On Privacy-Preserving Ways to Porting the Austrian eID System to the Public Cloud
Secure authentication and unique identification of Austrian citizens are the main functions of the Austrian eID system. To facilitate the adoption of this eID system at online applications, the open source module MOA-ID has been developed, which manages identification and authentication based on the Austrian citizen card (the official Austrian eID) for service providers. Currently, the Austrian eID system treats MOA-ID as a trusted entity, which is locally deployed in every service provider’s domain. While this model has indeed some benefits, in some situations a centralized deployment approach of MOA-ID may be preferable. In this paper, we therefore propose a centralized deployment approach of MOA-ID in the public cloud. However, the move of a trusted service into the public cloud brings up new obstacles since the cloud can not be considered trustworthy. We encounter these obstacles by introducing and evaluating three distinct approaches, thereby retaining the workflow of the current Austrian eID system and preserving citizens’ privacy when assuming that MOA-ID acts honest but curious.
KeywordsService Provider Signature Scheme Public Cloud Homomorphic Encryption Digital Signature Scheme
- 3.Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press (2000)Google Scholar
- 5.Gentry, C.: Fully Homomorphic Encryption using Ideal Lattices. In: ACM STOC 2009, pp. 169–178. ACM (2009)Google Scholar
- 10.Leitold, H., Hollosi, A., Posch, R.: Security Architecture of the Austrian Citizen Card Concept. In: ACSAC 2002, pp. 391–402 (2002)Google Scholar
- 12.Vaikuntanathan, V.: Computing Blindfolded: New Developments in Fully Homomorphic Encryption. In: IEEE FOCS 2011, pp. 5–16 (2011)Google Scholar