SlideShare una empresa de Scribd logo

Attribute-based Authentication

T
Thomas Gross

Presenting the works of the EU projects PrimeLife and ABC4Trust, on how to employ attribute-based credentials (at the Newcastle security forum). The slides are provided by IBM Research - Zurich, in particular Jan Camenisch, Gregory Neven and Anja Lehmann.

Tecnología
1 de 45
Descargar para leer sin conexión
Privacy-enhancing Attribute-based Authentication Presenting works of the EU Projects PrimeLife and ABC4Trust Slides provided by the IBM Research – Zurich identity and privacy team (mostly from Jan Camenisch, Anja Lehmann, Gregory Neven)
Authentication and Anonymity? [ Pictures: PCStelcom, BeautifulRailroadBridgeOverTheSilveryTay.Wordpress ]
Anja Lehmann, IBM Research – Zurich, 10.06.2011 ABC4Trust & PrimeLife Tutorial Part I: Introduction to Privacy-Preserving Authentication 1 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Authentication l n tia e cred Issuer I am Alice Doe Convince me! and I'm over 18! btw … I trust the Issuer show credential User Verifier 7 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Authentication credential / certificate  signed list of attribute-value pairs name = Alice Doe birth date = 1973/01/26 signed by the issuer 8 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Signature Scheme public key message private key priv signature Verify( , , ) = true = Sign( , priv ) 9 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Signature Scheme | Unforgeability public key private key priv such that Verify( , , ) = true 10 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Classical Authentication © 2009 IBM Corporation
Standard Public-Key Certificates e.g., X.509 certificates In the beginning… 12 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Standard Public-Key Certificates e.g., X.509 certificates Obtaining a certificate… name = Alice Doe, birth date = 1973/01/26, pk = 13 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Standard Public-Key Certificates e.g., X.509 certificates Using a certificate… linkable by certificate & public key linkable by certificate & public key name = Alice Doe, birth date = 1973/01/26, pk = full attribute disclosure full attribute disclosure 14 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Standard Public-Key Certificates e.g., X.509 certificates Using a certificate again… name = Alice Doe, birth date = 1973/01/26, pk = name = Alice Doe, birth date = 1973/01/26, pk = linkable when used multiple times linkable when used multiple times 15 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Privacy-Preserving Authentication © 2009 IBM Corporation
Privacy-Preserving Authentication: General Concepts  Basic Functionality Minimal Disclosure Tokens  Pseudonyms and Combining/Binding of Multiple Tokens Minimal Disclosure Wallets  Extensions  Revocation  Usage Limitation  Inspection  ... 17 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Minimal Disclosure Tokens In the beginning… 18 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Minimal Disclosure Tokens Obtaining a token… name = Alice Doe, birth date = 1973/01/26, ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Minimal Disclosure Tokens Using a token … ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Minimal Disclosure Tokens Using a token … name = Alice Doe, birth date = 1973/01/26 issuance and showing are unlinkable issuance and showing are unlinkable ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Minimal Disclosure Tokens Using a token … name = ?, birth date = 1973/01/26 selective attribute disclosure selective attribute disclosure ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Minimal Disclosure Tokens  Protection of user's privacy  anonymity  unlinkeability (single-use)  selective disclosure  Unforgeability of tokens ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Minimal Disclosure Tokens Unforgeability: Alice should not be able to show a token that she never obtained name = Alice Doe, birth date = 1973/01/26 name = Alice Doe, birth date = 1947/01/26, ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Privacy-Preserving Authentication: General Concepts  Basic Functionality Minimal Disclosure Tokens  Pseudonyms and Combining/Binding of Multiple Tokens Minimal Disclosure Wallets  Extensions  Revocation  Usage Limitation  Inspection  ... 25 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Minimal Disclosure Wallets  extended version of minimal disclosure tokens:  Protection of user's privacy  pseudonymity  unlinkeability (multi-use)  using/combining multiple credentials  selective disclosure  Unforgeability of credentials  Consistency of credentials (no sharing) 26 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Minimal Disclosure Wallets In the beginning… master key = unique private identity 27 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Minimal Disclosure Wallets Obtaining a credential… pseudonym = ephemeral public identity ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Minimal Disclosure Wallets Obtaining a credential… name = Alice Doe, birth date = 1973/01/26, nym = ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Minimal Disclosure Wallets Using a credential… ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Minimal Disclosure Wallets Using a credential… selective attribute disclosure selective attribute disclosure name = ?, birth date = 1973/01/26 issuance and showing are unlinkable issuance and showing are unlinkable ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Minimal Disclosure Wallets Using a credential again… name = ?, birth date = 