Presentation is loading. Please wait.

Presentation is loading. Please wait.

PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal."— Presentation transcript:

1 PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal

2 PKI versus Private Credentials 2 Digital Certificates: sequences of zeros and ones (of a mathematical structure) verifiable with 100 % accuracy by computers transferable electronically (no human intervention, fast) unforgeable (crypto protection) can specify any kind of data

3 PKI versus Private Credentials 3 Identity Certificates: CA digital signature binds public key to real name secret key signs message (prevents replay, non-repudiation) verify by applying CA's public key use as authenticated pointer into databases (like SSNs)

4 PKI versus Private Credentials 4

5 5 Federal PKIs: USA (Access Certificates for Electronic Services, FPKI) United Kingdom (CLOUD COVER) Australia (Public Key Auth. Framework, Gatekeeper) Canada (Canada Public Key Infrastructure) Hong Kong (identity certificates to most residents)

6 PKI versus Private Credentials 6 In the future: mobile phones watches televisions cars computerized household appliances …

7 PKI versus Private Credentials 7 Drawbacks to organizations: transaction delays loose business (faulty/ irrelevant data, online connection fails) central database verification hard to protect databases against hackers and insiders privacy standards bring compliance costs Manage CRLs / online validation

8 PKI versus Private Credentials 8 Privacy concerns: traceability (CA, verifiers, wiretappers, intel. agencies) linkability (in and across PKIs) non-repudiable evidence discrimination (consults any database) errors (database, identities) no control over secondary use revocation (CRL, online whitelists)

9 PKI versus Private Credentials 9 Legislation ineffective: does not deter criminals stopping violations takes long legislation implemented ? technologies faster than law theft / modification by hackers ? misuse by employees ? laws may be amended, changed, exempted, overturned, or ignored database audits -> accessibility

10 PKI versus Private Credentials 10 Privacy design goals: control (selective disclosure) anonymity unlinkability no self-authenticating records smartcard implementations

11 PKI versus Private Credentials 11 Private Credentials: similar to coins and public transport tickets (not identifiable) meet all privacy design goals practical security benefits

12 PKI versus Private Credentials 12 Issuing a Private Credential: Certificate binds public key to attributes CA cannot learn user's public key and CA's signature (blinding) CA encodes attributes into user's secret key

13 PKI versus Private Credentials 13 Showing a Private Credential: Send public key and CA signature selectively disclose property of attributes sign message (= authenticate property) replay prevention

14 PKI versus Private Credentials 14 Note: different attributes in different or same Private Credentials anyone can be CA one attribute may be identity selective disclosure unlinkability

15 PKI versus Private Credentials 15 Selective disclosure: show part of attribute data without revealing more (think: marker) more powerful than paper-based certificates (Boolean properties, n out of m, intervals) works across different Private Credentials

16 PKI versus Private Credentials16

17 PKI versus Private Credentials 17

18 PKI versus Private Credentials 18 Reissuance: refresh previously issued Credential without knowing attributes update Credential's attributes before refreshing

19 PKI versus Private Credentials 19 Dossier-Resistance: verifier gets zero evidence of transaction; or verifier gets self-authenticating evidence of a message or a part of the disclosed property self-authenticating evidence can be limited to designated parties

20 PKI versus Private Credentials 20 Fraud protections: reduce identity fraud eliminate central database risks limited-show property (identity computable if shown too often) discourage lending (encode secret of user) discourage discarding (tie unfavorable attributes in)

21 PKI versus Private Credentials 21

22 PKI versus Private Credentials 22 Smartcard implementation: strong protection against loss, theft, extortion, lending,copying, discarding, etc can use standard 8-bit chips use desktop computer, notebook, handheld, mobile phone, … user's computer protects privacy, smartcard cannot leak data

23 PKI versus Private Credentials 23 Benefits to organizations: prevent unfair competition no law enforcement intrusions reduce identity fraud foster fair competition cheapest way to comply with privacy principles improve transaction finality cultivate goodwill

24 PKI versus Private Credentials 24 Private Credentials can subsume X.509: two attributes: certificate holder's X.500 name, all other fields restrict entropy of X.509 validity period restrict entropy of extension fields set serial number to hash of the public key or to zero

25 PKI versus Private Credentials 25 Sample applications: electronic cash digital pseudonyms for public forums and virtual communities access control (VPNs, subscription services, Web sites, databases) digital copyright protection (certificates permit use of works) electronic voting

26 PKI versus Private Credentials 26 (continued) electronic patient files electronic postage automated data bartering online auctions financial securities trading pay-per-view tickets public transport ticketing electronic food stamps road-toll pricing

27 PKI versus Private Credentials 27 (continued) national ID cards (with privacy) permission-based marketing Web site personalization multi-agent systems collaborative filtering loyalty schemes electronic gambling medical prescriptions

28 PKI versus Private Credentials 28 For more information: “Rethinking Public Key Infrastructures and Digital Certificates; Building in Privacy,” ISBN 0-262-02491-8, MIT Press August 2000, 356 pp. “Private Cedentials,” whitepaper, Zero-Knowledge Systems, September 2000 brands@zeroknowledge.com www.xs4all.nl/~brands

Download ppt "PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal."

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.

Launching Egyptian Root CA and Inaugurating E-Signature Dr. Sherif Hazem Nour El-Din Information Security Systems Consultant Root CA Manager, ITIDA.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Identity & Profile Management - The Right Way - Dr. Stefan Brands June 11, 2002 Presented to:

Identity & Profile Management - The Right Way - Dr. Stefan Brands June 11, 2002 Presented to:
1 fairCASH: Concepts and Framework Yen Choon Ching Institute of Computer Science, University of Kiel, Germany Ver 3.1 15 Sept 2008.

1 fairCASH: Concepts and Framework Yen Choon Ching Institute of Computer Science, University of Kiel, Germany Ver Sept 2008.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.

Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.
6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC513-01 Instructor:Professor Anvari Student ID:106845 Name:Xin Wen Date:11/25/00.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.
National Center for Supercomputing Applications PKI and CKM ® Scaling Study NCASSR Kick-off Meeting June 11-12, 2003 Jim Basney

National Center for Supercomputing Applications PKI and CKM ® Scaling Study NCASSR Kick-off Meeting June 11-12, 2003 Jim Basney
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.

Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.

Security of Computerized Medical Information: Threats from Authorized Users James G. Anderson, Ph.D. Purdue University.
Anonymity and Security in Public Internet Forums Ho-fung LEUNG Senior Member, IEEE Dept. of Computer Science & Engineering The Chinese University of Hong.

Anonymity and Security in Public Internet Forums Ho-fung LEUNG Senior Member, IEEE Dept. of Computer Science & Engineering The Chinese University of Hong.

Similar presentations

Ads by Google