loading page

AATM: An Anonymous Authentication Protocol for Time Span of Membership with Self-blindness and Accountability
  • +4
  • Qiuyun Lyu ,
  • Xiwen Liang ,
  • Shaopeng Cheng ,
  • Fu Li ,
  • Yizhi Ren ,
  • Zhen Wang ,
  • Shui Yu
Qiuyun Lyu
Author Profile
Xiwen Liang
Hangzhou Dianzi University

Corresponding Author:[email protected]

Author Profile
Shaopeng Cheng
Author Profile
Yizhi Ren
Author Profile
Zhen Wang
Author Profile

Abstract

Users often purchase membership credentials with a fixed number of uses or limited duration from Internet service providers, we call them pay-per-use or time span of membership services. However, users’ access records, usage preferences, and habits are collected by network attackers or membership providers for creating users’ profiles, targeted advertising, and even for being sold maliciously. To deal with these problems, lots of anonymous authentication protocols are proposed to provide users with pseudonyms to conceal their real identities. Although these protocols effectively prevent network attackers from compromising users’ privacy, membership service providers can still gather users’ behavioral privacy via their member- ship credentials. Therefore, several scholars proposed k-times anonymous authentication protocols and self-blind credentials to enhance users’ privacy protection, but the k-times anonymous authentication protocols are only for pay-per-use membership services and the schemes of self-blind credentials are lack of regulating malicious users. To address these issues, this article proposes an anonymous authentication protocol for time span of membership (AATM) with self-blindness and accountability. Specifically, accountable self-blind credentials are constructed to ensure that users can create a brand new identity by them- selves for each membership access, which not only prevents a user from being linked by service providers but also supports conditional and impartial regulating. Security and performance analyses show that AATM is better than the state-of-the-art schemes in terms of security and privacy-preserving capabilities, and its computation cost also meets the practical application requirements.