1973/01/26 name = Alice Doe, birth date = ? multi-show unlinkability multi-show unlinkability ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Minimal Disclosure Wallets Using multiple credentials… passport driver's license passport: birth date = 1973/01/26 driver's license: vehicle cat B ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Minimal Disclosure Wallets  Protection of user's privacy  pseudonymity  unlinkeability (multi-use)  using/combining multiple credentials  selective disclosure  Unforgeability of credentials  Consistency of credentials (no sharing) 34 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Minimal Disclosure Wallets Sharing Prevention: Alice and Eve should not be able to share credential name = Alice Doe, birth date = 1973/01/26 name = Alice Doe, birth date = 1973/01/26 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Minimal Disclosure Wallets  Protection of user's privacy  pseudonymity  unlinkeability (multi-use)  using/combining multiple credentials  selective disclosure  Unforgeability of credentials  Consistency of credentials (no sharing) 36 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Privacy-Preserving Authentication: General Concepts  Basic Functionality Minimal Disclosure Tokens  Pseudonyms and Combining/Binding of Multiple Tokens Minimal Disclosure Wallets  Extensions  Predicates over Attributes  Revocation  Device Binding  Inspection  Usage Limitation  ... 37 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Extended Functionality  Predicates over attributes  Credentials on hidden attributes  Device binding  Domain pseudonym  Revocation of credentials  Inspection of credentials/attributes  Usage limitation  Censorable Audit Logs ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Predicate Over Attributes name = ?, birth date = 1973/01/26 > 1993/06/10 Range Proofs Age > 18, 10 < Age < 16, … is user over 18? credit card expiration date > today Set Membership status: {children, student, senior} Logical Combinations (credit card status = silver or gold) and valid driver's license ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Extended Functionality  Predicates over attributes  Credentials on hidden attributes  Device binding  Domain pseudonym  Revocation of credentials  Inspection of credentials/attributes  Usage limitation  Censorable Audit Logs ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Credentials on Hidden Attributes User can prove statements on hidden attributes name = Alice Doe birth date = name = Alice Doe, birth date = 1973/01/26 name = Alice Doe, birth date = 1973/01/26 similar to usage of pseudonyms = commitments to master secret ABC4Trust & PrimeLife − Tutorial − 10.06.2011
The idemix Library © 2009 IBM Corporation
Implementation available :-)  Identity Mixer is an implementation of Private Credentials  Provides a library with all the crypto  Issuing credentials  Transforming credentials according to a specified statement (policy)  Includes many of the features discussed  Provides a credential-based AC engine  Relying party specifies attributes & credentials requirements  User matches that to available credentials and generates „evidence“  Get it at www.PrimeLife.eu/opensource and use it  ..as do a number of projects already :-) ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Authentication/Access Control Engine ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Card-based access requirements language (CARL) Policy and proof presentation in CARL and SAML/XACML • Policy: requirements on owned cards, e.g., own p::Passport issued-by admin.ch, fgov.be, governo.it own c::Creditcard issued-by visa.com, amex.com reveal c.number, c.expdate where p.name = c.name ^ p.bdate < today-18Y ^ c.expdate > today ^ p.expdate > today+1M • Authentication = claim over owned cards + evidence, e.g., own p::Passport issued-by admin.ch own c::Creditcard issued-by visa.com reveal c.number = “1234567890” reveal c.expdate = “31/12/2012” where p.name = c.name ^ p.bdate < 22/03/1993 ^ p.expdate > 22/04/2011 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
IBM Identity Mixer: Framework Policy Layer Crypto Token Layer Minimal Full Direct Composed Group disclosure Credential Anonymous … schemes signatures tokens system attestation Efficient zero-knowledge proofs Signatures on Building Verifiable Pseudonyms Verifiable lists of messages Revocation blocks Encryptio0n Commitments Random Functions (Credentials) U-Prove CL Instan- sigs sigs tiations
“Token Transforming” Language Declaration{ id1:unrevealed:string; id2:unrevealed:string; id3:unrevealed:int; id4:unrevealed:enum; id5:revealed:string; id6:unrevealed:enum } ProvenStatements{ Credentials{ randName1:http://www.ch.ch/passport/v2010/chPassport10.xml = { FirstName:id1, LastName:id2, CivilStatus:id4 } randName2:http://www.ibm.com/employee/employeeCred.xml = {LastName:id2, Position:id5, Band:5, YearsOfEmployment:id3 } randName3:http://www.ch.ch/health/v2010/healthCred10.xml = { FirstName:id1, LastName:id2, Diet:id6 } } Inequalities{ {http://www.ibm.com/employee/ipk.xml, geq[id3,4]} } Commitments{ randCommName1 = {id1,id2}; randCommName2 = {id6} } Representations{ randRepName = {id5,id2; base1,base2} } Pseudonyms{ randNymName; http://www.ibm.com/employee/ } VerifiableEncryptions{ {PublicKey1, Label, id2} } Message { randMsgName = “Term 1:We will use this data only for ...” } } ABC4Trust & PrimeLife − Tutorial − 10.06.2011
Jan Camenisch, IBM Research – Zurich, 10.06.2011 ABC4Trust & PrimeLife Tutorial Questions? www.abc4trust.eu www.primelife.eu www.zurich.ibm.com/security/idemix 23 ABC4Trust & PrimeLife − Tutorial − 10.06.2011

