A N N O U N C E M E N T
Thesis title:
"Rethinking public key infrastructures and digital
certificates --- building in privacy" (ISBN 90-901-3059-4,
304 pages, September 1999)
Author:
Stefan Brands
Thesis defense date and location:
October 4, 1999, Eindhoven University of Technology (Netherlands)
Thesis advisors:
prof. Henk C.A. van Tilborg (Eindhoven University of Technology)
prof. Adi Shamir (Weizmann Institute of Science)
Thesis reading committee:
prof. Ronald L. Rivest (Massachusetts Institute of Technology)
prof. Claus P. Schnorr (Johann Wolfgang Goethe University)
prof. Adi Shamir (Weizmann Institute of Science)
Summary:
Paper-based communication and transaction mechanisms are being replaced
by electronic mechanisms at a breath-taking pace. The driving force
behind this unstoppable transition is the desire to combat fraud, to
reduce costs, and to address an array of new opportunities opened up by
Internet and other telecommunication networks. Public key
infrastructures, which center around the distribution and management of
public keys and digital certificates, are widely regarded as the
foundational technology for secure electronic communications and
transactions, in cyberspace as well as in the real world.
While their future looks bright and shiny, public key infrastructures
have a dark side. Today's public key infrastructures erode privacy in a
manner unimaginable just a few decades ago. If the prevailing visions
about digital certificates turn into reality, then everyone will be
forced to communicate and transact in what will be the most pervasive
electronic surveillance tool ever built.
This thesis analyzes the privacy dangers, and introduces highly
practical digital certificates that can be used to design
privacy-protecting electronic communication and transaction systems. The
new certificates allow individuals, groups, and organizations to
communicate and transact securely, in such a way that at all times they
can determine for themselves when, how, and to what extent information
about them is revealed to others, and to what extent others can link or
trace this information. At the same time, the new techniques overcome
many of the security and efficiency shortcomings of the currently
available mechanisms, minimize the risk of identity fraud, and offer a
myriad of benefits to organizations. They can be implemented in low-cost
smartcards without cryptographic coprocessors, admit elliptic curve
implementations with short keys, and encompass today's views about
digital certificates and public key infrastructures as a special case.
Applications of the new techniques include, but are not limited to,
electronic cash, pseudonyms for online chat rooms and public forums
(virtual communities), access control (to Virtual PrivateNetworks,
subscription-based services, buildings, databases, and so on), health
care information exchange, electronic voting, electronic postage, Web
site personalization, secure multi-agent systems, collaborative
filtering, medical prescriptions, road-toll pricing, public transport
tickets, loyalty schemes, and electronic gambling.
------------------------------------------------------------------------------
See http://www.xs4all.nl/~brands for a detailed overview of the contents
of the thesis, online summaries (in English and in Dutch), several
downloadable chapter parts, and contact information.
