The Challenges Raised by the Privacy-Preserving Identity Card

  • Yves Deswarte
  • Sébastien Gambs

Abstract

A privacy-preserving identity card is a personal device device that allows its owner to prove some binary statements about himself (such as his right of access to some resources or a property linked to his identity) while minimizing personal information leakage. After introducing the desirable properties that a privacy-preserving identity card should fulfill and describing two proposals of implementations, we discuss a taxonomy of threats against the card. Finally, we also propose for security and cryptography experts some novel challenges and research directions raised by the privacy-preserving identity card.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Bangerter, E., Camenisch, J., Lysyanskaya, A.: A cryptographic framework for the controlled release of certified data. In: Proceedings of the 12th International Security Protocols Workshop, pp. 20–42 (2004)Google Scholar
  2. 2.
    Batina, L., Mentens, N., Verbauwhede, I.: Side channel issues for designing secure hardware implementations. In: Proceeding of the 11th IEEE International On-Line Testing Symposium, pp. 118–121 (2005)Google Scholar
  3. 3.
    Belenkiy, M., Chase, M., Kohlweiss, M., Lysyanskaya, A.: P-signatures and noninteractive anonymous credentials. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 356–374. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  4. 4.
    Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard java card. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009), pp. 600–610 (2009)Google Scholar
  5. 5.
    Birch, D.: Psychic ID: A blueprint for a modern national identity scheme. In: Identity in the Information Society 1(1) (2009)Google Scholar
  6. 6.
    Blanton, M., Hudelson, W.: Biometric-based non-transferable anonymous credentials. In: Qing, S., Mitchell, C.J., Wang, G. (eds.) ICICS 2009. LNCS, vol. 5927, pp. 165–180. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  7. 7.
    Bleumer, G.: Biometric yet privacy protecting person authentication. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 99–110. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  8. 8.
    Boudot, F.: Partial revelation of certified identity. In: Proceedings of the First International Conference on Smart Card Research and Advanced Applications (CARDIS 2000), pp. 257–272 (2000)Google Scholar
  9. 9.
    Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer, Heidelberg (2003)Google Scholar
  10. 10.
    Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)Google Scholar
  11. 11.
    Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th of the ACM Conference on Computer and Communications Security (CCS 2004), pp. 225–234 (2004)Google Scholar
  12. 12.
    Bringer, J., Despiegel, V.: Binary feature vector fingerprint representation from minutiae vicinities. In: Proceeding of the 4th IEEE Fourth International Conference on Biometrics: Theory, Applications and Systems, BTAS 2010 (2010)Google Scholar
  13. 13.
    Bringer, J., Chabanne, H., Pointcheval, D., Zimmer, S.: An application of the Boneh and Shacham group signature scheme to biometric authentication. In: Matsuura, K., Fujisaki, E. (eds.) IWSEC 2008. LNCS, vol. 5312, pp. 219–230. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  14. 14.
    Calmels, B., Canard, S., Girault, M., Sibert, H.: Low-cost cryptography for privacy in RFID systems. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 237–251. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  16. 16.
    Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Camenisch, J., Thomas, G.: Efficient attributes for anonymous credentials. In: Proceedings of the 2008 ACM Conference on Computer and Communications Security (CCS 2008), pp. 345–356 (2008)Google Scholar
  18. 18.
    Chaum, D.: Security without identification: transaction systems to make Big Brother obsolete. Communications of the ACM 28(10), 1030–1044 (1985)CrossRefGoogle Scholar
  19. 19.
    Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)Google Scholar
  20. 20.
    Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)Google Scholar
  21. 21.
    Deswarte, Y., Gambs, S.: A proposal for a privacy-preserving national identity card. Transactions on Data Privacy 3(3), 253–276 (2010)MathSciNetGoogle Scholar
  22. 22.