Recomendados

Anonymous Credentials on Java Card - SIT Smartcard 2011
Anonymous Credentials on Java Card - SIT Smartcard 2011Anonymous Credentials on Java Card - SIT Smartcard 2011
Anonymous Credentials on Java Card - SIT Smartcard 2011Thomas Gross
 
A Secure Multi-Owner Data Sharing Scheme for Dynamic Group in Public Cloud.
A Secure Multi-Owner Data Sharing Scheme for Dynamic Group in Public Cloud. A Secure Multi-Owner Data Sharing Scheme for Dynamic Group in Public Cloud.
A Secure Multi-Owner Data Sharing Scheme for Dynamic Group in Public Cloud. IJCERT JOURNAL
 
CCSW’12: Automated Verification of Virtualized Infrastructures
CCSW’12: Automated Verification of Virtualized InfrastructuresCCSW’12: Automated Verification of Virtualized Infrastructures
CCSW’12: Automated Verification of Virtualized InfrastructuresThomas Gross
 
VALID Rules - A language for cloud verification (EU CSP\’12)
VALID Rules - A language for cloud verification (EU CSP\’12)VALID Rules - A language for cloud verification (EU CSP\’12)
VALID Rules - A language for cloud verification (EU CSP\’12)Thomas Gross
 
CCS’09: Smart Identity Card - Thomas Gross
CCS’09: Smart Identity Card - Thomas GrossCCS’09: Smart Identity Card - Thomas Gross
CCS’09: Smart Identity Card - Thomas GrossThomas Gross
 
CCS\'08: Efficient Attributes For Anonymous Credentials - Thomas Gross
CCS\'08: Efficient Attributes For Anonymous Credentials - Thomas GrossCCS\'08: Efficient Attributes For Anonymous Credentials - Thomas Gross
CCS\'08: Efficient Attributes For Anonymous Credentials - Thomas GrossThomas Gross
 
Privacy - Principles, PrimeLife and Identity Mixer - Thomas Gross
Privacy - Principles, PrimeLife and Identity Mixer - Thomas GrossPrivacy - Principles, PrimeLife and Identity Mixer - Thomas Gross
Privacy - Principles, PrimeLife and Identity Mixer - Thomas GrossThomas Gross
 
CRYPTO\'10: Credential Authenticated Identification and Key Exchange - Thomas...
CRYPTO\'10: Credential Authenticated Identification and Key Exchange - Thomas...CRYPTO\'10: Credential Authenticated Identification and Key Exchange - Thomas...
CRYPTO\'10: Credential Authenticated Identification and Key Exchange - Thomas...Thomas Gross
 

