Aa 1

permitted to grant child certificates for Pi based on

the presentation of Ci;a 1?

D. Critchlow, N. Zhang / Computer Networks 45 (2004) 483–503 493

Verification I3.2: Is the number of valid (i.e.

unexpired) child certificates already issued by Aa 1

less than mca 1? That is, is Aa 1 permitted to grant

another child certificate to Pi based on the pre-

sentation of Ci;a 1?

If the results of Verification I3.1 and Verifica-tion I3.2 are both positive then Aa 1 chooses a fu-

ture time lei;b 1 < ei;a 1. Ideally, this date, lei;b 1, is

far enough into the future such that the number of

certificates issued by Aa 1 to expire on or after

lei;b 1 is sufficiently large to prevent an attacker

from linking Ci;a 1 and Ci;b 1. If lei;b 1 ¼ ei;a 1 then

it may be possible for an observer to recognise the

same expiration times of different certificates anddeduce that these certificates are in the same

graph. A similar discussion applies to ei;b 1, the

published expiration date of certificate Ci;b 1. Aa 1

then computes: srAa 1i;b 1 ¼ Eska 1ðsni;b 1; ki;b 1; gr Aa 1

i;b 1 Þand generates the message: sni;b 1, Eki;b 1ðsr Aa 1

i;b 1 Þand performs transaction T4 to Ab 1.

If the result of either Verification I3.1 or Veri-

fication I3.2 is negative then the granted right isgri;b 1 ¼ ð0; 0Þ. Aa 1 computes: srAa 1

i;b 1 ¼ Eska 1

ðsni;b 1; ki;b 1; gr Aa 1i;b 1 Þ and generates the message:

sni;b 1, Eki;b 1ðsr Aa 1i;b 1 Þ and performs transaction T4

to Ab 1 in the usual manner.

The session key ki;b 1 is used for the encryption

of srAa 1i;b 1 , i.e. Eki;b 1ðsrAa 1

i;b 1Þ since Aa 1 does not know

the identity of Ab 1. For identity tracing, Aa 1 needs

to store the following if ðsti;a 1 � 1Þ > 0: sni;b 1,ki;b 1, lei;b 1 and aui;a 1.

Similarly, during STAGE 3, Aa 2 performs the

same operations as performed by Aa 1 described

above, but on Xi;a 2 and related items accordingly.

Since Ci;a 2 is presented as secondary evidence

only, Aa 2 does not need to perform the checks

against the granted right gri;a 2 ¼ ðsti;a 2; lei;a 2Þ in

Ci;a 2 as described in Verification I3.1 or Verifica-tion I3.2. For identity tracing, Aa 2 needs to store

the following: sni;b 1, ki;b 1 and aui;a 2. It is worth

noting that it is the User Pi who decides which

certificate is to be presented as the primary or

secondary evidence and therefore processed

accordingly by the relevant CAs.

STAGE 4: Ab 1 decrypts Eki;b 1ðsrAa 1i;b 1Þ and

Eki;b 1ðsrAa 2i;b 1Þ with ki;b 1 and then srAa 1

i;b 1 and srAa 2i;b 1

with pka 1 and pka 2, respectively. Ab 1 checks that

sni;b 1 in srAa 1i;b 1 and srAa 2

i;b 1 are correct, i.e. identical

to sni;b 1 given in Transaction 1 and that ki;b 1 in

srAa 1i;b 1 and srAa 2

i;b 1 are correct, i.e. identical to ki;b 1 ¼hðAb 1; pki;b 1; sei;b 1Þ computed by Ab 1 and that

sti;b 1 in grAa 1i;b 1 is greater than zero (i.e., sti;b 1 > 0)

and grAa 2i;b 1 ¼ ‘PASS’.

If the results are positive, Ab 1 generates a un-ique pseudonym Ii;b 1, chooses an expiration time

ei;b 1 so that ei;b 1 < lei;a 1 and issues the following

certificate to Pi in Transaction T6:

Ci;b 1 ¼ ðAb 1; Ii;b 1; pki;b 1; ei;b 1; si;b 1Þ;

where

si;b 1 ¼ Eskb 1ðhðAb 1; Ii;b 1; pki;b 1; ei;b 1ÞÞ

Ab 1 then stores certificate Ci;b 1 and related items

including any subsequent child certificates, as de-

fined in Table 3.

If the results of any of these checks are negative,

i.e. if sni;b 1 in srAa 1i;b 1 and srAa 2

i;b 1 is not equal to sni;b 1

given in Transaction 1, or if ki;b 1 in srAa 1i;b 1 and

srAa 2i;b 1 is not equal to hðAb 1; pki;b 1; sei;b 1Þ, or if

sti;b 1 ¼ 0, or grAa 2i;b ¼ ‘FAIL’, then Ab 1 returns the

‘No certification’ message to Pi.

5.3. Real-identity tracing

When an abuse of anonymity occurs in associ-

ation with a particular anonymous certificate, say

Pi persistently orders goods or services which Pihas no intention of making payment for, a LegalAuthority (LA) may be called to trace the anon-

ymous certificate back to its corresponding real-

identity certificate. In this way, Pi is held

accountable for his/her actions. We assume that

the LA is a trusted authority and does not reveal

the link between the anonymous certificate and its

corresponding real-identity certificate to any un-

authorised party. In order to hold Pi accountable,it must be demonstrated that at all stages the re-

quired two pieces of evidence were used. An issu-

ing CA now needs to pass back the evidence

associated with each parent certificate to the

appropriate parent CAs or directly to the LA.

5.4. Identity tracing protocol

For instance, assume that an abuse has been

committed in association with certificate Ci;c 2, the

Ci,c_2

Ci,b_1

Ci,b_2

Ci,a_1 R

Ci,a_2 R

Ci,a_3 R

Evidence to LA: Ci,c_2 sei,c_2 sri,c_2

Ab_1 sri,c_2

Ab_2

trace back data: sni,c_2

Evidence to LA: Ci,b_1 sei,b_1 sri,b_1

Aa_1 sri,b_1

Aa_2 aui,c_2

Evidence to LA: Ci,b_2 sei,b_2 sri,b_2

Aa_2 sri,b_2

Aa_3 aui,c_2

Evidence to LA: Ci,a_1

R aui,b_1

Evidence to LA: Ci,a_3

R aui,b_2

Evidence to LA: Ci,a_2

R aui,b_1 aui,b_2

trace back data: sni,b_1

trace back data: sni,b_2

Fig. 3. Real-identity trace back sequence for Ci;c 2.

