Post on 18-Oct-2020
IRMA: The future of identitiesdcypher Symposium 2019
Fabian van den Broekfabian.vandenbroek@ou.nl
Open University of the Netherlands
3 December 2019
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
The OYOI project
É Own Your Own IdentityÉ NWO Long Term Cybersecurity research 2014É Radboud University NijmegenÉ KPNÉ SURFnet
É Valorisation of the IRMA projectÉ Implementations of "IRMA" on other carriers
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
The OYOI project
É Own Your Own IdentityÉ NWO Long Term Cybersecurity research 2014É Radboud University NijmegenÉ KPNÉ SURFnet
É Valorisation of the IRMA projectÉ Implementations of "IRMA" on other carriers
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
IRMA
É I Reveal My AttributesÉ Attribute-based credentialsÉ Specifically for authentications
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
A standard authentication solution
IdentityProvider
User ServiceProvider
1. Request service2. Redirect to IdP
3.Auth
entica
tion 4. Send result
Trust
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
The IRMA solution
IdentityProvider
User ServiceProvider
a.Requ
estcre
dentia
l
b.Iss
uecre
dentia
l1. Request service
2. Show credential
Trust
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
The IRMA solution
IdentityProvider
User ServiceProvider
a.Requ
estcre
dentia
l
b.Iss
uecre
dentia
l1. Request service
2. Show credential
Trust
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
So, what is this credential?
É IRMA is an implementation of Attribute-Based Credentials (ABC)
É Specifically IBM’s Identity mixer (Idemix)É A credential is a cryptographic container
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
So, what is this credential?
É IRMA is an implementation of Attribute-Based Credentials (ABC)É Specifically IBM’s Identity mixer (Idemix)
É A credential is a cryptographic container
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
So, what is this credential?
É IRMA is an implementation of Attribute-Based Credentials (ABC)É Specifically IBM’s Identity mixer (Idemix)É A credential is a cryptographic container
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Identities versus attributes
[FIDIS] project
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Attributes in Idm
É FlexibleÉ Identifying (name, address, etc.)É Or Non-identifying (>18, resident of Amsterdam, etc.)É Extends role-based authentication
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
IRMA system
IdentityProvider
User ServiceProvider
ska1
...an
a.Requ
estcre
dentia
l
b.Iss
uecre
dentia
l
1. Request service
2. Policy
3. Show credential
Trust
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
IRMA features
É Independence between issuing and showing: time and protocolÉ DecentralisedÉ Privacy & AuthenticationÉ Credential: security for the systemÉ AuthenticityÉ IntegrityÉ Non-transferability
É Credential: privacy for the userÉ Selective disclosure (randomisation)É Issuer unlinkability (blind signature, randomisation)É Multi-show unlinkability (randomisation, zero-knowledge proofs)
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
IRMA features
É Independence between issuing and showing: time and protocolÉ DecentralisedÉ Privacy & Authentication
É Credential: security for the systemÉ AuthenticityÉ IntegrityÉ Non-transferability
É Credential: privacy for the userÉ Selective disclosure (randomisation)É Issuer unlinkability (blind signature, randomisation)É Multi-show unlinkability (randomisation, zero-knowledge proofs)
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
IRMA features
É Independence between issuing and showing: time and protocolÉ DecentralisedÉ Privacy & AuthenticationÉ Credential: security for the systemÉ AuthenticityÉ IntegrityÉ Non-transferability
É Credential: privacy for the userÉ Selective disclosure (randomisation)É Issuer unlinkability (blind signature, randomisation)É Multi-show unlinkability (randomisation, zero-knowledge proofs)
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
IRMA features
É Independence between issuing and showing: time and protocolÉ DecentralisedÉ Privacy & AuthenticationÉ Credential: security for the systemÉ AuthenticityÉ IntegrityÉ Non-transferability
É Credential: privacy for the userÉ Selective disclosure (randomisation)É Issuer unlinkability (blind signature, randomisation)É Multi-show unlinkability (randomisation, zero-knowledge proofs)
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
At the start of the OYOI project...
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
And now
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
IRMA carrier comparison
A smart card offers:É Secure key storageÉ Strong(er) offline user binding
É A horrible user experienceÉ Poor computational powerÉ No Internet connectivity
A smartphone offers:É Weak key storageÉ Weak offline user binding
É Nicer user experienceÉ Stronger keys, faster performance,
unlimited attributes, etc.É Online issuance & verification,
updatability, etc.
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Could we have the best of both worlds?
What about smart cards in the mobile phones?É SIM card
É JavaCard do not have standard support for the crypto we needÉ it is hard to get generic SIM↔ app communication
É Trusted Execution Environment
É hard to do anonymousÉ TEE’s can differ wildly between phone modelsÉ we could not get access
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Could we have the best of both worlds?
What about smart cards in the mobile phones?É SIM cardÉ JavaCard do not have standard support for the crypto we needÉ it is hard to get generic SIM↔ app communication
É Trusted Execution EnvironmentÉ hard to do anonymousÉ TEE’s can differ wildly between phone modelsÉ we could not get access
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Securing the private key
User
sk
ServiceProvider
sk
> 12
> 16
> 18
1. Request service
2. Policy, challenge
3. Show credential
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Securing the private key
User
sk1
ServiceProvider
sk1 + sk2
> 12
> 16
> 18
1. Request service
2. Policy, challenge
KSS
sk2
3. challenge4. response
5. combined responses
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Securing the private key
User
sk1
ServiceProvider
sk1 + sk2
> 12
> 16
> 18
1. Request service
2. Policy, challenge
KSS
sk2
3. challenge4. response
5. combined responses
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
The Key Share Server
É Secures the keyÉ Strong revocation (blocking)É Rate limitingÉ Can verify Issuer key validityÉ Limited loggingÉ Limited monitoring
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Enrolment
Using a phone also gives innovative ways of enrolmentÉ Enrolment is an expensive processÉ Face-to-face checks needed for high assuranceÉ Requires a custom approach per countryÉ NFC-capable phones can read identity documents
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Enrolment process
1. User scans her ID card (possibly via another phone2. Sends the signed data to an Enroller3. The enroller verifies the data and checks that the ID document is not revoked4. Possible additional checks. . .
5. An Issuer can then issue attributes
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Binding ID document to user
É PINÉ BiometricsÉ Data consistency checks
É check with outside dataÉ mobile subscription contractÉ other attributes
É The mobile subscription contract might also provide binding to the actual phoneÉ Cross checking with other attributes can lead to higher assurance
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Binding ID document to user
É PINÉ BiometricsÉ Data consistency checksÉ check with outside dataÉ mobile subscription contractÉ other attributes
É The mobile subscription contract might also provide binding to the actual phoneÉ Cross checking with other attributes can lead to higher assurance
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Binding ID document to user
É PINÉ BiometricsÉ Data consistency checksÉ check with outside dataÉ mobile subscription contractÉ other attributes
É The mobile subscription contract might also provide binding to the actual phoneÉ Cross checking with other attributes can lead to higher assurance
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Conclusions
É The OYOI project delivered some nice contributionsÉ 1 thesis and several scientific publicationsÉ Self-enrolment scenario’sÉ . . .É And bringing IRMA from academia to society
É IRMA now under the Privacy by Design FoundationÉ SIDN runs the core infrastructureÉ Several proof of concepts running in the field
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Conclusions
É The OYOI project delivered some nice contributionsÉ 1 thesis and several scientific publicationsÉ Self-enrolment scenario’sÉ . . .É And bringing IRMA from academia to society
É IRMA now under the Privacy by Design FoundationÉ SIDN runs the core infrastructureÉ Several proof of concepts running in the field
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
For more information see:https://privacybydesign.foundation/irma/http://credentials.github.io/
Or mail me:fabian.vandenbroek@ou.nlf.vandenbroek@privacybydesign.foundation
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
For more information see:https://privacybydesign.foundation/irma/http://credentials.github.io/
Or mail me:fabian.vandenbroek@ou.nlf.vandenbroek@privacybydesign.foundation
Thank you!
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
For more information see:https://privacybydesign.foundation/irma/http://credentials.github.io/
Or mail me:fabian.vandenbroek@ou.nlf.vandenbroek@privacybydesign.foundation
Thank you!Questions?
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Traditional digital signatures
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Traditional digital signatures
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Traditional digital signatures
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Traditional digital signatures
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Traditional digital signatures
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Attribute-based signatures
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Attribute-based signatures
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Attribute-based signatures
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Attribute-based signatures
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Comparison
Standard digital signatures:É Are very rigidÉ Always identifying and linkableÉ Provide non-repudiation & integrity
Attribute-based signatures:É Are flexibleÉ Can be anonymous and always unlinkableÉ Provide non-repudiation & integrity
É ... and authentic attribute dataÉ Realised by serialising standard authentication proofÉ where the challenge is the document hash.
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Comparison
Standard digital signatures:É Are very rigidÉ Always identifying and linkableÉ Provide non-repudiation & integrity
Attribute-based signatures:É Are flexibleÉ Can be anonymous and always unlinkableÉ Provide non-repudiation & integrityÉ ... and authentic attribute data
É Realised by serialising standard authentication proofÉ where the challenge is the document hash.
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,
Comparison
Standard digital signatures:É Are very rigidÉ Always identifying and linkableÉ Provide non-repudiation & integrity
Attribute-based signatures:É Are flexibleÉ Can be anonymous and always unlinkableÉ Provide non-repudiation & integrityÉ ... and authentic attribute dataÉ Realised by serialising standard authentication proofÉ where the challenge is the document hash.
#dSymp dcypher Symposium 2019 | 3 Dec. Media Plaza Utrecht ,