7/11/2011Pomcor 1 Pros and Cons of U-Prove, Idemix and Other Privacy-Enhancing Technologies Francisco Corella Karen Lewison Pomcor.

Slides:

Advertisements

Similar presentations

22 May 2008IVOA Trieste: Grid & Web Services1 Alternate security mechanisms Matthew J. Graham (Caltech, NVO) T HE US N ATIONAL V IRTUAL O BSERVATORY.

Advertisements

Chapter 14 – Authentication Applications

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

CS5204 – Operating Systems 1 Authentication. CS 5204 – Operating Systems2 Authentication Digital signature validation proves:  message was not altered.

1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, © Ravi Sandhu World-Leading Research.

1 fairCASH: Concepts and Framework Yen Choon Ching Institute of Computer Science, University of Kiel, Germany Ver Sept 2008.

9/11/2012Pomcor 1 Techniques for Implementing Derived Credentials Francisco Corella Karen Lewison Pomcor (

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Copyright © Microsoft Corporation. All Rights Reserved. Kantara Paris October 2010 Presented By: Kim Cameron Chief Architect of Identity Microsoft.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Click to edit Master title style Jonas Lindstrøm, Alexandra Institute Privacy-preserving attribute- based credentials.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Accumulators and U-Prove Revocation Tolga Acar, Intel Sherman S.M. Chow, The Chinese University of Hong Kong Lan Nguyen, XCG – Microsoft Research.

Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase Microsoft Research.

Dan Usher Joel Ward. Who we are… What we’ve seen… Security Concerns in today’s world Why SmartCards? Authentication & Authorization of SharePoint IIS.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Chapter 9 Deploying IIS and Active Directory Certificate Services

Symmetric Key Infrastructure Karel Masarik, Daniel Cvrcek Faculty of Information Technology Brno University of Technology

Grid Security. Typical Grid Scenario Users Resources.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

By: Ansuya Chauhan.

10/20/2011Pomcor 1 Deployment and Usability of Cryptographic Credentials Francisco Corella Karen Lewison Pomcor.

1 Trust Framework Portable Identity Schemes Trust Framework Portable Identity Schemes NIH iTrust Forum December 10, 2009 Chris Louden.

Government Online – White Paper Companion – Copyright © 2007 Credentica Inc. All Rights Reserved. This presentation is animated. Press the “space bar”

APNIC Trial of Certification of IP Addresses and ASes RIPE 52 Plenary George Michaelson Geoff Huston.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Validity Management in SPKI 24 April 2002 (author) (presentation)

UNCLASS DoD Public Key Infrastructure LCDR Tom Winnenberg DISA API1 Chief Engineer 25 April 2002.

Anonymous Credentials Gergely Alpár Collis – November 24, 2011.

Christian Paquin May 1 st, 2007 Identity Management Techniques – CFP 2007 Tutorial – Copyright © 2007 Credentica Inc. All Rights Reserved.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Cloud Computing Cloud Security– an overview Keke Chen.

Distributed Web Security for Science Gateways Jim Basney In collaboration with: Rion Dooley Jeff Gaynor

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK InfraSec 2002 InfraSec 2002 Bristol, October 2002 Marco Casassa Mont Richard.

Anual Workshop February 5th, Anonymous yet reliable ePoll application Italo Dacosta SecAnon-DistriNet.

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

September 20 th, 2006 U-Prove crypto overview Copyright © 2006, Quebec Inc. Proprietary and Confidential.

Network Security Lecture 26 Presented by: Dr. Munam Ali Shah.

02/22/2005 Joint Seminer Satoshi Koga Information Technology & Security Lab. Kyushu Univ. A Distributed Online Certificate Status Protocol with Low Communication.

Configuring Directory Certificate Services Lesson 13.

Certificate revocation list

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.

Identity Management Hannes Tschofenig. Motivation OAuth was created to allow secure and privacy friendly sharing of data. OAuth is not an authentication.

Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian

The privacy risks and rewards of distributed identity Conference Presentation (8 September 2003) Surveillance and Privacy 2003, University of New South.

Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

All Rights Reserved 2014 © CMG Consulting LLC Federated Identity Management and Access Andres Carvallo Dwight Moore CMG Consulting, LLC October

Brian A. LaMacchia Director, XCG Security & Cryptography, Microsoft Research.

