IBM Identity Mixer - dcypher · – however, this is not about homeland security – and of course...

IBM Identity Mixer

Privacy-preserving identity management and authenticationfor Blockchain and beyond

Dr. Maria Dubovitskaya

IBM Research – Zurich

mdu@zurich.ibm.com

Introduction – Deployment – Use Cases – Blockchain – More Features

33% of cyber crimes, including identity theft, take less time than to make a cup of tea.

10 Years ago your personal data on the black market was worth $150. Today….

Houston, we have a problem!

“Buzz Aldrin's footprints are still up there”(Robin Wilton)

Computers don't forget

Data storage ever cheaper → “store by default” – also collateral collection, surveillance cameras, Google

Street View with wireless traffic, Apple location history,...

Data mining ever better– self-training algorithms cleverer than their designers– not just trend detection, even prediction, e.g., flu

pandemics, ad clicks, purchases,…– what about health insurance, criminal behavior?

The world as we know it– Humans forget most things too quickly– Paper collects dust in drawers

We build apps with the paper-based world in mind :-(– if it works it works– security too often still an afterthought– implementors too often have no crypto education

You have no privacy, get over it .....?!?

… “I have nothing to hide!”… “The intelligence agencies have all my data anyway”

Huge security problem!– Millions of hacked passwords (100'000 followers $115 - 2013)– Stolen identities ($150 - 2005, $15 - 2009, $5 – 2013)

Difficult to put figures down– Credit card fraud – Spam & marketing – Manipulating stock ratings, etc..– (Industrial) espionage

We know that 3 letter orgs can do it easily, but they are not the only ones– however, this is not about homeland security– and of course there are limits to the degree of protection that one can achieve

Last but not least: data are the new money, so they need to be protected!

we need paradigm shift &

build stuff for the moon

rather than the sandy beach!

Privacy is not a lost cause!

IBM Identity Mixer The paradigm shift for authentication

Alice wants to watch a movie at Movie Streaming Service

Movie Streaming Service

I wish to see Alice in Wonderland

Alice wants to watch a movie at Movie Streaming Service

You need:- subscription- be older than 12

Watching the movie with the traditional solution

ok, here's - my eID - my subscription

Using digital equivalent of paper world, e.g., with X.509 Certificates

Aha, you are- Alice Doe- born on Dec 12, 1975- 7 Waterdrive- CH 8003 Zurich - Married- Expires Aug 4, 2018

Mplex Customer - #1029347 - Premium Subscription - Expires Jan 13, 2016

...with X.509 Certificates

Aha, you are- Alice Doe- born on Dec 12, 1975- 7 Waterdrive- CH 8003 Zurich - Married- Expires Aug 4, 2018

Mplex Customer - #1029347 - Premium Subscription - Expires Jan 13, 2016

This is a privacy and security problem! - identity theft

- discrimination

- profiling, possibly in connection with other services

With OpenID and similar solution, e.g., log-in with Facebook

Aha, Alice is watching a 12+ movie

Aha, you are- Alice@facebook.com- 12+Mplex Customer - #1029347 - Premium Subscription - Expires Jan 13, 2016

Aha, Alice is watching a 12+ movie

Identity Mixer solves this.

When Alice authenticates to the Movie StreamingService with Identity Mixer, all the services learns is

that Alice

has a subscription

is older than 12

and no more!

Users' Keys:

One secret Identity (secret key)

Many Public Pseudonyms (public keys)

Privacy-protecting authentication with Privacy ABCs

Certified attributes from Identity provider

Issuing a credential

Name = Alice DoeBirth date = April 3, 1997

Concept: presentation policy

Proving identity claims

but does not send credential

only minimal disclosure

- valid subscription - eID with age ≥ 12

Proving Identity Claims: Minimal Disclosure

Alice Doe

Dec 12, 1998

Hauptstr. 7, Zurich

CHsingleExp. Aug 4, 2018 ve

rified

Alice Doe

Age: 12+Hauptstr 7, Zurich

CHsingleExp. Valid ve

rified

Aha, you are- older than 12- have a subscription

Movie Streaming ServiceMovie Streaming Service

Proving identity claims

but does not send credential

only minimal disclosure (Public Verification Key of issuer)

So, let's watch a movie!

idemixdemo.mybluemix.net

Identity Mixer Not Only Benefits Consumers

Identity Mixer eliminates the need for retailers and other service providers from collecting the data in the first place. Less storage costs,

less security costs and

less public apologies.

Identity Mixer as a service

Movie Service Example

IdentityMixer Issuer

IdentityMixer

VerifierCredential Wallet

Verifier as a service

Issuer as a service

Use cases

Age verification

Movie streaming services

Gaming industry

Online gambling platforms

Dating websites

Social benefits for young/old people

Proving 12+, 18+, 21+ without disclosing the exact date of birth – privacy and compliance with age-related legislation

Subscriptions, membership

Patent databases

DNA databases

News/Journals/Magazines

Transportation: tickets, toll roads

Loyalty programs

Who accesses which data at which time can reveal sensitive information about the users (their research strategy, location, habits, etc.)

Healthcare Use Case

Anonymous consultations with specialists– online chat with a psychologist

– online consultation with IBM Watson

1. Alice proves she has insurance2. Alice describes symptoms 3. Alice gets credential that she is allowed to get treatment

Alice gets a health insurance credential

Insurance

Health portal

5. Alice sends bill to insurance and proves that she had gottenthe necessary permission for the treatment.

4. Alice gets treatment from physician, hospital, etc

Payment Use Case

Credential = Bank note

Double spending need to be prevented/detected– On-line or Off-line modi possible

Money laundering can also be taken care of

merchant

deposits money

withdrawal

payment

Polls, recommendation platforms

Online polls – applying different restrictions on the poll participants: location, citizenship

Rating and feedback platforms

– anonymous feedback for a course only from the students who attended it

– wikis

– recommendation platforms

Providing anonymous, but at the same time legitimate feedback

Idemix & Blockchain

Permissioned Blockchain

Identity Mixer & Blockchain

Signing transactions within Blockchain (in-fabric)– Unlinkably signing transactions on Blockchain

– Selective disclosure of attributes

– Advanced features: revocation, audit

Signing transactions with X.509

Multiple X.509 certificates

Signing transactions unlinkably with Idemix

- Only Auditor can track the transactions

- Auditor’s key can be shared between multiple parties to distribute the trust

Revocation

- Certificates can be revoked at any time

- Non-revocation proof is unlinkable

Summary: Identity Mixer

Strong Privacy-Preserving Authentication – Better than PKI or OpenID– Protocols are verified by the scientific community, code is open source – Advanced features: revocation, audit, usage limitation

Easy to use: as a service + mobile app– Setup issuer/verifier in just a few minutes– All personal data is stored locally on the user's device

Many use cases and scenarios– Healthcare, age verification, polls, payments, Blockchain

Blockchain– Signing transactions within Blockchain– Identity Management on top of Blockchain

Thank you!eMail: idemix@zurich.ibm.com

twitter: @IdentityMixer

Links:– www.zurich.ibm.com/idemix– idemixdemo.mybluemix.com– https://github.com/IBM-Bluemix/idemix-issuer-verifier– console.ng.bluemix.net/catalog/services/ibm-identity-mixer/– https://www.ted.com/watch/ted-institute/ted-ibm/maria-dubovitskaya-

a-personal-data-filter-that-releases-only-whats-needed– www.abc4trust.eu– www.futureID.eu– www.au2eu.eu– www.PrimeLife.eu – github.com/p2abcengine & abc4trust.eu/idemix

IBM Identity Mixer - dcypher · – however, this is not about homeland security – and of course...

Documents

Transcript of IBM Identity Mixer - dcypher · – however, this is not about homeland security – and of course...

DEPARTMENT OF HOMELAND SECURITY...U.S. Department of Homeland Security Washington, DC 20528 Homeland Security March 30, 2006 Preface The Department of Homeland Security (DHS) Office

DEPARTMENT OF HOMELAND SECURITY U.S. Department of Homeland

Statewide Homeland Security Strategy Overview. Texas State Homeland Security Program.

Grassroots Homeland Security...Grassroots Homeland Security −an invited comment To local governments, non-profits, and businesses, homeland security means not only reducing the threat

Changing Homeland Security: What is Homeland Security?

The Department of Homeland Security: A Partner but Not ...The Department of Homeland Security: a partner but not necessarily a model for th e European Union I. Introduction President

Homeland - NIST Computer Security Resource Center | CSRC · Homeland Security # #. " $! % # "" . # ) # % !( # ! " . ' # # "# # !" "# ! % " # " % " ! # "" "# $ ! # . # ! "" # ! % #

(U) The FBI: Protecting the Homeland - hsdl.org | Homeland ...

MEMORANDUM OF AGREEMENT - Homeland Security · MEMORANDUM OF AGREEMENT BETWEEN THE DEPARTMENT OF HOMELAND SECURITY ... but will not be in the NSA chain of command. This …

The Notion of Homeland, “Imaginary Homeland” and Wounded ... · This article explores the idea of homeland, “imaginary homeland” and wounded memory in Khaled Hosseini’s

Homeland Security

OIG-17-86 - United States Department of Homeland Security · Department of Homeland Security's (DHS) fiscal year (FY) 2016 Agency Financial Report. We do not require management's

16-CSRE-268 IIP-VV dcypher highlights 2016v2 · Roadmap towards Cybersecurity Higher Education Manifest: » Comparison of a selection of cybersecurity curricula of Universities of

Terrorism, Refugees and Homeland Security...Terrorism, Refugees and Homeland Security T he events of 11 September 2001 have had profound repercussions not only in global terms but

2.4: Air Power - Stanford Universityweb.stanford.edu/class/polisci211z/2.4/2.4.pdf · 2003-07-23 · Coercion is more difficult •Not deterring against homeland strike –Homeland

Bananas and People in the Homeland of Genus Musa Not … · Bananas and People in the Homeland of Genus Musa: ... areas from Sri Lanka and eastern India, ... specialist literature

NCSRA III - dcypher...of Dutch politicians, agencies and companies. A crucial requirement for digital A crucial requirement for digital sovereignty is a strong and …

1417544547 homeland

Homeland Security in the 21st Century...Cengage Learning Not for Reprint Homeland Security in the 21st Century Dr. Barbara L. Neuby Kennesaw State University Houghton Mifflin Harcourt

Homeland *Editorial