Cavit Özbay

My main research interests are in the field of privacy enhancing protocols and conditional anonymity. In more detail, I am interested in systems that provide privacy properties to users while also assuring accountability measures in the required cases. The main task of identity management systems is to provide an authentication mechanism that allows service providers to deliver the service to the correct parties. While authentication notion is mainly built upon the service providers' concerns, users of these applications may have concerns on their privacy. If the underlying authentication mechanism reveal the identity of a user to service providers, then service providers may learn various private information about the user which is irrelevant to the provided service.

Anonymous authentication mechanisms are proposed to solve this problem. Anonymous authentication schemes aim to prevent the systems from leaking information of the users which is irrelevant from the authentication process. These schemes may target different definitions of anonymity according to use cases. Unconditional anonymity is usually used to define the following notion. Users do not reveal any other information then they are required to reveal to authenticate. While this notion solves the privacy concerns of users, it makes impossible to have any accountability mechanism by the definition. Hence, service providers cannot take any action against a misbehaving user. Conditionally anonymous schemes propose solutions between two extremes, anonymity and accountability, considering different use cases adversarial models.

One of my works which is a continuation of my Master thesis focuses on a specific type of conditionally anonymous authentication scheme, blacklistable anonymous credentials. This work is a joint work with my Master thesis supervisor, Prof. Albert Levi. Blacklistable anonymous credential schemes mainly propose a system in which service providers can blacklist a user based on the specific session in which the user got the service. It allows one to blacklist a user without learning the identity of the user and there is no way to link an authentication session to the real-world identity of a user. Commonly, blacklistable anonymous credential schemes assume that service providers are honest-but-curious. This assumption ensures that the service provider runs the registration and authentication protocols as defined. However, blacklistable anonymous credential schemes apply the mechanism subjective blacklisting. It means that there is no determined policy about the behavior of the service provider about blacklisting a user. In more detail, there is no defined policy on choosing authentication sessions to be blacklisted, and the service provider can choose sessions to be blacklisted as he wishes. Hence, the service provider may blacklist a user just to link two authentication sessions to each other by still keeping his honest-but-curious behavior. This kind of blacklists are called malicious blacklists and they are the main potential threat against user privacy in a blacklistable anonymous credential scheme. In short, blacklistable anonymous credentials may give some room to link authentication sessions of the same user to each other in a malicious way, even though they do not allow service providers to link these authentication sessions to the real-world identity of the user. My work aims to improve blacklistable anonymous credentials in two ways for improving user privacy. First, extending existing schemes in a way that honest authentication sessions can be unlinked from the user’s credential. Second, providing backward-unlinkability, namely, a misbehaved authentication session cannot be linked to previous honest authentication sessions of the user. To provide these properties, we define the system in a different way than the previous works, as in the figure above. While we define issuance and authentication steps as usual (Step 1 and Step 2, respectively), we define a new procedure called whitelisting. This procedure must be run to unlink the authentication session from the user. As long as the user behaves honest during the session, she will be "whitelisted" and stay backward unlinkable for this session. Otherwise, the service provider can blacklist the user as in Step 4.

Another topic I currently work on is about privacy features of digital signatures. Digital signatures are analogous to the real-world signatures in the field of cryptography, and they are one of the main tools to authenticate a user or any kind of data. Privacy concerns on digital signatures may fall in two categories, privacy of the signed message, or the privacy of the signer’s identity. This work focuses on the latter for various use cases and aims to improve the privacy of signers in various aspects.