a survey on untransferable anonymous credentials
play

A Survey on Untransferable Anonymous Credentials 1 Sebastian Pape, - PowerPoint PPT Presentation

Jul 01, 2023 •139 likes •382 views

FIDIS / IFIP Summerschool Workshop 2: Privacy Issues Sebastian Pape A Survey on Untransferable Anonymous Credentials 1 Sebastian Pape, Databases and Interactive Systems Research Group Overview Anonymous Credentials Approaches to

  1. FIDIS / IFIP Summerschool Workshop 2: Privacy Issues Sebastian Pape A Survey on Untransferable Anonymous Credentials 1 Sebastian Pape, Databases and Interactive Systems Research Group

  2. Overview ● Anonymous Credentials ● Approaches to ensure untransferability ● System's Security ● Attacks ● Comparison / Conclusion 2 Sebastian Pape, Databases and Interactive Systems Research Group

  3. Anonymous Credentials ● Introduced by Chaum ● Consist of cryptographic tokens (ZKP, Blind/Group Signature) ● Allow authentication without identification ● Related to anonymous payment ● But non-transferablity may be wished ● age verification ● driving license ● student ID ● ... ● How can you be sure the token was used by its regular owner? 3 Sebastian Pape, Databases and Interactive Systems Research Group

  4. Approaches ● Two different approaches ⇒ Make the user not wanting to share ● Embed valuable secrets into the system ⇒ Keep tokens secret from user ● Use of Biometrics ● Advantages / Disadvantages? 4 Sebastian Pape, Databases and Interactive Systems Research Group

  5. Embedded Secrets ● Discourage users to share credentials ● Sharing a credential shares a valuable secret ● User's credential is made valuable beyond primary intent ● Assumption/Hope: User won't share credentials ● Interactive Protocol for Credential issuing ● Keeps embedded secret ● May be tough to verify the secret's accuracy 5 Sebastian Pape, Databases and Interactive Systems Research Group

  6. Embedded Secrets ● Embed secret from outside the system ● By Lysyanskaya / Rivest / Sahai / Wolf ● PKI-assured non transferability ● Valuable Master key ● To sign legal/financial documents ● Connect all credentials in the system ● Camenisch / Lysyanskaya ● All-or-nothing transferability 6 Sebastian Pape, Databases and Interactive Systems Research Group

  7. Hardware (S) Wallet Verifier ● User is able to check information flow ● Observer not needed 7 Sebastian Pape, Databases and Interactive Systems Research Group

  8. AC with Biometrics ● Access control by biometrics ● Authentication factor "knowledge" transformed to "possesion" ● Smartcard works as Blackbox for the user ● General biometric problems apply 8 Sebastian Pape, Databases and Interactive Systems Research Group

  9. Wallet-with-Observer Wallet Observer Verifier ● Suggested by Chaum and Pedersen ● User is able to check information flow ● Organisation has to trust observer 9 Sebastian Pape, Databases and Interactive Systems Research Group

  10. Biometrics (Hardware) Source: www.fidelica.com ● No template database ● Match-on-card system ● Protected against eavesdropper 10 Sebastian Pape, Databases and Interactive Systems Research Group

  11. Wallet-with-Observer (B) Wallet Observer Verifier ● Extension by Bleumer ● Biometrics to Observer ● User is able to check information flow ● Organisation has to trust observer 11 Sebastian Pape, Databases and Interactive Systems Research Group

  12. System's Security (G) Security of the basis credential system (B) Security of untransferability by biometric access control (S) Security of untransferability by embedding a valuable secret 12 Sebastian Pape, Databases and Interactive Systems Research Group

  13. System's Security  (G1) Security of cryptographic functions  (G2) Credentials' secrecy (initialization)  (B1) Quality of tamperproofness  (B2) Difficulty duping biometric sensors  (S1) Value of embedded secret  (S2) Precautions to prevent misuse  (S3) Connection of credential & secret 13 Sebastian Pape, Databases and Interactive Systems Research Group

  14. Scenario ● Issuer creates credential in regard to biometrics / secret ● Verifier has interest to check credential – Discount (student / handicapped ID) – Enforcement of laws (tobaco, driving) ● Untransferability is not in the user's interest 14 Sebastian Pape, Databases and Interactive Systems Research Group

  15. Attacker Model ● Main focus: – Comparison regarding untransferability ● Assumptions: – No high-security environment ● Practical view on security – 3rd parties have less power than involved p. – All parties use trusted hardware – Tamperproof device chosen by Issuer/Verifier 15 Sebastian Pape, Databases and Interactive Systems Research Group

