A Privacy-Enhanced Access Log Management Mechanism in SSO Systems from Nominative Signatures

In online services, e.g., Online shopping, a service provider (SP) manages access logs containing customers´ buying histories. Therefore, user´s personal information, e.g., Their hobbies and diversions, is revealed from the exposed logs if each customer can be linked. In fact, such information exposure has occurred due to the popularization of online services. To cope with this problem, SPs may only have to delete access logs, but then no illegitimate users, who accessed the server illegally, will be traced from the logs. In this paper, we propose a log management mechanism where (1) no user information is revealed even if logs are exposed, but (2) illegitimate users can be traced when necessary. Specifically, we consider single sign on (SSO) systems, since plural access logs might be connected by one account, and this could trigger the above privacy infringement problem. We construct our privacy-enhanced access log management mechanism based on the Wang-Wang-Susilo SSO system (TrustCom 2013) which applies nominative signatures as its building block. Specifically, we realize the system by additionally applying the invisibility property of the Schuldt-Hanaoka nominative signature scheme (ACNS 2011). Finally, we estimate the efficiency of the proposed system by using Pairing-Based Cryptography (PBC) library and confirmed that for each algorithm, computation time is at most just over 80 milliseconds on a PC, which seems sufficiently practical.