Recomendados

Anonymous Credentials on Java Card - SIT Smartcard 2011
Anonymous Credentials on Java Card - SIT Smartcard 2011Anonymous Credentials on Java Card - SIT Smartcard 2011
Anonymous Credentials on Java Card - SIT Smartcard 2011Thomas Gross
 
A Secure Multi-Owner Data Sharing Scheme for Dynamic Group in Public Cloud.
A Secure Multi-Owner Data Sharing Scheme for Dynamic Group in Public Cloud. A Secure Multi-Owner Data Sharing Scheme for Dynamic Group in Public Cloud.
A Secure Multi-Owner Data Sharing Scheme for Dynamic Group in Public Cloud. IJCERT JOURNAL
 
CCSW’12: Automated Verification of Virtualized Infrastructures
CCSW’12: Automated Verification of Virtualized InfrastructuresCCSW’12: Automated Verification of Virtualized Infrastructures
CCSW’12: Automated Verification of Virtualized InfrastructuresThomas Gross
 
VALID Rules - A language for cloud verification (EU CSP\’12)
VALID Rules - A language for cloud verification (EU CSP\’12)VALID Rules - A language for cloud verification (EU CSP\’12)
VALID Rules - A language for cloud verification (EU CSP\’12)Thomas Gross
 
CCS’09: Smart Identity Card - Thomas Gross
CCS’09: Smart Identity Card - Thomas GrossCCS’09: Smart Identity Card - Thomas Gross
CCS’09: Smart Identity Card - Thomas GrossThomas Gross
 
CCS\'08: Efficient Attributes For Anonymous Credentials - Thomas Gross
CCS\'08: Efficient Attributes For Anonymous Credentials - Thomas GrossCCS\'08: Efficient Attributes For Anonymous Credentials - Thomas Gross
CCS\'08: Efficient Attributes For Anonymous Credentials - Thomas GrossThomas Gross
 
Privacy - Principles, PrimeLife and Identity Mixer - Thomas Gross
Privacy - Principles, PrimeLife and Identity Mixer - Thomas GrossPrivacy - Principles, PrimeLife and Identity Mixer - Thomas Gross
Privacy - Principles, PrimeLife and Identity Mixer - Thomas GrossThomas Gross
 
CRYPTO\'10: Credential Authenticated Identification and Key Exchange - Thomas...
CRYPTO\'10: Credential Authenticated Identification and Key Exchange - Thomas...CRYPTO\'10: Credential Authenticated Identification and Key Exchange - Thomas...
CRYPTO\'10: Credential Authenticated Identification and Key Exchange - Thomas...Thomas Gross
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

Más contenido relacionado

Último

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Último (20)

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Destacado

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Destacado (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Attribute-based Authentication

