in the profile yet would not be recognized. The system should distinguish between data that is safe to be sent and information that should be removed, replaced by pseudonyms or slightly altered. Implementations of spellcheckers face a similar problem. They are usually only able to compare entered words with the related dictionary. Checking whether the meaning of words is fitting in the sentence is not yet possible.
Additionally, users should be allowed to associate tags to sensitive data stored in profiles/databases, so the system registers the sensitivity level of each single piece of information (see profiles for social networks in the following chapter), so the system is able to decide, whether the user wants to disclose the information willingly.
6.2 Anonymous Authentication
Anonymous authentication is some kind of mixture between anonymity and pseudonymity.
The webserver is still able to identify/authenticate a user, while he/she remains anonymous to other users. Digital libraries or webservers with premium content use this approach to restrict the access to non-public content. The user is only identified by the webserver itself, other users may only be able to see the number of users currently logged in.
The authentication process or storing of identification information still needs improve-ment. How is the user authenticated to the server? Should the server be able to identify the user at all? Or it is sufficient for the server to know that he is dealing with an authenticated user, who is allowed to access content on the server?
Additionally, services like webshops need sensitive data like postal address and creditcard number or bank account information for the transmission of products to customers. This data is usually stored on remote servers owned by the shop and needs to be protected. If users have reasons to mistrust the precautions, people may decide to stop business dealings with the shop.
Oftentimes, the storage of sensitive data at the webshop’s server could be avoided (cf.
[RL08]). The webshop gets confirmation from the creditcard company that the user in question owns a valid credit card. So the shop gets paid by the creditcard company without actually knowing the creditcard number.
When contacting the shipping company the webshops just send an identifier, so the shipping company is able to determine the user’s postal address.
In both cases the businesses have to agree about the validation and the accuracy of the sent information.
6.2.1 Hypertext Access
One of the basic possibilities to protect single files/whole directories stored on a (Apache1-) webserver is htaccess Hypertext Access. To access a protected directory directly (with-out the authentication dialog) enter: http://user:[email protected]/directory (insecure, because password is visible in plaintext).
With htaccess (configuration file often named .htaccess) it is also possible to configure
1 www.apache.org, HTTP Webserver for numerous operating systems, often used with the script-language PHP. Easy to install package with other useful modules like MySQL: XAMPP - http:
//www.apachefriends.org/en/xampp.html
6.2 Anonymous Authentication 106
• redirections to errorhandling sites, local links
• limit access to certain computer (IP-addresses)
• limit access to certain users (groups)
• restrictions for different types to access a site (GET, POST, PUT)
• restrict access for certain web browsers, search engine robots
Figure 6.2: Hypertext Access Principle
Configurations are only valid for directories and subdirectories, where the htaccess-file is saved at. Users, who want to gain access to the stored content, have to enter a valid username and password.
The fact that a user is not identified to a server prohibits the revokement of a user’s anonymity in case of abuse. Additionally, htaccess only limits access to content over the internet (cf. [VER]). When users are logging in directly at the server, full access is granted without authentication.
6.2.2 Personal Authentication Device (PAD)
PADs like cell phones, PDAs or chip cards can be used for authentication at a server, whereas ID information or just an identifier is sent to the server. This approach can also be used for sign forms or administrative activities digitally, whereas documents otherwise are being sent by mail and signed by hand.
One example for the use of chipcards as a personal authentication device is the so-called
“Bürgerkarte” (Citizencard, http://www.buergerkarte.at/en/index.html) in Austria.
To make use of the citizencard concept some requirements have to be met with, which imply at least some experience with electronic devices (cf. [CIT]):
• computer (PC, notebook or similar)
• card reader (to connect chipcard with computer)
• application software (to decrypt information stored on the chipcard)
• chipcard
The chipcard stores private information and the digital signature of the user, while the user can only view the data stored on the card without the right to alter it. Hence, the
6.2 Anonymous Authentication 107
Figure 6.3: Identification via Chipcard
faking of identification data is prohibited. On the other hand, identification to the server (authority) enables the revocation of authorization if needed.
When using chipcards as PADs requirements to make the authentication process work, is rather demanding. People need certain software as well as hardware (PC, cardreader, application software, ...) in order to identify themselves via chipcard. Alternatively a device could be used as PAD, which many already have in their possession (cf. [MM07]).
Cellphones, PDAs and similar devices are already used by several bank institutes for transaction verification (see Identity Management: SMS Authentication). Usage of short-term secrets instead long-short-term secrets (passwords), makes authentication process less prone to keylogger-attacks2. In combination with SMS, users are asked to compare data and enter (short) PIN-Codes (short-term secret: only valid for one particular transaction) displayed into the user interface on the (untrusted) client PC. To make this method work, people should be able to open and read SMS messages and take extra care while comparing and manually copying codes.
On the other hand MP-Auth (cf. [MM07]), a protocol designed for online authentication, uses mobile devices also for encrypt or de-cyphering processes. Mobile devices should be able to turn long-term secrets into short-term secrets in order to provide transaction integrity.
To make sensitive transactions more secure (anonymous) authentication processes (like MP-Auth) should provide protection against:
Keylogging: long-term secrets aren’t stored on or entered at the client PC Phishing: spoofed websites aren’t able to encode encrypted passwords
Pharming: results of pharming (redirection to spoofed websites by e.g. manipulation of host-files) are similar to phishing, hence MP-Auth protects against these kind of attacks too
2 attackers log keystrokes to get eventually hold of valuable information like login data and passwords