494 D. Critchlow, N. Zhang / Computer Networks 45 (2004) 483–503

complete (or full) trace-back sequence is illustrated

in Fig. 3.

Our Identity Trace Back Protocol associated

to the anonymous certificate issuing protocol

presented in the previous subsection is pre-

sented in Table 4 with items and definitions

listed in Table 5, which is followed by a fulldescription of our Identity Trace Back Proto-

col.

STAGE 1: Once LA has been advised that

abuses of anonymity have occurred in association

Table 4

Trace back protocol

STAGE 1 T1 LA ! Ac 2

STAGE 2 T2 Ac 2 !A Ab 1

T3 Ac 2 !A Ab 2

STAGE 3 T4 Ab 1 !A Aa 1

T5 Ab 1 !A Aa 2

T6 Ab 2 !A Aa 2

T7 Ab 2 !A Aa 3

STAGE 4 T8 Aa 1 ! LA

T9 Aa 2 ! LA

T10 Aa 3 ! LA

STAGE 5 LA examines the evidence that the right

identified in the real-identity certificates

with anonymous certificate Ci;c 2, LA generates

nLA, tLA, sLA, siLA, Epkc 2 (defined in Table 5) and

performs Transaction T1, where sLA is passed on

to all relevant CAs.

STAGE 2: Ac 2 decrypts the message in T1 with

key skc 2 and verifies that CLA represents a legal

authority. Ac 2 then verifies the correctness of thereceived message by performing the following

verifications:

Verification T2.1: Decrypts sLA with pkLA and

retrieves n0LA and t0LA and compares them with the

Epkc 2ðCLA;Ci;c 2; nLA; tLA; sLA; siLAÞEpkb 1ðCLA; nLA; tLA; sLA;sni;c 2; evc 2; chc 2ÞEpkb 2ðCLA; nLA; tLA; sLA; sni;c 2; evc 2; chc 2Þ

Epka 1ðCLA; nLA; tLA; sLA; sni;b 1; evb 1; chb 1ÞEpka 2ðCLA; nLA; tLA; sLA; sni;b 1; evb 1; chb 1ÞEpka 2ðCLA; nLA; tLA; sLA; sni;b 2; evb 2; chb 2ÞEpka 3ðCLA; nLA; tLA; sLA; sni;b 2; evb 2; chb 2Þ

eva 1

eva 2

eva 3

ful holder of the abused anonymity certificate is the individual

Table 5

Trace back protocol items and definitions

Item Definition

nLA Session number chosen by LA

tLA Time stamp

sLA EskLAðnLA; tLAÞ, LA’s signature on its session number and time stamp

siLA EskLAðhðCi;c 2; sLAÞÞ, LA’s secured transaction reference identifier

evc 2 EpkLAðCi;c 2;Eskc 2ðnLA; sei;c 2; srAb 1i;c 2 ; sr

Ab 2i;c 2 ÞÞ, Ac 2’s evidence that Ci;c 2 was issued with the approvals from Ab 1 and Ab 2

chc 2 hðki;c 2;CLA; sLA; sni;c 2; evc 2Þ, Ac 2’s message check sum

ki;c 2 hðAc 2; pki;c 2; sei;c 2Þ, session key derived by Ac 2

evb 1 EpkLAðCi;b 1; evc 2;Eskb 1ðnLA; sei;b 1; srAa 1i;b 1 ; sr

Aa 2i;b 1 ; aui;c 2; hðevc 2ÞÞÞ, Ab 1’s evidence that Ci;b 1 was issued with approval

from Aa 1 and Aa 2 and that Pi requested the child certificate Ci;c 2

chb 1 hðki;b 1;CLA; sLA; sni;b 1; evb 1Þ, Ab 1’s message checksum

ki;b 1 hðAb 1; pki;b 1; sei;b 1Þ, session key derived by Ab 1

evb 2 EpkLAðCi;b 2; evc 2;Eskb 2ðnLA; sei;b 2; srAa 2i;b 2 ; sr

Aa 3i;b 2 ; aui;c 2; hðevc 2ÞÞÞ, Ab 2’s evidence that Ci;b 2 was issued with approval

from Aa 2 and Aa 3 and that Pi requested the child certificate Ci;c 2

chb 2 hðki;b 2;CLA; sLA; sni;b 2; evb 2Þ, Ab 2’s message checksum

ki;b 2 hðAb 2; pki;b 2; sei;b 2Þ, session key derived by Ab 2

eva 1 EpkLAðCRi;a 1; evb 1;Eska 1ðnLA; aui;b 1; hðevb 1ÞÞ, Aa 1’s evidence of Pi’s real identity and that Pi requested the child

certificate Ci;b 1

eva 2 EpkLAðCRi;a 2; evb 1; evb 2;Eska 2ðnLA; aui;b 1; aui;b 2; hðevb 1Þ; hðevb 2ÞÞ, Aa 2’s evidence of Pi’s real identity and that Pi

requested the child certificates Ci;b 1 and Ci;b 2

eva 3 EpkLAðCRi;a 3; evb 2;Eska 3ðnLA; aui;b 2; hðevb 2ÞÞ, Aa 3’s evidence of Pi’s real identity and that Pi requested the child

certificate Ci;b 2

D. Critchlow, N. Zhang / Computer Networks 45 (2004) 483–503 495

corresponding values in T1, i.e. nLA and tLArespectively.

If Verification T2.1 is positive then the CA has

proof that the message is indeed originated from

LA and it has not been altered. The inclusion of

nLA and tLA also provides protection against mes-

sage replay-attacks or ‘spoofing’. Otherwise, the

protocol terminates with a fail-stop. Given a po-

sitive result, Ac 2 goes on to:Verification T2.2: Decrypts siLA with pkLA and

retrieves hðCi;c 2; sLAÞ, computes a fresh h0ðCi;c 2;sLAÞ and compares h0ðCi;c 2; sLAÞ to hðCi;c 2; sLAÞ.

If Verification T2.2 is positive then the CA has

proof that the message did indeed originate from

LA and it has not been altered. Otherwise, the

protocol terminates with a fail-stop. Given a po-

sitive result, Ac 2 goes on to:Verification T2.3: Check that Ci;c 2 is a certifi-

cate issued by Ac 2.

