ABSTRACT
Classical authentication mechanisms have various drawbacks such as the weak security properties they achieve, users' privacy, service providers' data quality, and the necessary protection of the collected data. Credential-based authentication is a first step towards overcoming these drawbacks. When used with anonymous credentials, the personal data disclosed can be reduced to the minimum with respect to a business purpose while improving the assurance of the communicated data. However, this privacy-preserving combination of technologies is not used today. One reason for this lack of adoption is that a comprehensive framework for privacy-enhancing credential-based authentication is not available. In this paper we review the different components of such an authentication framework and show that one remaining missing piece is a translation between high-level authentication policies and the cryptographic token specification level. We close this gap by (1) proposing an adequate claim language specifying which certified data a user wants to reveal to satisfy a policy and by (2) providing translation algorithms for generating the anonymous credentials (cryptographic tokens) providing the data to be revealed. For the latter we consider the Identity Mixer and the U-Prove technologies, where we provide detailed translation instructions for the former.
- Claudio A. Ardagna, Sabrina De Capitani di Vimercati, Gregory Neven, Stefano Paraboschi, Franz-Stefan Preiss, Pierangela Samarati, and Mario Verdicchio. Enabling Privacy-Preserving Credential-Based Access Control with XACML and SAML. In Proc. of the Third IEEE TSP, 2010. Google ScholarDigital Library
- Patrik Bichsel and Jan Camenisch. Mixing identities with ease. In Evelyne De Leeuw, Simone Fischer-Hübner, and Lothar Fritsch, editors, IDMAN '10, pages 1--17. Springer, November 2010.Google Scholar
- Patrik Bichsel, Jan Camenisch, Franz-Stefan Preiss, and Dieter Sommer. Dynamically-changing interface for interactive selection of information cards satisfying policy requirements. Technical Report RZ 3756, IBM Research Zurich, 2009. domino.research.ibm.com/library/cyberdig.nsf.Google Scholar
- Fabrice Boudot. Efficient proofs that a committed number lies in an interval. In Bart Preneel, editor, EUROCRYPT '00, volume 1807 of LNCS, pages 431--444. Springer, 2000. Google ScholarDigital Library
- Stefan Brands. Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, 2000. Google ScholarDigital Library
- Jan Camenisch and Thomas Groß. Efficient attributes for anonymous credentials. In Proc. 15th ACM CCS, pages 345--356. ACM Press, November 2008. Google ScholarDigital Library
- Jan Camenisch, Susan Hohenberger, Markulf Kohlweiss, Anna Lysyanskaya, and Mira Meyerovich. How to win the clonewars: efficient periodic n-times anonymous authentication In Ari Juels, Rebecca N. Wright, and Sabrina De Capitani di Vimercati, editors, Proc. 13th ACM CCS, pages 201--210. ACM Press, 2006. Google ScholarDigital Library
- Jan Camenisch and Anna Lysyanskaya. Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In Birgit Pfitzmann, editor, EUROCRYPT '01, volume 2045 of LNCS, pages 93--118. Springer, 2001. Google ScholarDigital Library
- Jan Camenisch, Sebastian Moedersheim, Gregory Neven, Franz-Stefan Preiss, and Dieter Sommer. A Card Requirements Language Enabling Privacy-Preserving Access Control. In Proceedings of the 15th ACM Symposium on Access Control Models and Technologies, 2010. Google ScholarDigital Library
- Jan Camenisch and Victor Shoup. Practical verifiable encryption and decryption of discrete logarithms. http://eprint.iacr.org/2002/161, 2002.Google Scholar
- David Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Comm. of the ACM, 24(2):84--88, February 1981. Google ScholarDigital Library
- D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, and W. Polk. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280 (Proposed Standard), May 2008. http://www.ietf.org/rfc/rfc5280.txt.Google Scholar
- Amos Fiat and Adi Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Andrew M. Odlyzko, editor, CRYPTO '86, volume 263 of LNCS, pages 186--194. Springer, 1987. Google ScholarDigital Library
- OASIS. Assertions and protocols for the OASIS security assertion markup language (SAML) v2.0, 2005. http://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf.Google Scholar
- OpenID authentication 2.0, December 2007. http://openid.net/developers/specs/.Google Scholar
- Christian Paquin. U-Prove cryptographic specification V1.1. Technical report, Microsoft Corporation, February 2011.Google Scholar
- Christian Paquin. U-Prove WS-Trust Profile V1.0. Technical report, Microsoft Corporation, February 2011.Google Scholar
- Security Team, IBM Research Zurich. Specification of the identity mixer cryptographic library. IBM Research Report RZ 3730, IBM Research Division, April 2010. http://domino.research.ibm.com/library/cyberdig.nsf.Google Scholar
- K. Zeilenga. Lightweight Directory Access Protocol (LDAP): Technical Specification Road Map. RFC 4510 (Proposed Standard), June 2006. http://www.ietf.org/rfc/rfc4510.txt.Google Scholar
Index Terms
- A comprehensive framework enabling data-minimizing authentication
Recommendations
A card requirements language enabling privacy-preserving access control
SACMAT '10: Proceedings of the 15th ACM symposium on Access control models and technologiesWe address the problem of privacy-preserving access control in distributed systems. Users commonly reveal more personal data than strictly necessary to be granted access to online resources, even though existing technologies, such as anonymous ...
Privacy-enhanced access control in primelife
DIM '10: Proceedings of the 6th ACM workshop on Digital identity managementThis talk gives an overview of the PrimeLife1 project, funded by the European Commission's 7th Framework Programme, with a particular focus on its research results in privacy-preserving access control in distributed systems. Users commonly reveal more ...
Concepts and languages for privacy-preserving attribute-based authentication
Existing cryptographic realizations of privacy-friendly authentication mechanisms such as anonymous credentials, minimal disclosure tokens, self-blindable credentials, and group signatures vary largely in the features they offer and in how these ...
Comments