Mixing Identities with Ease
- 1. Patrik Bichsel, Jan Camenisch
IBM Research – Zurich
18 November 2010
IFIP IDMAN 2010, Oslo
Mixing Identities with Ease
1 / 14 ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 2. IBM Research – Zurich
Motivation
Where do we authenticate?
How?
2 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 3. IBM Research – Zurich
Motivation
Where do we authenticate?
How?
2 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 4. IBM Research – Zurich
Motivation
Identification instead of authentication
Dispersion of many attributes
Profiling and behavioral analysis
Loss of control over their own data
Problem
We communicate too much information!
Solution
Use privacy-friendly authentication solutions such as anonymous
credential systems.
3 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 5. IBM Research – Zurich
Motivation
Identification instead of authentication
Dispersion of many attributes
Profiling and behavioral analysis
Loss of control over their own data
Problem
We communicate too much information!
Solution
Use privacy-friendly authentication solutions such as anonymous
credential systems.
3 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 6. IBM Research – Zurich
Motivation
Identification instead of authentication
Dispersion of many attributes
Profiling and behavioral analysis
Loss of control over their own data
Problem
We communicate too much information!
Solution
Use privacy-friendly authentication solutions such as anonymous
credential systems.
3 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 7. IBM Research – Zurich
Motivation
Identification instead of authentication
Dispersion of many attributes
Profiling and behavioral analysis
Loss of control over their own data
Problem
We communicate too much information!
Solution
Use privacy-friendly authentication solutions such as anonymous
credential systems.
3 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 8. IBM Research – Zurich
Motivation
Identification instead of authentication
Dispersion of many attributes
Profiling and behavioral analysis
Loss of control over their own data
Problem
We communicate too much information!
Solution
Use privacy-friendly authentication solutions such as anonymous
credential systems.
3 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 9. IBM Research – Zurich
Outline
Motivation
Identity Mixer
Introduction
Challenges
Specification Language
Conclusion
4 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 10. IBM Research – Zurich
Outline
Motivation
Identity Mixer
Introduction
Challenges
Specification Language
Conclusion
4 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 11. IBM Research – Zurich
Outline
Motivation
Identity Mixer
Introduction
Challenges
Specification Language
Conclusion
4 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 12. IBM Research – Zurich
Outline
Motivation
Identity Mixer
Introduction
Challenges
Specification Language
Conclusion
5 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 13. IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 14. IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 15. IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 16. IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 17. IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 18. IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 19. IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 20. IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 21. IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 22. IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 23. IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 24. IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 25. IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 26. IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 27. IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 28. IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 29. IBM Research – Zurich
Outline
Motivation
Identity Mixer
Introduction
Challenges
Specification Language
Conclusion
7 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 30. IBM Research – Zurich
Identity Mixer - Challenges
Issuing Protocol
Description of Credentials
Signing unknown and committed attributes
Creating credential updates
Proving Protocol
Selective release of attributes
Property proofs (e.g., inequality, set membership)
Additional cryptographic values (e.g., verifiable encryption)
Usage limitation
8 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 31. IBM Research – Zurich
Identity Mixer - Challenges
Issuing Protocol
Description of Credentials
Signing unknown and committed attributes
Creating credential updates
Proving Protocol
Selective release of attributes
Property proofs (e.g., inequality, set membership)
Additional cryptographic values (e.g., verifiable encryption)
Usage limitation
8 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 32. IBM Research – Zurich
Identity Mixer - Challenges
Issuing Protocol
Description of Credentials
Signing unknown and committed attributes
Creating credential updates
Proving Protocol
Selective release of attributes
Property proofs (e.g., inequality, set membership)
Additional cryptographic values (e.g., verifiable encryption)
Usage limitation
8 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 33. IBM Research – Zurich
Outline
Motivation
Identity Mixer
Introduction
Challenges
Specification Language
Conclusion
9 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 34. IBM Research – Zurich
Specification Language - Credential Structure
10 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 35. IBM Research – Zurich
Specification Language - Credential Structure
10 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 36. IBM Research – Zurich
Specification Language - Credential Structure
10 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 37. IBM Research – Zurich
Specification Language - Credential Structure
10 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 38. IBM Research – Zurich
Specification Language - Credential Structure
10 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 39. IBM Research – Zurich
Specification Language - Credential Structure
10 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 40. IBM Research – Zurich
Specification Language - Proof Specification
11 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 41. IBM Research – Zurich
Specification Language - Proof Specification
11 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 42. IBM Research – Zurich
Specification Language - Proof Specification
11 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 43. IBM Research – Zurich
Specification Language - Proof Specification
11 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 44. IBM Research – Zurich
Specification Language - Proof Specification
11 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 45. IBM Research – Zurich
Specification Language - Proof Specification
11 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 46. IBM Research – Zurich
Specification Language - Proof Specification
11 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 47. IBM Research – Zurich
Conclusion
Results
Abstraction from underlying cryptography
Language for system components
Implementation
Future Work
Connection to Standards (e.g., SAML)
Interoperability (e.g., U-Prove)
12 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 48. IBM Research – Zurich
Conclusion
Results
Abstraction from underlying cryptography
Language for system components
Implementation
Future Work
Connection to Standards (e.g., SAML)
Interoperability (e.g., U-Prove)
12 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 49. IBM Research – Zurich
Conclusion
Results
Abstraction from underlying cryptography
Language for system components
Implementation
Future Work
Connection to Standards (e.g., SAML)
Interoperability (e.g., U-Prove)
12 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 50. IBM Research – Zurich
Conclusion
Finally we can use advanced authentication systems!
13 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 51. IBM Research – Zurich
Thank you!
Implementation http://prime.inf.tu-dresden.de/idemix/
Talk http://www.zurich.ibm.com/˜pbi/
14 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation