Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Authentication

15
Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Authentication Ronny Bjones, Ioannis Krontiris, Pascal Paillier, Kai Rannenberg 10 October2012 Annual Privacy Forum - Limassol, Cyprus Ioannis Krontiris Goethe University Frankfurt

Transcript of Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Authentication

Integrating Anonymous Credentials with eIDs

for Privacy-respecting Online Authentication Ronny Bjones, Ioannis Krontiris, Pascal Paillier, Kai Rannenberg

10 October2012

Annual Privacy Forum - Limassol, Cyprus

Ioannis Krontiris Goethe University Frankfurt

Overview

• Example of German eID

• Privacy problems

• Privacy-ABCs to the rescue

• Integration to the German eID system

• Privacy-ABCs on Smart Cards

2

eIDs in Europe

• A number of eIDs and qualified electronic signatures (QES) already exist – e-Government services

– Healthcare services

– Financial services

– Online shopping

3

The German e-ID system

Notice & Selective Disclosure 4

Security and Privacy Problems

• eID server knows all user transactions

The eID server traces and links all communications and transactions of each user

• eID server knows all customers of the service provider The eID server learns all customers trying to access a specific service

• User impersonation Insiders can copy or alter user’s credentials and impersonate them to

services.

• Availability

Denial of service attacks against the eID server impacts all applications using the service.

5

Moving Ahead

“As such, privacy-enhanced PKI technologies have significant potential to enhance existing eID card privacy functions. Although these technologies have been available for a long time, there has not been much adoption in mainstream applications and eID card implementations”

• the available technologies based on Privacy-ABCs use different terminology for their features and even different cryptographic mechanisms to realize them

• the performance of Privacy-ABCs on smart cards (like eIDs) was poor and did not allow practical deployment

• Privacy-ABCs are very complex and hard to understand for non-specialists

6

• Scheduled duration: November 2010 – October 2014

• Funding: The ABC4Trust project receives research funding from the European Union's Seventh Framework Programme under grant agreement n° 257782 as part of the “ICT Trust and Security Research” theme.

• Web Page: https://abc4trust.eu

7

ABC4Trust Objectives

8

• Abstraction of concepts of privacy-ABCs & unification of features

• A common unified architecture

That is independent of the specific technologies

Federation of privacy-ABC Systems based on different technologies

Interoperability between different privacy-ABC technologies

Avoid technology lock-in

Raise trust in privacy-ABC technologies

• Reference implementations of the framework involving Smart Cards

• Deployments in large scale user-trials.

University of Patras – Greece

Norrtullskolan school – Sweden

ABC4Trust Interactions and Entities

9

Unlinkability (presentation)

Selective Disclosure

Unlinkability (multi-use)

• Privacy-ABCs are by default untraceable IdSPs are not able to track and trace at which sites the user is presenting the

information

• Privacy-ABCs can be obtained in advance and stored No real-time burden of the IdSP – better scalability

• User-binding No credential pooling possible – Presentation requires proof of knowledge of a

secret key (stored on a secure device like SC)

• Unlimited number of pseudonyms supported

In addition to which, scope-exclusive pseudonyms can be imposed – user can only register one pseudonym per scope (URL).

Advantages

10

German eID Integration

11

R. Bjones, “eParticipation Scenario Reference Guide”, Microsoft, Tech. Rep., October 2010

ABCs on Smart Cards

• ABCs are practical on smart cards

• We selected a contactless smart card chip with cryptoprocessor

• We found that, using precomputations (coupons):

– U-Prove can be made efficient

• Issuance < 260 ms

• Presentation 434 ms for 10 attributes

– Idemix can be made efficient

• Issuance 231 ms

• (less clear for presentation)

• Specification and development of the ABC4Trust card are now underway

12

Smart Card Architecture

13 32-bit chip made available by Invia

• Protocol-level design choices – Adapt data flow to minimize computations on the card's side

– Use delegation if neutral with respect to (crypto) security

– Store precomputed values as coupons

• Optimized implementations – Boost point operations with best coordinate system (Jacobian, mixed,

Edwards, etc)

– Aggregate scalar multiplications to share intermediate variables whenever possible

– Find optimal setting on the given model of computation (h/w architecture)

14

Optimizing Performance

Thank you!

Ioannis Krontiris {[email protected]},

Goethe University Frankfurt, Germany

15