Faster Implementation of Modular Exponentiation in JavaScript

A Simple Traceable Pseudonym Certificate System for RSA-based PKI SCGroup Jinhae Kim.

m-Privacy for Collaborative Data Publishing

1 Grid School Module 4: Grid Security. 2 Typical Grid Scenario Users Resources.

05/03/2011Pomcor 1 Meeting the Privacy Goals of NSTIC in the Short Term Presentation at the 2011 Internet Identity Workshop Francisco Corella and Karen.

General Overview of Various SSO Systems: Active Directory, Google & Facebook Antti Pyykkö Mikko Malinen Oskari Miettinen.

News from EUGridPMA EGI OMB, 22 Jan 2013 David Kelsey (STFC) Using notes from David Groep 22/01/20131EUGridPMA News.

Cloud Security– an overview Keke Chen

Cryptography and Network Security

Signing transactions anonymously with Identity Mixer in Hyperledger

کاربرد گواهی الکترونیکی در سیستمهای کاربردی (امضای دیجیتال)

Laws for Secure Credentialing

Re(AC)t Reputation and Anonymous Credentials for Access Control (t=2)

Signing transactions anonymously with Identity Mixer in Hyperledger

Presentation transcript:

7/11/2011Pomcor 1 Pros and Cons of U-Prove, Idemix and Other Privacy-Enhancing Technologies Francisco Corella Karen Lewison Pomcor

7/11/2011Pomcor 2 Outline Levels of privacy (LOPs) of third-party credentials LOP 0: OpenID, OAuth LOP 1: PKI certificates LOP 2: U-Prove LOP 3: Idemix, etc. Selective disclosure The revocation problem Performance Smart-card support

7/11/2011Pomcor 3 Levels of Privacy (LOPs) of Third-Party Credentials LOP 0 Online identity provider Protocols: OpenID, OAuth Providers: Facebook, Google, Yahoo, etc. No privacy: identity provider is told how you use your credential, because it redirects user to the relying party No anonymity if using Facebook or Google

7/11/2011Pomcor 4 Levels of Privacy (LOPs) of Third-Party Credentials LOP 1 Traditional PKI certificate Certificate issuer is not told how you use it Certificate issuer can find out how you use it by sharing information with relying parties Based on assertion made to relying parties that uniquely identifies you THIS IS UNAVOIDABLE OR based on certificate serial number, public key or issuer ’ s signature, even if assertion made to relying parties does not uniquely identify you AVOIDABLE WITH PRIVACY-ENHANCING TECHNOLOGIES

7/11/2011Pomcor 5 Levels of Privacy (LOPs) of Third-Party Credentials LOP 2 Credential issuer cannot find out how you use your credential … even if relying parties let the issuer see their authentication logs … unless assertion made to relying parties uniquely identify you Both U-Prove [1,2] and Idemix [3] provide this feature

7/11/2011Pomcor 6 Levels of Privacy (LOPs) of Third-Party Credentials LOP 3 Relying parties cannot link multiple presentations of the same credential … even if they share their authentication logs … unless assertion made to relying parties uniquely identify you U-Prove does not provide this feature [1, §4.2]. Same token public key and signature seen by all relying parties Idemix and more recent cryptosystems do provide this feature

7/11/2011Pomcor 7 Selective Disclosure User discloses to relying party only a subset of the attributes in a credential Feature provided by U-Prove, Idemix, etc. User proves inequality relation involving numeric attribute without disclosing the attribute, e.g. birthdate < today – 21 years Feature provided by Idemix

7/11/2011Pomcor 8 The Revocation Problem If issuance and presentation cannot be linked, the issuer cannot revoke the credential by publishing a credential identifier in a revocation list Neither U-Prove nor Idemix credentials currently provide revocation by issuer Alternatives: on-demand or short-term credentials Several revocation techniques have been proposed, some of them are promising

7/11/2011Pomcor 9 Performance Privacy-enhancing technologies are computationally intensive Few performance figures available U-Prove seems to be one order of magnitude faster than Idemix Based on smart card implementations

7/11/2011Pomcor 10 Smart Card Implementations Idemix Java card Card must be tamperproof against user 10.5 seconds with 1536-bit modulus Non-Microsoft U-Prove MULTOS card 0.55 seconds with 1024-bit modulus Microsoft U-Prove card Enables presentation Most computations done by user ’ s computer Revocable by downloading CRL increment to card