Privacy Preserving Identity Attribute
Verification in Windows CardSpace

            Kevin Steuer Jr
           Ruchith Fe...
Windows CardSpace
Identity Manager




Identity Selector                      Relying Party
Identity Manager
● Information card issuer
● Security Token Service
Identity Selector
Source : http://en.wikipedia.org/wiki/File:Cardspace_identity_selector.png
Information Card
XML Descriptor
Issued by an identity manager

           Managed
               &
          Self Issued
Relying Parties/Service Providers
       ● Specifies the required claims
● Expects an XML token containing the values
Problems
    ?
Identity Manager is trusted in
 securely storing user's identity
          attribute values
Identity Manager holds the att...
Proposed Approach
Semi-Trusted Identity Manager
Relying Party → User :
Do you have a Social Security Number?
Just proving that the user does is sufficient!
No need to give away the SSN to the
           Relying Party!
Let the Identity Manager store only a
     COMMITMENT of the SSN

We use the Pedersen commitment
Pedersen Commitment

                                    c=gxhr



●G : Finite cyclic group of large prime order p so that...
The user obtains a signed identity attribute value
           from an identity provider

Sets up the commitment with the i...
How is it used with at a Service Provider?
Zero Knowledge Proof Of
      Knowledge
Schnorr protocol

1. U randomly chooses y, s ∊ F*p , and sends V the

element d = gyhs ∊ G

2. V picks a random value e ∊ ...
VeryIDX Managed Card
<ic:SupportedClaimType
Uri="http://veryidx...strongclaims/ssn">
   <ic:DisplayTag>Strong Claim SSN</ic:DisplayTag>
   <ic:...
User is prompted to enter the value of the
               strong claim
           to carryout the proof
But ....
What about the 2nd and 3rd attempts?
Linkability
Consistent attribute values to the relying parties
The identity selector will prove the
     same commitment value
       to the relying party!
Make sure we don't present the same
commitment twice to the relying party!
Original Commitment :
          c1 = gxhr

Commitment in the token to RP :
          ci = gc1hri
Request Security Token Response

<wst:RequestSecurityTokenResponse>
   ...
   <vi:SupportedStrongClaimValues>
      <vi:Cl...
Identity Manager : WSO2 Identity Server (IS)

         Identity Selector : Higgins

     Relying Party : WSO2 IS Java RP

...
Thank You !
Privacy Preserving Identity Attribute Verification in Windows CardSpace
Privacy Preserving Identity Attribute Verification in Windows CardSpace
Upcoming SlideShare
Loading in …5
×

Privacy Preserving Identity Attribute Verification in Windows CardSpace

1,188 views

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,188
On SlideShare
0
From Embeds
0
Number of Embeds
192
Actions
Shares
0
Downloads
12
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Privacy Preserving Identity Attribute Verification in Windows CardSpace

  1. 1. Privacy Preserving Identity Attribute Verification in Windows CardSpace Kevin Steuer Jr Ruchith Fernando Elisa Bertino October 8, 2010
  2. 2. Windows CardSpace
  3. 3. Identity Manager Identity Selector Relying Party
  4. 4. Identity Manager ● Information card issuer ● Security Token Service
  5. 5. Identity Selector
  6. 6. Source : http://en.wikipedia.org/wiki/File:Cardspace_identity_selector.png
  7. 7. Information Card
  8. 8. XML Descriptor Issued by an identity manager Managed & Self Issued
  9. 9. Relying Parties/Service Providers ● Specifies the required claims ● Expects an XML token containing the values
  10. 10. Problems ?
  11. 11. Identity Manager is trusted in securely storing user's identity attribute values Identity Manager holds the attribute values in plain
  12. 12. Proposed Approach
  13. 13. Semi-Trusted Identity Manager
  14. 14. Relying Party → User : Do you have a Social Security Number?
  15. 15. Just proving that the user does is sufficient!
  16. 16. No need to give away the SSN to the Relying Party!
  17. 17. Let the Identity Manager store only a COMMITMENT of the SSN We use the Pedersen commitment
  18. 18. Pedersen Commitment c=gxhr ●G : Finite cyclic group of large prime order p so that the Computational Diffie-Hellman (CDH) problem is hard in G ● A generator g ∊ G ● x, r ∊ {0, 1, ... , p-1} = Fp
  19. 19. The user obtains a signed identity attribute value from an identity provider Sets up the commitment with the identity manager
  20. 20. How is it used with at a Service Provider?
  21. 21. Zero Knowledge Proof Of Knowledge
  22. 22. Schnorr protocol 1. U randomly chooses y, s ∊ F*p , and sends V the element d = gyhs ∊ G 2. V picks a random value e ∊ F*p , and sends e as a challenge to U. 3. U sends u = y + ex, v = s + er, both in Fp, to V. u v e 4. V accepts the proof if and only if g h = d c in G.
  23. 23. VeryIDX Managed Card
  24. 24. <ic:SupportedClaimType Uri="http://veryidx...strongclaims/ssn"> <ic:DisplayTag>Strong Claim SSN</ic:DisplayTag> <ic:Description>Strong Claim ...</ic:Description> </ic:SupportedClaimType> <vi:SupportedStrongClaimValues xmlns:vi="http://veryi..."> <vi:StrongClaimValue Uri="http://veryidx...strongclaims/ssn"> <vi:Commitment>743872676989=</vi:Commitment> <vi:R>329839797987493827983=</vi:R> </vi:StrongClaimValue> </vi:SupportedStrongClaimValues>
  25. 25. User is prompted to enter the value of the strong claim to carryout the proof
  26. 26. But ....
  27. 27. What about the 2nd and 3rd attempts?
  28. 28. Linkability Consistent attribute values to the relying parties
  29. 29. The identity selector will prove the same commitment value to the relying party!
  30. 30. Make sure we don't present the same commitment twice to the relying party!
  31. 31. Original Commitment : c1 = gxhr Commitment in the token to RP : ci = gc1hri
  32. 32. Request Security Token Response <wst:RequestSecurityTokenResponse> ... <vi:SupportedStrongClaimValues> <vi:ClaimValue Uri="http://veryidx...strongclaims/xyz"> <vi:Commitment>77666876989=</vi:Commitment> <vi:R>329839797987493827983=</vi:R> </vi:ClaimValue> </vi:SupportedStrongClaimValues> </wst:RequestSecurityTokenResponse> Used by the identity selector to retrieve the new commitment and random values
  33. 33. Identity Manager : WSO2 Identity Server (IS) Identity Selector : Higgins Relying Party : WSO2 IS Java RP ZKPK implementation : VeryIDX
  34. 34. Thank You !

×