Cryptographic dimensions of Privacy

Similar documents
IBM Identity Mixer. Introduction Deployment Use Cases Blockchain More Features

Cryptography 4 Privacy

IBM Identity Mixer. Authentication without identification. Introduction Demo Use Cases Features Overview Deployment

Cryptography 4 People

Cryptography 4 People

Cryptography for People

Privacy in an Electronic World A Lost Cause?

Forschungsrichtungen in der IT-Sicherheit

Privacy-Enhancing Technologies & Applications to ehealth. Dr. Anja Lehmann IBM Research Zurich

Privacy-Enhancing Technologies: Anonymous Credentials and Pseudonym Systems. Anja Lehmann IBM Research Zurich

Identity Mixer: From papers to pilots and beyond. Gregory Neven, IBM Research Zurich IBM Corporation

Directions in Security Research

Direct Anonymous Attestation

Privacy with attribute-based credentials ABC4Trust Project. Fatbardh Veseli

Prof. Christos Xenakis

Prof. Christos Xenakis

Authentication without Identification. Jan Camenisch IBM Research - Zurich IBM Corporation

Privacy-ABC Technologies on Mobile Phones

An Introduction to Trusted Platform Technology

A NEW MODEL FOR AUTHENTICATION

Trusted Computing: Introduction & Applications

Attribute-based Credentials on Smart Cards

Anonymous Credentials and e-cash

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

IRMA: I Reveal My Attributes

CS November 2018

Introduction to Modern Cryptography. Benny Chor

Using Cryptography CMSC 414. October 16, 2017

Blockchain for Enterprise: A Security & Privacy Perspective through Hyperledger/fabric

Security & Privacy. Web Architecture and Information Management [./] Spring 2009 INFO (CCN 42509) Contents. Erik Wilde, UC Berkeley School of

Maintaining the Anonymity of Direct Anonymous Attestation with Subverted Platforms MIT PRIMES Computer Science Conference October 13, 2018

CSE 565 Computer Security Fall 2018

FIDO ALLIANCE: UPDATES & OVERVIEW BRETT MCDOWELL EXECUTIVE DIRECTOR. All Rights Reserved FIDO Alliance Copyright 2017

Anonymous Credentials: How to show credentials without compromising privacy. Melissa Chase Microsoft Research

Trusted Platform Module explained

U-Prove Technology Overview

Lecture Notes 14 : Public-Key Infrastructure

Mobile Identity as key enabler for the Digital Consumer

Copy-Resistant Credentials with Minimum Information Disclosure

EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

Privacy Privacy Preserving Authentication Schemes: Theory and Applications

Security and Privacy in RFID Evolving Application Spaces for Edge Security

D2.2 - Architecture for Attribute-based Credential Technologies - Final Version

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2010

On the Revocation of U-Prove Tokens

Cryptography (Overview)

Worksheet - Reading Guide for Keys and Passwords

Innovative Authentication method for boosting Mobile Connect global roll-out

EXPERIENCE SIMPLER, STRONGER AUTHENTICATION

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Dissecting NIST Digital Identity Guidelines

Introduction to Electronic Identity Documents

Verifiable Anonymous Identities and Access Control in Permissioned Blockchains

UNIT - IV Cryptographic Hash Function 31.1

Structure-Preserving Certificateless Encryption and Its Application

Diffie-Hellman. Part 1 Cryptography 136

Enterprise Privacy and Federated Identity Management

Important updates to Business Applications competencies

XFINITY Welcome Packet

Non Person Identities After all, who cares about me? Gilles Lisimaque & Dave Auman Identification technology Partners, Inc.

The security challenge in a mobile world

lifeid Foundation FAQ v.1

A Decade of Direct Anonymous Attestation

Privacy-preserving PKI design based on group signature

CERN Certification Authority

Can Digital Evidence Endure the Test of Time?

