ºÝºÝߣ

ºÝºÝߣShare a Scribd company logo

Anonymous Credentials on Java Card - SIT Smartcard 2011

T
Thomas Gross

How anonymous credentials can enhance electronic identity cards with strong security and privacy. A feasibility study presented at the Fraunhofer SIT Smartcard workshop 2011

1 of 25
Downloaded 24 times
Dr. Thomas Gro? ¨C Research Scientist 03 February 2011 Anonymous Credentials on Java Card Patrik Bichsel, Jan Camenisch, Thomas Gro?, Victor Shoup 1 ? 2009 IBM Corporation
Privacy Feasibility Way Ahead ? [Images from iStockPhoto.com] 2
Privacy Feasibility Way Ahead ? 3
¡°Neil Armstrong¡¯s Footsteps are still there¡± (Robin Wilton, Sun Microsystems) ? 4
IBM Presentation Template Full Version Anonymous Credentials: Attribute-based Access w/ Strong Security & Privacy 5 ? 2011 IBM Corporation
Private Credentials: How to Build Them In the beginning...
State of the Art: How to Build Them asking for a credential
State of the Art: How to Build Them getting a credential ... containing ¡°birth date = April 3, 1987¡±
State of the Art: How to Build Them showing a credential ... goes off-line - driver's license - insurance - older > 20
State of the Art: How to Build Them showing a credential ... containing statements ¡°driver's license, age (as stated in driver¡¯s license) > 20, and insurance¡± Using identity mixer, user can transform (different) token(s) into a new single one that, however, still verifies w.r.t. original signers' public keys.
Signature Scheme based on SRSA [CL01] Public key of signer: RSA modulus n and ai, b, d ? QRn Secret key: factors of n To sign k messages m1, ..., mk ? {0,1}? : ? choose random prime e > 2? and integer s ¡Ö n ? compute c such that m1 mk s e d = a ?...? a b c mod n 1 k ? signature is (c,e,s) [SRSA CL-signature system introduced in Camenisch and Lysyanskaya '01. There exist alternative systems in elliptic curve settings, for instance with BBS-alike signatures.]
Signature Scheme based on SRSA [CL01] A signature (c,e,s) on messages m1, ..., mk is valid iff: ? m1, ..., mk ? {0,1}?: ? e > 2? m1 mk ? d= a ?...? a bs ce mod n 1 k Theorem: Signature scheme is secure against adaptively chosen message attacks under Strong RSA assumption.
Proof of Knowledge of a CL Signature Solution randomize c : ¨C Let c' = c bs'mod n with random s' then d = c'e a m1 mk ¨C ? ... ? a bs* (mod n) holds, 1 k i.e., (c',e, s*) is a also a valid signature! Therefore, to prove knowledge of signature on hidden msgs: ? provide c' ? PK{(e, m1, ..., mk, s) : d = c'e a m1 ? ... ? a mk b s 1 k ¡Ä mi ? {0,1}? ¡Ä e ? 2?+1 ¡À {0,1}? }
Privacy Feasibility Way Ahead ? 14
Vision: Smart Identity Card Strong accountability and privacy Sustainable secondary use Trusted identity basis Cost effective Future-proof [Card picture is an artists conception: the chip of the actual JCOP 41/v.2.2 Java Card used for the feasibility study is on the backside.] ? 2011 IBM Corporation
IBM Presentation Template Full Version [Independent proof point: Feasibility Problem Sterckx, Gierlichs, Preneel, Verbauwhede ¡®09] Run anonymous credential system autonomously and securely on a standard off-the-shelf Java Card. Autonomy All data on card Malicious terminal 16 ? 2011 IBM Corporation
IBM Presentation Template Full Version Java Card* Limitations ¡ì 8-bit CPU (3.57 MHz) ¡ì Limited access to public key-CP (only standard RSA, DSA) ¡ì Limited RAM (2K) *: JCOP 41/v2.2 17 ? 2011 IBM Corporation
IBM Presentation Template Full Version Java Card Structure IDMX Applet Basic Ops interface Card Java Card API Manager Java Card VM Card-Specific Operating System 8-bit CPU 3DES CP Public Key CP [Source: Prof. Wolfgang Reif ¨C chip cards] 18 ? 2011 IBM Corporation
System Overview User PC User interacts/ Browser request: policy/ Backend consents response: proof to policy (Server) Identity Wallet Identity Mixer Validation request: policy/ pkI response: proof Validates proofs with Key Point issuer¡¯s public key Transforms inserts/owns certificates Smart ID Card in privacy- Identity Mixer preserving identity proof statements skU certificates Maintains master key and certificates confidential Won the Innovation Award 2009 (Gesellschaft f¨¹r Informatik, GI) Secure Javacard 19 ? 2011 IBM Corporation
IBM Presentation Template Full Version Execution Times for a Full Proof (incl. Communication) Modulus 1280 bit 1536 bit 1984 bit Precomputation 5203 ms 7828 ms 13250 ms Compute A¡¯ 2125 ms 2906 ms 5000 ms Compute T1 3078 ms 4922 ms 8250 ms Policy-dependent 2234 ms 2625 ms 3298 ms Compute 1 562 ms 656 ms 828 ms response Total 7437 ms 10453 ms 16548 ms [Avg. performance measurements with 100 experiments on JCOP 41/v2.2. A': credential blinding, T1: first stage of Sigma-proof commitment, response: Sigma-proof response] 20 ? 2011 IBM Corporation
Privacy Technology Way Ahead ? 21
IBM Presentation Template Full Version Just Launched ABC4Trust Project ¡ö EU FP 7 research project ¡ö 13.5 Million EUR, 4 years ¡ö 12 partners ¡ñ Goethe University Frankfurt Unabh?ngiges Landeszentrum f¨¹r ¡ñ Datenschutz ¡ñ Alexandra Institute Eurodocs ¡ñ ¡ñResearch Academic Computer Technology Institute CryptoExperts (SmartCards) ¡ñ ¡ñ IBM Research Microsoft R&D France ¡ñ ¡ñ Lenio Municipality of S?derhamn ¡ñ ¡ñ Nokia Siemens Networks Technische Universit?t Darmstadt ¡ñ 22 ? 2011 IBM Corporation
IBM Presentation Template Full Version ABC4Trust Goals Achieve paradigm shift and interoperability in trustworthy infrastructures ¡ö Establish abstraction and unification of different crypto algorithms. ¡ö Create interaction flows, architecture & data formats as well as policies. ¡ö Realize reference implementation. ¡ö Validate concepts by real-world pilots in the eID space. ¡ö Establish NG smart card implementation of anonymous credentials. ¨CRealization by CryptoExperts, lead by Pascal Paillier. ¨CNative SmartCard, direct access to crypto co-processor. 23 ? 2011 IBM Corporation
Privacy Feasibility Way Ahead Anonymous Anonymous credentials: Technology credential future-proof feasible and systems to be solution to practical: harmonized, ? minimal efficiently integrated disclosure realizable on into identity and attribute smart cards management authentication systems 24
IBM Presentation Template Full Version Resources ¡ö This talk is based on P. Bichsel, J. Camenisch, T. Gross, V. Shoup. Anonymous Credentials on a Standard Java Card. ACM CCS 2009. Prof. V. Shoup is affiliated with the New York University and contributed to this work during a sabbatical at IBM Research ¨C Zurich. ¡ö Identity Mixer Community: idemix.wordpress.com ¨C Download Identity Mixer Library 2.3.2 ¨C Read Identity Mixer Specification 2.3.2 ¨C http://prime.inf.tu-dresden.de/idemix/ ¡ö PrimeLife: www.primelife.eu ¡ö ABC4Trust: www.abc4trust.de ¡ö Email Jan or Thomas: {jca, tgr}[at]zurich.ibm.com 25 ? 2011 IBM Corporation

Recommended

CCS¡¯09: Smart Identity Card - Thomas Gross
CCS¡¯09: Smart Identity Card - Thomas GrossCCS¡¯09: Smart Identity Card - Thomas Gross
CCS¡¯09: Smart Identity Card - Thomas Gross
Thomas Gross
?
An Automation Support for Creating Configurable Process Models
An Automation Support for Creating Configurable Process ModelsAn Automation Support for Creating Configurable Process Models
An Automation Support for Creating Configurable Process Models
Wassim Derguech
?
SmartCard Forum 2008 - Gemalto
SmartCard Forum 2008 - GemaltoSmartCard Forum 2008 - Gemalto
SmartCard Forum 2008 - Gemalto
OKsystem
?
Designing and Attacking Virtual Machines (RSA 2004)
Designing and Attacking Virtual Machines (RSA 2004)Designing and Attacking Virtual Machines (RSA 2004)
Designing and Attacking Virtual Machines (RSA 2004)
Nate Lawson
?
ieee title
ieee titleieee title
ieee title
srikanthsailu
?
A Hardware Interface for Joint Control in the AD Architecture
A Hardware Interface for Joint Control in the AD ArchitectureA Hardware Interface for Joint Control in the AD Architecture
A Hardware Interface for Joint Control in the AD Architecture
V¨ªctor Pacheco
?
Towards a Better Understanding of Model-Free Semantic Concept Detection for A...
Towards a Better Understanding of Model-Free Semantic Concept Detection for A...Towards a Better Understanding of Model-Free Semantic Concept Detection for A...
Towards a Better Understanding of Model-Free Semantic Concept Detection for A...
Wesley De Neve
?
Attribute-based Authentication
Attribute-based AuthenticationAttribute-based Authentication
Attribute-based Authentication
Thomas Gross
?
CCS\'08: Efficient Attributes For Anonymous Credentials - Thomas Gross
CCS\'08: Efficient Attributes For Anonymous Credentials - Thomas GrossCCS\'08: Efficient Attributes For Anonymous Credentials - Thomas Gross
CCS\'08: Efficient Attributes For Anonymous Credentials - Thomas Gross
Thomas Gross
?
eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalities
Yiannis Hatzopoulos
?
Software Defined Data Centers - June 2012
Software Defined Data Centers - June 2012Software Defined Data Centers - June 2012
Software Defined Data Centers - June 2012
Brent Salisbury
?
Internet security
Internet securityInternet security
Internet security
Calicut University
?
CCNA Security - Chapter 7
CCNA Security - Chapter 7CCNA Security - Chapter 7
CCNA Security - Chapter 7
Irsandi Hasan
?
OpenStack and OpenFlow Demos
OpenStack and OpenFlow DemosOpenStack and OpenFlow Demos
OpenStack and OpenFlow Demos
Brent Salisbury
?
