Back to

Using Game Theory to Improve Unlinkability of Attribute Based Authentication

Using Game Theory to Improve Unlinkability of Attribute Based Authentication

Congratulations to CSRI researchers for their recent publication titled “Improving Unlinkability of Attribute Based Authentication through Game Theory: VC Use Case”.

Authors: Yevhen Zolotavkin (CREST), Jongkil Jay Jeong (CREST), Veronika Kuchta (The University of Queensland), Maksym Slavnenko (Deakin University), and Robin Doss (CREST).

Published in ACM Transactions on Privacy and Security, the work was supported by the Cyber Security Cooperative Research Centre.

Abstract: This article first formalizes the problem of unlinkable attribute-based authentication in the system where each user possesses multiple assertions and uses them interchangeably. Currently, there are no recommendations for optimal usage of assertions in such authentication systems. To mitigate this issue, we use conditional entropy to measure the uncertainty for a Relying Party who attempts to link observed assertions with user labels. Conditional entropy is the function of usage statistics for all assertions in the system. Personal decisions made by the users about the usage of assertions contribute to these statistics. This collective effect from all the users impacts the unlinkability of authentication and must be studied using game theory.

We specify several instances of the game where context information that is provided to the users differs. Through game theory and based on conditional entropy, we demonstrate how each user optimizes usage for the personal set of assertions. In the experiment, we substantiate the advantage of the proposed rational decision-making approaches: Unlinkability that we obtain under Nash equilibrium is higher than in the system where users authenticate using their assertions at random.

We finally propose an algorithm that calculates equilibrium and assists users with the selection of assertions. This manifests that described techniques can be executed in realistic settings. This does not require modification of existing authentication protocols and can be implemented in platform-independent identity agents. As a use case, we describe how our technique can be used in Digital Credential Wallets. We suggest that unlinkability of authentication can be improved for Verifiable Credentials.

To access the full journal article, please visit ACM here.


Collaborate with us

CREST engages with industry and government through collaborative research projects that have real-world impact, and our HDR Program prepares candidates to become tomorrow’s leaders in cyber security.

Subscribe to our mailing list

Stay up to date on the latest news and events from CREST