a smart card based solution for user centric identity
play

A smart card based solution for user- centric identity management - PowerPoint PPT Presentation

Apr 03, 2023 •232 likes •460 views

A smart card based solution for user- centric identity management Jan Vossaert Researcher at KaHo Sint-Lieven Affiliated Researcher at KULeuven 1 Overview Introduction Approach Overview of the architecture Protocols

  1. A smart card based solution for user- centric identity management Jan Vossaert Researcher at KaHo Sint-Lieven Affiliated Researcher at KULeuven 1

  2. Overview • Introduction • Approach • Overview of the architecture • Protocols • Implementation details • Evaluation • Future work 2

  3. Introduction • Traditonal mechanisms for authentication – Password based solutions – X.509 certificates • Drawbacks – Token management – Mobility of tokens – Personalized services 3

  4. Introduction • Solutions – Federated identity management systems • Increased usability • No (or limited) user control • Identity provider can profile users • Web based • One identity provider • User impersonization • Weak login procedures 4

  5. Introduction • Solutions – Electronic identity technology • Increased mobility • No (or limited) user control • Only immutable attributes • Security versus scalability 5

  6. Introduction • Challenges – increased flexibility • Mutable attributes • Multiple identity providers – user control • Personalisation – online and offline services • Feasible revocation strategy 6

  7. Approach SP i ID X • Secure element is mediator between – Identity providers – Service providers • Access to attributes controlled by – external authorities: certificates – user: personalized policies at the card 7

  8. Approach • Privacy properties – No profiling • by identity providers • by collaborating service providers – Access control to personal information • by audit authorities • by user – No user impersonization 8

  9. Overview of the architecture (re)validation audit Deanon. certification service service service authority trusted module Time Handler Service request ID X Handler SP i SP j Cached ID Y (personalized) attributes SP k policies lastValTime SP l keys and SP m ID Z PIN based AC certificates user consent personalisation 9

  10. Overview of the architecture • Service provider certificate – Keeps a list of access rights approved by audit authority – Keeps a list of trusted identity provider (groups) • Identity provider certificate – Keeps a list of access rights • Public keys of root CAs are placed at the card 10

  11. Protocols • Card issuance – Common secret keypair • Prevents profiling – Card specific pseudonym • Used to generate service specific pseudonyms • Card revalidation – Mutual authentication – Card releases chip number • IF stillValid THEN update lastValTime ELSE block_card 11

  12. Protocols • Mutual authentication – Mutual key agreement protocol – SP  CARD • lastValTime used to check validity of SP Certificate • Short-lived server certificates – CARD  SP • proves to be genuine • lastValTime > accValTime 12

  13. Protocols • Access to (personalized) services (6)collect (3)verify attributes policy (1) mutual auth. Service request Handler ID X (2)attribute_query SP i Cert_SP Cached (7)release_attr’s attributes ID Y (personalized) policies lastValTime ID Z Cert_P (4)Attr (5) PIN query - maxRights - retention times for cached attributes - acceptable identity providers - ... 13

  14. Protocols • Access to personalized services – Special attribute  service specific pseudonym • nym IP = Hash(secret||Cert SP .subject) • Deanonymization – Releasing encrypted attributes – Can be decrypted by TTP 14

  15. Implementation details • Prototype on Gemalto TOP IM GX4 smart card – Java Card 2.2.1 – Performance constraints – No clock – Authorisation • PIN based 15

  16. Implementation details • Certificates – Standard X509 certificates • Authentication towards providers • Obtain derived card verifiable certificates – Custom card verifiable certificates • Trusted providers • Attribute ID list/Level of assurance 16

  17. Implementation details • Memory management – No garbage collection – Cached attributes • Value/retention time/LOA/last time of use/identity provider/… • Fixed set of byte arrays with variable length • Least recently used update policy – Static memory configuration 17