Scrambling For Video Surveillance
Scrambling For Video SurveillanceScrambling For Video Surveillance
Scrambling For Video Surveillance
Kobi Magnezi
?
The Belgian E Id Hacker Vs Developer
The Belgian E Id Hacker Vs DeveloperThe Belgian E Id Hacker Vs Developer
The Belgian E Id Hacker Vs Developer
beires
?
How to create your Smart Toy with bluemix & 7688 Duo board
How to create your Smart Toy with bluemix & 7688 Duo boardHow to create your Smart Toy with bluemix & 7688 Duo board
How to create your Smart Toy with bluemix & 7688 Duo board
œ«Ã×…Ç Tommy Wu
?
Ch7 2ed
Ch7 2edCh7 2ed
Ch7 2ed
srinuy12mc24017
?
Using Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLoginUsing Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLogin
Novell
?
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCUpgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
FPGA Central
?
¡°Proposed Model for Network Security Issues Using Elliptical Curve Cryptography¡±
¡°Proposed Model for Network Security Issues Using Elliptical Curve Cryptography¡±¡°Proposed Model for Network Security Issues Using Elliptical Curve Cryptography¡±
¡°Proposed Model for Network Security Issues Using Elliptical Curve Cryptography¡±
IOSR Journals
?
Zranitelnost ?ipov?ch platebn¨ªch karet jako p?¨ªklad on-line hrozby - Tom¨¢? Ro...
Zranitelnost ?ipov?ch platebn¨ªch karet jako p?¨ªklad on-line hrozby - Tom¨¢? Ro...Zranitelnost ?ipov?ch platebn¨ªch karet jako p?¨ªklad on-line hrozby - Tom¨¢? Ro...
Zranitelnost ?ipov?ch platebn¨ªch karet jako p?¨ªklad on-line hrozby - Tom¨¢? Ro...
TUESDAY Business Network
?
Chapter 8 of network security book top down approach
Chapter 8 of network security book top down approachChapter 8 of network security book top down approach
Chapter 8 of network security book top down approach
MuhammadIbrahimHamda1
?
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Alex Tan
?
CPK Cryptosystem In Solaris
CPK Cryptosystem In SolarisCPK Cryptosystem In Solaris
CPK Cryptosystem In Solaris
Zhi Guan
?
HighCloud Security CSA LA and Seattle chapter presentation
HighCloud Security CSA LA and Seattle chapter presentationHighCloud Security CSA LA and Seattle chapter presentation
HighCloud Security CSA LA and Seattle chapter presentation
HighCloud Security
?
PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)
Siddick Elaheebocus
?
Identity and Access Management and electronic Identities _ Belgian Federal Go...
Identity and Access Management and electronic Identities _ Belgian Federal Go...Identity and Access Management and electronic Identities _ Belgian Federal Go...
Identity and Access Management and electronic Identities _ Belgian Federal Go...
E-Government Center Moldova
?
WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...
WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...
WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...
WSO2
?
Slack Social Meetup Connect, Collaborate & Grow!.pptx
Slack Social Meetup Connect, Collaborate & Grow!.pptxSlack Social Meetup Connect, Collaborate & Grow!.pptx
Slack Social Meetup Connect, Collaborate & Grow!.pptx
SanjeetMishra29
?

More Related Content

Similar to Anonymous Credentials on Java Card - SIT Smartcard 2011 (20)

CCS\'08: Efficient Attributes For Anonymous Credentials - Thomas Gross
CCS\'08: Efficient Attributes For Anonymous Credentials - Thomas GrossCCS\'08: Efficient Attributes For Anonymous Credentials - Thomas Gross
CCS\'08: Efficient Attributes For Anonymous Credentials - Thomas Gross
Thomas Gross
?
eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalities
Yiannis Hatzopoulos
?
Software Defined Data Centers - June 2012
Software Defined Data Centers - June 2012Software Defined Data Centers - June 2012
Software Defined Data Centers - June 2012
Brent Salisbury
?
Internet security
Internet securityInternet security
Internet security
Calicut University
?
CCNA Security - Chapter 7
CCNA Security - Chapter 7CCNA Security - Chapter 7
CCNA Security - Chapter 7
Irsandi Hasan
?
OpenStack and OpenFlow Demos
OpenStack and OpenFlow DemosOpenStack and OpenFlow Demos
OpenStack and OpenFlow Demos
Brent Salisbury
?
Scrambling For Video Surveillance
Scrambling For Video SurveillanceScrambling For Video Surveillance
Scrambling For Video Surveillance
Kobi Magnezi
?
The Belgian E Id Hacker Vs Developer
The Belgian E Id Hacker Vs DeveloperThe Belgian E Id Hacker Vs Developer
The Belgian E Id Hacker Vs Developer
beires
?
How to create your Smart Toy with bluemix & 7688 Duo board
How to create your Smart Toy with bluemix & 7688 Duo boardHow to create your Smart Toy with bluemix & 7688 Duo board
How to create your Smart Toy with bluemix & 7688 Duo board
œ«Ã×…Ç Tommy Wu
?
Ch7 2ed
Ch7 2edCh7 2ed
Ch7 2ed
srinuy12mc24017
?
Using Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLoginUsing Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLogin
Novell
?
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCUpgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
FPGA Central
?