Given a positive result, Ac 2 retrieves items

sni;c 2, Ab 1, Ab 2, sei;c 2, srAb 1i;c 2 and srAb 2

i;c 2 stored in

association with Ci;c 2 (as illustrated in Table 3),

derives key ki;c 2 ¼ hðAc 2; pki;c 2; sei;c 2Þ, computes

evc 2 and chc 2 (defined in Table 5), generates its

messages to Ab 1 and Ab 2 and perform transac-tions T2 and T3.

It is worth noting that, (1) evc 2 provides LAwith evidence that Ac 2 issued Ci;c 2 upon Pi’s re-

quest and with consent from Ab 1 and Ab 2, where

chc 2 is the message checksum; (2) the message

content to Ab 1 and Ab 2 is exactly the same except

that each message is encrypted with the relevant

CA’s public key pkb n, where n 2 f1; 2g; (3) re-

cipient CAs cannot read evc 2 since it is encrypted

with LA’s public key pkLA.STAGE 3: In this stage, Ab 1 decrypts the mes-

sage from Ac 2 with skb 1 and uses sni;c 2 to find the

related (child) certificate Ci;c 2 and stored items

ki;c 2 and aui;c 2. Ab 1 verifies that CLA represents a

legal authority and then performs Verification

T2.1, generates ch0c 2 ¼ hðk0i;c 2;C0LA; s

0LA; sn

0i;c 2;

ev0c 2Þ, where k0i;c 2 is Ab 1’s own copy and C0LA, s

0LA,

sn0i;c 2 and ev0c 2 are taken from Epka 1. Ifch0c 2 ¼ chc 2, then Ab 1 has proof that Epka 1 is

unmodified. If ch0c 2 6¼ chc 2 then the protocol ter-

minates with a fail-stop. Given a positive result,

Ab 1 retrieves another set of items sni;b 1, Aa 1, Aa 2,

sei;b 1, srAa 1i;b 1 and srAa 2

i;b 1 stored in association with

Ci;b 1; computes ki;b 1, evb 1 and chb 1 (defined in

Table 5), constructs its messages to Ab 1 and Ab 2

and performs transactions T4 and T5 via ananonymous communication channel, respectively.

496 D. Critchlow, N. Zhang / Computer Networks 45 (2004) 483–503

Note (1) the message contents to Aa 1 and Aa 2

are exactly the same except that each message is

encrypted with the relevant CA’s public key pka n,

where n 2 f1; 2g; (2) neither of the recipient CAs

can read the evidence since it is encrypted with

LA’s public key pkLA; (3) evb 1 includes aui;b 1 andevc 2, where aui;b 1 allows LA to verify the

authenticity of Pi’s request for Ci;b 1, and evc 2 is

the evidence received from Ac 2.

Ab 2 performs similar operations as that by Ab 1

in Stage 3 to form its messages (as defined in Table

4) to Aa 2 and Aa 3 (transactions T6 and T7),

respectively.

STAGE 4: In this stage, Aa 1 decrypts themessagefrom Ab 1 with ska 1 and uses sni;b 1 to find the re-

lated (child) certificate Ci;b 1 and stored item aui;b 1.

Aa 1 verifies thatCLA represents a legal authority and

then performs Verification T2.1; generates ch0b 1 ¼hðk0i;b 1;C

0LA; s

0LA; sn

0i;b 1; ev

0b 1Þ, where k0ib 1 is Aa 1’s

own copy and C0LA, s

0LA, sn

0i;b 1 and ev0b 1 are taken

from T4 and checks that if ch0b 1 ¼ chb 1. If they are

equal, then Ab 1 has proof that Epka 1 is unmodified.Aa 1 then generates its message (defined in Table 4)

to LA, and performs Transaction T8 via a normal

communications channel. If ch0b 1 6¼ chb 1, then the

protocol terminates with a fail-stop. It is worth

noting that the parent certificate CRi;a 1 is a real-

identity certificate and therefore eva 1 does not

contain sei;a 1 or sri;a 1 and so their derivatives ki;a 1

and cha 1 are not generated.Aa 2 performs similar operations as that by Aa 1

above, and performs Transaction T9 via a normal

communications channel. Here, CRi;a 2 is a parent to

bothCi;b 1 andCi;b 2 and so eva 2 contains evb 1, evb 2,

aui;b 2 and aui;b 2. If the messages from Ab 1 and Ab 2

arrive at significantly different times, Aa 2 may send

two separatemessages to LA containing information

pertaining to each child certificate. For example, saythe message from Ab 2 arrives sometime before the

message from Ab 1. Aa 2 generates and sends the

message EpkLAðCRi;a 2, AWAITING_evb 1, evb 2,

Eska 2ðnLA; aui;b 2; hðevb 2ÞÞ to LA in T9a. When the

message from Ab 1 arrives, Aa 2 generates and sends

the message EpkLAðCRi;a 2; evb 1; SENT evb 2; Eska 2

ðnLA; aui;b 1; hðevb 1ÞÞ to LA in T9b.

Aa 3 performs similar operations as Aa 1 above,and performs Transaction T10 via a normal

communications channel.

STAGE 5: Once LA has received the evidence,

eva 1, eva 2 and eva 3, it verifies that each piece of

evidence received is authentic and that each cer-

tificate has been issued correctly. The first step is to

recover the nested evidences as per Evidence

Recovery below. Say, LA chooses to start witheva 1 that is of the form eva 1ðevb 1ðevc 2ÞÞ:

Evidence Recovery for eva 1: LA decrypts eva 1

with key skLA to recover CRi;a 1, evb 1 and

Eska 1ðnLA; aui;a 1; hðevb 1ÞÞ. LA then decrypts

Eska 1ðnLA; aui;a 1; hðevb 1ÞÞ with key pka 1 to re-

cover nLA, aui;b 1 and hðevb 1Þ. LA checks that nLAis identical to the value included in sLA. If positive,LA then generates a hash of ev0b 1, i.e. hðev0b 1Þ andchecks that the freshly generated hash is equal to

the one received. If this is positive, LA then pro-

cesses the next nested evidence, i.e. evb 1.

Evidence Recovery for evb 1 found in eva 1: LA

decrypts evb 1 with key skLA to recover Ci;b 1, evc 2

and Eskb 1ðnLA; sei;b 1; srAa 1i;b 1 ; sr

Aa 2i;b 1 ; aui;c 2; hðevc 2ÞÞ.

LA then decrypts Eskb 1ðnLA; sei;b 1; srAa 1i;b 1 ; sr

Aa 2i;b 1 ;

aui;c 2; hðevc 2ÞÞ with key pkb 1 to recover nLA,sei;b 1, srAa 1

i;b 1 , srAa 2i;b 1 , aui;c 2 and hðevc 2Þ. LA checks

that nLA is identical to the value included in sLA. Ifpositive, LA then generates a hash of ev0c 2, i.e.

hðev0c 2Þ and checks that the freshly generated hash

is equal to the one received. If this is positive, LA

then processes the next nested evidence, i.e. evc 2.

Evidence Recovery for evc 2 found in evb 1: LA

decrypts evc 2 with key skLA to recover Ci;c 2 andEskc 2ðnLA; sei;c 2; srAb 1

i;c 2 ; srAb 2i;c 2 Þ. LA then decrypts

Eskc 2ðnLA; sei;c 2; srAb 1i;c 2 ; sr

Ab 2i;c 2 Þ with key pkc 2 to

recover nLA, sei;c 2, srAb 1i;c 2 and srAb 2

i;c 2 . LA checks

that nLA is identical to the value included in sLA.LA continues this decryption and verification

process in a similar manner to Evidence Recovery

(above) for the nested evidences eva 2ðevb 1ðevc 2Þ;evb 2ðevc 2ÞÞ and eva 3ðevb 2ðevc 2ÞÞ.

If all the verifications are correct, LA then

performs the following on all decrypted evidences.

For brevity, we show only the processing for the

nested evidence eva 1ðevb 1ðevc 2ÞÞ:LA generates and retains k0i;b 1 ¼ hðAb 1; pki;b 1;

sei;b 1Þ using evidence evb 1, then decrypts aui;b 1

(found in eva 1 and also eva 2) with pki;b 1 in Ci;b 1

to obtain Ab 1, Ii;b 1, sni;b 1 and ki;b 1, and checksthat Ab 1, Ii;b 1, sni;b 1 and ki;b 1 in eva 1 are identical

to the corresponding values in eva 2. LA verifies

D. Critchlow, N. Zhang / Computer Networks 45 (2004) 483–503 497

that both Ab 1 and Ii;b 1 are in Ci;b 1 and that

ki;b 1 ¼ k0i;b 1 (generated by LA). If the results are

all positive, LA has proof that Pi has indeed ap-

plied to Ab 1 for Ci;b 1 using CRi;a 1 and CR

i;a 2.

LA continues the verification of certificate

issuing, i.e. decrypts srAa 1i;b 1 (in evb 1) with pka 1 to

obtain sni;b 1, k00i;b 1 and grAa 1i;b 1 ; decrypts sr

Aa 2i;b 1 (also

in evb 1) with pka 2 to obtain sni;b 1, k00i;b 1 and grAa 2i;b 1 ;

decrypts srAb 1i;c 2 (in evc 2) with pkb 1 to obtain sni;c 2,

k00i;c 2 and grAb 1i;c 2 ; and decrypts srAb 2

i;c 2 (also in evc 2)

with pkb 2 to obtain sni;c 2, k00i;c 2 and grAb 2i;c 2 . LA then

confirms that k00i;b 1 in grAa 1i;b 1 (in evb 1) is identical to

the value in grAa 2i;b 1 (also in evb 1) and k00i;c 2 in grAb 1

i;c 2

(in evc 2) is identical to the value in grAb 2i;c 2 (also in

evc 2). LA verifies that k00i;b 1 (in evb 1)¼ k0i;b 1 (gen-

erated by LA); k00i;c 2 (in evc 2)¼ k0i;c 2 (generated by

LA); sti;b 1 > 0 and ei;b 1 < lei;b 1 in grAa 1i;b 1 ; sti;c 2 >

0 and ei;c 2 < lei;c 2 in grAb 1i;c 2 ; gr

Aa 2i;b 1 ¼ ‘PASS’; and

grAb 2i;c 2 ¼ ‘PASS’.If the verifications for all nested evidences are all

positive then LA has the proof: Aa 1 and Aa 2 both

granted Ab 1 the right for issuing Ci;b 1 since srAa 1i;b 1 is

signed with Aa 1’s private key ska 1 and srAa 2i;b 1 is

signed with Aa 2’s private key ska 2; Aa 2 and Aa 3

both granted Ab 2 the right for issuing Ci;b 2 since

srAa 2i;b 2 is signed with Aa 2’s private key ska 2, and

srAa 3i;b 2 is signed with Aa 3’s private key ska 3; and Ab 1

and Ab 2 both granted Ac 2 the right for issuing Ci;c 2

since srAb 1i;c 2 is signed with Ab 1’s private key skb 1,

and srAb 2i;c 2 is signedwithAb 2’s private key skb 2. That

is, all anonymous certificates were issued correctly

and therefore LA has non-repudiable evidence that

the abused anonymous certificate Ci;c 2 belongs to

the individual whose real identity is shown on real-

identity certificates CRi;a 1 , C

Ri;a 2 and CR

i;a 3.

6. Protocol analysis

We now analyse our Issuing and Trace Back

protocols in terms of enhancements made as

compared to the original work presented in [6],

and we demonstrate that each protocol possesses

the fundamental characteristics of anonymity and

accountability by illustrating that the design

requirements stated in Section 2 have been met.Each protocol analysis is presented separately in

the following two subsections.

6.1. Issuing protocol analysis

6.1.1. Top-level assessment

We note the following general observations

about our protocol as compared to the originalissuing protocol as described in [6]:

• In order to obtain an anonymous certificate the

User must present two pieces of evidence, in this

case, two PKI certificates, and demonstrate pos-

session of the associated private keys. Since two

pieces of evidence are required the User submits

them together in the same transaction.• Since each certificate will have its own granted

right, the User Pi may indicate from which (par-

ent) certificate they prefer the granted right of the

new certificate to be inherited, by placing the pre-

ferred parent certificate first in the list within

Epkb 1. The Xi;a 2 information associated with

the second parent certificate (which simply acts

as additional evidence) is modified to includethe message ‘ID CHECK ONLY’. In this way,

the CA of the secondary parent certificate knows

that it must look up the expiry date and CRL but

notml ormc information for that certificate. The

Xi;a 1 information associated with the primary

parent certificate is unmodified and so the CA

of the primary parent certificate processes the

application as per the original scheme in [6].• The CA of the primary parent certificate returns

the granted rights within srAa 1i;b 1 as before. The

CA of the secondary parent certificate simply

returns a ‘PASS/FAIL’ message within srAa 2i;b 1 .

