Download presentation
Presentation is loading. Please wait.
Published byWendy Holcomb Modified over 9 years ago
1
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
2
Advanced applications for e-ID cards Basic Research project funded by IWT Focus on security and privacy Belgian e-ID based on PKI with X509 certificates Hard to build privacy friendly applications E-Government Hard to find applications where anonymity is arguably necessary
3
Formal request addressed to an authority and signed by numerous individuals Typically citizens provide Unique identifier (name, national ID number) Signature Verification: Validating that the signatures correspond to the identifiers Discarding multiple/invalid signatures
4
Benefits of going electronic: Many resources are needed in order to physically collect the signatures Manual signature verification is a costly and tedious process Drawbacks Easy to cheat (e.g., knowledge of other people’s name and ID number) Countermeasures may “disenfranchise” petition signers (e.g., IP detection) Good example of ICT enabling participatory e- democracy
5
Have users sign the petitions with their e-ID 1. Select petition 2. Sign using the e-ID (2-factor authentication) 3. Validate signature and check that the petition has not yet been signed with that e-ID 4. Count (or discard) the signature Privacy risks Leak sensitive information on political beliefs, religious inclinations, etc. (this may prevent some people from signing) Through unique identifiers, petition signatures can be linked to other data
6
Basic requirements Authentication: citizen is who claims to be (i.e., no impersonation) Authorization: citizen is entitled to sign (e.g., age > 18) Integrity, Confidentiality Multiple signing prevention Verifiability: all valid signatures are counted Privacy requirements Signer anonymity: citizen unlinkable to petition (i.e., not possible to identify who are the signers)
7
Active area of research in cryptography They rely on cryptographic protocols and Zero- Knowlege proofs to reduce to the bare minimum the amount of information disclosed Flexible protocols, many options possible Example: CI issues a credential to U that encodes U’s age U can prove to V that his age is above/below a threshold V can check that this is certified by CI V does not learn U’s exact age
8
o Signed by a trusted issuer o Certification of attributes o Authentication (secret key) o Double-signing detection o No data minimization o Users are identifiable o Users can be tracked (Signature linkable to other contexts where e-ID is used) o Signed by a trusted issuer o Certification of attributes o Authentication (secret key) o Double-signing detection o Data minimization o Users are anonymous o Users are unlinkable in different contexts PKIAnonymous credentials
10
Only citizens entitled to sign can do so Possession of e-ID + knowledge of PIN Attribute verification (e.g., age, locality) One credential per citizen Citizens can sign only once (multiple signing is detectable so that repeated signatures can be deleted) Collusion of credential issuer and e-Petition server does not reveal the identity of a signer Verifiability through publishing the protocol transcripts
11
Summary of the paper Motivation for privacy preserving e-petitions Requirement study Introduction to anonymous credentials Architectural design combining existing technologies Legal issues To be added: details of the protocols and implementation Proof-of-concept We can satisfy seemingly contradictory requirements Security properties can be achieved without identifiability National ID can be user to bootstrap privacy friendlier IDM, while preventing Sybil attacks
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.