Digitale Ausweise fr physische Identifikation? Univ.-Prof. Dr. Ren - - PowerPoint PPT Presentation

Digitale Ausweise für physische Identifikation?

Univ.-Prof. Dr. René Mayrhofer und Michael Hölzl, MSc Institut für Netzwerke und Sicherheit, Johannes Kepler Universität Linz Vortrag zur IKT-Sicherheitskonferenz 2016 2016-10-11 11:15, St. Johann im Pongau

Digitale Ausweise für physische Identifikation 2016-10-11 2

Motivating Scenario: Convergence of Security-Critical Services

Digitale Ausweise für physische Identifikation 2016-10-11 3

Digital Identity: State of the Art

 OpenID: some (large) providers, many (small) consumers

 Facebook  Google  ...

 FIDO

 U2F  UAF

 Österreichische Bürgerkarte

→ all optimized for web page login, not physical identification

Digitale Ausweise für physische Identifikation 2016-10-11 4

Motivating Scenario: Convergence of Security-Critical Services

Digitale Ausweise für physische Identifikation 2016-10-11 5

Digital (Photo-) ID for Physical Identification

 Online solution: MIA (My Identity App) by Österreichische

Staatsdruckerei

 App for smart phones for using „virtual“ identity cards  requires online connectivity for verifying these documents

 Current project in JRZ u‘smile: AmDL (Austrian mobile Driving

License) with partners

 A1 Telekom  Drei-Banken-EDV  LG Nexera  NXP Semiconductors  Österreichische Staatsdruckerei  SBA Research

Digitale Ausweise für physische Identifikation 2016-10-11 6

AmDL Use Case 1: Identity Verification by Police

 All relevant attributes need to

be presented, e.g.

 Name  Date of birth  Full-resolution photo  (optional) Biometric identifiers  Vehicle classes  Restrictions/limitations  ...

 Only accessible to officially

certified readers

 Offline ID attributes transfer

and offline verification

 Should also work when mobile

phone battery is empty!

Place of Birth:

Ulm, Germany

Citizenship:

USA, Switzerland

Signature: Givenname:

Albert

Surname:

EINSTEIN

Date of Birth:

1879-03-14

ID number:

123456789

Sex:

M

GENUINE

Digitale Ausweise für physische Identifikation 2016-10-11 7

AmDL Use Case 2: Age Verification

 Age verification by e.g.

 Automated vending machines  Bouncers at clubs  Entrance staff for birthday

rebate promotions  Only age attribute should be

transferred in privacy- sensitive manner

 Not the full date of birth!  Support binary yes/no answers

for specific use case

Place of Birth:

Ulm, Germany

Citizenship:

USA, Switzerland

Signature: Givenname:

Albert

Surname:

EINSTEIN

Date of Birth:

1879-03-14

ID number:

123456789

Sex:

M

GENUINE

> 16 years

Digitale Ausweise für physische Identifikation 2016-10-11 8

AmDL Use Case 3: Time-based Ticket for Public Transport

 Typical for public transport

 Monthly  Yearly  (any time period)

 No identifiers should to be

transferred (no name, date of birth, etc.) for privacy reasons

 Location traces are highly

sensitive personal data  Still need to support typical

• perations

 Unforgeability  Revocation (loss, theft, non-

payment, etc.)

Digitale Ausweise für physische Identifikation 2016-10-11 9

Requirements

Functional

 Real-world identification  One-to-many  Revocation

Security

 Key confidentiality  Unforgeability  Communication protection  State-of-the-art cryptography

Mobility

 Offline  Power-off  Scalability

Privacy

 Unlinkability  User control  Privacy-preserving attribute

queries

Digitale Ausweise für physische Identifikation 2016-10-11 10

Extensible and Privacy-preserving Mobile eID

Digitale Ausweise für physische Identifikation 2016-10-11 11

Technologies

 NFC Secure Element (SE)

 Protect identity keys  Integrity assurances  Code isolation

 Group signatures

 Members can sign on behalf of the group  Anonymity in the group  Unlinkability

Digitale Ausweise für physische Identifikation 2016-10-11 12

Privacy-preserving Identification

Place of Birth:

Ulm, Germany

Citizenship:

USA, Switzerland

Signature: Givenname:

Albert

Surname:

EINSTEIN

Date of Birth:

1879-03-14

ID number:

123456789

Sex:

M

GENUINE

Place of Birth:

Ulm, Germany

Citizenship:

USA, Switzerland

Signature: Givenname:

Albert

Surname:

EINSTEIN

Date of Birth:

1879-03-14

ID number:

123456789

Sex:

M

GENUINE

> 16 years

Group signature of national eID

Digitale Ausweise für physische Identifikation 2016-10-11 13

Place of Birth:

Ulm, Germany

Citizenship:

USA, Switzerland

Signature: Givenname:

Albert

Surname:

EINSTEIN

Date of Birth:

1879-03-14

ID number:

123456789

Sex:

M

GENUINE

== Austrian

Privacy-preserving Identification

Place of Birth:

Ulm, Germany

Citizenship:

USA, Switzerland

Signature: Givenname:

Albert

Surname:

EINSTEIN

Date of Birth:

1879-03-14

ID number:

123456789

Sex:

M

GENUINE

> 16 years

 Privacy-preserving attribute queries

 Attribute inequality query

 E.g. above 16 years old?

 Attribute equality query

 E.g. Austrian citizen?