¡°Proposed Model for Network Security Issues Using Elliptical Curve Cryptography¡±
¡°Proposed Model for Network Security Issues Using Elliptical Curve Cryptography¡±¡°Proposed Model for Network Security Issues Using Elliptical Curve Cryptography¡±
¡°Proposed Model for Network Security Issues Using Elliptical Curve Cryptography¡±
IOSR Journals
?
Zranitelnost ?ipov?ch platebn¨ªch karet jako p?¨ªklad on-line hrozby - Tom¨¢? Ro...
Zranitelnost ?ipov?ch platebn¨ªch karet jako p?¨ªklad on-line hrozby - Tom¨¢? Ro...Zranitelnost ?ipov?ch platebn¨ªch karet jako p?¨ªklad on-line hrozby - Tom¨¢? Ro...
Zranitelnost ?ipov?ch platebn¨ªch karet jako p?¨ªklad on-line hrozby - Tom¨¢? Ro...
TUESDAY Business Network
?
Chapter 8 of network security book top down approach
Chapter 8 of network security book top down approachChapter 8 of network security book top down approach
Chapter 8 of network security book top down approach
MuhammadIbrahimHamda1
?
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Alex Tan
?
CPK Cryptosystem In Solaris
CPK Cryptosystem In SolarisCPK Cryptosystem In Solaris
CPK Cryptosystem In Solaris
Zhi Guan
?
HighCloud Security CSA LA and Seattle chapter presentation
HighCloud Security CSA LA and Seattle chapter presentationHighCloud Security CSA LA and Seattle chapter presentation
HighCloud Security CSA LA and Seattle chapter presentation
HighCloud Security
?
PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)
Siddick Elaheebocus
?
Identity and Access Management and electronic Identities _ Belgian Federal Go...
Identity and Access Management and electronic Identities _ Belgian Federal Go...Identity and Access Management and electronic Identities _ Belgian Federal Go...
Identity and Access Management and electronic Identities _ Belgian Federal Go...
E-Government Center Moldova
?
CCS\'08: Efficient Attributes For Anonymous Credentials - Thomas Gross
CCS\'08: Efficient Attributes For Anonymous Credentials - Thomas GrossCCS\'08: Efficient Attributes For Anonymous Credentials - Thomas Gross
CCS\'08: Efficient Attributes For Anonymous Credentials - Thomas Gross
Thomas Gross
?
eSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalitieseSmartlock - an antipiracy dongle with integrated DRM functionalities
eSmartlock - an antipiracy dongle with integrated DRM functionalities
Yiannis Hatzopoulos
?
Software Defined Data Centers - June 2012
Software Defined Data Centers - June 2012Software Defined Data Centers - June 2012
Software Defined Data Centers - June 2012
Brent Salisbury
?
Internet security
Internet securityInternet security
Internet security
Calicut University
?
CCNA Security - Chapter 7
CCNA Security - Chapter 7CCNA Security - Chapter 7
CCNA Security - Chapter 7
Irsandi Hasan
?
OpenStack and OpenFlow Demos
OpenStack and OpenFlow DemosOpenStack and OpenFlow Demos
OpenStack and OpenFlow Demos
Brent Salisbury
?
Scrambling For Video Surveillance
Scrambling For Video SurveillanceScrambling For Video Surveillance
Scrambling For Video Surveillance
Kobi Magnezi
?
The Belgian E Id Hacker Vs Developer
The Belgian E Id Hacker Vs DeveloperThe Belgian E Id Hacker Vs Developer
The Belgian E Id Hacker Vs Developer
beires
?
How to create your Smart Toy with bluemix & 7688 Duo board
How to create your Smart Toy with bluemix & 7688 Duo boardHow to create your Smart Toy with bluemix & 7688 Duo board
How to create your Smart Toy with bluemix & 7688 Duo board
œ«Ã×…Ç Tommy Wu
?
Ch7 2ed
Ch7 2edCh7 2ed
Ch7 2ed
srinuy12mc24017
?
Using Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLoginUsing Hard Disk Encryption and Novell SecureLogin
Using Hard Disk Encryption and Novell SecureLogin
Novell
?
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVCUpgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
Upgrading to System Verilog for FPGA Designs, Srinivasan Venkataramanan, CVC
FPGA Central
?
¡°Proposed Model for Network Security Issues Using Elliptical Curve Cryptography¡±
¡°Proposed Model for Network Security Issues Using Elliptical Curve Cryptography¡±¡°Proposed Model for Network Security Issues Using Elliptical Curve Cryptography¡±
¡°Proposed Model for Network Security Issues Using Elliptical Curve Cryptography¡±
IOSR Journals
?
Zranitelnost ?ipov?ch platebn¨ªch karet jako p?¨ªklad on-line hrozby - Tom¨¢? Ro...
Zranitelnost ?ipov?ch platebn¨ªch karet jako p?¨ªklad on-line hrozby - Tom¨¢? Ro...Zranitelnost ?ipov?ch platebn¨ªch karet jako p?¨ªklad on-line hrozby - Tom¨¢? Ro...
Zranitelnost ?ipov?ch platebn¨ªch karet jako p?¨ªklad on-line hrozby - Tom¨¢? Ro...
TUESDAY Business Network
?