  • 1. Privacy-enhancing Attribute-based Authentication Presenting works of the EU Projects PrimeLife and ABC4Trust Slides provided by the IBM Research – Zurich identity and privacy team (mostly from Jan Camenisch, Anja Lehmann, Gregory Neven)
  • 2. Authentication and Anonymity? [ Pictures: PCStelcom, BeautifulRailroadBridgeOverTheSilveryTay.Wordpress ]
  • 3. Anja Lehmann, IBM Research – Zurich, 10.06.2011 ABC4Trust & PrimeLife Tutorial Part I: Introduction to Privacy-Preserving Authentication 1 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 4. Authentication l n tia e cred Issuer I am Alice Doe Convince me! and I'm over 18! btw … I trust the Issuer show credential User Verifier 7 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 5. Authentication credential / certificate  signed list of attribute-value pairs name = Alice Doe birth date = 1973/01/26 signed by the issuer 8 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 6. Signature Scheme public key message private key priv signature Verify( , , ) = true = Sign( , priv ) 9 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 7. Signature Scheme | Unforgeability public key private key priv such that Verify( , , ) = true 10 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 8. Classical Authentication © 2009 IBM Corporation
  • 9. Standard Public-Key Certificates e.g., X.509 certificates In the beginning… 12 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 10. Standard Public-Key Certificates e.g., X.509 certificates Obtaining a certificate… name = Alice Doe, birth date = 1973/01/26, pk = 13 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 11. Standard Public-Key Certificates e.g., X.509 certificates Using a certificate… linkable by certificate & public key linkable by certificate & public key name = Alice Doe, birth date = 1973/01/26, pk = full attribute disclosure full attribute disclosure 14 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 12. Standard Public-Key Certificates e.g., X.509 certificates Using a certificate again… name = Alice Doe, birth date = 1973/01/26, pk = name = Alice Doe, birth date = 1973/01/26, pk = linkable when used multiple times linkable when used multiple times 15 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 13. Privacy-Preserving Authentication © 2009 IBM Corporation
  • 14. Privacy-Preserving Authentication: General Concepts  Basic Functionality Minimal Disclosure Tokens  Pseudonyms and Combining/Binding of Multiple Tokens Minimal Disclosure Wallets  Extensions  Revocation  Usage Limitation  Inspection  ... 17 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 15. Minimal Disclosure Tokens In the beginning… 18 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 16. Minimal Disclosure Tokens Obtaining a token… name = Alice Doe, birth date = 1973/01/26, ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 17. Minimal Disclosure Tokens Using a token … ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 18. Minimal Disclosure Tokens Using a token … name = Alice Doe, birth date = 1973/01/26 issuance and showing are unlinkable issuance and showing are unlinkable ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 19. Minimal Disclosure Tokens Using a token … name = ?, birth date = 1973/01/26 selective attribute disclosure selective attribute disclosure ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 20. Minimal Disclosure Tokens  Protection of user's privacy  anonymity  unlinkeability (single-use)  selective disclosure  Unforgeability of tokens ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 21. Minimal Disclosure Tokens Unforgeability: Alice should not be able to show a token that she never obtained name = Alice Doe, birth date = 1973/01/26 name = Alice Doe, birth date = 1947/01/26, ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 22. Privacy-Preserving Authentication: General Concepts  Basic Functionality Minimal Disclosure Tokens  Pseudonyms and Combining/Binding of Multiple Tokens Minimal Disclosure Wallets  Extensions  Revocation  Usage Limitation  Inspection  ... 25 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 23. Minimal Disclosure Wallets  extended version of minimal disclosure tokens:  Protection of user's privacy  pseudonymity  unlinkeability (multi-use)  using/combining multiple credentials  selective disclosure  Unforgeability of credentials  Consistency of credentials (no sharing) 26 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 24. Minimal Disclosure Wallets In the beginning… master key = unique private identity 27 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 25. Minimal Disclosure Wallets Obtaining a credential… pseudonym = ephemeral public identity ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 26. Minimal Disclosure Wallets Obtaining a credential… name = Alice Doe, birth date = 1973/01/26, nym = ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 27. Minimal Disclosure Wallets Using a credential… ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 28. Minimal Disclosure Wallets Using a credential… selective attribute disclosure selective attribute disclosure name = ?, birth date = 1973/01/26 issuance and showing are unlinkable issuance and showing are unlinkable ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 29. Minimal Disclosure Wallets Using a credential again… name = ?, birth date = 1973/01/26 name = Alice Doe, birth date = ? multi-show unlinkability multi-show unlinkability ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 30. Minimal Disclosure Wallets