Download presentation
Presentation is loading. Please wait.
Published byHilary Payne Modified over 9 years ago
1
7/11/2011Pomcor 1 Pros and Cons of U-Prove, Idemix and Other Privacy-Enhancing Technologies Francisco Corella Karen Lewison Pomcor
2
7/11/2011Pomcor 2 Outline Levels of privacy (LOPs) of third-party credentials LOP 0: OpenID, OAuth LOP 1: PKI certificates LOP 2: U-Prove LOP 3: Idemix, etc. Selective disclosure The revocation problem Performance Smart-card support
3
7/11/2011Pomcor 3 Levels of Privacy (LOPs) of Third-Party Credentials LOP 0 Online identity provider Protocols: OpenID, OAuth Providers: Facebook, Google, Yahoo, etc. No privacy: identity provider is told how you use your credential, because it redirects user to the relying party No anonymity if using Facebook or Google
4
7/11/2011Pomcor 4 Levels of Privacy (LOPs) of Third-Party Credentials LOP 1 Traditional PKI certificate Certificate issuer is not told how you use it Certificate issuer can find out how you use it by sharing information with relying parties Based on assertion made to relying parties that uniquely identifies you THIS IS UNAVOIDABLE OR based on certificate serial number, public key or issuer ’ s signature, even if assertion made to relying parties does not uniquely identify you AVOIDABLE WITH PRIVACY-ENHANCING TECHNOLOGIES
5
7/11/2011Pomcor 5 Levels of Privacy (LOPs) of Third-Party Credentials LOP 2 Credential issuer cannot find out how you use your credential … even if relying parties let the issuer see their authentication logs … unless assertion made to relying parties uniquely identify you Both U-Prove [1,2] and Idemix [3] provide this feature
6
7/11/2011Pomcor 6 Levels of Privacy (LOPs) of Third-Party Credentials LOP 3 Relying parties cannot link multiple presentations of the same credential … even if they share their authentication logs … unless assertion made to relying parties uniquely identify you U-Prove does not provide this feature [1, §4.2]. Same token public key and signature seen by all relying parties Idemix and more recent cryptosystems do provide this feature
7
7/11/2011Pomcor 7 Selective Disclosure User discloses to relying party only a subset of the attributes in a credential Feature provided by U-Prove, Idemix, etc. User proves inequality relation involving numeric attribute without disclosing the attribute, e.g. birthdate < today – 21 years Feature provided by Idemix
8
7/11/2011Pomcor 8 The Revocation Problem If issuance and presentation cannot be linked, the issuer cannot revoke the credential by publishing a credential identifier in a revocation list Neither U-Prove nor Idemix credentials currently provide revocation by issuer Alternatives: on-demand or short-term credentials Several revocation techniques have been proposed, some of them are promising
9
7/11/2011Pomcor 9 Performance Privacy-enhancing technologies are computationally intensive Few performance figures available U-Prove seems to be one order of magnitude faster than Idemix Based on smart card implementations
10
7/11/2011Pomcor 10 Smart Card Implementations Idemix Java card Card must be tamperproof against user 10.5 seconds with 1536-bit modulus Non-Microsoft U-Prove MULTOS card 0.55 seconds with 1024-bit modulus Microsoft U-Prove card Enables presentation Most computations done by user ’ s computer Revocable by downloading CRL increment to card
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.