Chapter 8 of network security book top down approach
Chapter 8 of network security book top down approachChapter 8 of network security book top down approach
Chapter 8 of network security book top down approach
MuhammadIbrahimHamda1
?
Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010Ghl systems net matrix terminal line encryption 2009 2010
Ghl systems net matrix terminal line encryption 2009 2010
Alex Tan
?
CPK Cryptosystem In Solaris
CPK Cryptosystem In SolarisCPK Cryptosystem In Solaris
CPK Cryptosystem In Solaris
Zhi Guan
?
HighCloud Security CSA LA and Seattle chapter presentation
HighCloud Security CSA LA and Seattle chapter presentationHighCloud Security CSA LA and Seattle chapter presentation
HighCloud Security CSA LA and Seattle chapter presentation
HighCloud Security
?
PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)PKI in today's landscape (Mauritius - Siddick)
PKI in today's landscape (Mauritius - Siddick)
Siddick Elaheebocus
?
Identity and Access Management and electronic Identities _ Belgian Federal Go...
Identity and Access Management and electronic Identities _ Belgian Federal Go...Identity and Access Management and electronic Identities _ Belgian Federal Go...
Identity and Access Management and electronic Identities _ Belgian Federal Go...
E-Government Center Moldova
?

Recently uploaded (20)

WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...
WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...
WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...
WSO2
?
Slack Social Meetup Connect, Collaborate & Grow!.pptx
Slack Social Meetup Connect, Collaborate & Grow!.pptxSlack Social Meetup Connect, Collaborate & Grow!.pptx
Slack Social Meetup Connect, Collaborate & Grow!.pptx
SanjeetMishra29
?
Comprehensive Guide to Ansible Application Roles.pdf
Comprehensive Guide to Ansible Application Roles.pdfComprehensive Guide to Ansible Application Roles.pdf
Comprehensive Guide to Ansible Application Roles.pdf
RHCSA Guru
?
Digital Twins Transforming Logistics with AI & Cloud
Digital Twins Transforming Logistics with AI & CloudDigital Twins Transforming Logistics with AI & Cloud
Digital Twins Transforming Logistics with AI & Cloud
yashakhandelwal2
?
WSO2Con 2025 - Building Secure Customer Experience Apps
WSO2Con 2025 - Building Secure Customer Experience AppsWSO2Con 2025 - Building Secure Customer Experience Apps
WSO2Con 2025 - Building Secure Customer Experience Apps
WSO2
?
SOC as a Service ¨C 24/7 Threat Monitoring and Response
SOC as a Service ¨C 24/7 Threat Monitoring and ResponseSOC as a Service ¨C 24/7 Threat Monitoring and Response
SOC as a Service ¨C 24/7 Threat Monitoring and Response
Cybercops
?
Spin Glass Models of Neural Networks: The Curie-Weiss Model from Statistical ...
Spin Glass Models of Neural Networks: The Curie-Weiss Model from Statistical ...Spin Glass Models of Neural Networks: The Curie-Weiss Model from Statistical ...
Spin Glass Models of Neural Networks: The Curie-Weiss Model from Statistical ...
Charles Martin
?
Real World RAG: 5 common issues encountered when building Real World Applicat...
Real World RAG: 5 common issues encountered when building Real World Applicat...Real World RAG: 5 common issues encountered when building Real World Applicat...
Real World RAG: 5 common issues encountered when building Real World Applicat...
walterheck3
?
DevOps 101 - DevOps Columbia 3-20-2025.pdf
DevOps 101 - DevOps Columbia 3-20-2025.pdfDevOps 101 - DevOps Columbia 3-20-2025.pdf
DevOps 101 - DevOps Columbia 3-20-2025.pdf
judy (fink) johnson
?
Diving into LTI: From the basics to Deep Linking
Diving into LTI: From the basics to Deep LinkingDiving into LTI: From the basics to Deep Linking
Diving into LTI: From the basics to Deep Linking
Rustici Software
?
Powering Energy and Utilities with Data Integration: Smarter Data, Smoother O...
Powering Energy and Utilities with Data Integration: Smarter Data, Smoother O...Powering Energy and Utilities with Data Integration: Smarter Data, Smoother O...
Powering Energy and Utilities with Data Integration: Smarter Data, Smoother O...
Safe Software
?
Let's Build a House Price Predictor with Google Cloud!.pdf
Let's Build a House Price Predictor with Google Cloud!.pdfLet's Build a House Price Predictor with Google Cloud!.pdf
Let's Build a House Price Predictor with Google Cloud!.pdf
infogdgmi
?
UiPath Automation Developer Associate Training Series 2025 - Session 6
UiPath Automation Developer Associate Training Series 2025 - Session 6UiPath Automation Developer Associate Training Series 2025 - Session 6
UiPath Automation Developer Associate Training Series 2025 - Session 6
DianaGray10
?
Global AI Bootcamp 2025 - Sydney - Model Agnostic AI Implementation
Global AI Bootcamp 2025 - Sydney - Model Agnostic AI ImplementationGlobal AI Bootcamp 2025 - Sydney - Model Agnostic AI Implementation
Global AI Bootcamp 2025 - Sydney - Model Agnostic AI Implementation
Anupam Ranku
?
Best Crane Manufacturers in India Industry Leaders & Innovations.pdf
Best Crane Manufacturers in India Industry Leaders & Innovations.pdfBest Crane Manufacturers in India Industry Leaders & Innovations.pdf
Best Crane Manufacturers in India Industry Leaders & Innovations.pdf
Hercules Hoists
?
