A Survey on Untransferable Anonymous Credentials 1 Sebastian Pape, - - PowerPoint PPT Presentation

a survey on untransferable anonymous credentials
SMART_READER_LITE
LIVE PREVIEW

A Survey on Untransferable Anonymous Credentials 1 Sebastian Pape, - - PowerPoint PPT Presentation

Jul 01, 2023 139 likes •384 views

FIDIS / IFIP Summerschool Workshop 2: Privacy Issues Sebastian Pape A Survey on Untransferable Anonymous Credentials 1 Sebastian Pape, Databases and Interactive Systems Research Group Overview Anonymous Credentials Approaches to

slide-1
SLIDE 1

Sebastian Pape, Databases and Interactive Systems Research Group

1

Sebastian Pape

A Survey on Untransferable Anonymous Credentials

FIDIS / IFIP Summerschool Workshop 2: Privacy Issues

slide-2
SLIDE 2

Sebastian Pape, Databases and Interactive Systems Research Group

2

  • Anonymous Credentials
  • Approaches to ensure untransferability
  • System's Security
  • Attacks
  • Comparison / Conclusion

Overview

slide-3
SLIDE 3

Sebastian Pape, Databases and Interactive Systems Research Group

3

Anonymous Credentials

  • Introduced by Chaum
  • Consist of cryptographic tokens (ZKP, Blind/Group Signature)
  • Allow authentication without identification
  • Related to anonymous payment
  • But non-transferablity may be wished
  • age verification
  • driving license
  • student ID
  • ...
  • How can you be sure the token was used by its regular owner?
slide-4
SLIDE 4

Sebastian Pape, Databases and Interactive Systems Research Group

4

Approaches

  • Two different approaches

⇒ Make the user not wanting to share

  • Embed valuable secrets into the system

⇒ Keep tokens secret from user

  • Use of Biometrics
  • Advantages / Disadvantages?
slide-5
SLIDE 5

Sebastian Pape, Databases and Interactive Systems Research Group

5

Embedded Secrets

  • Discourage users to share credentials
  • Sharing a credential shares a valuable secret
  • User's credential is made valuable

beyond primary intent

  • Assumption/Hope: User won't share credentials
  • Interactive Protocol for Credential issuing
  • Keeps embedded secret
  • May be tough to verify the secret's accuracy
slide-6
SLIDE 6

Sebastian Pape, Databases and Interactive Systems Research Group

6

Embedded Secrets

  • Embed secret from outside the system
  • By Lysyanskaya / Rivest / Sahai / Wolf
  • PKI-assured non transferability
  • Valuable Master key
  • To sign legal/financial documents
  • Connect all credentials in the system
  • Camenisch / Lysyanskaya
  • All-or-nothing transferability
slide-7
SLIDE 7

Sebastian Pape, Databases and Interactive Systems Research Group

7

  • User is able to check information flow
  • Observer not needed

Wallet Verifier

Hardware (S)

slide-8
SLIDE 8

Sebastian Pape, Databases and Interactive Systems Research Group

8

AC with Biometrics

  • Access control by biometrics
  • Authentication factor "knowledge"

transformed to "possesion"

  • Smartcard works as Blackbox for the user
  • General biometric problems apply
slide-9
SLIDE 9

Sebastian Pape, Databases and Interactive Systems Research Group

9

  • Suggested by Chaum and Pedersen
  • User is able to check information flow
  • Organisation has to trust observer

Wallet Observer Verifier

Wallet-with-Observer

slide-10
SLIDE 10

Sebastian Pape, Databases and Interactive Systems Research Group

10

Source: www.fidelica.com

  • No template database
  • Match-on-card system
  • Protected against eavesdropper

Biometrics (Hardware)

slide-11
SLIDE 11

Sebastian Pape, Databases and Interactive Systems Research Group

11

  • Extension by Bleumer
  • Biometrics to Observer
  • User is able to check information flow
  • Organisation has to trust observer

Wallet Observer Verifier

Wallet-with-Observer (B)

slide-12
SLIDE 12

Sebastian Pape, Databases and Interactive Systems Research Group

12

System's Security

(S) Security of untransferability by embedding a valuable secret (B) Security of untransferability by biometric access control (G) Security of the basis credential system

slide-13
SLIDE 13

Sebastian Pape, Databases and Interactive Systems Research Group

13

System's Security

 (S1) Value of embedded secret  (S2) Precautions to prevent misuse  (S3) Connection of credential & secret  (B1) Quality of tamperproofness  (B2) Difficulty duping biometric sensors  (G1) Security of cryptographic functions  (G2) Credentials' secrecy (initialization)

slide-14
SLIDE 14

Sebastian Pape, Databases and Interactive Systems Research Group

14

  • Issuer creates credential in regard to

biometrics / secret

  • Verifier has interest to check credential

– Discount (student / handicapped ID) – Enforcement of laws (tobaco, driving)

  • Untransferability is not in the user's interest

Scenario

slide-15
SLIDE 15

Sebastian Pape, Databases and Interactive Systems Research Group

15

  • Main focus:

– Comparison regarding untransferability

  • Assumptions:

– No high-security environment

  • Practical view on security

– 3rd parties have less power than involved p. – All parties use trusted hardware – Tamperproof device chosen by Issuer/Verifier

Attacker Model

slide-16
SLIDE 16

Sebastian Pape, Databases and Interactive Systems Research Group

16

  • Verifier/Issuer wants to gather information

– Wallet-with-observer architecture holds

  • Issuer does not leak/get information

– e.g. credentials, biometrics, embedded secret

  • => User is a possible attacker

– Untransferability is on the user's part

Attacker Model

slide-17
SLIDE 17

Sebastian Pape, Databases and Interactive Systems Research Group

17

Attacks (G)

 (G1) Security of cryptographic functions  (G2) Credentials' secrecy (initialization)

  • Apply to both approaches
  • Assumed to be safe
  • General problem with Wallet-with-Observer
slide-18
SLIDE 18

Sebastian Pape, Databases and Interactive Systems Research Group

18

Wallet-with-Observer Architecture

  • General Problem: Contact to "correct card"?

Wallet Observer Verifier

slide-19
SLIDE 19

Sebastian Pape, Databases and Interactive Systems Research Group

19

Attacks (B)

 (B1) Quality of tamperproofness  (B2) Difficulty duping biometric sensors

  • Biometric device embedded in Smartcard

– Otherwise privacy-risk (cash cards)

  • Moderately secure biometric sensor
  • Attended or unattended control ?
slide-20
SLIDE 20

Sebastian Pape, Databases and Interactive Systems Research Group

20

Attacks (S)

 (S1) Value of embedded secret  (S2) Precautions to prevent misuse  (S3) Connection of credential & secret

  • Precautions depend on value of secret

– User acceptance

  • Detaching credentials unfeasible
  • Value of secret most important
slide-21
SLIDE 21

Sebastian Pape, Databases and Interactive Systems Research Group

21

Attacks (B vs. S)

 (S1) Value of embedded secret

  • Which secret to use?
  • Secret is able to protect lower values
  • Raises system's value

 (B2) Difficulty duping biometric sensors

  • Control depends on (un)attendance
  • Expensive, not universal, error-prone?
slide-22
SLIDE 22

Sebastian Pape, Databases and Interactive Systems Research Group

22

  • (un)attended AC
  • Biometrics
  • Tamperproof +

biometric reader

  • Unlikely
  • Unchanged

Conclusion

  • Secret
  • Secret
  • Not needed
  • May occur
  • Raised
  • Circumvention
  • Universality
  • Special device
  • Unint. Sharing
  • System's Value
slide-23
SLIDE 23

Sebastian Pape, Databases and Interactive Systems Research Group

23

  • (un)attended AC
  • Biometrics
  • Tamperproof +

biometric reader + Unlikely + Unchanged

Conclusion

  • Secret
  • Secret

+ Not needed

  • May occur
  • Raised

Circumvention Universality Special device

  • Unint. Sharing

System's Value