Privacy with attribute-based credentials ABC4Trust Project. Fatbardh Veseli

Similar documents
Introduction and Overview

... Mobile (Telco) Operators and Big Data How to avoid the Big Brother Problem using Partial Identities & Privacy-ABCs

Attribute-based Credentials and Partial Identities for a more Privacy Friendly Internet

Privacy-respecting Identity Management

Identity Mixer: From papers to pilots and beyond. Gregory Neven, IBM Research Zurich IBM Corporation

D3.1 Scientific comparison of ABC protocols

D2.2 - Architecture for Attribute-based Credential Technologies - Final Version

Work and Projects in ISO/IEC JTC 1/SC 27/WG 5 Identity Management & Privacy technologies

... European R&D for privacy and identity solutions for the Information Society. High Level Conference eid and Public Registers

Information technology Security techniques A framework for identity management

D5.1 Scenario Definition for both Pilots

U-Prove Technology Overview

IRMA: I Reveal My Attributes

H2.2 - ABC4Trust Architecture for Developers

IBM Identity Mixer. Introduction Deployment Use Cases Blockchain More Features

Attribute-based Credentials on Smart Cards

Prof. Christos Xenakis

Prof. Christos Xenakis

Privacy-ABC Technologies on Mobile Phones

IBM Identity Mixer. Authentication without identification. Introduction Demo Use Cases Features Overview Deployment

Identity Management Systems An Overview. IST Event 2004 /

Climbing Towards Trust, Privacy and Identity Management in Emerging ICT-based Scenarios

A privacy-preserving authentication service using mobile devices

Cryptographic dimensions of Privacy

1. Publishable Summary

Panel Privacy Management and Data Protection Standardization

On the Revocation of U-Prove Tokens

Trusted Computing: Introduction & Applications

Federated Authentication for E-Infrastructures

Privacy-Enhancing Technologies: Anonymous Credentials and Pseudonym Systems. Anja Lehmann IBM Research Zurich

Trust Services for Electronic Transactions

Privacy Privacy Preserving Authentication Schemes: Theory and Applications

SWAMID Person-Proofed Multi-Factor Profile

Privacy Statement for Use of the Certification Service of Swisscom (sales name: "All-in Signing Service")

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Federated authentication for e-infrastructures

Covert Identity Information in Direct Anonymous Attestation (DAA)

D5.5. Open Source Client Library and Server Tools for Delegations. Document Identification. Final UBISECURE, OIX

The epassport: What s Next?

Will Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions?

CC withinthe Context of the EU Privacy Seal - EuroPriSe

Deliverable D3.5 Harmonised e-authentication architecture in collaboration with STORK platform (M40) ATTPS. Achieving The Trust Paradigm Shift

NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

Anonymous Credentials: How to show credentials without compromising privacy. Melissa Chase Microsoft Research

Privacy-Enhancing Technologies & Applications to ehealth. Dr. Anja Lehmann IBM Research Zurich

DECISION OF THE EUROPEAN CENTRAL BANK

CSE 565 Computer Security Fall 2018

Way to new challenges

Security Standardization

SAFE-BioPharma RAS Privacy Policy

Privacy Statement for Use of the Trust Service of Swisscom IT Services Finance S.E., Austria

Security and Privacy in the Internet of Things : Antonio F. Skarmeta

Direct Anonymous Attestation

Trusted National Identity Schemes. Coralie MESNARD

PRISMACLOUD. Privacy and Security Maintaining Services in the Cloud Thomas Loruenser. CSP2015 Brussels /

ISO/IEC JTC 1/SC 27 N7769

Approved 10/15/2015. IDEF Baseline Functional Requirements v1.0

SC27 WG4 Mission. Security controls and services

esignature Infrastructure Marketing Model

eidas Standardisation What are the Issues and Concerns? Overview from CEN TC 224 WG 16 ESIGN Gisela Meister

OneID An architectural overview

TELIA MOBILE ID CERTIFICATE

Digital Identity Management based on Digital Credentials. Credentica Inc. Version 1.0 of June 2002

ING Public Key Infrastructure Technical Certificate Policy

eidas Regulation eid and assurance levels Outcome of eias study

FiXs - Federated and Secure Identity Management in Operation

Privacy Notice - Stora Enso s Supplier and Stakeholder Register. 1 Purpose

ISO/IEC INTERNATIONAL STANDARD

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

De Montfort Students Union Student Data Privacy Statement

SONERA MOBILE ID CERTIFICATE

Concepts and Languages for Privacy-Preserving Attribute-Based Authentication

A General Certification Framework with Applications to Privacy-Enhancing Certificate Infrastructures

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

Establishing Trust Across International Communities

Privacy Policy. MIPS Website Privacy Policy. Document Information. Contact Details. Version 1.0 Version date March 2018.

