SlideShare une entreprise Scribd logo
1  sur  14
Télécharger pour lire hors ligne
A research project funded by the European Commission’s 7th Framework Programme.
ABC4Trust Architecture and the
Benefits for eID Schemes
Cyber Security & Privacy EU Forum
Brussels, 18-19 April 2013
Ioannis Krontiris,
Goethe University Frankfurt
08.01.2015
Overview
• Example of German eID
• Privacy problems
• Privacy-ABCs to the rescue
• The ABC4Trust architecture
• Integration to the German eID system
• Privacy-ABCs on Smart Cards
08.01.2015
eIDs in Europe
• A number of eIDs and qualified electronic signatures (QES)
already exist
 e-Government services
 Healthcare services
 Financial services
 Online shopping
08.01.2015
The German e-ID system
08.01.2015
Security and Privacy Problems
• eID server knows all user transactions
The eID server traces and links all communications and transactions of
each user
• eID server knows all customers of the service provider
The eID server learns all customers trying to access a specific service
• User impersonation
Insiders can copy or alter user’s credentials and impersonate them to
services.
• Availability
Denial of service attacks against the eID server impacts all applications
using the service.
08.01.2015
Moving Ahead
“As such, privacy-enhanced PKI technologies have
significant potential to enhance existing eID card privacy
functions. Although these technologies have been available
for a long time, there has not been much adoption in
mainstream applications and eID card implementations”
• the available technologies based on Privacy-ABCs use different terminology for
their features and even different cryptographic mechanisms to realize them
• the performance of Privacy-ABCs on smart cards (like eIDs) was poor and did not
allow practical deployment
• Privacy-ABCs are very complex and hard to understand for non-specialists
08.01.2015
High-level view (user)
7
• technology-agnostic
credential & policy handling
• unified and technology-
independent APIs
08.01.2015
High-level view (presentation)
8
language framework covering
the full life-cycle of
credentials and support all
concepts
08.01.2015
ABC4Trust Interactions and Entities
9
Unlinkability (presentation)
Selective Disclosure
Unlinkability (multi-use)
08.01.2015
• Privacy-ABCs are by default untraceable
IdSPs are not able to track and trace at which sites the user is presenting the
information
• Privacy-ABCs can be obtained in advance and stored
No real-time burden of the IdSP – better scalability
• User-binding
No credential pooling possible – Presentation requires proof of knowledge of a
secret key (stored on a secure device like SC)
• Unlimited number of pseudonyms supported
In addition to which, scope-exclusive pseudonyms can be imposed – user can
only register one pseudonym per scope (URL).
Advantages
10
08.01.2015
German eID Integration
11
R. Bjones, “eParticipation Scenario Reference Guide”, Microsoft, Tech. Rep., October 2010
08.01.2015
ABCs on Smart Cards
• ABCs are practical on smart cards
• We selected a contactless smart card chip with cryptoprocessor
• We found that, using precomputations (coupons):
 U-Prove can be made efficient
• Issuance < 260 ms
• Presentation 434 ms for 10 attributes
 Idemix can be made efficient
• Issuance 231 ms
• (less clear for presentation)
• Specification and development of the ABC4Trust card are now
underway
12
08.01.2015
Smart Card Architecture
13
32-bit chip made available by Invia
08.01.2015
Ioannis Krontiris {ikrontiris@gmx.de},
Goethe University Frankfurt, Germany
Thank you!

Contenu connexe

Tendances

Vlg Loss Prevention &amp; Secruity Engels
Vlg Loss Prevention &amp; Secruity EngelsVlg Loss Prevention &amp; Secruity Engels
Vlg Loss Prevention &amp; Secruity Engels
pascalverbaten
 

Tendances (7)

i4Trust Info Sessions - Edition 3
i4Trust Info Sessions - Edition 3i4Trust Info Sessions - Edition 3
i4Trust Info Sessions - Edition 3
 
Vlg Loss Prevention &amp; Secruity Engels
Vlg Loss Prevention &amp; Secruity EngelsVlg Loss Prevention &amp; Secruity Engels
Vlg Loss Prevention &amp; Secruity Engels
 
Building Mini-Categories in Product Networks
Building Mini-Categories in Product NetworksBuilding Mini-Categories in Product Networks
Building Mini-Categories in Product Networks
 
Session 4 - Bringing the pieces together - Detailed review of a reference ex...
Session 4 -  Bringing the pieces together - Detailed review of a reference ex...Session 4 -  Bringing the pieces together - Detailed review of a reference ex...
Session 4 - Bringing the pieces together - Detailed review of a reference ex...
 
