Privacy Through Noise: A Design Space for Private Identification
Source: University of Virginia
To protect privacy in large systems, users should be able to authenticate against a central server without disclosing their identity to others. Private identification protocols based on public key cryptography are computationally expensive and cannot be implemented on small devices like RFID tags. Symmetric key protocols, on the other hand, provide only modest levels of privacy, but can be efficiently executed on servers and cheaply implemented on devices. The privacy of symmetric-key privacy protocols derives from the fact that an attacker only ever knows a small fraction of the keys in a system while the legitimate reader knows all keys. The authors propose to amplify this gap in the ability to distinguish users by adding noise to user responses.