WSO2Con 2025 - Building AI Applications in the Enterprise (Part 1)
WSO2Con 2025 - Building AI Applications in the Enterprise (Part 1)WSO2Con 2025 - Building AI Applications in the Enterprise (Part 1)
WSO2Con 2025 - Building AI Applications in the Enterprise (Part 1)
WSO2
?
UiPath NY AI Series: Session 2: UiPath Generative AI Capabilities
UiPath NY AI Series: Session 2: UiPath Generative AI CapabilitiesUiPath NY AI Series: Session 2: UiPath Generative AI Capabilities
UiPath NY AI Series: Session 2: UiPath Generative AI Capabilities
DianaGray10
?
[QUICK TALK] "Why Some Teams Grow Better Under Pressure", Oleksandr Marchenko...
[QUICK TALK] "Why Some Teams Grow Better Under Pressure", Oleksandr Marchenko...[QUICK TALK] "Why Some Teams Grow Better Under Pressure", Oleksandr Marchenko...
[QUICK TALK] "Why Some Teams Grow Better Under Pressure", Oleksandr Marchenko...
Fwdays
?
"Surfing the IT Waves: How Not to Drown in the Information Ocean", Serhii Nem...
"Surfing the IT Waves: How Not to Drown in the Information Ocean", Serhii Nem..."Surfing the IT Waves: How Not to Drown in the Information Ocean", Serhii Nem...
"Surfing the IT Waves: How Not to Drown in the Information Ocean", Serhii Nem...
Fwdays
?
STIG in Action: Continuous Compliance with MITRE & Anchore
STIG in Action: Continuous Compliance with MITRE & AnchoreSTIG in Action: Continuous Compliance with MITRE & Anchore
STIG in Action: Continuous Compliance with MITRE & Anchore
Anchore
?
WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...
WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...
WSO2Con 2025 - Building Secure Business Customer and Partner Experience (B2B)...
WSO2
?
Slack Social Meetup Connect, Collaborate & Grow!.pptx
Slack Social Meetup Connect, Collaborate & Grow!.pptxSlack Social Meetup Connect, Collaborate & Grow!.pptx
Slack Social Meetup Connect, Collaborate & Grow!.pptx
SanjeetMishra29
?
Comprehensive Guide to Ansible Application Roles.pdf
Comprehensive Guide to Ansible Application Roles.pdfComprehensive Guide to Ansible Application Roles.pdf
Comprehensive Guide to Ansible Application Roles.pdf
RHCSA Guru
?
Digital Twins Transforming Logistics with AI & Cloud
Digital Twins Transforming Logistics with AI & CloudDigital Twins Transforming Logistics with AI & Cloud
Digital Twins Transforming Logistics with AI & Cloud
yashakhandelwal2
?
WSO2Con 2025 - Building Secure Customer Experience Apps
WSO2Con 2025 - Building Secure Customer Experience AppsWSO2Con 2025 - Building Secure Customer Experience Apps
WSO2Con 2025 - Building Secure Customer Experience Apps
WSO2
?
SOC as a Service ¨C 24/7 Threat Monitoring and Response
SOC as a Service ¨C 24/7 Threat Monitoring and ResponseSOC as a Service ¨C 24/7 Threat Monitoring and Response
SOC as a Service ¨C 24/7 Threat Monitoring and Response
Cybercops
?
Spin Glass Models of Neural Networks: The Curie-Weiss Model from Statistical ...
Spin Glass Models of Neural Networks: The Curie-Weiss Model from Statistical ...Spin Glass Models of Neural Networks: The Curie-Weiss Model from Statistical ...
Spin Glass Models of Neural Networks: The Curie-Weiss Model from Statistical ...
Charles Martin
?
Real World RAG: 5 common issues encountered when building Real World Applicat...
Real World RAG: 5 common issues encountered when building Real World Applicat...Real World RAG: 5 common issues encountered when building Real World Applicat...
Real World RAG: 5 common issues encountered when building Real World Applicat...
walterheck3
?
DevOps 101 - DevOps Columbia 3-20-2025.pdf
DevOps 101 - DevOps Columbia 3-20-2025.pdfDevOps 101 - DevOps Columbia 3-20-2025.pdf
DevOps 101 - DevOps Columbia 3-20-2025.pdf
judy (fink) johnson
?
Diving into LTI: From the basics to Deep Linking
Diving into LTI: From the basics to Deep LinkingDiving into LTI: From the basics to Deep Linking
Diving into LTI: From the basics to Deep Linking
Rustici Software
?
Powering Energy and Utilities with Data Integration: Smarter Data, Smoother O...
Powering Energy and Utilities with Data Integration: Smarter Data, Smoother O...Powering Energy and Utilities with Data Integration: Smarter Data, Smoother O...
Powering Energy and Utilities with Data Integration: Smarter Data, Smoother O...
Safe Software
?
Let's Build a House Price Predictor with Google Cloud!.pdf
Let's Build a House Price Predictor with Google Cloud!.pdfLet's Build a House Price Predictor with Google Cloud!.pdf
Let's Build a House Price Predictor with Google Cloud!.pdf
infogdgmi
?
