Restricted Identification Secure in the Extended Canetti-Krawczyk Model
             Lucjan Hanzlik, Miroslaw Kutylowski
            Wroclaw University of Technology, Poland
 
In this paper we consider  restricted identification (RI)  protocols which enable 
strong authentication and privacy protection for access control in an unlimited number 
of domains. A~single secret key  per user is used to authenticate and derive his identity 
within a domain, while the number of domains is unlimited and the scheme guarantees 
unlinkability between identities of the same user in different domains. RI can be understood 
as an universal solution for replacing login and password mechanisms. It has to secure 
against adversaries that gather personal data by  working on a global scale,  e.g. by breaking 
into one service for getting passwords that a user frequently re-uses at different places. 

We consider security of an extended version of the ChARI protocol presented at 
TrustCom 2012. We preserve the features of ChARI (avoiding  the group key problem of the RI solution 
deployed in the German personal identity cards), but provide security proof in 
the well-studied Canetti-Krawczyk model (such a proof has not been provided for ChARI). 
Our extension has similar computational complexity as the original ChARI protocol in terms of  
the number of modular exponentiations. 

Keywords: Restricted Identification, Chip Authentication, CHARI, Diffie-Hellman key agreement, 
sector identity, unlinkability, eCK model, personal identity card 

accepted for Journal of Universal Computer Science