Network Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2011

2 Electronic Passports and Identity Cards

CPSC 467b: Cryptography and Computer Security

Conformity and Interoperability Key Prerequisites for Security of eid documents. Holger Funke, 27 th April 2017, ID4Africa Windhoek

ENEE 459-C Computer Security. Security protocols

OneID An architectural overview

PKI Credentialing Handbook

Network Security: Anonymity. Tuomas Aura T Network security Aalto University, Nov-Dec 2012

Nigori: Storing Secrets in the Cloud. Ben Laurie

An Implementation of a Pairing-Based Anonymous Credential System with Constant Complexity

Pseudonym Based Security Architecture for Wireless Mesh Network

American Express Online PIN & PIN Security Requirements

Key Protection for Endpoint, Cloud and Data Center

Organization information. When you create an organization on icentrex, we collect your address (as the Organization Owner), your

THE FUTURE OF AUTHENTICATION FOR THE INTERNET OF THINGS

FIDO AND PAYMENTS AUTHENTICATION. Philip Andreae Vice President Oberthur Technologies

Manual Suppliers procedure for password change FGPS Portal

SYDNEY FESTIVAL PRIVACY POLICY

WHITE PAPER AUTHENTICATION YOUR WAY SECURING ACCESS IN A CHANGING WORLD

Digital Identity Management based on Digital Credentials. Credentica Inc. Version 1.0 of June 2002

U.S. Digital Video Benchmark Adobe Digital Index Q2 2014

Covert Identity Information in Direct Anonymous Attestation (DAA)

User Authentication. Modified By: Dr. Ramzi Saifan

FIDO Alliance: Standards-based Solutions for Simpler, Strong Authentication

A Card Requirements Language Enabling Privacy-Preserving Access Control

FACEBOOK SAFETY FOR JOURNALISTS. Thanks to these partners for reviewing these safety guidelines:

Goals of Modern Cryptography

INSIGHTS, POWERED BY INSIDEVIEW

Go to SQA Academy the website address is

Security at the Digital Cocktail Party. Social Networking meets IAM

My Volunteer Page: Set-Up Instructions

Towards Trustworthy Internet of Things for Mission-Critical Applications. Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things

Payment systems. Tuomas Aura CSE-C3400 Information security. Aalto University, autumn 2014

Transcription:

PRIVACY SUMMIT 2016 The Alain Turing Institute Cryptographic dimensions of Privacy Dr. Jan Camenisch Principle RSM; Member, IBM Academy of Technology IBM Research Zurich @JanCamenisch ibm.biz/jancamenisch

Facts We all increasingly conduct our daily tasks electronically...are becoming increasingly vulnerable to cybercrimes 2

Facts 33% of cyber crimes, including identity theft, take less time than to make a cup of tea. 3

Facts 10 Years ago, your identity information on the black market was worth $150. Today. 4

Facts $4'500'000'000 cost of identity theft worldwide 5

Houston, we have a problem! ᄅ 6

Houston, we have a problem! ᄅ Buzz Aldrin's footprints are still up there (Robin Wilton) 7

Computers don't forget Apps built to use & generate (too much) data Data is stored by default Data mining gets ever better New (ways of) businesses using personal data Humans forget most things too quickly Paper collects dust in drawers 8

Where's all my data? The ways of data are hard to understand Devices, operating systems, & apps are getting more complex and intertwined Mashups, Ad networks Machines virtual and realtime configured Not visible to users, and experts Data processing changes constantly No control over data and far too easy to loose them 9

The real problem Applications are designed with the sandy beach in mind but are then built on the moon Feature creep, security comes last, if at all Everyone can do apps and sell them Networks and systems hard not (well) protected 10

Security & Privacy is not a lost cause! We need paradigm shift & build stuff for the moon rather than the sandy beach! 11

Security & Privacy is not a lost cause! That means: Reveal only minimal data necessary Encrypt every bit Attach usage policies to each bit Cryptography can do that! 12

The case of authentication IBM Identity Mixer authentication without identification 13

Alice wants to watch a movie at Movie Streaming Service I wish to see Alice in Wonderland Alice Movie Streaming Service 14

Alice wants to watch a movie at Movie Streaming Service You need: - subscription - be older than 12 Alice Movie Streaming Service 15

Watching the movie with the traditional solution Using digital equivalent of paper world, e.g., with X.509 Certificates ok, here's - my eid - my subscription Alice Movie Streaming Service 16