Third public workshop of the Amsterdam Group and CODECS C-ITS Deployment in Europe: Common Security and Certificate Policy

Electronic Commerce Working Group report

Gateway Certification Authority pilot project

The challenges of (non-)openness:

ISO/IEC INTERNATIONAL STANDARD

NIS Standardisation ENISA view

Birgit Morlion. DG Communications Networks, Content and Technology (DG CONNECT)

Identity Management: Setting Context

INTEGRATED SECURITY SYSTEM FOR E-GOVERNMENT BASED ON SAML STANDARD

Hong Kong Access Federation (HKAF) Identity Management Practice Statement (IMPS)

DAkkS Who we are. Attesting competence, Assuring quality, Creating confidence.

Registration and Authentication

Google Cloud & the General Data Protection Regulation (GDPR)

Virginia Commonwealth University School of Medicine Information Security Standard

Cryptography 4 Privacy

eduroam Managed IdP Product Presentation

Cryptography 4 People

ECA Trusted Agent Handbook

Digital Certificates Demystified

ISO/IEC INTERNATIONAL STANDARD

PROVIDING COMMUNITY AND COLLABORATION SERVICES TO MMOG PLAYERS *

Data security statement Volunteers

Technical Trust Policy

Transcription:

Privacy with attribute-based credentials ABC4Trust Project Fatbardh Veseli Deutsche Telekom Chair for Mobile Business and Multilateral Security Goethe University Frankfurt, Germany fatbardh.veseli@m-chair.de 1

Overview Motivation Identity Management Issues Privacy-ABCs - Architecture, Concepts and features ABC4Trust Project Overview Standardisation efforts 2

Identity Management (IdM) 2 sides of a medal with enormous economic potential ISO/IEC JTC 1/SC 27/WG 5 Identity Management & Privacy Technologies Organisations aim to sort out User Accounts in different IT systems Authentication Rights management Access control Unified identities help to ease administration manage customer relations Identity management systems ease single-sign-on by unify accounts solve the problems of multiple passwords People live their life in different roles (professional, private, volunteer) using different identities (pseudonyms): email accounts, SIM cards, ebay trade names, chat names, Facebook names, ) Differentiated identities help to protect privacy, especially anonymity personal security/safety enable reputation building at the same time Identity management systems support users using role based identities help to present the right identity in the right context 3

Identity Management (IdM) 2 sides of a medal with enormous economic potential ISO/IEC JTC 1/SC 27/WG 5 Identity Management & Privacy Technologies People live their life in different roles (professional, private, volunteer) using different identities (pseudonyms): email accounts, SIM cards, ebay trade names, chat names, Facebook names, ) Differentiated identities help to protect privacy, especially anonymity personal security/safety enable reputation building at the same time Identity management systems support users using role based identities help to present the right identity in the right context Organisations aim to sort out User Accounts in different IT systems Authentication Rights management Access control Unified identities help to ease administration manage customer relations Identity management systems ease single-sign-on by unify accounts solve the problems of multiple passwords 4

Identity Management (IdM) One of many definitions An integrated concept of processes, policies and technologies that enable organizations and individual entities to facilitate and control the use of identity information in their respective relations 5

Privacy (and security) issues of typical federated IdM architectures Identity Service Provider (IdSP) Relying Party (RP) trust 4. token response 3. token request 1. request access 2. policy 5. token User 6

Partial Identities needed Based on [Clauß, Köhntopp 2001] 7

Identity Definition in ISO/IEC 24760 to reduce the risk of over-identification Identity (partial identity): Set of attributes related to an entity From A Framework for Identity Management (ISO/IEC 24760) Part 1: Terminology and concepts (IS:2011) Part 2: Reference framework and requirements (CD) Part 3: Practice (WD) [standards.iso.org/ittf/publiclyavailablestandards/index.html, www.jtc1sc27.din.de/en] 8

