Your SlideShare is downloading. ×
Attribute-based Authentication
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Attribute-based Authentication

1,311
views

Published on

Presenting the works of the EU projects PrimeLife and ABC4Trust, on how to employ attribute-based credentials (at the Newcastle security forum). The slides are provided by IBM Research - Zurich, in …

Presenting the works of the EU projects PrimeLife and ABC4Trust, on how to employ attribute-based credentials (at the Newcastle security forum). The slides are provided by IBM Research - Zurich, in particular Jan Camenisch, Gregory Neven and Anja Lehmann.

Published in: Technology

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,311
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
52
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Privacy-enhancing Attribute-based Authentication Presenting works of the EU Projects PrimeLife and ABC4Trust Slides provided by theIBM Research – Zurich identity and privacy team(mostly from Jan Camenisch, Anja Lehmann, Gregory Neven)
  • 2. Authentication and Anonymity?[ Pictures: PCStelcom, BeautifulRailroadBridgeOverTheSilveryTay.Wordpress ]
  • 3. Anja Lehmann, IBM Research – Zurich, 10.06.2011ABC4Trust & PrimeLife TutorialPart I: Introduction toPrivacy-Preserving Authentication 1 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 4. Authentication l n tia e cred Issuer I am Alice Doe Convince me! and Im over 18! btw … I trust the Issuer show credential User Verifier 7 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 5. Authenticationcredential / certificate  signed list of attribute-value pairs name = Alice Doe birth date = 1973/01/26 signed by the issuer 8 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 6. Signature Scheme public key message private key priv signature Verify( , , ) = true = Sign( , priv ) 9 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 7. Signature Scheme | Unforgeability public key private key priv such that Verify( , , ) = true 10 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 8. Classical Authentication © 2009 IBM Corporation
  • 9. Standard Public-Key Certificatese.g., X.509 certificates In the beginning… 12 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 10. Standard Public-Key Certificatese.g., X.509 certificates Obtaining a certificate… name = Alice Doe, birth date = 1973/01/26, pk = 13 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 11. Standard Public-Key Certificatese.g., X.509 certificates Using a certificate… linkable by certificate & public key linkable by certificate & public key name = Alice Doe, birth date = 1973/01/26, pk = full attribute disclosure full attribute disclosure 14 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 12. Standard Public-Key Certificatese.g., X.509 certificates Using a certificate again… name = Alice Doe, birth date = 1973/01/26, pk = name = Alice Doe, birth date = 1973/01/26, pk = linkable when used multiple times linkable when used multiple times 15 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 13. Privacy-Preserving Authentication © 2009 IBM Corporation
  • 14. Privacy-Preserving Authentication: General Concepts  Basic Functionality Minimal Disclosure Tokens  Pseudonyms and Combining/Binding of Multiple Tokens Minimal Disclosure Wallets  Extensions  Revocation  Usage Limitation  Inspection  ...17 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 15. Minimal Disclosure Tokens In the beginning… 18 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 16. Minimal Disclosure Tokens Obtaining a token… name = Alice Doe, birth date = 1973/01/26, ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 17. Minimal Disclosure Tokens Using a token … ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 18. Minimal Disclosure Tokens Using a token … name = Alice Doe, birth date = 1973/01/26 issuance and showing are unlinkable issuance and showing are unlinkable ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 19. Minimal Disclosure Tokens Using a token … name = ?, birth date = 1973/01/26 selective attribute disclosure selective attribute disclosure ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 20. Minimal Disclosure Tokens  Protection of users privacy  anonymity  unlinkeability (single-use)  selective disclosure  Unforgeability of tokens ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 21. Minimal Disclosure TokensUnforgeability: Alice should not be able to show a token that she never obtained name = Alice Doe, birth date = 1973/01/26 name = Alice Doe, birth date = 1947/01/26, ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 22. Privacy-Preserving Authentication: General Concepts  Basic Functionality Minimal Disclosure Tokens  Pseudonyms and Combining/Binding of Multiple Tokens Minimal Disclosure Wallets  Extensions  Revocation  Usage Limitation  Inspection  ...25 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 23. Minimal Disclosure Wallets  extended version of minimal disclosure tokens:  Protection of users privacy  pseudonymity  unlinkeability (multi-use)  using/combining multiple credentials  selective disclosure  Unforgeability of credentials  Consistency of credentials (no sharing) 26 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 24. Minimal Disclosure Wallets In the beginning… master key = unique private identity 27 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 25. Minimal Disclosure Wallets Obtaining a credential… pseudonym = ephemeral public identity ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 26. Minimal Disclosure Wallets Obtaining a credential… name = Alice Doe, birth date = 1973/01/26, nym = ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 27. Minimal Disclosure Wallets Using a credential… ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 28. Minimal Disclosure Wallets Using a credential… selective attribute disclosure selective attribute disclosure