The issuing CA must receive both the granted

rights and a ‘PASS’ message in order to issue

a certificate. The issuing CA constructs the

new certificate using the granted rights fromthe primary parent certificate. If the issuing

CA does not receive both pieces of information

in the affirmative then the protocol terminates

with a fail-stop and a ‘No certification’ message

is sent to the User.

6.1.2. Assessment of our novel contribution

The concept of using primary and second-ary parent certificates for certificate issuing is a

novel one that results in a simple and efficient

modification to the original scheme. This is best

498 D. Critchlow, N. Zhang / Computer Networks 45 (2004) 483–503

illustrated by considering the case of using two

parent certificates of the same weighting, i.e. two

primary parent certificates. Both of theses certifi-

cates have not expired, have not been placed on

the CRL, have a ml or st (number of levels or

generations for real or anonymous certificates,respectively) value greater than zero and a mc(number of child certificates) value greater than

zero. The User would check these details before

submitting the application for a new certificate.

Referring to Table 1:

• In T1 the User Pi would construct and send

Epkb 1ðAa 1; pki;b 1; sei;b 1; sni;b 1;Xi;a 1;Aa 2;Xi;a 2Þwith Xi;a 1 and Xi;a 2 as per the original scheme,

i.e. Xi;a 2 would not contain the additional ‘ID_

CHECK_ONLY’ message.

• In T2 and T3 the issuing CA, Ab 1, would for-

ward Xi;a 1 and Xi;a 2 to the relevant parent

CAs, Aa 1 and Aa 2.

• For T4, Aa 1 would construct and send the mes-

sage sni;b 1, Eki;b 1ðsrAa 1i;b 1Þ to the issuing CA, Ab 1,

with grAa 1i;b 1 ¼ ðsti;b 1 > 0; lei;b 1 > 0Þ. At this

stage Aa 1 would need to make a provisional

child certificate allocation to the parent certifi-

cate, Ci;a 1, and store the following items with

a ‘awaiting confirmation’ note, Ci;b 1: sni;b 1,

ki;b 1, lei;b 1, aui;b 1, ‘pending’.

• For T5, Aa 2 would construct and send the mes-

sage sni;b 1, Eki;b 1ðsrAa 2i;b 1Þ to the issuing CA, Ab 1,

with grAa 2i;b 1 ¼ ðsti;b 1 > 0; lei;b 1 > 0Þ. Aa 2 would

also need to make a provisional child certificate

allocation to the parent certificate, Ci;a 2, and

store the following items with a ‘awaiting con-

firmation’ note, Ci;b 1: sni;b 1, ki;b 1, lei;b 1,

aui;b 1, ‘pending’.

• In order to construct and send Ci;b 1 to Pi in T6,

the issuing CA Ab 1 must decide which grantedrights, grAa 1

i;b 1 or grAa 2i;b 1 , the new certificate will in-

herit. Assuming Ab 1 is able to do so using a

selection criterion acceptable to User Pi, Ab 1

then needs to inform both parent CAs, Aa 1

and Aa 2, of this decision so that they may up-

date the provisional child certificate informa-

tion stored in association with the parent

certificate. For example, say Ab 1 selects grAa 2i;b 1 :

• For T7, Ab 1 would then need to construct and

send to Aa 2 a message of the form Epka 2

ðsni;b 1; Eki;b 1ðgrAa 2i;b 1 ; ‘CHILD CERT ISSUED’ÞÞ.

In this way Aa 2 knows that this particular re-

quest for an anonymous certificate resulted in

the issuing of a new child certificate, Ci;b 1, to

be associated with the parent certificate, Ci;a 2,and that the provisional child certificate alloca-

tion information is to be confirmed, i.e. Ci;b 1:

sni;b 1, ki;b 1, lei;b 1, aui;b 1 is now stored.

• For T8, Ab 1 would then need to construct and

send to Aa 1 a message of the form

Epka 1ðsni;b 1;Eki;b 1ðgrAa 1i;b 1 ; ‘NOT USED’ÞÞ. In

this way Aa 1 knows that in this particular re-

quest for an anonymous certificate there is nonew child certificate to be associated with the

parent certificate, Ci;a 1, and that the provisional

child certificate allocation information is to be

removed, i.e. Ci;b 1: sni;b 1, ki;b 1, lei;b 1, aui;b 1,

‘pending’, is now deleted.

The original issuing protocol in [6], using just

one parent certificate (primary only case), has atotal of four transactions. Our extended and

modified issuing protocol presented in Section 5.2,

using a primary and a secondary certificate (pri-

mary/secondary case), has a total of six transac-

tions, an increase of just 50%. The version of the

issuing protocol using two parent certificates of the

same weighting (primary/primary case), discussed

above, has a total of eight transactions, that isdouble or an 100% increase in the number of

transactions compared to the original protocol.

The primary/primary case protocol has further

disadvantages: it requires one parent CA to pro-

cess and store information that later transpires to

be redundant; the decision making process as to

how the User’s certificate graph develops is no

longer with the User; and the source of theEpka nðsni;b 1;Eki;b 1ðgrAa n

i;b 1 ; ‘�’ÞÞmessages, where ‘*’

denotes ‘CHILD CERT ISSUED’ or ‘NOT USED’,is not verifiable, nor may it be. We discuss each

disadvantage in turn:

• Redundant information processing and storing.

In the primary/primary case protocol each par-

ent CA, Aa n, where n 2 f1; 2g, must: look upthe expiration time, ei;a n, of the parent certifi-

cate, Ci;a n; check that Ci;a n has not been placed

on the CRL; derive the granted right

D. Critchlow, N. Zhang / Computer Networks 45 (2004) 483–503 499

grAa ni;b 1 ¼ ððsti;b 1 ¼ sti;a n � 1Þ; ðlei;b 1 < lei;a nÞÞ;

generate and send sni;b 1, Eki;b 1ðsrAa ni;b 1Þ; store

Ci;b 1 (i.e., sni;b 1, ki;b 1, lei;b 1, aui;b 1), ‘pending’

in association with Ci;a n; and await Ab 1’s con-

firmation message before processing anotherapplication from Pi simply and only because

the decision as to which granted rights, grAa ni;b 1 ,

is to be used has not yet been made. Since only

one granted right may be used, then almost half

of the processing that is performed during this

stage of the protocol is unnecessary. Further-

more, since neither CA knows which of the

granted rights is to be used until they receivethe Epka nðsni;b 1; ki;b 1ðgrAa n

i;b 1 ; ‘�’ÞÞ message,

where ‘*’ denotes ‘CHILD CERT ISSUED’ or

‘NOT USED’, from Ab 1, they must delay pro-

cessing further applications from Pi via another

issuing CA.