UiPath Automation Developer Associate Training Series 2025 - Session 6
UiPath Automation Developer Associate Training Series 2025 - Session 6UiPath Automation Developer Associate Training Series 2025 - Session 6
UiPath Automation Developer Associate Training Series 2025 - Session 6
DianaGray10
?
Global AI Bootcamp 2025 - Sydney - Model Agnostic AI Implementation
Global AI Bootcamp 2025 - Sydney - Model Agnostic AI ImplementationGlobal AI Bootcamp 2025 - Sydney - Model Agnostic AI Implementation
Global AI Bootcamp 2025 - Sydney - Model Agnostic AI Implementation
Anupam Ranku
?
Best Crane Manufacturers in India Industry Leaders & Innovations.pdf
Best Crane Manufacturers in India Industry Leaders & Innovations.pdfBest Crane Manufacturers in India Industry Leaders & Innovations.pdf
Best Crane Manufacturers in India Industry Leaders & Innovations.pdf
Hercules Hoists
?
WSO2Con 2025 - Building AI Applications in the Enterprise (Part 1)
WSO2Con 2025 - Building AI Applications in the Enterprise (Part 1)WSO2Con 2025 - Building AI Applications in the Enterprise (Part 1)
WSO2Con 2025 - Building AI Applications in the Enterprise (Part 1)
WSO2
?
UiPath NY AI Series: Session 2: UiPath Generative AI Capabilities
UiPath NY AI Series: Session 2: UiPath Generative AI CapabilitiesUiPath NY AI Series: Session 2: UiPath Generative AI Capabilities
UiPath NY AI Series: Session 2: UiPath Generative AI Capabilities
DianaGray10
?
[QUICK TALK] "Why Some Teams Grow Better Under Pressure", Oleksandr Marchenko...
[QUICK TALK] "Why Some Teams Grow Better Under Pressure", Oleksandr Marchenko...[QUICK TALK] "Why Some Teams Grow Better Under Pressure", Oleksandr Marchenko...
[QUICK TALK] "Why Some Teams Grow Better Under Pressure", Oleksandr Marchenko...
Fwdays
?
"Surfing the IT Waves: How Not to Drown in the Information Ocean", Serhii Nem...
"Surfing the IT Waves: How Not to Drown in the Information Ocean", Serhii Nem..."Surfing the IT Waves: How Not to Drown in the Information Ocean", Serhii Nem...
"Surfing the IT Waves: How Not to Drown in the Information Ocean", Serhii Nem...
Fwdays
?
STIG in Action: Continuous Compliance with MITRE & Anchore
STIG in Action: Continuous Compliance with MITRE & AnchoreSTIG in Action: Continuous Compliance with MITRE & Anchore
STIG in Action: Continuous Compliance with MITRE & Anchore
Anchore
?

Anonymous Credentials on Java Card - SIT Smartcard 2011

  • 1. Dr. Thomas Gro? ¨C Research Scientist 03 February 2011 Anonymous Credentials on Java Card Patrik Bichsel, Jan Camenisch, Thomas Gro?, Victor Shoup 1 ? 2009 IBM Corporation
  • 2. Privacy Feasibility Way Ahead ? [Images from iStockPhoto.com] 2
  • 3. Privacy Feasibility Way Ahead ? 3
  • 4. ¡°Neil Armstrong¡¯s Footsteps are still there¡± (Robin Wilton, Sun Microsystems) ? 4
  • 5. IBM Presentation Template Full Version Anonymous Credentials: Attribute-based Access w/ Strong Security & Privacy 5 ? 2011 IBM Corporation
  • 6. Private Credentials: How to Build Them In the beginning...
  • 7. State of the Art: How to Build Them asking for a credential
  • 8. State of the Art: How to Build Them getting a credential ... containing ¡°birth date = April 3, 1987¡±
  • 9. State of the Art: How to Build Them showing a credential ... goes off-line - driver's license - insurance - older > 20
  • 10. State of the Art: How to Build Them showing a credential ... containing statements ¡°driver's license, age (as stated in driver¡¯s license) > 20, and insurance¡± Using identity mixer, user can transform (different) token(s) into a new single one that, however, still verifies w.r.t. original signers' public keys.
  • 11. Signature Scheme based on SRSA [CL01] Public key of signer: RSA modulus n and ai, b, d ? QRn Secret key: factors of n To sign k messages m1, ..., mk ? {0,1}? : ? choose random prime e > 2? and integer s ¡Ö n ? compute c such that m1 mk s e d = a ?...? a b c mod n 1 k ? signature is (c,e,s) [SRSA CL-signature system introduced in Camenisch and Lysyanskaya '01. There exist alternative systems in elliptic curve settings, for instance with BBS-alike signatures.]
  • 12. Signature Scheme based on SRSA [CL01] A signature (c,e,s) on messages m1, ..., mk is valid iff: ? m1, ..., mk ? {0,1}?: ? e > 2? m1 mk ? d= a ?...? a bs ce mod n 1 k Theorem: Signature scheme is secure against adaptively chosen message attacks under Strong RSA assumption.
