Integrating Anonymous Credentials with eIDs for Privacy-Respecting Online Authentication

  • Ronny Bjones
  • Ioannis Krontiris
  • Pascal Paillier
  • Kai Rannenberg
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8319)

Abstract

Electronic Identity (eID) cards are rapidly emerging in Europe and are gaining user acceptance. As an authentication token, an eID card is a gateway to personal information and as such it is subject to privacy risks. Several European countries have taken extra care to protect their citizens against these risks. A notable example is the German eID card, which we take as a case study in this paper. We first discuss important privacy and security threats that remain in the German eID system and elaborate on the advantages of using privacy attribute-based credentials (Privacy-ABCs) to address these threats. Then we study two approaches for integrating Privacy-ABCs with eID systems. In the first approach, we show that by introducing a new entity in the current German eID system, the citizen can get a lot of the Privacy-ABCs advantages, without further modifications. Then we concentrate on putting Privacy-ABCs directly on smart cards, and we present new results on performance, which demonstrate that it is now feasible for smart cards to support the required computations these mechanisms require.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Ahlswede, S., Gaab, J.: eIDs in Europe, Deutsche Bank Research. Tech. Rep. (September 2010)Google Scholar
  2. 2.
    A Strategy for ICT R&D and Innovation in Europe: Raising the Game. Commission Communication, COM 116 (2009)Google Scholar
  3. 3.
    Naumann, I., Hogben, G.: Privacy Features of European eID Card Specifications, ENISA, Position Paper (January 2009)Google Scholar
  4. 4.
    Poller, A., Waldmann, U., Vowe, S., Turpe, S.: Electronic identity cards for user authentication – promise and practice. IEEE Security & Privacy 10, 46–54 (2012)CrossRefGoogle Scholar
  5. 5.
    Architecture electronic Identity Card and electronic Resident Permit, German Federal Office for Information Security. Technical Report TR-03127, Version 1.13 (2011)Google Scholar
  6. 6.
    Naumann, I.: Privacy and Security Risks when Authenticating on the Internet with European eID Cards, ENISA, Risk Assessment Report (November 2009)Google Scholar
  7. 7.
    Bjones, R.: Architecture serving complex Identity Infrastructures, Trust in Digital Life. Tech. Rep. (November 2011)Google Scholar
  8. 8.
    Krontiris, I., Leitold, H., Posch, R., Rannenberg, K.: eID Interoperability. In: Fumy, W., Paeschke, M. (eds.) Handbook of eID Security. Publicis Publishing (2011)Google Scholar
  9. 9.
    Impact Assessment accompanying the proposal for a regulation of the European Parliament and of the council on electronic identification and trust services for electronic transactions in the internal market. In: European Commission, SWD, 136 (2012)Google Scholar
  10. 10.
    Cameron, K., Posch, R., Rannenberg, K.: Proposal for a common identity framework: A User-Centric Identity Metasystem. In: Rannenberg, K., Royer, D., Deuker, A. (eds.) The Future of Identity in the Information Society – Opportunities and Challenges. Springer (2009)Google Scholar
  11. 11.
    Cameron, K., Jones, M.B.: Design Rationale behind the Identity Metasystem Architecture. Microsoft. Tech. Rep. (February 2006)Google Scholar
  12. 12.
    Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: Proceedings of the 9th ACM Conference on Computer and Communications Security (CCS 2002), pp. 21–30 (2002)Google Scholar
  13. 13.
    Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates; Building in Privacy. MIT Press (2000)Google Scholar
  14. 14.
    ABC4Trust: Attribute-Based Credentials for Trust, https://abc4trust.eu
  15. 15.
    D2.1 Architecture for Attribute-based Credential Technologies - Version 1, ABC4Trust, Deliverable D2.1 (2011)Google Scholar
  16. 16.
    Bjones, R.: eParticipation Scenario Reference Guide. Microsoft. Tech. Rep. (October 2010)Google Scholar
  17. 17.
    Proposal for a regulation of the European Parliament and of the council on electronic identification and trust services for electronic transactions in the internal market. In: European Commission, COM, 238/2 (2012)Google Scholar
  18. 18.
    Bichsel, P.: Theft and Misuse Protection for Anonymous Credentials, ETH Zürich, Switzerland, Master’s thesis (2007)Google Scholar
  19. 19.
    Balasch, J.: Smart card implementation of anonymous credentials, K. U. Leuven, Belgium, Master’s thesis (2008)Google Scholar
  20. 20.
    Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard java card. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009), pp. 600–610 (2009)Google Scholar
  21. 21.
    Tews, H., Jacobs, B.: Performance issues of Selective Disclosure and Blinded Issuing Protocols on Java Card. In: Markowitch, O., Bilas, A., Hoepman, J.-H., Mitchell, C.J., Quisquater, J.-J. (eds.) WISTP 2009. LNCS, vol. 5746, pp. 95–111. Springer, Heidelberg (2009)Google Scholar
  22. 22.
    Batina, L., Hoepman, J.-H., Jacobs, B., Mostowski, W., Vullers, P.: Developing efficient blinded attribute certificates on smart cards via pairings. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 209–222. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  23. 23.
    Microsoft, U-Prove Cryptographic Specification V1.1 (February 2011)Google Scholar
  24. 24.
    Invia, Modular Exponentiation IP, http://www.invia.fr/Modular-Exponentiation-21.html
  25. 25.
    Longa, P., Gebotys, C.: Efficient techniques for high-speed elliptic curve cryptography. In: Mangard, S., Standaert, F.-X. (eds.) CHES 2010. LNCS, vol. 6225, pp. 80–94. Springer, Heidelberg (2010)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2014

Authors and Affiliations

  • Ronny Bjones
    • 1
  • Ioannis Krontiris
    • 2
  • Pascal Paillier
    • 3
  • Kai Rannenberg
    • 2
  1. 1.Microsoft CorporateBelgium
  2. 2.Mobile Business & Multilateral SecurityGoethe University FrankfurtFrankfurtGermany
  3. 3.CryptoExpertsParisFrance

Personalised recommendations