We propose a new specification framework for information hiding properties such as anonymity and privacy. The framework is based on the concept of a function view, which is a concise representation of the attacker's partial knowledge about a function. We describe system behavior as a set of functions, and formalize different information hiding properties in terms of views of these functions. We present an extensive case study, in which we use the function view framework to systematically classify and rigorously define a rich domain of identity-related properties, and to demonstrate that privacy and anonymity are independent.

Abstract. Vehicular Ad hoc NETworks (VANETs) demand a thorough investigation of privacy related issues. On one hand, users of such networks have to be prevented from misuse of their private data by authorities, from location profiling and from other attacks on their privacy. On the other hand, system operators and car manufacturers have to be able to identify malfunctioning units for sake of system availability and security. These requirements demand an architecture that can really manage privacy instead of either providing full anonymity or no privacy at all. In this paper we give an overview on the privacy issues in vehicular ad hoc networks from a car manufacturer’s perspective and introduce an exemplary approach to overcome these issues. 1

Abstract. We present the analysis of a protocol for private authentication in the applied pi calculus. We treat authenticity and secrecy properties of the protocol. Although such properties are fairly standard, their formulation in the applied pi calculus makes an original use of process equivalences. In addition, we treat identity-protection properties, which are a delicate concern in several recent protocol designs. 1

In this paper, we propose a scheme for providing anonymous channel service in wireless communications. By this service, many interesting applications, such as electronic elections, anonymous group discussions, with user identification confidential can be easily realized. No one can trace a sender's identification and no one but the authority centre can distinguish an anonymous message from a normal message when a user uses the anonymous channel. The user anonymity in our scheme is neither based on any trusted authority nor on the cooperation of all potential senders. Our scheme can be easily applied to existing wireless systems, such as GSM and CDPD, without changing their underlying structures. # 1999 Elsevier Science B.V. All rights reserved. Keywords: Anonymous channel; Authentication; Untraceable e-mail systems; Electronic elections; Anonymous group discussions; Privacy and security 1. Introduction Many applications, such as electronic voting schemes [1-- 3], anonymous group dis...

The main contributions of this paper are: (1) to analyze an authentication and key distribution protocol for mobile computing proposed by Beller, Chang and Yacobi in 1993, and reveal two problems associated with their protocol. (2) to propose a new authentication and key distribution protocol that utilizes a broadcast channel in a mobile network. A particularly interesting feature of the new proposal is that it allows the authentication of a base station by a mobile user to be conducted "at the background", which yields a very compact protocol whose total number of moves of information between a mobile user and a base station is only 1.5 ! Keywords Authentication, Cryptography, Key Distribution, Mobile Computing, Security 1 SECURITY ISSUES IN WIRELESS NETWORKS Recent years have seen an explosive growth of interest in wireless (information) networks that support the mobility of users (and terminals). These networks serve as a foundation of future universal, mobile and ubiquitous perso...

Abstract — Two novel mutual authentication and key exchange protocols with anonymity are proposed for different roaming scenarios in the global mobility network. The new features in the proposed protocols include identity anonymity and one-time session key renewal. Identity anonymity protects mobile users privacy in the roaming network environment. One-time session key progression frequently renews the session key for mobile users and reduces the risk of using a compromised session key to communicate with visited networks. It has demonstrated that the computation complexity of the proposed protocols is similar to the existing ones, while the security has been significantly improved. Index Terms — Authentication, key exchange, roaming service, anonymity, secret-splitting, self-certified. Fixed Internet nodes A’s home network, home agent (H) Internet B’s home network, home agent (H) Mobile terminal (M), B Foreign network2 (V)

Abstract. We study the provable security of identity-based (ID-based) key agreement protocols. Although several published protocols have been proven secure in the random oracle model, only a weak adversarial model is considered – the adversary is not allowed to ask Session-Key Reveal queries that will allow the adversary to learn previously established session keys. Recent research efforts devoted to providing a stronger level of security require strong assumptions, such as assuming that the simulator has access to a non-existential computational or decisional oracle. In this work, we propose an ID-based key agreement protocol and prove its security in the widely accepted indistinguishability-based model of Canetti and Krawczyk. In our proof, the simulator does not require access to any non-existential computational or decisional oracle. We then extend our basic protocol to support ad-hoc anonymous key agreement with bilateral privacy. To the best of our knowledge, this is the first protocol of its kind as previously published protocols are for fixed group and provide only unilateral privacy (i.e., only one of the protocol participants enjoy anonymity).

Abstract — With the widespread use of mobile devices, the privacy of mobile location information becomes an important issue. In this paper, we present the requirements on protecting mobile privacy in wireless networks, and identify the privacy weakness of the third generation partnership project- authentication and key agreement (3GPP-AKA) by showing a practical attack to it. We then propose a scheme that meets these requirements, and this scheme does not introduce security vulnerability to the underlying authentication scheme. Another feature of the proposed scheme is that on each use of wireless channel, it uses a one-time alias to conceal the real identity of the mobile station with respect to both eavesdroppers and visited (honest or false) location registers. Moreover, the proposed scheme achieves this goal of identity concealment without sacrificing authentication efficiency. Index Terms — mobile privacy, mobile authentication, user untraceability, one-time alias, 3GPP-AKA, elliptic curve cryptosystems. I.

In a set of distributed wireless networks, such as globally distributed cellular systems, different networks could be administered by different operators. Mobile devices subscribed to one network may need to access networks administered by some other operators. An anonymous authentication protocol allows a roaming mobile device to anonymously authenticate itself to a visiting network in such a way that eavesdroppers in the visiting network and operators of other networks can only tell to which network the mobile device is subscribed but cannot tell the identity of the mobile device. The protocol is useful for protecting the privacy of the roaming mobile device. In this paper, we review two anonymous authentication protocols and point out some weaknesses and flaws of them. We show that these protocols are vulnerable to some practical attacks and the anonymity of a roaming mobile device could be compromised. 1

Any entity operating in cyberspace is susceptible to debilitating attacks. With cyber attacks intended to gather intelligence and disrupt communications rapidly replacing the threat of conventional and nuclear attacks, a new age of warfare is at hand. In 2003, the United States acknowledged that the speed and anonymity of cyber attacks makes distinguishing among the actions of terrorists, criminals, and nation states difficult. Even President Obama’s Cybersecurity Chief-elect recognizes the challenge of increasingly sophisticated cyber attacks. Now through April 2009, the White House is reviewing federal cyber initiatives to protect US citizen privacy rights. Indeed, the rising quantity and ubiquity of new surveillance technologies in cyberspace enables instant, undetectable, and unsolicited information collection about entities. Hence, anonymity and privacy are becoming increasingly important issues. Anonymization enables