FIWARE Global Summit - Keyrock: Protecting Microservices
FIWARE Global Summit - Keyrock: Protecting MicroservicesFIWARE Global Summit - Keyrock: Protecting Microservices
FIWARE Global Summit - Keyrock: Protecting Microservices
 
Taming Feral Systems With APIs in Region Östergötland’s Digitalisation Platform
Taming Feral Systems With APIs in Region Östergötland’s Digitalisation PlatformTaming Feral Systems With APIs in Region Östergötland’s Digitalisation Platform
Taming Feral Systems With APIs in Region Östergötland’s Digitalisation Platform
 
Documentation 3.0
Documentation 3.0Documentation 3.0
Documentation 3.0
 

Similaire à ABC4Trust Architecture and the Benefits for eID Schemes

The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 Workshop
Fatih Ozavci
 
How to Monitor and Observe IoT and MQTT Applications with HiveMQ
How to Monitor and Observe IoT and MQTT Applications with HiveMQ How to Monitor and Observe IoT and MQTT Applications with HiveMQ
How to Monitor and Observe IoT and MQTT Applications with HiveMQ
HiveMQ
 

Similaire à ABC4Trust Architecture and the Benefits for eID Schemes (20)

Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Au...
Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Au...Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Au...
Integrating Anonymous Credentials with eIDs for Privacy-respecting Online Au...
 
The Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 WorkshopThe Art of VoIP Hacking - Defcon 23 Workshop
The Art of VoIP Hacking - Defcon 23 Workshop
 
EOSC-hub & RCauth.eu presentation
EOSC-hub & RCauth.eu presentationEOSC-hub & RCauth.eu presentation
EOSC-hub & RCauth.eu presentation
 
EDC-eMadrid_20230113 Ildikó Mázár.pdf
EDC-eMadrid_20230113 Ildikó Mázár.pdfEDC-eMadrid_20230113 Ildikó Mázár.pdf
EDC-eMadrid_20230113 Ildikó Mázár.pdf
 
Identity Live London 2017 | Kenneth May
Identity Live London 2017 | Kenneth MayIdentity Live London 2017 | Kenneth May
Identity Live London 2017 | Kenneth May
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick Harding
 
Iot tunisia forum 2017 the journey of making things happen stories of success
Iot tunisia forum 2017  the journey of making things happen stories of successIot tunisia forum 2017  the journey of making things happen stories of success
Iot tunisia forum 2017 the journey of making things happen stories of success
 
DEFCON 23 - Fatih Ozavci - the art of voip workshop
DEFCON 23 - Fatih Ozavci - the art of voip workshopDEFCON 23 - Fatih Ozavci - the art of voip workshop
DEFCON 23 - Fatih Ozavci - the art of voip workshop
 
How to Monitor and Observe IoT and MQTT Applications with HiveMQ
How to Monitor and Observe IoT and MQTT Applications with HiveMQ How to Monitor and Observe IoT and MQTT Applications with HiveMQ
How to Monitor and Observe IoT and MQTT Applications with HiveMQ
 
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
SQLCAT: Addressing Security and Compliance Issues with SQL Server 2008
 
Trustworthy Infrastructure for Personal Data Management
Trustworthy Infrastructure for Personal Data ManagementTrustworthy Infrastructure for Personal Data Management
Trustworthy Infrastructure for Personal Data Management
 
Industrial Automation Control Systems Cybersecurity Certification. Chapter II
Industrial Automation Control Systems Cybersecurity Certification.  Chapter IIIndustrial Automation Control Systems Cybersecurity Certification.  Chapter II
Industrial Automation Control Systems Cybersecurity Certification. Chapter II
 
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
APIdays Paris 2019 - API Gateway & Identity Providers, a Match Made in Micros...
 
IoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you SpamIoT Security Imperative: Stop your Fridge from Sending you Spam
IoT Security Imperative: Stop your Fridge from Sending you Spam
 
Building the Internet of Everything
Building the Internet of Everything Building the Internet of Everything
Building the Internet of Everything
 
Aditess ltd a Cyprus start up
Aditess ltd a Cyprus start up Aditess ltd a Cyprus start up
Aditess ltd a Cyprus start up
 
Identity-Based Privacy (IBP) - Cloud Computing and Privacy Protection
Identity-Based Privacy (IBP) - Cloud Computing and Privacy ProtectionIdentity-Based Privacy (IBP) - Cloud Computing and Privacy Protection
Identity-Based Privacy (IBP) - Cloud Computing and Privacy Protection
 
MultiValue Security
MultiValue SecurityMultiValue Security
MultiValue Security
 
GDPR v pojetí F5
GDPR v pojetí F5GDPR v pojetí F5
GDPR v pojetí F5
 
Ledingkart Meetup #3: Security Basics for Developers
Ledingkart Meetup #3: Security Basics for DevelopersLedingkart Meetup #3: Security Basics for Developers
Ledingkart Meetup #3: Security Basics for Developers
 

Dernier

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 

Dernier (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

ABC4Trust Architecture and the Benefits for eID Schemes

  • 1. A research project funded by the European Commission’s 7th Framework Programme. ABC4Trust Architecture and the Benefits for eID Schemes Cyber Security & Privacy EU Forum Brussels, 18-19 April 2013 Ioannis Krontiris, Goethe University Frankfurt
  • 2. 08.01.2015 Overview • Example of German eID • Privacy problems • Privacy-ABCs to the rescue • The ABC4Trust architecture • Integration to the German eID system • Privacy-ABCs on Smart Cards
  • 3. 08.01.2015 eIDs in Europe • A number of eIDs and qualified electronic signatures (QES) already exist  e-Government services  Healthcare services  Financial services  Online shopping
  • 5. 08.01.2015 Security and Privacy Problems • eID server knows all user transactions The eID server traces and links all communications and transactions of each user • eID server knows all customers of the service provider The eID server learns all customers trying to access a specific service • User impersonation Insiders can copy or alter user’s credentials and impersonate them to services. • Availability Denial of service attacks against the eID server impacts all applications using the service.
  • 6. 08.01.2015 Moving Ahead “As such, privacy-enhanced PKI technologies have significant potential to enhance existing eID card privacy functions. Although these technologies have been available for a long time, there has not been much adoption in mainstream applications and eID card implementations” • the available technologies based on Privacy-ABCs use different terminology for their features and even different cryptographic mechanisms to realize them • the performance of Privacy-ABCs on smart cards (like eIDs) was poor and did not allow practical deployment • Privacy-ABCs are very complex and hard to understand for non-specialists
  • 7. 08.01.2015 High-level view (user) 7 • technology-agnostic credential & policy handling • unified and technology- independent APIs
  • 8. 08.01.2015 High-level view (presentation) 8 language framework covering the full life-cycle of credentials and support all concepts
  • 9. 08.01.2015 ABC4Trust Interactions and Entities 9 Unlinkability (presentation) Selective Disclosure Unlinkability (multi-use)
  • 10. 08.01.2015 • Privacy-ABCs are by default untraceable IdSPs are not able to track and trace at which sites the user is presenting the information • Privacy-ABCs can be obtained in advance and stored No real-time burden of the IdSP – better scalability • User-binding No credential pooling possible – Presentation requires proof of knowledge of a secret key (stored on a secure device like SC) • Unlimited number of pseudonyms supported In addition to which, scope-exclusive pseudonyms can be imposed – user can only register one pseudonym per scope (URL). Advantages 10
  • 11. 08.01.2015 German eID Integration 11 R. Bjones, “eParticipation Scenario Reference Guide”, Microsoft, Tech. Rep., October 2010
  • 12. 08.01.2015 ABCs on Smart Cards • ABCs are practical on smart cards • We selected a contactless smart card chip with cryptoprocessor • We found that, using precomputations (coupons):  U-Prove can be made efficient • Issuance < 260 ms • Presentation 434 ms for 10 attributes  Idemix can be made efficient • Issuance 231 ms • (less clear for presentation) • Specification and development of the ABC4Trust card are now underway 12
  • 13. 08.01.2015 Smart Card Architecture 13 32-bit chip made available by Invia
  • 14. 08.01.2015 Ioannis Krontiris {ikrontiris@gmx.de}, Goethe University Frankfurt, Germany Thank you!