• The development of Pi’s certificate graph is no

longer in Pi’s control. In the primary/primary

approach protocol, the decision as to which ofthe granted rights, grAa n

i;b 1 , is to be used, and

hence which certificate is the true parent, is

made by the issuing CA, Ab 1, not the User. This

is because Pi has not indicated which parent cer-

tificate is preferred, nor given a selection crite-

rion. Such criteria may be based on the

number of further generations allowed, sti;b 1,

or the expiration time, lei;b 1, both of whichare made available to Ab 1, via the grant rights,

grAa ni;b 1 . However, Pi may wish to obtain all pos-

sible child certificates from a particular parent

certificate first, but is not able to convey this

to Ab 1. Furthermore, for Ab 1 to offer, say, ‘par-

ent with most child certificates available’ as a

selection criteria, Ab 1 would need to receive

information pertaining to the remaining num-ber of allowable child certificates associated

with a particular parent certificate, and this

information is not made available. If this infor-

mation were made available, then every issuing

CA would have an indication of the structure of

Pi’s certificate graph, which may in turn lead to

a reduction in anonymity assurance. As the

scheme is, the fact that a child certificate is al-lowed is implied by grAa n

i;b 1 6¼ ð0; 0Þ. Ultimately,

for the issuing CA to be able to use a selection

criterion that is equivalent to that used by Pi,

the issuing CA would need to know as much

about Pi’s certificate graph as does Pi.• The source of Epka n(sni;b 1; ki;b 1ðgrAa n

i;b 1 ; ‘�’ÞÞ,where ‘*’ denotes ‘CHILD CERT ISSUED’ or

‘NOT\_USED, cannot be established. We firstexamine the reasons for this and then the secu-

rity implications. Since Ab 1 is anonymous to

the parent CAs, Aa 1 and Aa 2, (and must remain

so in order to prevent either Aa 1 or Aa 2 inferring

a link between Ci;b 1 and Ci;a 1 or Ci;a 2), Ab 1 can-

not sign ðsni;b 1;Eki;b 1ðgrAa ni;b 1 ; ‘�’ÞÞ with its pri-

vate key, skb 1. The security implication is that

this message does not posses the property ofnon-repudiation. Any one of the involved

CAs, Ab 1, Aa 1 or Aa 2 could launch a ‘denial-

of-service’ type attack on Pi by denying Pi therightful issue of further child certificates some-

time in the future. For instance, a compromised

Ab 1 may send the message Epka nðsni;b 1; Eki;b 1

ðgr Aa ni;b 1 ; ‘CHILD CERT ISSUED’ÞÞ to both Aa 1

and Aa 2 when it is Ci;a 1 that is the parent certif-icate. Pi will receive one child certificate from

this request as expected, but according to the re-

cords of Aa 1 and Aa 2, Pi has received a child cer-

tificate from each parent. The denial-of-service

will become apparent when Pi requests the ‘un-

issued’ child certificate of Ci;a 2. A compromised

parent CA may also launch a denial-of-service

attack in a similar manner by substituting the re-ceived Epka nðsni;b 1; ki;b 1ðgrAa n

i;b 1 ; ‘NOT USED’ÞÞwith their self-generated Epka nðsni;b 1; Eki;b 1

ðgrAa ni;b 1 ; ‘CHILD CERT ISSUED’ÞÞ. All invol-

ved parties are able to deny generating and send-

ing the false message.

Our protocol, the primary/secondary case, alle-

viates all these potential problems. By allowing Pito indicate from which parent certificate the gran-

ted rights are to be inherited, i.e. the primary par-

ent, Pi is able to determine how the certificate graph

is developed. Furthermore, since it is known which

is the primary certificate, only the primary parent

CA need look up sti;a n and lei;a n and store the child

certificate information to be associated with the

parent certificate; the issuing CA need not selecta granted right to be used and therefore the need

for the message Epka nðsni;b 1;Eki;b 1ðgrAa ni;b 1 ; ‘�’ÞÞ is

removed.

500 D. Critchlow, N. Zhang / Computer Networks 45 (2004) 483–503

6.1.3. Assessment against stated design require-

ments

We now analyse our protocol presented in

Table 1 with regard to the design requirements

stated in Section 2. The anonymity of our protocolis established via the following cases. [DRnumber:name] indicates the design requirement satisfied by

each case:

• As sni;b 1 and ki;b 1 are unique to Pi and are

used by the CAs to identify a continuing

transaction, Ab 1 and Aa 1 (or Ab 1 and Aa 2)

are able to link Ci;b 1 to Ci;a 1 (or to Ci;a 2)by collusion. This problem is alleviated by

deepening the depth (increasing the number

of levels) of the certificate graph. As discussed

in [6], the certificates at the bottom of the

graph have the highest assurance of anonym-

ity. It is therefore in Pi’s interest to use a mul-

titude of CAs. In this way, multiple CAs need

to collude in order to make the associationbetween all of Pi’s certificates. DR2: customerprofiling.

• A single compromised CA is unable to link Pi’scertificates to one another or to Pi for the fol-

lowing reasons:

� Pi does not sign its request for a certificate and

the messages between Pi and Ab 1 are con-

ducted via anonymous communication chan-nels, so Ab 1 does not know the identity/

address of Pi. DR1: anonymity.� Messages from Ab 1 to Aa 1 and to Aa 2 are

conducted via anonymous communications

channels and encryption is performed using

the fresh session key ki;b 1, so neither Aa 1

nor Aa 2 know the identity/address of

Ab 1, and are therefore unable to infer alink between Ci;b 1 and Ci;a 1 or Ci;a 2.

DR1: anonymity and DR2: customer profil-ing.