Using multiple credentials… passport driver's license passport: birth date = 1973/01/26 driver's license: vehicle cat B ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 31. Minimal Disclosure Wallets  Protection of user's privacy  pseudonymity  unlinkeability (multi-use)  using/combining multiple credentials  selective disclosure  Unforgeability of credentials  Consistency of credentials (no sharing) 34 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 32. Minimal Disclosure Wallets Sharing Prevention: Alice and Eve should not be able to share credential name = Alice Doe, birth date = 1973/01/26 name = Alice Doe, birth date = 1973/01/26 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 33. Minimal Disclosure Wallets  Protection of user's privacy  pseudonymity  unlinkeability (multi-use)  using/combining multiple credentials  selective disclosure  Unforgeability of credentials  Consistency of credentials (no sharing) 36 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 34. Privacy-Preserving Authentication: General Concepts  Basic Functionality Minimal Disclosure Tokens  Pseudonyms and Combining/Binding of Multiple Tokens Minimal Disclosure Wallets  Extensions  Predicates over Attributes  Revocation  Device Binding  Inspection  Usage Limitation  ... 37 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 35. Extended Functionality  Predicates over attributes  Credentials on hidden attributes  Device binding  Domain pseudonym  Revocation of credentials  Inspection of credentials/attributes  Usage limitation  Censorable Audit Logs ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 36. Predicate Over Attributes name = ?, birth date = 1973/01/26 > 1993/06/10 Range Proofs Age > 18, 10 < Age < 16, … is user over 18? credit card expiration date > today Set Membership status: {children, student, senior} Logical Combinations (credit card status = silver or gold) and valid driver's license ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 37. Extended Functionality  Predicates over attributes  Credentials on hidden attributes  Device binding  Domain pseudonym  Revocation of credentials  Inspection of credentials/attributes  Usage limitation  Censorable Audit Logs ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 38. Credentials on Hidden Attributes User can prove statements on hidden attributes name = Alice Doe birth date = name = Alice Doe, birth date = 1973/01/26 name = Alice Doe, birth date = 1973/01/26 similar to usage of pseudonyms = commitments to master secret ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 39. The idemix Library © 2009 IBM Corporation
  • 40. Implementation available :-)  Identity Mixer is an implementation of Private Credentials  Provides a library with all the crypto  Issuing credentials  Transforming credentials according to a specified statement (policy)  Includes many of the features discussed  Provides a credential-based AC engine  Relying party specifies attributes & credentials requirements  User matches that to available credentials and generates „evidence“  Get it at www.PrimeLife.eu/opensource and use it  ..as do a number of projects already :-) ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 41. Authentication/Access Control Engine ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 42. Card-based access requirements language (CARL) Policy and proof presentation in CARL and SAML/XACML • Policy: requirements on owned cards, e.g., own p::Passport issued-by admin.ch, fgov.be, governo.it own c::Creditcard issued-by visa.com, amex.com reveal c.number, c.expdate where p.name = c.name ^ p.bdate < today-18Y ^ c.expdate > today ^ p.expdate > today+1M • Authentication = claim over owned cards + evidence, e.g., own p::Passport issued-by admin.ch own c::Creditcard issued-by visa.com reveal c.number = “1234567890” reveal c.expdate = “31/12/2012” where p.name = c.name ^ p.bdate < 22/03/1993 ^ p.expdate > 22/04/2011 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 43. IBM Identity Mixer: Framework Policy Layer Crypto Token Layer Minimal Full Direct Composed Group disclosure Credential Anonymous … schemes signatures tokens system attestation Efficient zero-knowledge proofs Signatures on Building Verifiable Pseudonyms Verifiable lists of messages Revocation blocks Encryptio0n Commitments Random Functions (Credentials) U-Prove CL Instan- sigs sigs tiations
  • 44. “Token Transforming” Language Declaration{ id1:unrevealed:string; id2:unrevealed:string; id3:unrevealed:int; id4:unrevealed:enum; id5:revealed:string; id6:unrevealed:enum } ProvenStatements{ Credentials{ randName1:http://www.ch.ch/passport/v2010/chPassport10.xml = { FirstName:id1, LastName:id2, CivilStatus:id4 } randName2:http://www.ibm.com/employee/employeeCred.xml = {LastName:id2, Position:id5, Band:5, YearsOfEmployment:id3 } randName3:http://www.ch.ch/health/v2010/healthCred10.xml = { FirstName:id1, LastName:id2, Diet:id6 } } Inequalities{ {http://www.ibm.com/employee/ipk.xml, geq[id3,4]} } Commitments{ randCommName1 = {id1,id2}; randCommName2 = {id6} } Representations{ randRepName = {id5,id2; base1,base2} } Pseudonyms{ randNymName; http://www.ibm.com/employee/ } VerifiableEncryptions{ {PublicKey1, Label, id2} } Message { randMsgName = “Term 1:We will use this data only for ...” } } ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 45. Jan Camenisch, IBM Research – Zurich, 10.06.2011 ABC4Trust & PrimeLife Tutorial Questions? www.abc4trust.eu www.primelife.eu www.zurich.ibm.com/security/idemix 23 ABC4Trust & PrimeLife − Tutorial − 10.06.2011