  16. Attacker Model ● Verifier/Issuer wants to gather information – Wallet-with-observer architecture holds ● Issuer does not leak/get information – e.g. credentials, biometrics, embedded secret ● => User is a possible attacker – Untransferability is on the user's part 16 Sebastian Pape, Databases and Interactive Systems Research Group

  17. Attacks (G)  (G1) Security of cryptographic functions  (G2) Credentials' secrecy (initialization) ● Apply to both approaches ● Assumed to be safe ● General problem with Wallet-with-Observer 17 Sebastian Pape, Databases and Interactive Systems Research Group

  18. Wallet-with-Observer Architecture Observer Wallet Verifier ● General Problem: Contact to "correct card"? 18 Sebastian Pape, Databases and Interactive Systems Research Group

  19. Attacks (B)  (B1) Quality of tamperproofness  (B2) Difficulty duping biometric sensors ● Biometric device embedded in Smartcard – Otherwise privacy-risk (cash cards) ● Moderately secure biometric sensor ● Attended or unattended control ? 19 Sebastian Pape, Databases and Interactive Systems Research Group

  20. Attacks (S)  (S1) Value of embedded secret  (S2) Precautions to prevent misuse  (S3) Connection of credential & secret ● Precautions depend on value of secret – User acceptance ● Detaching credentials unfeasible ● Value of secret most important 20 Sebastian Pape, Databases and Interactive Systems Research Group

  21. Attacks (B vs. S)  (B2) Difficulty duping biometric sensors ● Control depends on (un)attendance ● Expensive, not universal, error-prone?  (S1) Value of embedded secret ● Which secret to use? ● Secret is able to protect lower values ● Raises system's value 21 Sebastian Pape, Databases and Interactive Systems Research Group

  22. Conclusion ●  ● (un)attended AC ● Secret Circumvention ● ● Biometrics ● Secret Universality ● ● Tamperproof + ● Not needed Special device ● biometric reader ● Unlikely ● May occur Unint. Sharing ● ● Unchanged ● Raised System's Value ● 22 Sebastian Pape, Databases and Interactive Systems Research Group

  23. Conclusion  ● Secret - (un)attended AC Circumvention ● Biometrics ● Secret Universality - Tamperproof + + Not needed Special device biometric reader + Unlikely - May occur Unint. Sharing + Unchanged - Raised System's Value 23 Sebastian Pape, Databases and Interactive Systems Research Group

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase

Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase

Anonymous Credentials: How to show credentials without compromising privacy Melissa Chase Microsoft Research Credentials: Motivation ID cards Sometimes used for other uses E.g. prove youre over 21, or verify your address

659 views • 48 slides
Sebastian Pape Templateless Biometric-Enforced Non-Transferability of Anonymous Credentials 1

Sebastian Pape Templateless Biometric-Enforced Non-Transferability of Anonymous Credentials 1

Kryptowochenende 2008 Sebastian Pape Templateless Biometric-Enforced Non-Transferability of Anonymous Credentials 1 Sebastian Pape, Databases and Interactive Systems Research Group Overview Motivation Anonymous Credentials

268 views • 16 slides
ECash and Anonymous Credentials CS/ECE 598MAN: Applied Cryptography Nikita Borisov November 9,

ECash and Anonymous Credentials CS/ECE 598MAN: Applied Cryptography Nikita Borisov November 9,

E-cash Anonymous Credentials Compact E-cash ECash and Anonymous Credentials CS/ECE 598MAN: Applied Cryptography Nikita Borisov November 9, 2009 E-cash Anonymous Credentials Compact E-cash E-cash 1 Chaums E-cash Offline E-cash

539 views • 40 slides
Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work

Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work

Anonymous Tokens Michele Orr ia.cr/2020/072 1 Anonymous Tokens Michele Orr joint work with Ben Kreuter, Tancrde Lepoint, Mariana Raykova ia.cr/2020/072 1 Definition Anonymous tokens are lightweight, single-use anonymous credentials.

