Anonymous certification for E-assessment opinion polls

Electronics

Course evaluations have become a common practice in most academic environments. To enhance participation, evaluations should be private and ensure a fair result. Related privacy-preserving method and technologies (e.g., anonymous credentials, Privacy Attribute-Based Credentials, and domain signatures) fail to address, at least in an obvious way, the minimal security and practicality requirements. In this paper, we propose, evaluate, and implement an efficient, anonymous evaluation protocol for academic environments. The protocol borrows ideas from well-known and efficient cryptographic approaches for anonymously submitting ballots in Internet elections for issuing one-time credentials and for anonymously broadcasting information. The proposed protocol extends the above approaches in order to provably satisfy properties such as the eligibility, privacy, fairness and verifiability of the evaluation system. Compared to the state of the art, our approach is less complex and more effecti...

Lecture Notes in Computer Science, 2017

We present an anonymous certification scheme that provides data minimization to allow the learners of an e-assessment platform to reveal only required information to certificate authority providers. Attribute-based signature schemes are considered as a promising cryptographic primitive for building privacy-preserving attribute credentials, also known as anonymous credentials. These mechanisms allow the derivation of certified attributes by the issuing authority relying on noninteractive protocols and enable end-users to authenticate with verifiers in a pseudonymous manner, e.g., by providing only the minimum amount of information to service providers.

HAL (Le Centre pour la Communication Scientifique Directe), 2017

We present PCS, a privacy-preserving certification mechanism that allows users to conduct anonymous and unlinkable actions. The mechanism is built over an attribute-based signature construction. The proposal is proved secure against forgery and anonymity attacks. A use case on the integration of PCS to enhance the privacy of learners of an e-assessment environment, and some details of the ongoing implementation, are briefly presented.

Computer Security – ESORICS 2016, 2016

This paper presents an anonymous certification (AC) scheme, built over an attribute based signature (ABS). After identifying properties and core building blocks of anonymous certification schemes, we identify ABS limitations to fulfill AC properties, and we propose a new system model along with a concrete mathematical construction based on standard assumptions and the random oracle model. Our solution has several advantages. First, it provides a data minimization cryptographic scheme, permitting the user to reveal only required information to any service provider. Second, it ensures unlinkability between the different authentication sessions, while preserving the anonymity of the user. Third, the derivation of certified attributes by the issuing authority relies on a non interactive protocol which provides an interesting communication overhead.

2014

While there is a great number of electronic voting protocols proposed in the literature, only a handful of them are actually deployed. Still, these few available schemes require voters to completely trust the poll provider with the anonymity of their votes and/or the integrity of the results. More robust schemes with better privacy and integrity guarantees do exist, however, they are complex to deploy and, therefore, are not suitable for small to medium scale voting scenarios (e.g. electing the board of directors of an international society). In this paper, we present avisPoll, a practical electronic voting scheme that provides flexible anonymity as well as universal poll integrity validation. For this purpose, avisPoll relies on an anonymous credential system and other cryptographic building blocks. The system can be o↵ered as a cloud service which can give everybody the possibility to organize a poll and define the eligible voter set. Hence, the complexity of setting up a poll is ...

Lecture Notes in Computer Science, 2004

This paper focus on two security services for internet applications: authorization and anonymity. Traditional authorization solutions are not very helpful for many of the Internet applications; however, attribute certificates proposed by ITU-T seems to be well suited and provide adequate solution. On the other hand, special attention is paid to the fact that many of the operations and transactions that are part of Internet applications can be easily recorded and collected. Consequently, anonymity has become a desirable feature to be added in many cases. In this work we propose a solution to enhance the X.509 attribute certificate in such a way that it becomes a conditionally anonymous attribute certificate. Moreover, we present a protocol to obtain such certificates in a way that respects users' anonymity by using a fair blind signature scheme. We also show how to use such certificates and describe a few cases where problems could arise, identifying some open problems.

