Protocols for authenticated anonymous communications

Anonymity and specifically sender anonymity have become essential requirements for many privacy-related applications (e.g. net counselling and whistle blowing). On the other hand, anonymity may be abused for various malicious activities (e.g. redistribution of copy-righted contents and illegal drug trading). In this paper, we address both by proposing protocols for authenticated anonymous communications channels. In such channels, the client can authenticate the authentication server while the latter can only authenticate the fact that the client is one of the qualified members that are eligible to use the network (e.g. WLAN hot spots, WiMAX). Our protocols are based on an efficient anonymous password-based authenticated key exchange protocol and on an anonymous IP address assignment and have the following advantages: (1) they can restrict the usage of the established anonymous channels to certain fair purposes; (2) they do not involve rerouting of the packets through a chain of intermediate nodes; (3) they are available right after registration of a normal password to an authentication server as for a classical non-anonymous authentication (e.g. EAP-TTLS and PEAP) and do not require any special registration procedures that would reveal initially to the authentication server that the client belongs to a small list of users of anonymous services. Each protocol fits in a different authentication framework (IEEE802.1x and PANA) and is different with respect to providing controlled IP address assignment.