  18. Implementation details • Release attributes – Cached attributes – Attribute  identity provider • Personalization policies – Update policy based on PIN – Select cached attributes (persistent attributes) – Assign trust level to service providers – Assign sensitivity level to attributes 18

  19. Evaluation • Trust properties – Card issuer knows common key pair BUT card-specific secret is not known by card issuer – Trust in workstation for user interaction BUT implementation in SIM possible • Scalability & flexibility – Clear separation of duties – Representatives for set of identity providers – Flexible revocation strategy 19

  20. Evaluation • Controlled release of attributes – Access control at multiple levels • certificates, user policies, user consent – Limited value of attributes to SP – Proving properties of attributes – Encrypted attributes  accountability measures • Performance – 2 identity providers: 3461 ms – 1 identity providers: 2287 ms – 0 identity providers: 1110 ms 20

  21. Future work • Building concrete services and identity providers • Integration in Web applications • Fine-grained access policies • From smart card to SIM, dedicated module, ... • Accurate performance results 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Browser based approach for Smart Card Connectivity My Smart Card My Smart Card Kapil Sachdeva

Browser based approach for Smart Card Connectivity My Smart Card My Smart Card Kapil Sachdeva

Browser based approach for Smart Card Connectivity My Smart Card My Smart Card Kapil Sachdeva expiration: 09/10 Karen Lu Ksheerabdhi Krishna Challenges Installing crypto providers Breaks mobility Breaks ubiquity of web

425 views • 8 slides
Quantifying and Clustering User-Centric Considerations About Smart Home Device Adoption Nat M.

Quantifying and Clustering User-Centric Considerations About Smart Home Device Adoption Nat M.

Do Privacy and Security Matter to Everyone? Quantifying and Clustering User-Centric Considerations About Smart Home Device Adoption Nat M. Barbosa , Zhuohao Zhang, Yang Wang The Smart Home Adoption-Concern Conundrum

639 views • 10 slides
Smart Cards Carrying certificates around How do you use your [digital] identity? Install your

Smart Cards Carrying certificates around How do you use your [digital] identity? Install your

4/25/08 Smart Cards Carrying certificates around How do you use your [digital] identity? Install your certificate in browser On-computer keychain file Need there be more? 1 4/25/08 Smart cards Smart card Portable device

316 views • 4 slides
Internet Identity Initiatives Internet Identity Initiatives RL Bob Morgan University of

Internet Identity Initiatives Internet Identity Initiatives RL Bob Morgan University of

Internet Identity Initiatives Internet Identity Initiatives RL Bob Morgan University of Washington and Internet2 EMC2 Mlaga, S pain October 2006 Topics Topics Internet identity buzzwords/ proj ects: user-centric, sxip, dix,

395 views • 18 slides
Smart( Java )Card ... What & Why What - smart card Tiny PC without Human Interface

Smart( Java )Card ... What & Why What - smart card Tiny PC without Human Interface

Smart( Java )Card ... What & Why What - smart card Tiny PC without Human Interface capabilities CPU : 16b/32b RISC @ handful of MhZ Math co-processor: RSA/DES/AES/ECC RAM : X KB HDD : XX..XXX KB (EEPROM) NET :

568 views • 36 slides
Osmocom SIMtrace SIM card protocol tracing - why and how Harald Welte Harald Welte Osmocom

Osmocom SIMtrace SIM card protocol tracing - why and how Harald Welte Harald Welte Osmocom

Osmocom SIMtrace SIM card protocol tracing - why and how Harald Welte Harald Welte Osmocom SIMtrace November 2014 1 / 30 SIM Cards Smart Card Basics Terminology SIM Subscriber Identity Module USIM Universal Subscriber Identity Mdoule

682 views • 31 slides
B2C Creative Presentation 31.07.2009 Travel in Europe The new identity card lets you go on

B2C Creative Presentation 31.07.2009 Travel in Europe The new identity card lets you go on