IFIP Advances in Information and Communication Technology, 2015

Relying on a trusted third party (TTP) in the design of a security protocol introduces obvious risks. Although the risks can be mitigated by distributing the trust across several parties, it still requires at least one party to be trustworthy. In the domain of exams this is critical because parties typically have conflicting interests, and it may be hard to find an entity who can play the role of a TTP, as recent exam scandals confirm. This paper proposes a new protocol for paper-based and computer-based exams that guarantees several security properties without the need of a TTP. The protocol combines oblivious transfer and visual cryptography to allow candidate and examiner to jointly generate a pseudonym that anonymises the candidate's test. The pseudonym is revealed only to the candidate when the exam starts. We analyse the protocol formally in ProVerif and prove that it satisfies all the stated security requirements. Recently a few works argued about the security of exam with corrupted examiners (e.g., [4, 16]); however, their designs still assume some trusted parties. We propose a new security protocol for exams that requires no trusted party while meeting a set of stringent security properties that extend the requirements ⋆ Supported by CORE-FNR, project C11/IS/1183245 STAST. for ones defined by Dreier et al. [8, 9]. Our protocol relies on oblivious transfer and visual cryptography techniques to generate a pseudonym that anonymises a candidate's test. No participant learns the pseudonyms until the exam starts. Candidates take the exam in a test center, and testing is the only face-to-face phase, while the other phases are remote. Our protocol suits both paper-based and computer-based examination. Contribution. This paper provides three main contributions. First, it extends a set of security requirements for exams with three new authentication and one accountability property. Second, it proposes a new exam protocol that satisfies the extended requirements without relying on a TTP. Finally, it formalises the protocol in ProVerif and proves the protocol ensures all the properties. 1 Outline. The paper is organized as follows. Section 2 outlines the related work. Section 3 describes and formalises the desired properties our protocol aims to ensure, and defines the threat model. Section 4 details the protocol. Section 5 describes the formal analysis of our protocol in ProVerif [5], and discusses the results. Section 6 outlines future work and concludes the paper.

2002

The expression of one's opinion through endorsement is one of the simplest methods of democratic participation. The result of an endorsement can be used to evaluate whether a certain subject should deserve a higher attention. In some cases, the endorsers desire privacy protection. However, conventional paper-based endorsement systems provide neither convenience nor well privacy protection for the endorsers. In addition, current electronic anonymous voting schemes are unsuitable for anonymous endorsement. This motivates us to develop an anonymous endorsement system that can be realized on computer networks. The proposed system satisfies completeness, soundness, privacy, unreusability, eligibility, and verifiability. In practice, the proposed system can be integrated with the conventional paper-based endorsement system.

2004

Is it possible to implement practical Internet Polls that fulfill even the weakest security requirements? The technology available today would lead to a negative answer, because of the following practical constraints: standard, unmodified browsers are used, it is not economically possible to distribute certificates or even just user names and passwords, users connect from different workstations, possibly behind firewalls, proxies and address translation nodes. In this paper, we define an innovative notion of Internet Poll security, namely "Security against Massive Falsification", and we present a method that we consider to be secure with respect to this definition. We discuss the security properties of the method with respect to existing techniques, and then propose a public challenge for testing the strength of our claim.

2018

We present CLARC (Cryptographic Library for Anonymous Reputation and Credentials), an anonymous credentials system (ACS) combined with an anonymous reputation system. Using CLARC, users can receive attribute-based credentials from issuers. They can efficiently prove that their credentials satisfy complex (access) policies in a privacy-preserving way. This implements anonymous access control with complex policies. Furthermore, CLARC is the first ACS that is combined with an anonymous reputation system where users can anonymously rate services. A user who gets access to a service via a credential, also anonymously receives a review token to rate the service. If a user creates more than a single rating, this can be detected by anyone, preventing users from spamming ratings to sway public opinion. To evaluate feasibility of our construction, we present an open-source prototype implementation.