657 views • 61 slides
Cinderella: Turning Shabby X.509 Certificates into Elegant Anonymous Credentials with the Magic

Cinderella: Turning Shabby X.509 Certificates into Elegant Anonymous Credentials with the Magic

Cinderella: Turning Shabby X.509 Certificates into Elegant Anonymous Credentials with the Magic of Verifiable Computation Antoine Delignat-Lavaud Cdric Fournet, Markulf Kohlweiss, Bryan Parno X.509 V.C. The X.509 Public Key Infrastructure

647 views • 27 slides
Survey The anonymous, 2-page survey was distributed at the PanCare Brno meeting. 31

Survey The anonymous, 2-page survey was distributed at the PanCare Brno meeting. 31

Survey The anonymous, 2-page survey was distributed at the PanCare Brno meeting. 31 responses were received Julie Byrne designed the survey, tabulated the responses and composed this report (Jbyrne@boyneresearch.ie) Update from

678 views • 22 slides
Efficient Redactable Signature and Application to Anonymous Credentials Olivier Sanders Orange

Efficient Redactable Signature and Application to Anonymous Credentials Olivier Sanders Orange

Efficient Redactable Signature and Application to Anonymous Credentials Olivier Sanders Orange Labs PKC 2020 Context PKC 2020 p 2 Digital Signature Digital signature can be used to authenticate digital data ... Name Birthdate Address

437 views • 33 slides
Public Opinion Survey 2013 WSU 2013 Public Opinion Survey OpinionWorks Credentials Since 2001

Public Opinion Survey 2013 WSU 2013 Public Opinion Survey OpinionWorks Credentials Since 2001

Public Opinion Survey 2013 WSU 2013 Public Opinion Survey OpinionWorks Credentials Since 2001 Utah call centers in Logan, Provo Focused on education, health, conservation, public attitudes and behavior State University of New

446 views • 26 slides
Pseudonym Systems Anja Lehmann IBM Research Zurich ROADMAP Anonymous onymous Credentia

Pseudonym Systems Anja Lehmann IBM Research Zurich ROADMAP Anonymous onymous Credentia

Privacy-Enhancing Technologies: Anonymous Credentials and Pseudonym Systems Anja Lehmann IBM Research Zurich ROADMAP Anonymous onymous Credentia edentials ls privac ivacy-pres preservin rving (use ser) r) authe hentic

592 views • 32 slides
CREDENTIALS STUDENT RECORD SERVICES TUTORIAL WHAT ARE CREDENTIALS ? 01 credentials ( noun )

CREDENTIALS STUDENT RECORD SERVICES TUTORIAL WHAT ARE CREDENTIALS ? 01 credentials ( noun )

CREDENTIALS STUDENT RECORD SERVICES TUTORIAL WHAT ARE CREDENTIALS ? 01 credentials ( noun ) reference materials used to support applications for employment or graduate study BENEFITS OF CREATING A FILE Compile all of your resources in the Career

677 views • 21 slides
Richard Orsini Forensic Document Examiner For Credentials: www.richardorsini.com Services

Richard Orsini Forensic Document Examiner For Credentials: www.richardorsini.com Services

Richard Orsini Forensic Document Examiner For Credentials: www.richardorsini.com Services Forgery detection Anonymous writings Handwriting authentication Altered & obliterated documents Identity theft prevention

930 views • 65 slides
IT452 Anonymous Feedback for Credit! Please fill out the survey on the following pages. Your

IT452 Anonymous Feedback for Credit! Please fill out the survey on the following pages. Your

IT452 Anonymous Feedback for Credit! Please fill out the survey on the following pages. Your responses are very important to us and will help us improve the course for you, so please allow a few minutes to think about your answers. To encourage

296 views • 4 slides
Understanding Our Students Health Behaviors Results of the 2017 Healthy Kids Colorado Survey

Understanding Our Students Health Behaviors Results of the 2017 Healthy Kids Colorado Survey

Understanding Our Students Health Behaviors Results of the 2017 Healthy Kids Colorado Survey Presented by Talia Brown, MS PhD Survey is Anonymous and Voluntary BVSD middle and high schools Voluntary can opt-out Anonymous

493 views • 38 slides
POLI 203 The End of the Death Penalty Prof. Baumgartner ANONYMOUS SURVEY November 24, 2014

POLI 203 The End of the Death Penalty Prof. Baumgartner ANONYMOUS SURVEY November 24, 2014

POLI 203 The End of the Death Penalty Prof. Baumgartner ANONYMOUS SURVEY November 24, 2014 Results, December 1, 2014 Without giving any identifying information, please respond to the same question you answered at the beginning of the semester,

121 views • 11 slides
Note Card Survey (Anonymous) 1. Keep: What have I been doing well that I should continue doing? 2.

Note Card Survey (Anonymous) 1. Keep: What have I been doing well that I should continue doing? 2.

Note Card Survey (Anonymous) 1. Keep: What have I been doing well that I should continue doing? 2. Change: What is something I already do, but should change so I do it better? 3. Stop: What is one bad thing I should stop doing? 4. Start: What is

597 views • 58 slides
POLI 203 Anonymous survey January 8, 2020 Part I. Opinion questions taken from the Gallup Poll

POLI 203 Anonymous survey January 8, 2020 Part I. Opinion questions taken from the Gallup Poll

POLI 203 Anonymous survey January 8, 2020 Part I. Opinion questions taken from the Gallup Poll Archives Are you in favor of the death penalty for a person convicted of murder? a) Favor b) Oppose If you could choose between the following two

408 views • 4 slides
EUnetHTA JA2 WP7 Multi-HTA Early Dialogues Mira Pavlovic, MD Franois Meyer, MD HAS, EUnetHTA

EUnetHTA JA2 WP7 Multi-HTA Early Dialogues Mira Pavlovic, MD Franois Meyer, MD HAS, EUnetHTA

EUnetHTA JA2 WP7 Multi-HTA Early Dialogues Mira Pavlovic, MD Franois Meyer, MD HAS, EUnetHTA JA2 WP7 Lead Partner Collaborative EUnetHTA actions Mandate for EU collaboration in HTA* Relevant EUnetHTA* ongoing actions Raise standards in

203 views • 18 slides
ANOMALIES AND NEWS JOEY ENGELBERG (UCSD) R. DAVID MCLEAN (GEORGETOWN) JEFFREY PONTIFF (BOSTON

ANOMALIES AND NEWS JOEY ENGELBERG (UCSD) R. DAVID MCLEAN (GEORGETOWN) JEFFREY PONTIFF (BOSTON

ANOMALIES AND NEWS JOEY ENGELBERG (UCSD) R. DAVID MCLEAN (GEORGETOWN) JEFFREY PONTIFF (BOSTON COLLEGE) 3 RD ANNUAL NEWS & FINANCE CONFERENCE COLUMBIA UNIVERSITY MARCH 8, 2018 Background and Motivation 2 Academic research has uncovered

565 views • 35 slides
Contract 4427 . Barry Baker Latitude 42 Environmental Consultants background endemic NZ

Contract 4427 . Barry Baker Latitude 42 Environmental Consultants background endemic NZ

Research Plan for Aerial Survey of White- capped albatross, Auckland Islands Contract 4427 . Barry Baker Latitude 42 Environmental Consultants background endemic NZ species Auckland Islands Disappointment Island (110 000 pairs) SW Cape

139 views • 12 slides
Challenges Facing the Programmer in Observational Research Laurence Carpenter, Amgen PhUSE,

Challenges Facing the Programmer in Observational Research Laurence Carpenter, Amgen PhUSE,

Challenges Facing the Programmer in Observational Research Laurence Carpenter, Amgen PhUSE, October 12 th 2011 Agenda Background Introduction Types of Observational Research (OR) Study Data Format and Collection The

490 views • 19 slides
Rethinking our Alignment Obsession: Can a Generalizability Perspective Help? Scott Marion, Center

Rethinking our Alignment Obsession: Can a Generalizability Perspective Help? Scott Marion, Center

Rethinking our Alignment Obsession: Can a Generalizability Perspective Help? Scott Marion, Center for Assessment CCSSO National Conference on Student Assessment Aligned to What: Complex Content Standards as Targets for Assessment Design and

495 views • 17 slides
Our story QARAMY means poetry in the ancient Quechua language, a native South American

Our story QARAMY means poetry in the ancient Quechua language, a native South American

Our story QARAMY means poetry in the ancient Quechua language, a native South American language spoken primarily in the Andes. The name symbolizes the winerys expression of loyalty, tradition and commitment to its

206 views • 6 slides
Newmarket Confidential and Proprietary Information Customer obsession is the new competitive

Newmarket Confidential and Proprietary Information Customer obsession is the new competitive

Newmarket Confidential and Proprietary Information Customer obsession is the new competitive advantage Only companies that are customer obsessed and adapt to changing behaviors in real-time will succeed. - Forrester Research Newmarket

675 views • 11 slides
PIONEERING THE BEAUTY EXPERIENCE OF TOMORROW Lubomira ROCHET Global Chief Digital Officer

PIONEERING THE BEAUTY EXPERIENCE OF TOMORROW Lubomira ROCHET Global Chief Digital Officer

PIONEERING THE BEAUTY EXPERIENCE OF TOMORROW Lubomira ROCHET Global Chief Digital Officer Deutsche Bank - June 2018 1 DIGITAL & BEAUTY A PERFECT MATCH DIGITAL IS TRANSFORMING THE CONSUMER JOURNEY DIRECT RELATIONSHIPS DATA TO EVOLVE

500 views • 13 slides

More recommend