    Deswarte, Y., Quisquater, J.J., Saydane, A.: Remote integrity checking – how to trust files stored on untrusted servers. In: Proceedings of the 6th IFIP WG 11.5 Working Conference on Integrity and Internal Control in Information Systems (IICIS 2003), pp. 1–11 (2003)Google Scholar
  23. 23.
    Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors, a brief survey of results from 2004 to 2006. In: Tuyls, P., Skoric, B., Kevenaar, T. (eds.) Security with Noisy Data, ch. 5. Springer, Heidelberg (2007)Google Scholar
  24. 24.
    European Union, Directive 95/46/EC of the European Parliament and of the Council of 24 October (1995), on the protection of individuals with regard to the processing of personal data and on the free movement of such data, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML
  25. 25.
    European Network and Information Security Agency (ENISA) position paper, Privacy features of European eID card specifications, http://www.enisa.europa.eu/doc/pdf/deliverables/enisa_privacy_features_eID.pdf
  26. 26.
    Franz, M., Meyer, B., Pashalidis, A.: Attacking unlinkability: The importance of context. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 1–16. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  27. 27.
    Fujisaki, E., Okamoto, T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16–30. Springer, Heidelberg (1997)Google Scholar
  28. 28.
    Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity for all languages in NP have zero-knowledge proof systems. Journal of the ACM 38(3), 691–729 (1991)MathSciNetMATHCrossRefGoogle Scholar
  29. 29.
    Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  30. 30.
    Guajardo, J., Skoric, B., Tuyls, P., Kumar, S., Bel, T., Blom, A., Jan Schrijen, G.: Anti-counterfeiting, key distribution, and key storage in an ambient world via physical unclonable functions. Information Systems Frontiers 11(1), 19–41 (2009)CrossRefGoogle Scholar
  31. 31.
    Haberman, B., Mills, D.: Network time protocol version 4: autokey specification, RFC5906 (June 2010), http://www.ietf.org/rfc/rfc5906.txt
  32. 32.
    Hao, F., Anderson, R., Daugman, J.: Combining cryptography with biometrics effectively. IEEE Transactions on Computers 55(9), 1081–1088 (2006)CrossRefGoogle Scholar
  33. 33.
    Impagliazzo, R., Miner More, S.: Anonymous credentials with biometrically-enforced non-transferability. In: Proceedings of the 2003 ACM Workshop on Privacy in the Electronic Society (WPES 2003), pp. 60–71 (2003)Google Scholar
  34. 34.
    Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: Proceedings of the 6th ACM Conference on Computer and Communications Security (CCS 1999), pp. 28–36 (1999)Google Scholar
  35. 35.
    Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym systems (Extended abstract). In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184–199. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  36. 36.
    Maji, H.K., Prabhakaran, M., Rosulek, M.: Attribute-based signatures. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 376–392. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  37. 37.
    Naccache, D., Frémanteau, P.: Unforgeable identification device, identification device reader and method of identification. Patent Thomson Consumer Electronics (1992)Google Scholar
  38. 38.
    Pashalidis, A., Meyer, B.: Linking anonymous transactions: the consistent view attack. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 384–392. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  39. 39.
    Ravi, S., Raghuanathan, A., Chadrakar, S.: Tamper resistance mechanisms for secure embedded systems. In: Proceedings of the 17th International Conference on VLSI Design (VLSID 2004), pp. 605–611 (2004)Google Scholar
  40. 40.
    Ratha, N., Connell, J., Bolle, R.: Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal 40(3), 614–634 (2001)CrossRefGoogle Scholar
  41. 41.
    Sebé, F., Domingo Ferrer, J., Ballesté, A.M., Deswarte, Y., Quisquater, J.J.: Efficient remote data possession checking in critical information infrastructures. IEEE Transcations on Knowledge and Data Engineering 20(8), 1034–1038 (2008)CrossRefGoogle Scholar
  42. 42.
    Shoup, V.: Why chosen ciphertext security matters, IBM Research Report RZ 3076 (November 1998)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Yves Deswarte
    • 1
    • 2
  • Sébastien Gambs
    • 3
  1. 1.CNRS; LAASToulouseFrance
  2. 2.Université de Toulouse; UPS, INSA, INP, ISAE; LAASToulouseFrance
  3. 3.Université de Rennes 1 - INRIA / IRISARennesFrance

Personalised recommendations