B2C Creative Presentation 31.07.2009 Travel in Europe The new identity card lets you go on holiday in Europe without your passport. Fingerprint technology makes the new identity card so secure that European countries even accept it instead of

571 views • 26 slides
Summary User-centric Social Social Multimedia Multimedia Computing From Users: user-perceptive

Summary User-centric Social Social Multimedia Multimedia Computing From Users: user-perceptive

Summary User-centric Social Social Multimedia Multimedia Computing From Users: user-perceptive Content User-centric Cross-Network multimedia content analysis Multimedia computing On Users: social multimedia User activity-based user

498 views • 22 slides
Internet Identity Workshop IIW 2008b Introduction Johannes Ernst NetMesh Inc.

Internet Identity Workshop IIW 2008b Introduction Johannes Ernst NetMesh Inc.

Internet Identity Workshop IIW 2008b Introduction Johannes Ernst NetMesh Inc. http://netmesh.info/jernst Johannes Ernst Modern Identity History Facebook Proprietary et al. Yadis URL-based Age of identity Card-based interop

1.01k views • 24 slides
Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based

Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based

Contents Background Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based Signature Conclusion Manik Lal Das DA-IICT, Gandhinagar, India About DA-IICT and Our Group DA-IICT is a private university,

563 views • 35 slides
User centric Cost based Flight Efficiency and Equity indicators . Dr. Javier Lpez

User centric Cost based Flight Efficiency and Equity indicators . Dr. Javier Lpez

User centric Cost based Flight Efficiency and Equity indicators . Dr. Javier Lpez Leons (Boeing Research & Technology Europe) Marcos Sanz Bravo (CRIDA A.I.E.) Belgrade, 30 of November 2017 Authors JAVIER LOPEZ LEONES , MANUEL

591 views • 58 slides
Identity Based Key Agreement Protocols N.P . Smart Department of Computer Science, University

Identity Based Key Agreement Protocols N.P . Smart Department of Computer Science, University

Identity Based Key Agreement Protocols N.P . Smart Department of Computer Science, University Of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB. Joint work with Liqun Chen and Michael Cheng 24th July 2006 N.P .

540 views • 39 slides
Smart Card to Mitigate Logical Attacks Tiana Razafindralambo, Guillaume Bouffard, Bhagyalekshmy N

Smart Card to Mitigate Logical Attacks Tiana Razafindralambo, Guillaume Bouffard, Bhagyalekshmy N

A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks Tiana Razafindralambo, Guillaume Bouffard, Bhagyalekshmy N Thampi , and Jean-Louis Lanet Smart Secure Devices (SSD) Team, XLIM/ Universit de Limoges, France

466 views • 17 slides
User-Centric Perspective UCP Working Group Our approach to this theme - We started by defining

User-Centric Perspective UCP Working Group Our approach to this theme - We started by defining

User-Centric Perspective UCP Working Group Our approach to this theme - We started by defining concepts and terms we thought were relevant - We told stories/use cases of user-centric process models in the wild as well as

907 views • 19 slides
Towards a Privacy-Preserving National Identity Card Yves Deswarte, Sbastien Gambs

Towards a Privacy-Preserving National Identity Card Yves Deswarte, Sbastien Gambs

Towards a Privacy-Preserving National Identity Card Yves Deswarte, Sbastien Gambs yves.deswarte@laas.fr, sebastien.gambs@irisa.fr Toulouse, France National Identity Card ! Discloses more information " No information leakage than needed

395 views • 8 slides
Smart Card Data in Public Transport Paul Bouman Also based on work of: Evelien van der Hurk,

Smart Card Data in Public Transport Paul Bouman Also based on work of: Evelien van der Hurk,

Department of Technology & Operations Management Smart Card Data in Public Transport Paul Bouman Also based on work of: Evelien van der Hurk, Timo Polman, Leo Kroon, Peter Vervest and Gbor Marti Complexity in Public Transport:

2.21k views • 55 slides
Intro to R - 2. Objects and Data OIT/SMU Libraries Data Science Workshop Series Michael Hahsler

Intro to R - 2. Objects and Data OIT/SMU Libraries Data Science Workshop Series Michael Hahsler

Intro to R - 2. Objects and Data OIT/SMU Libraries Data Science Workshop Series Michael Hahsler OIT, SMU Michael Hahsler (OIT, SMU) Intro to R - 2. Objects and Data 1 / 31 Objects and Attributes 1 Matrices 2 Lists 3 Data Frames 4 S3

678 views • 31 slides
CR Li-Yau Gradient Estimate and Perelman Entropy Formulae Shu-Cheng Chang National Taiwan

CR Li-Yau Gradient Estimate and Perelman Entropy Formulae Shu-Cheng Chang National Taiwan

CR Li-Yau Gradient Estimate and Perelman Entropy Formulae Shu-Cheng Chang National Taiwan University The 10th Pacic Rim Geometry Conference Osaka-Fukuoka, Part I, Dec. 1-5, 2011 The 10th Pacic Rim Geometry Conference O Shu-Cheng Chang

561 views • 52 slides
Essential Spectrum of Schrdinger Operators with no Periodic Potentials on Periodic Metric Graphs

Essential Spectrum of Schrdinger Operators with no Periodic Potentials on Periodic Metric Graphs

Essential Spectrum of Schrdinger Operators with no Periodic Potentials on Periodic Metric Graphs Vladimir Rabinovich (Instituto Politcnico Nacional, Mexico) Q-Math 13, Atlanta, October, 8-11, 2016 (Institute) Essential Spectrum of

387 views • 35 slides
Exploiting Synchrony and Symmetry in Relational Verification Lauren Pick 1 Relational

Exploiting Synchrony and Symmetry in Relational Verification Lauren Pick 1 Relational

Exploiting Synchrony and Symmetry in Relational Verification Lauren Pick 1 Relational Verification 2 Relational Verification Given: k ( k >1) programs (renamed so that they have independent sets of variables) a relational

1.13k views • 70 slides
Adventures in determining a digitization labs capacity Shannon Willis Digital Projects Lab

Adventures in determining a digitization labs capacity Shannon Willis Digital Projects Lab

Adventures in determining a digitization labs capacity Shannon Willis Digital Projects Lab Manager Marcia McIntosh Digital Production Librarian https://texashistory.unt.edu/ark:/6 7531/metadc227034/ As of: 2019-10-08 2 Division of

651 views • 21 slides
D e c e n t r a l i z e d I d e n t i f e r s ( D I D s ) Ma r k u

D e c e n t r a l i z e d I d e n t i f e r s ( D I D s ) Ma r k u

D e c e n t r a l i z e d I d e n t i f e r s ( D I D s ) Ma r k u s S a b a d e l l o D a n u b e T e c h , D e c e n t r a l i z e d I d e n t i t y F o u n d a t i

891 views • 25 slides
Semantics: Semantic Grammar & Information Extraction CMSC 35100 Natural Language Processing

Semantics: Semantic Grammar & Information Extraction CMSC 35100 Natural Language Processing

Semantics: Semantic Grammar & Information Extraction CMSC 35100 Natural Language Processing May 13, 2003 Potential Projects Develop a morphological transducer for a portion of a language of your choice Improve the output of a

565 views • 20 slides
Proofs and Computations Helmut Schwichtenberg Mathematisches Institut, LMU, M unchen 22.

Proofs and Computations Helmut Schwichtenberg Mathematisches Institut, LMU, M unchen 22.

Proofs and Computations Helmut Schwichtenberg Mathematisches Institut, LMU, M unchen 22. August 2010 Helmut Schwichtenberg Proofs and Computations Computing with partial continuous functionals Proofs in mathematics: on abstract,

331 views • 22 slides

More recommend