Download paper: http://www.ioanniskrontiris.de/publications/DEF-FORUM2012-eIDs.pdf
Electronic Identity (eID) cards are rapidly emerging in Europe and are gaining user acceptance. As an authentication token, an eID card is a gateway to personal information and as such it is subject to privacy risks. Several European countries have taken extra care to protect their citizens against these risks. A notable example is the German eID card, which we take as a case study in this paper. We first discuss important privacy and security threats that remain in the German eID system and elaborate on the advantages of using privacy attribute-based credentials (Privacy-ABCs) to address these threats. Then we study two approaches for integrating Privacy-ABCs with eID systems. In the first approach, we show that by introducing a new entity in the current German eID system, the citizen can get a lot of the Privacy-ABCs advantages, without further modifications. Then we concentrate on putting Privacy-ABCs directly on smart cards, and we present new results on performance, which demonstrate that it is now feasible for smart cards to support the required computations these mechanisms require.
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Authentication
1. Integrating Anonymous Credentials with eIDs
for Privacy-respecting Online Authentication
Ronny Bjones, Ioannis Krontiris, Pascal Paillier, Kai Rannenberg
10 October2012
Annual Privacy Forum - Limassol, Cyprus
Ioannis Krontiris
Goethe University Frankfurt
2. Overview
• Example of German eID
• Privacy problems
• Privacy-ABCs to the rescue
• Integration to the German eID system
• Privacy-ABCs on Smart Cards
2
3. eIDs in Europe
• A number of eIDs and qualified electronic signatures (QES)
already exist
– e-Government services
– Healthcare services
– Financial services
– Online shopping
3
5. Security and Privacy Problems
• eID server knows all user transactions
The eID server traces and links all communications and transactions of
each user
• eID server knows all customers of the service provider
The eID server learns all customers trying to access a specific service
• User impersonation
Insiders can copy or alter user’s credentials and impersonate them to
services.
• Availability
Denial of service attacks against the eID server impacts all applications
using the service.
5
6. Moving Ahead
“As such, privacy-enhanced PKI technologies have significant
potential to enhance existing eID card privacy functions. Although
these technologies have been available for a long time, there has
not been much adoption in mainstream applications and eID card
implementations”
• the available technologies based on Privacy-ABCs use different terminology for
their features and even different cryptographic mechanisms to realize them
• the performance of Privacy-ABCs on smart cards (like eIDs) was poor and did not
allow practical deployment
• Privacy-ABCs are very complex and hard to understand for non-specialists
6
7. • Scheduled duration: November 2010 – October 2014
• Funding: The ABC4Trust project receives research funding from the
European Union's Seventh Framework Programme under grant agreement
n° 257782 as part of the “ICT Trust and Security Research” theme.
• Web Page: https://abc4trust.eu
7
8. ABC4Trust Objectives
8
• Abstraction of concepts of privacy-ABCs & unification of features
• A common unified architecture
That is independent of the specific technologies
Federation of privacy-ABC Systems based on different technologies
Interoperability between different privacy-ABC technologies
Avoid technology lock-in
Raise trust in privacy-ABC technologies
• Reference implementations of the framework involving Smart Cards
• Deployments in large scale user-trials.
University of Patras – Greece
Norrtullskolan school – Sweden
10. • Privacy-ABCs are by default untraceable
IdSPs are not able to track and trace at which sites the user is presenting the
information
• Privacy-ABCs can be obtained in advance and stored
No real-time burden of the IdSP – better scalability
• User-binding
No credential pooling possible – Presentation requires proof of knowledge of a
secret key (stored on a secure device like SC)
• Unlimited number of pseudonyms supported
In addition to which, scope-exclusive pseudonyms can be imposed – user can
only register one pseudonym per scope (URL).
Advantages
10
11. German eID Integration
11
R. Bjones, “eParticipation Scenario Reference Guide”, Microsoft, Tech. Rep., October 2010
12. ABCs on Smart Cards
• ABCs are practical on smart cards
• We selected a contactless smart card chip with cryptoprocessor
• We found that, using precomputations (coupons):
– U-Prove can be made efficient
• Issuance < 260 ms
• Presentation 434 ms for 10 attributes
– Idemix can be made efficient
• Issuance 231 ms
• (less clear for presentation)
• Specification and development of the ABC4Trust card are now underway
12
14. • Protocol-level design choices
– Adapt data flow to minimize computations on the card's side
– Use delegation if neutral with respect to (crypto) security
– Store precomputed values as coupons
• Optimized implementations
– Boost point operations with best coordinate system (Jacobian, mixed,
Edwards, etc)
– Aggregate scalar multiplications to share intermediate variables
whenever possible
– Find optimal setting on the given model of computation (h/w
architecture)
14
Optimizing Performance