 Group membership query

 E.g. enrolled to public transport system?  E.g. allowed to drive this vehicle class (for

renting a car)?

Digitale Ausweise für physische Identifikation 2016-10-11 14

Group/Division Membership

 Extensibility of eID for the use with numerous groups/divisions

 e.g. loyalty card, public transport ticket, students card, etc.  Challenge: unlinkability, untraceability

Place of Birth:

Ulm, Germany

Citizenship:

USA, Switzerland

Signature: Givenname:

Albert

Surname:

EINSTEIN

Date of Birth:

1879-03-14

ID number:

123456789

Sex:

M

Digitale Ausweise für physische Identifikation 2016-10-11 15

Group/Division Membership

 Approach

 Pseudonym concept of Austrian Bürgerkarte  Each division has an identifier  eID generates pseudonym for division  Divisions can add data to eID  Protected with TOFU database

where n is a random nonce and D are data attributes

Givenname:

Albert

Surname:

EINSTEIN

ID number:

123456789 derive

idu, d=H(idu || id d) id d C=E(pk d,idu ,d⊕n || D)

Digitale Ausweise für physische Identifikation 2016-10-11 16

Extensible and Privacy-preserving Mobile eID

Digitale Ausweise für physische Identifikation 2016-10-11 17

Revocation

 Scenarios

 User lost her phone (the eID)

 Revocation done by user

 eID has been withdrawn (e.g.

holder deceased)

 Done by central authorities

 Additional threat: identity theft

Digitale Ausweise für physische Identifikation 2016-10-11 18

Revocation

 Usual approach: revocation list  Problem: no ID in group signature  Additional challenges:

• 1. Items on the revocation list might

loose anonymity

• 2. Additional computation effort
• 3. Could weaken unlinkability
• 4. Growing revocation list

Digitale Ausweise für physische Identifikation 2016-10-11 19

Preserving Privacy beyond Revocation

 New revocation concept based on

 Offline revocation token generation on SE  Bloom filter

 Features of our approach

 Scalability through efficient revocation check (O(1))  Backwards unlinkability  Verifier-local revocation check  Offline verification

Digitale Ausweise für physische Identifikation 2016-10-11 20

Preserving Privacy beyond Revocation

 Revocation list based on bloom filter

 Probabilistic data structure  Provides scalability  Revocation token difficult to restore

1 1 1 1 1 1 1 { x, y, z } w

Digitale Ausweise für physische Identifikation 2016-10-11 21

Preserving Privacy beyond Revocation

 Verifier → Prover

 Random identifier

and challenge  Prover → Verifier

 Generated revocation token  Validation of group membership

id v rti, v=H (id v || H (id u, se || gpk || ci)) ch σ= sign(gski ,ch || rti,v)

1 1 1 1 1 1 1 { x, y, z }

Revocation filter

Digitale Ausweise für physische Identifikation 2016-10-11 22

Preserving Privacy beyond Revocation

 Computation times

Digitale Ausweise für physische Identifikation 2016-10-11 23

Open Issue: Backup of Digital Identity

Digitale Ausweise für physische Identifikation 2016-10-11 24

Next Step: Digital Identity in the Cloud

LIKE ME! Trust us, we have a Privacy Shield! Friends with Faces

Digitale Ausweise für physische Identifikation 2016-10-11 25

Next Step: Digital Identity in the Cloud

You can search for everybody And we have assistants Data stored for future improvement

• f all our services

Sicherheit in der Digitalisierung 2016-10-07 26

Next Step: Digital Identity in the Cloud

D i g i t a l w

• r

l d P h y s i c a l w

• r

l d

d i g i t a l s e r v i c e d i s c

• v

e r y , d i s t r i b u t e d n e t w

• r

k s e t u p 1 4 5 6 7 3 certify identity 2 provide unique ID 8 trigger reaction

V E R I F I E R

[

• p

e n ma r k e t ]

P E R S O N A L A G E N T T

P M

[ g l

• b

a l l y u n i v e r s a l ]

B I O M E T R I C S E N S O R T

P M

[ l

• c

a l l y d i f f e r e n t ]

We are looking for interested partners:

• technology
• use cases
• funding ...

JOHANNES KEPLER UNIVERSITÄT LINZ Altenberger Str. 69 4040 Linz, Österreich www.jku.at

Danke für Ihre Aufmerksamkeit! Fragen?

Univ.-Prof. Dr. René Mayrhofer Vorstand des Instituts für Netzwerke und Sicherheit rm@ins.jku.at Michael Hölzl, MSc Universitätsassistent mh@ins.jku.at

Digitale Ausweise für physische Identifikation 2016-10-11 28

Credits

 Icons

 SIM Card by Arthur Shlain from the Noun Project  People pattern by Eliricon from the Noun Project  Agreement by Chameleon Design from the Noun Project  Smart Phone by Emily Haasch from the Noun Project  Airplane Ticket by Creative Stall from the Noun Project  Bus tickets by Iulia Ardeleanu from the Noun Project  Loyalty Card by icon 54 from the Noun Project  Business card by Karthik Aathis from the Noun Project

 Pictures

 Broken phone from

https://pixabay.com/en/mobile-phone-broken-mobile-phone-1230984/

 Faces from

https://pixabay.com/en/system-network-news-connection-954972/

 Eye with Google logo from

https://pixabay.com/en/eye-google-detail-macro-face-1686932/