PRIVACY PRESERVATION IN ONLINE TRANSACTIONS USING PRIVATE AND SUBSCRIPTION CREDENTIALS

Abstract

In today's electronic society a large number of transactions are performed online. In order to perform these transactions, users share their personal data with number of organizations. There are chances that the data is transferred to other organizations, misused or misinterpreted. The data, in turn, is compiled to build detailed profiles of users. These profiles then can be used against the user in subsequent transactions. Thus there is a need to preserve the privacy of the user at the service provider's side. Private credentials technology has been a leading privacy preserving technology to provide user authentication as well as authorization while keeping the user privacy intact. But still there are chances of linkability between show protocols of the same credential. Due to this and other requirements, a concept of subscription credentials has been developed and implemented in this dissertation work. Subscription credentials are specialized credentials built on the top of private credentials and are used for subscription based services. The constructs used for developing subscription credentials are based on that used for private credentials. Thus the subscription credentials are compatible with the private credentials. These credentials have the advantages such as verifier can encode attributes into the credential and less linkability as compared to private credentials. Subscription credentials have been constructed using the elliptic curve arithmetic. Elliptic curve arithmetic has the property that it provides equal security in smaller key sizes as compared to that provided by it's RSA or discrete logarithm based counterparts. Subscription credentials are based ECDLP i.e. Elliptic Curve Discrete Logarithm Problem. ECDLP is supposed to be harder than DLP i.e. Discrete Logarithm Problem. Thus the scheme presented here provides more security. iii