name = ?, birth date = 1973/01/26 issuance and showing are unlinkable issuance and showing are unlinkable ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 29. Minimal Disclosure Wallets Using a credential again… name = ?, birth date = 1973/01/26 name = Alice Doe, birth date = ? multi-show unlinkability multi-show unlinkability ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 30. Minimal Disclosure Wallets Using multiple credentials… passport drivers license passport: birth date = 1973/01/26 drivers license: vehicle cat B ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 31. Minimal Disclosure Wallets  Protection of users privacy  pseudonymity  unlinkeability (multi-use)  using/combining multiple credentials  selective disclosure  Unforgeability of credentials  Consistency of credentials (no sharing) 34 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 32. Minimal Disclosure WalletsSharing Prevention: Alice and Eve should not be able to share credential name = Alice Doe, birth date = 1973/01/26 name = Alice Doe, birth date = 1973/01/26 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 33. Minimal Disclosure Wallets  Protection of users privacy  pseudonymity  unlinkeability (multi-use)  using/combining multiple credentials  selective disclosure  Unforgeability of credentials  Consistency of credentials (no sharing) 36 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 34. Privacy-Preserving Authentication: General Concepts  Basic Functionality Minimal Disclosure Tokens  Pseudonyms and Combining/Binding of Multiple Tokens Minimal Disclosure Wallets  Extensions  Predicates over Attributes  Revocation  Device Binding  Inspection  Usage Limitation  ...37 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 35. Extended Functionality  Predicates over attributes  Credentials on hidden attributes  Device binding  Domain pseudonym  Revocation of credentials  Inspection of credentials/attributes  Usage limitation  Censorable Audit Logs ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 36. Predicate Over Attributes name = ?, birth date = 1973/01/26 > 1993/06/10Range Proofs Age > 18, 10 < Age < 16, … is user over 18? credit card expiration date > todaySet Membership status: {children, student, senior}Logical Combinations (credit card status = silver or gold) and valid drivers license ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 37. Extended Functionality  Predicates over attributes  Credentials on hidden attributes  Device binding  Domain pseudonym  Revocation of credentials  Inspection of credentials/attributes  Usage limitation  Censorable Audit Logs ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 38. Credentials on Hidden AttributesUser can prove statements on hidden attributes name = Alice Doe birth date = name = Alice Doe, birth date = 1973/01/26 name = Alice Doe, birth date = 1973/01/26 similar to usage of pseudonyms = commitments to master secret ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 39. The idemix Library © 2009 IBM Corporation
  • 40. Implementation available :-) Identity Mixer is an implementation of Private Credentials Provides a library with all the crypto  Issuing credentials  Transforming credentials according to a specified statement (policy)  Includes many of the features discussed Provides a credential-based AC engine  Relying party specifies attributes & credentials requirements  User matches that to available credentials and generates „evidence“ Get it at www.PrimeLife.eu/opensource and use it  ..as do a number of projects already :-) ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 41. Authentication/Access Control Engine ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 42. Card-based access requirements language (CARL)Policy and proof presentation in CARL and SAML/XACML• Policy: requirements on owned cards, e.g., own p::Passport issued-by admin.ch, fgov.be, governo.it own c::Creditcard issued-by visa.com, amex.com reveal c.number, c.expdate where p.name = c.name ^ p.bdate < today-18Y ^ c.expdate > today ^ p.expdate > today+1M• Authentication = claim over owned cards + evidence, e.g., own p::Passport issued-by admin.ch own c::Creditcard issued-by visa.com reveal c.number = “1234567890” reveal c.expdate = “31/12/2012” where p.name = c.name ^ p.bdate < 22/03/1993 ^ p.expdate > 22/04/2011 ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 43. IBM Identity Mixer: Framework Policy LayerCrypto Token Layer Minimal Full DirectComposed Group disclosure Credential Anonymous … schemes signatures tokens system attestation Efficient zero-knowledge proofs Signatures onBuilding Verifiable Pseudonyms Verifiable lists of messages Revocation blocks Encryptio0n Commitments Random Functions (Credentials) U-Prove CLInstan- sigs sigstiations
  • 44. “Token Transforming” LanguageDeclaration{ id1:unrevealed:string; id2:unrevealed:string; id3:unrevealed:int; id4:unrevealed:enum; id5:revealed:string; id6:unrevealed:enum }ProvenStatements{ Credentials{ randName1:http://www.ch.ch/passport/v2010/chPassport10.xml = { FirstName:id1, LastName:id2, CivilStatus:id4 } randName2:http://www.ibm.com/employee/employeeCred.xml = {LastName:id2, Position:id5, Band:5, YearsOfEmployment:id3 } randName3:http://www.ch.ch/health/v2010/healthCred10.xml = { FirstName:id1, LastName:id2, Diet:id6 } } Inequalities{ {http://www.ibm.com/employee/ipk.xml, geq[id3,4]} } Commitments{ randCommName1 = {id1,id2}; randCommName2 = {id6} } Representations{ randRepName = {id5,id2; base1,base2} } Pseudonyms{ randNymName; http://www.ibm.com/employee/ } VerifiableEncryptions{ {PublicKey1, Label, id2} } Message { randMsgName = “Term 1:We will use this data only for ...” }} ABC4Trust & PrimeLife − Tutorial − 10.06.2011
  • 45. Jan Camenisch, IBM Research – Zurich, 10.06.2011ABC4Trust & PrimeLife TutorialQuestions?www.abc4trust.euwww.primelife.euwww.zurich.ibm.com/security/idemix 23 ABC4Trust & PrimeLife − Tutorial − 10.06.2011