Closed akakou closed 6 months ago
Hi @akakou, thank you for proposing this! I wonder if it's more relevant to the work of the Anti-Fraud CG, i.e. maybe worth filing at https://github.com/antifraudcg/proposals? cc @dvorak42
Yeah, this might be of interest in the AFCG if you want to propose it there and possibly give a presentation on the idea at a meeting there.
@johannhof @dvorak42
Thank you for the advice! I will ask it to Anti-Fraud CG as soon as my organization permits joining it.
This proposal achieves privacy-friendly web hardware revocation (i.e., hardware ban). In particular, it makes a web servicer(i.e., web server) capable of blocking users who have previously abused them without users' privacy violations.
Background
As is well known, malicious actions on the internet are increasing, and it is a big problem. One of the factors that their prevention makes difficult is the user's anonymity. So servicer can't block users who have abused in the past because the servicer can't track the user.
The easiest way to solve this problem is to track the user. It means servicers require strong identification schemes of users like SMS or credit card authentication (i.e., 3D secure). However, it causes privacy concerns.
Thus, we need a method that blocks users who abuse in the past without tracking. In the mobile context, the DeivceCheck API of iOS satisfies them; they provide a hardware revocation scheme conscious of users' privacy. However, I can't find Web APIs like them. In addition, DeivceCheck API assumes common trusted execution comportment of devices, so many devices can't support it.
Idea
This idea is for Web APIs to provide a hardware revocation method without violating user privacy.
Mainly this idea consists of a cryptographic protocol and hardware registration protocol. The cryptographic protocol achieves revocation without tracking risk, but it assumes that the user doesn't have multiple secret keys. Therefore the hardware registration protocol limit number of distributed secret key to users to support the realization of the assumption.
The cryptographic protocol which this idea used is named anonymous blacklisting protocol. The most popular anonymous blacklisting protocol is EPID(Enhanced Privacy ID). EPID is a signature scheme that ensures user anonymity but revocability. First, EPID realizes strong user privacy. In EPID, there is one public key and multiple private keys. So the verifier can't track users because the same public key is used to verify all signatures. Second, EPID has strong revocability. The servicer (i.e., verifier) can revoke the user(i.e., signer) with the user's signatures which were used for malicious actions. Note that the verifier doesn't need to track or identify users.
Hardware registration protocol is for limiting the number of distributed secret keys to users. It assumes GM(i.e., Third Party for registration), and the user attests their device ID to GM and obtains the EPID secret key. Concretely, such attestation schemes are available, like TPM EK attestation, Android ID Attestation, or iOS DeivceCheck.
References
EPID:
TPM Attestation:
Android ID Attestation
DeivceCheck API
Note
I don't know if I should write it here, but this idea is strongly related to privacy.