An IoT Privacy-Oriented selective disclosure credential system

Abstract

Abstract Personal credentials, such as passports and drivers’ licenses, can be implemented electronically using multi-show protocols. In this paper, we introduce an IoT Privacy-Oriented selective disclosure credential system, i.e. based on bilinear pairings and multilinear maps. The proposed system consists of three protocols, which allow users to be in control of their personal credentials. The Credentials Authority (CA) verifies and attests to the users credentials. Once the CA signs these credentials, the users cannot modify any of them. Moreover, the users can mask these credentials in every showing process to protect their identity from being revealed through a collusion between the CA and the verifiers. The proposed system maintains unlinkability between the issuing and showing protocols. Furthermore, it achieves unlinkability in the showing protocol such that the verifier cannot distinguish a user in two different sessions of the showing protocol. The proposed system is novel and practical in terms of introducing a new multi-show credential system that supports selective disclosure (Some credentials can be disclosed and others kept secret during the showing protocol.) The proposed system is the first that utilizes multilinear maps in the identification protocol. Making use of bilinear pairings and multilinear maps are suitable for IoT devices that have limited capabilities in terms of power consumption, key storage, and computing power. The security analysis of the proposed system is discussed using Burrows–Abadi–Needham (BAN) logic.