Download paper: http://www.ioanniskrontiris.de/publications/DEF-FORUM2012-eIDs.pdf Electronic Identity (eID) cards are rapidly emerging in Europe and are gaining user acceptance. As an authentication token, an eID card is a gateway to personal information and as such it is subject to privacy risks. Several European countries have taken extra care to protect their citizens against these risks. A notable example is the German eID card, which we take as a case study in this paper. We first discuss important privacy and security threats that remain in the German eID system and elaborate on the advantages of using privacy attribute-based credentials (Privacy-ABCs) to address these threats. Then we study two approaches for integrating Privacy-ABCs with eID systems. In the first approach, we show that by introducing a new entity in the current German eID system, the citizen can get a lot of the Privacy-ABCs advantages, without further modifications. Then we concentrate on putting Privacy-ABCs directly on smart cards, and we present new results on performance, which demonstrate that it is now feasible for smart cards to support the required computations these mechanisms require.

1. Integrating Anonymous Credentials with eIDs
for Privacy-respecting Online Authentication
Ronny Bjones, Ioannis Krontiris, Pascal Paillier, Kai Rannenberg
10 October2012
Annual Privacy Forum - Limassol, Cyprus
Ioannis Krontiris
Goethe University Frankfurt

2. Overview
• Example of German eID
• Privacy problems
• Privacy-ABCs to the rescue
• Integration to the German eID system
• Privacy-ABCs on Smart Cards
2

3. eIDs in Europe
• A number of eIDs and qualified electronic signatures (QES)
already exist
– e-Government services
– Healthcare services
– Financial services
– Online shopping
3

4. The German e-ID system
Notice & Selective Disclosure
4

5. Security and Privacy Problems
• eID server knows all user transactions
The eID server traces and links all communications and transactions of
each user
• eID server knows all customers of the service provider
The eID server learns all customers trying to access a specific service
• User impersonation
Insiders can copy or alter user’s credentials and impersonate them to
services.
• Availability
Denial of service attacks against the eID server impacts all applications
using the service.
5

6. Moving Ahead
“As such, privacy-enhanced PKI technologies have significant
potential to enhance existing eID card privacy functions. Although
these technologies have been available for a long time, there has
not been much adoption in mainstream applications and eID card
implementations”
• the available technologies based on Privacy-ABCs use different terminology for
their features and even different cryptographic mechanisms to realize them
• the performance of Privacy-ABCs on smart cards (like eIDs) was poor and did not
allow practical deployment
• Privacy-ABCs are very complex and hard to understand for non-specialists
6

7. • Scheduled duration: November 2010 – October 2014
• Funding: The ABC4Trust project receives research funding from the
European Union's Seventh Framework Programme under grant agreement
n° 257782 as part of the “ICT Trust and Security Research” theme.
• Web Page: https://abc4trust.eu
7

8. ABC4Trust Objectives
8
• Abstraction of concepts of privacy-ABCs & unification of features
• A common unified architecture
 That is independent of the specific technologies
 Federation of privacy-ABC Systems based on different technologies
 Interoperability between different privacy-ABC technologies
 Avoid technology lock-in
 Raise trust in privacy-ABC technologies
• Reference implementations of the framework involving Smart Cards
• Deployments in large scale user-trials.
 University of Patras – Greece
 Norrtullskolan school – Sweden

9. ABC4Trust Interactions and Entities
9
Unlinkability (presentation)
Selective Disclosure
Unlinkability (multi-use)

10. • Privacy-ABCs are by default untraceable
IdSPs are not able to track and trace at which sites the user is presenting the
information
• Privacy-ABCs can be obtained in advance and stored
No real-time burden of the IdSP – better scalability
• User-binding
No credential pooling possible – Presentation requires proof of knowledge of a
secret key (stored on a secure device like SC)
• Unlimited number of pseudonyms supported
In addition to which, scope-exclusive pseudonyms can be imposed – user can
only register one pseudonym per scope (URL).
Advantages
10

11. German eID Integration
11
R. Bjones, “eParticipation Scenario Reference Guide”, Microsoft, Tech. Rep., October 2010

12. ABCs on Smart Cards
• ABCs are practical on smart cards
• We selected a contactless smart card chip with cryptoprocessor
• We found that, using precomputations (coupons):
– U-Prove can be made efficient
• Issuance < 260 ms
• Presentation 434 ms for 10 attributes
– Idemix can be made efficient
• Issuance 231 ms
• (less clear for presentation)
• Specification and development of the ABC4Trust card are now underway
12

13. Smart Card Architecture
1332-bit chip made available by Invia

14. • Protocol-level design choices
– Adapt data flow to minimize computations on the card's side
– Use delegation if neutral with respect to (crypto) security
– Store precomputed values as coupons
• Optimized implementations
– Boost point operations with best coordinate system (Jacobian, mixed,
Edwards, etc)
– Aggregate scalar multiplications to share intermediate variables
whenever possible
– Find optimal setting on the given model of computation (h/w
architecture)
14
Optimizing Performance

15. Thank you!
Ioannis Krontiris {ikrontiris@gmx.de},
Goethe University Frankfurt, Germany
15