Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Authentication
-
Upload
ioannis-krontiris -
Category
Technology
-
view
66 -
download
0
Transcript of Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Authentication
Integrating Anonymous Credentials with eIDs
for Privacy-respecting Online Authentication Ronny Bjones, Ioannis Krontiris, Pascal Paillier, Kai Rannenberg
10 October2012
Annual Privacy Forum - Limassol, Cyprus
Ioannis Krontiris Goethe University Frankfurt
Overview
• Example of German eID
• Privacy problems
• Privacy-ABCs to the rescue
• Integration to the German eID system
• Privacy-ABCs on Smart Cards
2
eIDs in Europe
• A number of eIDs and qualified electronic signatures (QES) already exist – e-Government services
– Healthcare services
– Financial services
– Online shopping
3
Security and Privacy Problems
• eID server knows all user transactions
The eID server traces and links all communications and transactions of each user
• eID server knows all customers of the service provider The eID server learns all customers trying to access a specific service
• User impersonation Insiders can copy or alter user’s credentials and impersonate them to
services.
• Availability
Denial of service attacks against the eID server impacts all applications using the service.
5
Moving Ahead
“As such, privacy-enhanced PKI technologies have significant potential to enhance existing eID card privacy functions. Although these technologies have been available for a long time, there has not been much adoption in mainstream applications and eID card implementations”
• the available technologies based on Privacy-ABCs use different terminology for their features and even different cryptographic mechanisms to realize them
• the performance of Privacy-ABCs on smart cards (like eIDs) was poor and did not allow practical deployment
• Privacy-ABCs are very complex and hard to understand for non-specialists
6
• Scheduled duration: November 2010 – October 2014
• Funding: The ABC4Trust project receives research funding from the European Union's Seventh Framework Programme under grant agreement n° 257782 as part of the “ICT Trust and Security Research” theme.
• Web Page: https://abc4trust.eu
7
ABC4Trust Objectives
8
• Abstraction of concepts of privacy-ABCs & unification of features
• A common unified architecture
That is independent of the specific technologies
Federation of privacy-ABC Systems based on different technologies
Interoperability between different privacy-ABC technologies
Avoid technology lock-in
Raise trust in privacy-ABC technologies
• Reference implementations of the framework involving Smart Cards
• Deployments in large scale user-trials.
University of Patras – Greece
Norrtullskolan school – Sweden
ABC4Trust Interactions and Entities
9
Unlinkability (presentation)
Selective Disclosure
Unlinkability (multi-use)
• Privacy-ABCs are by default untraceable IdSPs are not able to track and trace at which sites the user is presenting the
information
• Privacy-ABCs can be obtained in advance and stored No real-time burden of the IdSP – better scalability
• User-binding No credential pooling possible – Presentation requires proof of knowledge of a
secret key (stored on a secure device like SC)
• Unlimited number of pseudonyms supported
In addition to which, scope-exclusive pseudonyms can be imposed – user can only register one pseudonym per scope (URL).
Advantages
10
German eID Integration
11
R. Bjones, “eParticipation Scenario Reference Guide”, Microsoft, Tech. Rep., October 2010
ABCs on Smart Cards
• ABCs are practical on smart cards
• We selected a contactless smart card chip with cryptoprocessor
• We found that, using precomputations (coupons):
– U-Prove can be made efficient
• Issuance < 260 ms
• Presentation 434 ms for 10 attributes
– Idemix can be made efficient
• Issuance 231 ms
• (less clear for presentation)
• Specification and development of the ABC4Trust card are now underway
12
• Protocol-level design choices – Adapt data flow to minimize computations on the card's side
– Use delegation if neutral with respect to (crypto) security
– Store precomputed values as coupons
• Optimized implementations – Boost point operations with best coordinate system (Jacobian, mixed,
Edwards, etc)
– Aggregate scalar multiplications to share intermediate variables whenever possible
– Find optimal setting on the given model of computation (h/w architecture)
14
Optimizing Performance