Further Reflection on Homage Anonymous Group Authentication Protocol.pdf

Department of Computer Science, University of Otago Technical Report OUCS-2004-17 Further Reflection on Homage Anonymous Group Authentication Protocol Authors: Stewart Fleming, Sonil Gohil Department of Computer Science, University of Otago Status: Submitted for publication in Financial Cryptography 2005 Department of Computer Science, University of Otago, PO Box 56, Dunedin, Otago, New Zealand http://www.cs.otago.ac.nz/research/techreports.html Further Reflection on Homage Anonymous Group Authentication Protocol Stewart Fleming and Sonil Gohil Department of Computer Science, University of Otago, DUNEDIN, New Zealand. {stf, sgohil}@cs.otago.ac.nz Abstract. Anonymous group authentication provides an individual with the ability to prove membership of a group without revealing their identity. The Homage protocol proposed by Handley [9] provides an efficient mechanism for anonymous group authentication. Attacks have been proposed [11] on this pro- tocol which suggest weaknesses in its security. We revisit the original protocol to investigate the nature of the proposed attacks and we propose modifications to the protocol that address them while maintaining the spirit of the original. We then go on to address a remaining weakness in the Homage protocol by considering how non-transferability might be accomplished through the use of biometrics, while preserving anonymity. 1 Introduction The Homage protocol [9] is a resource-efficient scheme for anonymous authentication of group members. The identity of a group member remains unknown to a certifying group authority when the user is being authenticated. The security of Homage is based on the assumption that the Diffie-Hellman decision problem is hard [3]. The main properties that Homage satisfies are completeness, resource-efficiency, anonym- ity and a strong disincentive to reveal the private key on which membership is based. Some questions regarding