� The granted rights, grAa 1i;b and grAa 2

i;b , do not

contain any information that is in Ci;a 1 or

Ci;a 2, so Ab 1 is unable to link Ci;b 1 to either

Ci;a 1 or Ci;a 2. DR1: anonymity and DR2: cus-tomer profiling.

The accountability of our protocol is estab-

lished via the following cases. [DR number: name]

indicates the design requirement satisfied by each

case:

• Any anonymous certificate can be traced back

to the parent real-identity certificates, but only

by a legal authority who collects verifiable andnon-repudiable evidence in the process (Real-

Identity Tracing is described in Section 5.3).

DR3: accountability and DR4: non-repudiation.• Pi cannot deny requesting a certificate nor claim

that a CA has either falsely issued Pi a certificateor issued a certificate to another party Pj in Pi’sname, nor can a CA deny issuing a certificate

either to Pi or to another party Pj in Pi’s namefor the following reasons:

� aui;a 1 in Xi;a 1 and aui;a 2 in Xi;a 2 are signed

with Pi’s private key ski;a 1 and ski;a 2, respec-

tively, which only Pi has knowledge of.

Should another party Pj wish to obtain a cer-

tificate in Pi’s name, Pj now has to compro-

mise at least two of Pi’s private keys in

order to obtain a certificate. DR5: authoriseduse.

� ki;b 1 in aui;a 1, aui;a 2, srAa 1i;b 1 and srAa 2

i;b1prevents

Ab 1 from modifying pki;b 1 and then passing a

copy of the certificate on to another party Pj.This is because ki;b 1 cannot be forged and

both Aa 1 and Ab 2 are passed a copy of ki;b 1

in aui;a 1 and aui;a 2, respectively, return a

copy of ki;b 1 in srAa 1i;b 1 and srAa 2

i;b 1 , respectively,and store a copy of ki;b 1 and aui;a 1 or ki;b 1

and aui;a 2, respectively. In this way Ab 1’s dis-

honesty can be proven. If Ab 1, Aa 1 and Aa 2

were to collude by, say, substituting

kj;b 1 ¼ hðAb 1, pkj;b 1, sei;b 1Þ for ki;b 1 then no

CA would be able to deny their involvement

with the deceit, unless they deleted all refer-

ences to the Certificate Issuing transactions.In that case, the Real-Identity Tracing process

would stall and LA would be forced to inves-

tigate. DR3: accountability, DR4: non-repudi-ation, and DR5: authorised use.

� grAa 1i;b 1 is encrypted with ska 1, which is Aa 1’s

signature on grAa 1i;b 1 , and grAa 2

i;b 1 is encrypted

with ska 2, which is Aa 2’s signature on

grAa 2i;b 1 , so neither CA can deny granting Ab 1

the right to issue Ci;b 1 to Pi. DR3: accountabil-ity and DR4: non-repudiation.

D. Critchlow, N. Zhang / Computer Networks 45 (2004) 483–503 501

6.2. Trace back protocol analysis

6.2.1. Top-level assessment

We note the following general observations

about our protocol as compared to the originaltrace back protocol as described in [6]:

• The identity trace back path is no longer a sin-

gle sequential path, rather it is now a branching

sequential path. This has occurred because Pi isrequired to present two certificates from two

separate CAs. In order to hold Pi accountable,the LA must demonstrate that all certificateswere issued to Pi correctly. To achieve this,

LA must verify the entire graph from ‘abused’

certificate back to all real-identity certificates

including branches that produce apparently

redundant information (e.g. CRi;a 2 is a parent

of both Ci;b 1 and Ci;b 2).

• The branching trace back path has resulted in a

number of transaction types being repeated,resulting in an increase in total number of trans-

actions performed. The number of repetitions is

directly related to the number of parental certi-

ficates, n, and may be regarded as an overhead

compared to the original scheme [6]. This is

summarised in Table 6.

6.2.2. Assessment of our novel contribution

The structure of the Trace Back Protocol is a

direct result of using two pieces of evidence in the

Issuing Protocol, i.e. for each anonymous certifi-

cate issued there are now two trace back paths.

The benefits of requiring Pi to present two certifi-

cates and demonstrate possession of the associated

private keys in order to obtain a further child

certificate via our Issuing Protocol have been dis-cussed in Section 6.1. The existence of two trace

back paths in our Trace Back Protocol is of benefit

Table 6

Repeated transactions in trace back protocol

Stage Additional transaction repeats

STAGE 1 None

STAGE 2 ðn� 1ÞSTAGE 3 ðn2 � 1ÞSTAGE 4 ðnÞ

in quickly detecting fraudulent certificate issue by

collusion. For instance, say, Ab 1 issues a child

certificate Ci;b 1 to Pi as requested but substitutes

kj;b 1 ¼ hðAb 1, pkj;b 1, sei;b 1Þ for ki;b 1 and forwards

a forged certificate to another party, Pj. This deceitis easy to detect because kj;b 1 derived from theforged certificate is not identical to ki;b 1 stored by

Ab 1, Aa 1 and Aa 2. If, say Ab 1 and Aa 1 were to

collude by substituting kj;b 1 ¼ hðAb 1, pkj;b 1,

sei;b 1) for ki;b 1 throughout, then during the veri-

fication processes of the original trace back pro-

tocol, presented in [6], this certificate issue would,

on first inspection, appear to be legitimate. How-

ever, the verification processes in our trace backprotocol include the comparison of like-for-like

data, such as aui;b 1, held by both parents in

addition to the verification of ki;b 1, i.e. the collu-

sion is made obvious by the other parent trace

back data. This like-for-like comparison serves to

further assure the counter-fraud property, i.e.

DR5: authorised use, of our protocol.

6.2.3. Assessment against stated design require-

ments

We now analyse our protocol presented in

Table 4 with regard to the design requirements

stated in Section 2. The anonymity of our protocol

is established via the following cases. [DRnumber:name] indicates the design requirements satisfied

by each case:

• All evidences evc 2 through to and including

eva 1, eva 2 and eva 3 are encrypted with LA’s

public key pkLA , so only LA may read the evi-

dence. Furthermore, each message is encrypted

with the public key of the recipient CA and is

sent via an anonymous communication chan-nel. In this way no CA may gain any more

information about Pi’s certificate graph than

Total overhead w.r.t. original scheme

None

ðn� 1ÞEpkb xðCLA; nLA; tLA; sLA; sni;c 1; evc 1; chc 1Þðn2 � 1ÞEpkb xðCLA; nLA; tLA; sLA; sni;b x; evb x; chb xÞðnÞeva x

502 D. Critchlow, N. Zhang / Computer Networks 45 (2004) 483–503

that which they already possess from the issuing

process, i.e. they have knowledge of the imme-

diate parent and child certificates only. DR1:anonymity and DR2: customer profiling.