  • 13. Proof of Knowledge of a CL Signature Solution randomize c : ¨C Let c' = c bs'mod n with random s' then d = c'e a m1 mk ¨C ? ... ? a bs* (mod n) holds, 1 k i.e., (c',e, s*) is a also a valid signature! Therefore, to prove knowledge of signature on hidden msgs: ? provide c' ? PK{(e, m1, ..., mk, s) : d = c'e a m1 ? ... ? a mk b s 1 k ¡Ä mi ? {0,1}? ¡Ä e ? 2?+1 ¡À {0,1}? }
  • 14. Privacy Feasibility Way Ahead ? 14
  • 15. Vision: Smart Identity Card Strong accountability and privacy Sustainable secondary use Trusted identity basis Cost effective Future-proof [Card picture is an artists conception: the chip of the actual JCOP 41/v.2.2 Java Card used for the feasibility study is on the backside.] ? 2011 IBM Corporation
  • 16. IBM Presentation Template Full Version [Independent proof point: Feasibility Problem Sterckx, Gierlichs, Preneel, Verbauwhede ¡®09] Run anonymous credential system autonomously and securely on a standard off-the-shelf Java Card. Autonomy All data on card Malicious terminal 16 ? 2011 IBM Corporation
  • 17. IBM Presentation Template Full Version Java Card* Limitations ¡ì 8-bit CPU (3.57 MHz) ¡ì Limited access to public key-CP (only standard RSA, DSA) ¡ì Limited RAM (2K) *: JCOP 41/v2.2 17 ? 2011 IBM Corporation
  • 18. IBM Presentation Template Full Version Java Card Structure IDMX Applet Basic Ops interface Card Java Card API Manager Java Card VM Card-Specific Operating System 8-bit CPU 3DES CP Public Key CP [Source: Prof. Wolfgang Reif ¨C chip cards] 18 ? 2011 IBM Corporation
  • 19. System Overview User PC User interacts/ Browser request: policy/ Backend consents response: proof to policy (Server) Identity Wallet Identity Mixer Validation request: policy/ pkI response: proof Validates proofs with Key Point issuer¡¯s public key Transforms inserts/owns certificates Smart ID Card in privacy- Identity Mixer preserving identity proof statements skU certificates Maintains master key and certificates confidential Won the Innovation Award 2009 (Gesellschaft f¨¹r Informatik, GI) Secure Javacard 19 ? 2011 IBM Corporation
  • 20. IBM Presentation Template Full Version Execution Times for a Full Proof (incl. Communication) Modulus 1280 bit 1536 bit 1984 bit Precomputation 5203 ms 7828 ms 13250 ms Compute A¡¯ 2125 ms 2906 ms 5000 ms Compute T1 3078 ms 4922 ms 8250 ms Policy-dependent 2234 ms 2625 ms 3298 ms Compute 1 562 ms 656 ms 828 ms response Total 7437 ms 10453 ms 16548 ms [Avg. performance measurements with 100 experiments on JCOP 41/v2.2. A': credential blinding, T1: first stage of Sigma-proof commitment, response: Sigma-proof response] 20 ? 2011 IBM Corporation
  • 21. Privacy Technology Way Ahead ? 21
  • 22. IBM Presentation Template Full Version Just Launched ABC4Trust Project ¡ö EU FP 7 research project ¡ö 13.5 Million EUR, 4 years ¡ö 12 partners ¡ñ Goethe University Frankfurt Unabh?ngiges Landeszentrum f¨¹r ¡ñ Datenschutz ¡ñ Alexandra Institute Eurodocs ¡ñ ¡ñResearch Academic Computer Technology Institute CryptoExperts (SmartCards) ¡ñ ¡ñ IBM Research Microsoft R&D France ¡ñ ¡ñ Lenio Municipality of S?derhamn ¡ñ ¡ñ Nokia Siemens Networks Technische Universit?t Darmstadt ¡ñ 22 ? 2011 IBM Corporation
  • 23. IBM Presentation Template Full Version ABC4Trust Goals Achieve paradigm shift and interoperability in trustworthy infrastructures ¡ö Establish abstraction and unification of different crypto algorithms. ¡ö Create interaction flows, architecture & data formats as well as policies. ¡ö Realize reference implementation. ¡ö Validate concepts by real-world pilots in the eID space. ¡ö Establish NG smart card implementation of anonymous credentials. ¨CRealization by CryptoExperts, lead by Pascal Paillier. ¨CNative SmartCard, direct access to crypto co-processor. 23 ? 2011 IBM Corporation
  • 24. Privacy Feasibility Way Ahead Anonymous Anonymous credentials: Technology credential future-proof feasible and systems to be solution to practical: harmonized, ? minimal efficiently integrated disclosure realizable on into identity and attribute smart cards management authentication systems 24
  • 25. IBM Presentation Template Full Version Resources ¡ö This talk is based on P. Bichsel, J. Camenisch, T. Gross, V. Shoup. Anonymous Credentials on a Standard Java Card. ACM CCS 2009. Prof. V. Shoup is affiliated with the New York University and contributed to this work during a sabbatical at IBM Research ¨C Zurich. ¡ö Identity Mixer Community: idemix.wordpress.com ¨C Download Identity Mixer Library 2.3.2 ¨C Read Identity Mixer Specification 2.3.2 ¨C http://prime.inf.tu-dresden.de/idemix/ ¡ö PrimeLife: www.primelife.eu ¡ö ABC4Trust: www.abc4trust.de ¡ö Email Jan or Thomas: {jca, tgr}[at]zurich.ibm.com 25 ? 2011 IBM Corporation
AboutCopyright
? 2025 ºÝºÝߣ