Privacy in e-ticketing & e-identity



Similar documents
Attribute-proving for Smart Cards

Enhanced Privacy ID (EPID) Ernie Brickell and Jiangtao Li Intel Corporation

A Survey on Untransferable Anonymous Credentials

Simplified Security Notions of Direct Anonymous Attestation and a Concrete Scheme from Pairings

A New and Efficient Signature on Commitment Values

QUT Digital Repository:

A Guide to EMV. Version 1.0 May Copyright 2011 EMVCo, LLC. All rights reserved.

Mobile Electronic Payments

Whitepaper on identity solutions for mobile devices

Implementation and Adaptation of the Pseudonymous PKI for Ubiquitous Computing for Car-2-Car Communication

Attestation and Authentication Protocols Using the TPM

Security in Electronic Payment Systems

Single Sign-On Secure Authentication Password Mechanism

The Impact of Cryptography on Platform Security

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

50 ways to break RFID privacy

Extending DigiD to the Private Sector (DigiD-2)

Security Digital Certificate Manager

Security Digital Certificate Manager

Electronic Voting Protocol Analysis with the Inductive Method

Privacy in Cloud Computing Through Identity Management

10 Secure Electronic Transactions: Overview, Capabilities, and Current Status

Qualified Electronic Signatures Act (SFS 2000:832)

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Entrust Smartcard & USB Authentication

NIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics

ZQL. a cryptographic compiler for processing private data. George Danezis. Joint work with Cédric Fournet, Markulf Kohlweiss, Zhengqin Luo

IBM i Version 7.3. Security Digital Certificate Manager IBM

Acronym Term Description

A blind digital signature scheme using elliptic curve digital signature algorithm

A User-centric Federated Single Sign-on System

Privacy-preserving Data-aggregation for Internet-of-things in Smart Grid

NIST Test Personal Identity Verification (PIV) Cards

Cryptography: Authentication, Blind Signatures, and Digital Cash

How To Encrypt Data With Encryption

Extended SSL Certificates

Packet Level Authentication Overview

Ciphire Mail. Abstract

A Secure RFID Ticket System For Public Transport

Device-Centric Authentication and WebCrypto

Digital Identity Management

Design and Implementation of the idemix Anonymous Credential System

TELECOMMUNICATION NETWORKS

Inductive Analysis of Security Protocols in Isabelle/HOL with Applications to Electronic Voting

Group Signatures: Authentication with Privacy

Smart Card Application Development Using Java

Glossary of Key Terms

IBM Payment Registry Delivers a Certificate Authority to Promote More-Secure Credit Card Transactions over the Internet

D7.1 Application Description for Students

Security/Privacy Models for "Internet of things": What should be studied from RFID schemes? Daisuke Moriyama and Shin ichiro Matsuo NICT, Japan

User Privacy in Transport Systems Based on RFID E-Tickets

A Groundwork for Troubleshooting IP Based Booking with Subjection of Multiple User IDs by Blacklisting

Cloud based ticketing. Next generation fare collection

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

5 FAM 140 ACCEPTABILITY AND USE OF ELECTRONIC SIGNATURES

CERTIFICATION PRACTICE STATEMENT UPDATE

DIGITAL RIGHTS MANAGEMENT SYSTEM FOR MULTIMEDIA FILES

The basic groups of components are described below. Fig X- 1 shows the relationship between components on a network.

Privacy-preserving Digital Identity Management for Cloud Computing

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

HTTPS is Fast and Hassle-free with CloudFlare

Scalable RFID Security Protocols supporting Tag Ownership Transfer

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

Binding Security Tokens to TLS Channels. A. Langley, Google Inc. D. Balfanz, Google Inc. A. Popov, Microsoft Corp.

OIO SAML Profile for Identity Tokens

RVS Seminar Deployment and Performance Analysis of JavaCards in a Heterogenous Environment. Carolin Latze University of Berne

GOALS (2) The goal of this training module is to increase your awareness of HSPD-12 and the corresponding technical standard FIPS 201.

William Hery Research Professor, Computer Science and Engineering NYU-Poly

Notarized Federated Identity Management for Web Services

Chapter 1: Introduction

Transcription:

Privacy in e-ticketing & e-identity Attribute-proving for Smart Cards ir. Pim Vullers p.vullers@cs.ru.nl Institute for Computing and Information Sciences Digital Security 17th May 2011 Pim Vullers Collis visiting RU Privacy in e-ticketing & e-identity 1 / 14

Applet-based e-ticketing Trans Link Systems / Open Ticketing Studied the migration plan and OV Applet specifications Development of open source OV-chipkaart implementation Tested by Robert Meppelink (Collis) Only 6 failing test cases remaining out of 202 Demonstrated using terminal reference implementation at the e-transport science forum (9th March 2011) Innovation project with Luuk Danes and Jos Bosch (TLS) Separate applets per functionality: Transport, Payment, Identity Academic research Anonymous credentials for smart cards Pim Vullers Collis visiting RU Privacy in e-ticketing & e-identity 2 / 14

Context Introduction Smart cards are Big Brother s little helper (Stefan Brands) e-ticketing The OV-chipkaart stores your identity With a OV-chipkaart you tell... when (date and time), how (bus, train, metro,... ), and where (precisely at which stop)... you travel This data is stored for seven years; Serious privacy concerns! Detailed profiles... can be composed by both legitimate and malicious parties. Pim Vullers Collis visiting RU Privacy in e-ticketing & e-identity 3 / 14

Anonymous Credentials Possible solution Attribute-based authorisation Anonymous credentials: card only says I m a first class year pass valid in 2011 Subtle point: attribute may be non-identifying, but the digital signature may be used for tracing cards/individuals Why anonymous credentials? Identity-based solutions violate their users privacy (and increase identity-fraud risk) Anonymous credentials provide the same level of security Attributes provide all the system needs to know Pim Vullers Collis visiting RU Privacy in e-ticketing & e-identity 4 / 14

Broader Context Introduction e-identity Electronic passport and identity cards Storing (sensitive) personal information: your identity Newest features: e-signature application On-line authorisation (DigiD) (Attributes) Beyond the government... Use of verified attributes by commercial parties can easily result in undesired traceability by both the government and third parties. Pim Vullers Collis visiting RU Privacy in e-ticketing & e-identity 5 / 14

Privacy and Smart Cards Protection against outsiders Random UID Reader authentication Secure messaging Problem: performance Protection against insiders Harder problem Zero-knowledge proofs or blinding of identifiable information Practical implementations are rare Bad performance Pim Vullers Collis visiting RU Privacy in e-ticketing & e-identity 6 / 14

Outline Introduction Introduction Pim Vullers Collis visiting RU Privacy in e-ticketing & e-identity 7 / 14

(Verheul, Radboud University) Main ingredient: Attribute certificate Single attribute Issuer s signature Prover s public key Issuance Issuer learns the public key Strongly identifying Attribute proving Fresh blinding of certificate and public key for each session Untraceable Performance Keep smart card implementation in mind while designing. Pim Vullers Collis visiting RU Privacy in e-ticketing & e-identity 8 / 14

(Verheul, Radboud University) Results Good performance: Batina et al. (2010): 1.5 seconds (for 1 attribute) Hoepman, Jacobs and Vullers (2010): 0.6 seconds (for 1) Anonymous credentials on smart cards are becoming possible Issues This protocol proves only a single attribute (efficiency) Attributes do not have values Revocation is not supported by the current protocol Major bottleneck is the limited access to the cryptographic coprocessor of the Java Card smart card Pim Vullers Collis visiting RU Privacy in e-ticketing & e-identity 9 / 14

(Brands, Microsoft) Main ingredient: token Multiple attributes Token s public key Issuer s signature Blind issuance Issuer does not learn the public key, only the attribute values Issuer unlinkability Selective disclosure Prover can decide which (properties of) attributes to show Data minimisation Traceability Public key and signature can be used as a pseudonym. Pim Vullers Collis visiting RU Privacy in e-ticketing & e-identity 10 / 14

(Brands, Microsoft) Results Previous Java Card implementation: Tews and Jacobs (2009) 5 seconds (for 2 attributes), 8 seconds (for 4) Efficient MULTOS implementation: Mostowski and Vullers 0.5 seconds (for 2), 0.8 seconds (for 5) Compatible with SDK (only smart card limitations) Issues The token serves as a pseudonym (multi-show linkability) Microsoft pursues a different smart card approach Advanced features (derived attributes) are costly Our MULTOS cards have little RAM and limited cryptography Pim Vullers Collis visiting RU Privacy in e-ticketing & e-identity 11 / 14

(Camenisch & Lysyanskaya, IBM Research Zürich) Components Pseudonyms Camenisch-Lysyanskaya signatures blind signature scheme self-blindable signatures Zero-knowledge proofs Features Both issuer and multi-show unlinkability Efficient attributes encoding Complexity The many zero-knowledge proofs make it hard to understand and lead to a high computational complexity. Pim Vullers Collis visiting RU Privacy in e-ticketing & e-identity 12 / 14

(Camenisch & Lysyanskaya, IBM Research Zürich) Results Direct Anonymous Attestation Commercial use of anonymous credentials Anonymous authentication of a TPM No attributes Java Card implementations (of DAA): Bichsel et al. (2009): 7.5 seconds Sterckx et al. (2009): 3 seconds Issues Complexity (steep learning curve) Only smart card implementations for DAA Pim Vullers Collis visiting RU Privacy in e-ticketing & e-identity 13 / 14

Introduction Anonymous credentials on smart cards are becoming possible Our results are in line with previous work Major bottleneck: Java Cards: limited access to the cryptographic coprocessor MULTOS: little RAM and limited cryptography (RSA > 1024, ECC) support Challenges for future research Implementing on MULTOS Dealing with smart card platform shortcomings Adoption (ongoing project with Novay) Pim Vullers Collis visiting RU Privacy in e-ticketing & e-identity 14 / 14

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information