• For each ‘abused’ certificate (in our example,Ci;c 2) in the sequence, LA can prove that Pi re-quested Ci;c 2 from Ac 2 using parental certifi-

cates Ci;b 1 and Ci;b 2; that Ac 2 issued Ci;c 2

using granted rights from both Ab 1 and Ab 2

and that Ac 2 issued Ci;c 2 in which the public

key pki;c 2 is correct, and the expiration time

ei;c 2 is correct with respect to the granted right

grAb 1i;c . DR3: accountability, DR4: non-repudia-

tion and DR5: authorised use.

Note that a compromised CA may disrupt the

identity trace back process by either not forward-

ing its evidence to the next CA in the sequence or

by providing incorrect evidence (including deceit

through collaboration). In this case, LA may

perform the sequence stepwise by sending each CAthe message EpkCA(CLA, Ci;CA, nLA , tLA, sLA, siLA)with instructions to send evidence directly to LA.

7. Conclusions

Our extensions to the original scheme (as de-

scribed in [6]) have increased the security of theoriginal scheme by requiring two pieces of evi-

dence (i.e. two certificates and demonstrated pos-

session of associated private keys) to be presented

in order to obtain a further certificate in the most

efficient manner. In this way, the threat of an at-

tacker falsely obtaining an anonymous certificate

by using a compromised private key has been

much reduced. The anonymity and accountabilityproperties of the original scheme (as described in

[6]) have been retained without deterioration. The

use of like-for-like verification of the two parent

certificate trace back data allows easy detection of

fraudulent certificate issue by colluding CAs. In

this way, users of our protocol suite have further

assurance against fraud. Further work includes

investigating the incorporation of partially ano-nymalised payment and delivery of tangible goods

and proposals for anonymous certificate revoca-

tion.

Acknowledgements

The first author gratefully acknowledges the

financial support given by the Department of

Computer Science, University of Manchester, UK,and the award of IEE Vodafone Scholarship.

The authors wish to thank the anonymous ref-

erees for their constructive comments and valuable

suggestions.

References

[1] D.L. Pipkin, Information Security––Protecting the Global

Enterprise, Prentice Hall, Englewood Cliffs, NJ, 2000.

[2] Technical report, Universal Mobile Telecommunications

Systems (UMTS); 3G Security; Security Threats and

Requirements, ETSI at http://www.etsi.org/, 2001.

[3] S. Tabbane, Handbook of Mobile Radio Networks, Artech

House, Boston, MA, 2000.

[4] W. Stallings, Cryptography and Network Security: Princi-

ples and Practice, third ed., Prentice Hall, Englewood

Cliffs, NJ, 1999.

[5] J.C. Graff, Cryptography and E-commerce, Wiley, New

York, 2001.

[6] N. Zhang, Q. Shi, M. Merabti, Anonymous public-key

certificates for anonymous and fair document exchange,

IEEProceedings––Communications 147 (6) (2000) 345–350.

[7] D. Chaum, Untraceable electronic mail, return addresses

and digital pseudonyms, Communications of the ACM 24

(2) (1981) 84–88.

[8] Research report, rz3295(93341), Efficient non-transferable

anonymous multi-show credential system with optional

revocation, J. Camenisch and A. Lysyanska*, IBM Zurich

Research Laboratory and *MIT, 2000.

[9] S.G. Stubblebine, P.F. Syverson, D.M. Goldschlag, Un-

linkable serial transactions: protocols and applications,

ACM Transactions on Information and System Security

2(4) (1999) 354–389.

[10] Q. Shi, B. Askwith, M. Merabti, K. Whiteley, Achieving

user privacy in mobile networks, IEE Proceedings of the

13th Annual Computer Security Applications Conference,

1997, pp. 108–116.

[11] L. Buttyan, J.P. Hubaux, Accountable anonymous access

to services in mobile communications systems, Proceedings

of the 18th IEEE Symposium on reliable Distributed

Systems, 1999, pp. 384–389.

[12] P. Lokela, Wireless Internet access using anonymous access

methods, IEEE 1999 International Workshop on Mobile

Multimedia Communications (MoMuC’99), 1999, pp. 194–

197.

[13] B. Preneel, J. Claessens, J. Vandewalle, Solutions for

anonymous communications on the Internet, Proceedings

of the IEEE 33rd Annual International Carnahan Confer-

ence on Security Technology, 1999, pp. 298–303.

D. Critchlow, N. Zhang / Computer Networks 45 (2004) 483–503 503

[14] P.F. Syverson, M.G. Reed, D.M. Goldschlag, Anonymous

connections and onion routing, IEEE Journal on Selected

Areas in Communications 16 (4) (1998) 482–494.

[15] D. Chaum, Security without identification: transaction

systems to make big brother obsolete, Communications of

the ACM 28 (10) (1985) 1030–1044.

[16] M.K. Reiter, A.D. Rubin, Crowds: anonymity for web

transactions, ACM Transactions on Information and

Systems Security 1 (1) (1998) 66–92.

[17] C. Shields, B.N. Levine, A protocol for anonymous

communication over the Internet, Proceedings of the 7th

ACM Conference on Computer and Communication

Security, 2000, pp. 33–42.

D. Critchlow CEng MIEE is a Ph.D.student at the Department of Com-puter Science, University of Manches-ter, UK. Her research area is userprivacy and accountable anonymityfor mobile e-commerce. She has 9years experience in the radio commu-nications industry. She holds aDepartmental Scholarship from theDepartment of Computer Science,University of Manchester and the IEEVodafone Award.

N. Zhang is a Lecturer at the Depart-ment of Computer Science, Universityof Manchester, UK. She received herPh.D. in Electronic Engineering fromthe University of Kent at Canterbury,UK. Her research interests includecomputer networks, mobile comput-ing, and information and e-commercesecurity. She is supervising a numberof research projects on these subjects,which are funded by various fundingsources, including the UK Engineeringand Physical Sciences ResearchCouncil (EPSRC) and Department of

Trade and Industry (DTI).