Attribute Based Credentials (Privacy-ABCs) Certifying relevant attributes Token issuance and presentation unlinkable Rather coins (that cannot be distinguished) than bank notes (that have a serial number) Users can disclose (minimal) subsets of the encoded claims To respond to unanticipated requests of RPs Without invalidating the token integrity E.g. Certificate for birth date -> Claim for being over 21 Two major approaches and technologies U-Prove (Credentica -> Microsoft) Idemix (IBM) 9

Two approaches for Privacy- ABCs Blind Signatures Zero-Knowledge Proofs Issuer Issuer User Verifier User Verifier U-Prove Brands, Paquin et al. Discrete Logs, RSA,.. Idemix (Identity Mixer) Damgard, Camenisch & Lysyanskaya Strong RSA, pairings (LMRS, q-sdh) 10

ABC4Trust Objectives A common, unified architecture for ABC systems to enable Comparing their respective features Combining them on common platforms Lock-In free usage of ABC systems Open reference implementations of selected ABC systems Deployments in actual production enabling Minimal disclosure Provision of anonymous feedback to a community proving one is accredited as a member 11

ABC4Trust Partners Johann Wolfgang Goethe- Universität Frankfurt, DE Alexandra Institute AS, DK Computer Technology Institute & Press DIOPHANTUS, GR IBM Research - Zurich, CH Miracle A/S, DK Nokia Solutions and Networks, DE Technische Universität Darmstadt, DE Unabhängiges Landeszentrum für Datenschutz, DE Eurodocs AB, SE CryptoExperts SAS, FR Microsoft NV, BE Söderhamn Kommun, SE 12

Architecture, entities and features Issuer Revocation Authority Credential Revocation Credential Issuance Revocation info retrieval User Presentation Token Revocation info retrieval Token Inspection Inspector Verifier 13

ABC4Trust Pilot Söderhamn: Community Interaction School internal platform for communication among pupils, teachers, and personnel Provide trusted authentication while protecting anonymity Usability: make privacy technology understandable for non-technical users (e.g. pupils) Norrtullskolan School Söderhamn, Sweden 14

Söderhamn pilot - Student consultation name = Kari Johannson Grade= 5 Class = 5A Gender = F name =? Grade = 5 Class =? 15

ABC4Trust Pilot Patras: Course Rating Course ratings conducted anonymously without learning participants identities Conduct polls based on attendance Verify with anonymous proofs towards untrusted infrastructure Computer Technology Institute Patras, Greece 16

Course Evaluation Course = 536 Matriculation nr: 1295 Attendance units: 6 name = Maria Papadopoulou Department = CEI Type = Student Matriculation nr: 1295 name =? Department =? Student = Yes CourseID = 536 #Attendance units > 5 = Yes 17 17

Privacy-ABCs and eid eids can be considered as credentials with several attributes. Privacy-ABCs can be used to disclose only some of the attributes.

Standardisation relevant projects within ISO/IEC JTC 1/SC 27 24760 A framework for identity Management 20008 Anonymous digital signatures 24146 Access control framework WG 5 -Identity management and privacy technologies 29100 Privacy framework WG 2 Cryptography and security mechanisms 29191 Partially anonymous, partially unlinkable authentication 29101 Privacy architecture framework 20009 Anonymous Entity Authentication 19

Conclusions & Outlook ICT and related services are coming ever closer to people. A more privacy friendly Internet requires: Partial Identities and Identifiers Minimum Disclosure Privacy-respecting Attribute Based Credentials ABC4Trust Summit Event: 2015-01-20, Brussels, Representation of the State of Hesse www.abc4trust.eu www.jtc1sc27.din.de/en www.fidis.net www.picos-project.eu www.primelife.eu www.prime-project.eu www.m-chair.de, fatbardh.veseli@m-chair.de, coord-abc4trust@m-chair.de

Back-Up Attribute-based Credentials for Trust

Identity Theft (?) 22 22

ABC4Trust Project Facts Scheduled duration: November 2010 February 2015 Partners: 12 partners from industry, academia, research centres and data protection authorities Costs: 13.59 Million ( 8.85 Million EU funded) Funding: The ABC4Trust project receives research funding from the European Union's Seventh Framework Programme under grant agreement n 257782 as part of the ICT Trust and Security Research theme. Web Page: https://abc4trust.eu Project coordination: Chair of Mobile Business & Multilateral Security Goethe University Frankfurt 60629 Frankfurt am Main, Germany contact@abc4trust.eu 23

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback