Design Exploration of Transparency Enhancing Technology for - - PowerPoint PPT Presentation

Design Exploration of Transparency Enhancing Technology for Government

Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 2016-02-02

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 1 of 30

Content

1

Introduction Motivation Research question Requirements

2

Existing Technology DigiD eID / Idensys MijnOverheid

3

Architecture Centralized Distributed Federated

4

Design

5

Conclusion

6

Questions

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 2 of 30

Introduction

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 3 of 30

Motivation

Vision of Dutch digital government by 2017 and 2020 Citizens have right of transparency and control over their data

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 4 of 30

Research question

Research question

How could transparency enhancing technology be designed for use by the government without negatively impacting citizen privacy?

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 5 of 30

Requirements

Citizens rights

View your data Correct your data Easily accessible Authorize others Granular access

Government

Authentication Security Electronic ID Foreign eIDs Digital services

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 6 of 30

Existing Technology

Existing DigiD eID / Idensys MijnOverheid These example systems are all part of the solution currently implemented by the Dutch government.

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 7 of 30

DigiD

Existing DigiD eID / Idensys MijnOverheid Secure* identity provider for government sites.

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 8 of 30

eID / Idensys

Existing DigiD eID / Idensys MijnOverheid Secure identity provider for government and business providing STORK 3 / 4 level authentication.

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 9 of 30

MijnOverheid

Existing DigiD eID / Idensys MijnOverheid Digital postbox for official government mail.

printer

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 10 of 30

MijnOverheid

Existing DigiD eID / Idensys MijnOverheid Digital ✘✘✘

✘

postbox for official government mail.

printer

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 11 of 30

Distribution Architecture

Centralized Distributed Federated

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 12 of 30

Architecture - Centralized

a1 a2 a3 ... aN s1 u3 u2 u1 ... uN A centralized server architecture where all agencies (a1-aN) and users (u1-uN) use the same central service.

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 13 of 30

Architecture - Distributed

a a a a a a a a u u u u u u u u

A distributed architecture where all agencies and users are peers.

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 14 of 30

Architecture - Federated

a1 a2 a3 a4 a5 ... aN s1 s2 s3 s5 s4 u4 u3 u2 u1 u5 ... uN

A Federated server architecture where all agencies (a1-aN) and users (u1-uN) choose which service they use.

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 15 of 30

Design Discussion

Design Architecture When we evaluate the requirements for the transparency enhancing system, with an additional focus on the requirement for privacy by design, it seems most promising to use a federated architecture for our design.

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 16 of 30

Design - Distribution

a1 a2 a3 a4 a5 ... aN s1 s2 s3 s5 s4 u4 u3 u2 u1 u5 ... uN directory

Design based on a federated architecture where all users can choose their home service by storing a signed pointer in a public directory.

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 17 of 30

Design - Home service

a1 a2 a3 a4 a5 ... aN s1 s2 s3 s5 s4 u4 u3 u2 u1 u5 ... uN directory

u1→s5

Public home service example: User u1 indicates his/her home service is s5.

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 18 of 30

Design - Home lookup

a1 a2 a3 a4 a5 ... aN s1 s2 s3 s5 s4 u4 u3 u2 u1 u5 ... uN directory

u1→s5

Public home service lookup example: Agency a1 needs to find u1 home service.

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 19 of 30

Design - File push

a1 a2 a3 a4 a5 ... aN s1 s2 s3 s5 s4 u4 u3 u2 u1 u5 ... uN directory

u1→s5

Agency file push example: Agency a1 pushes a file to their user u1 namespace at service s5.

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 20 of 30

Design - Key issuance

Government key issuance

You Physically + Identification Government Official eID Card + Certificate visit issue

Own keypair registration

You Physically + Identification + Smart Card Government Official Certificate visit vouch

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 21 of 30

Design - Encryption

Symmetric file encryption with asymmetric key encryption

File + Symmetric key + Public key Encrypted file + Encrypted key =

Asymmetric key decryption with symmetric file decryption

Encrypted file + Encrypted key + Private key File + Symmetric key =

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 22 of 30

Design - Request 1 file

Iteratively request a single user file:

1 Send user lookup 2 Return user home 3 Sign request 4 Send request 5 Authorise + Log 6 Return key + meta 7 Request file blob 8 Return file blob 9 Client decodes file

3 1 4 7 9 2 5 6 8 Client Home Directory Storage

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 23 of 30

Design - Namespaces

Users have namespaces with separate access control, for example:

user12345678/belastingdienst

Signed ACL + Symmetric key User12345678 key + Belastingdienst key + Accountant key =

user12345678/gemeente amsterdam

Signed ACL + Symmetric key User12345678 key +

• E. van der Laan key

+ My wife’s key =

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 24 of 30

Design - Add file(s)

Add one or more files to a namespace:

1 Sign request 2 Send request 3 Return user home 4 Resend request 5 Authorise + Log 6 Return key + OK 7 Encrypt file(s) 8 Send file(s) + meta 9 Verify + Log 10 Forward file blob(s) 11 Report status 12 Forward status

1 2 4/8 7 3 5/9 6/12 10 11 Agency Home Directory Storage

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 25 of 30

Conclusion

Conclusion

Transparency enhancing technology that does not negatively impact user privacy is feasible.

Advantages

Privacy by design Strong crypto Verifyable Scalable Future proof

Ideal scenario

Only hardware tokens No data leakage Independent audits Large infrastructure Forward compatibility

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 26 of 30

Questions

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 27 of 30

Design - Request N files

Recursively request multiple user files trough directory proxy:

1 Sign request 2 Send request 3 Forward request 4 Authorise + Log 5 Return key + meta 6 Request file blobs 7 Return file blobs 8 Forward file blobs 9 Client decodes files

1 2 9 3 6 6 6 8 (HTTP2) 5 4 7 7 7 Client Trusted proxy Home s1 s2 s3

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 28 of 30

Design - Additional keys

Register your own additional smart card

Primary card + Certificate + New card certificate vouch

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 29 of 30

Design - Revocation

There are two scenario’s for compromised key revocation:

User has/had multiple keys

Sign key revocation certificate with other key Re-sign important data with new primary key Effect is immediate No interruption No data loss

User has lost last/only key

New key must be issued in person (STORK 4) Revocation takes duration of processing All namespaces need to be rebuilt May result in data loss

Transparency Enhancing Technology Mathijs Houtenbos Supervisor: Guido van ’t Noordende, Whitebox Systems 30 of 30