Watching the movie with the traditional solution...with X.509 Certificates Aha, you are - Alice Doe - born on Dec 12, 1975-7 Waterdrive - CH 8003 Zurich - Married - Expires Aug 4, 2018 Mplex Customer - #1029347 - Premium Subscription - Expires Jan 13, 2016 Alice Movie Streaming Service 17

Watching the movie with the traditional solution This is a privacy and security problem! - identity theft - discrimination - profiling, possibly in connection with other services Aha, you are - Alice Doe - born on Dec 12, 1975-7 Waterdrive - CH 8003 Zurich - Married - Expires Aug 4, 2018 Mplex Customer - #1029347 - Premium Subscription - Expires Jan 13, 2016 Alice Movie Streaming Service 18

Watching the movie with the traditional solution With OpenID (similar protocols), e.g., log-in with Facebook Alice Movie Streaming Service 19 October 15, 2015 - Press Day

Watching the movie with the traditional solution With OpenID and similar solution, e.g., log-in with Facebook Aha, Alice is watching a 12+ movie Alice Movie Streaming Service 20 October 15, 2015 - Press Day

Watching the movie with the traditional solution With OpenID and similar solution, e.g., log-in with Facebook Aha, Alice is watching a 12+ movie Aha, you are - Alice@facebook.com - 12+ Mplex Customer - #1029347 - Premium Subscription - Expires Jan 13, 2016 Alice Movie Streaming Service 21 October 15, 2015 - Press Day

Identity Mixer solves this. When Alice authenticates to the Movie Streaming Service with Identity Mixer, all the services learns is that Alice has a subscription is older than 12 and no more! 22

Privacy-protecting authentication with Privacy ABCs Users' Keys: One secret Identity (secret key) Many Public Pseudonyms (public keys) use a different identity for each communication partner or even transaction 23 October 15, 2015 - Press Day

Privacy-protecting authentication with Privacy ABCs Certified attributes from Identity provider Issuing a credential Name = Alice Doe Birth date = April 3, 1997 24 October 15, 2015 - Press Day

Privacy-protecting authentication with Privacy ABCs Certified attributes from purchasing department Issuing a credential 25 October 15, 2015 - Press Day

Privacy-protecting authentication with Privacy ABCs I wish to see Alice in Wonderland You need: - subscription - be older than 12 26 October 15, 2015 - Press Day

Privacy-protecting authentication with Privacy ABCs Proving identity claims but does not send credentials only minimal disclosure - valid subscription - eid with age 12 27

Proving Identity Claims: Minimal Disclosure 28 Alice Doe Age: 12+ Hauptstr 7, Zurich CH single Exp. Valid ve r ID ified ve r ID ified Alice Doe Dec 12, 1998 Hauptstr. 7, Zurich CH single Exp. Aug 4, 2018

Privacy-protecting authentication with Privacy ABCs Proving identity claims but does not send credential only minimal disclosure (Public Verification Key of issuer) Aha, you are - older than 12 - have a subscription Transaction is not linkable to any other of Alice's transactions! 29

Try Identity Mixer for yourself Try yourself: Build your app: Source code: Info: 30 idemixdemo.mybluemix.net github.com/ibm-bluemix/idemix-issuer-verifier github.com/github.com/p2abcengine/p2abcengine ibm.biz/identity_mixer

You might already have Identity Mixer on your devices Identity Mixer (and related protocols) in standards TPM V1.2 (2004) and V2.0 (2015) call it Direct Anonymous Attestation FIDO Alliance authentication is standardizing this as well (w/ and w/out chip) TPMs allow one to store secret key in a secure place! Alice 31

Other examples: secure and privacy access to databases Who accesses which data at which time can reveal sensitive information about the users (their research strategy, location, habits, etc.) DNA databases News/Journals/Magazines Patent database??? Cryptography access protocol s.t. database provider has no information about which user accesses which data 32

Conclusion Let engage in some rocket science! Much of the needed technology exists need to use them & build apps for the moon get crypto experts on your design team Thank you! 33

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback