Attribute-proving for Smart Cards

Similar documents
Privacy in e-ticketing & e-identity

Enhanced Privacy ID (EPID) Ernie Brickell and Jiangtao Li Intel Corporation

Simplified Security Notions of Direct Anonymous Attestation and a Concrete Scheme from Pairings

QUT Digital Repository:

A New and Efficient Signature on Commitment Values

A Survey on Untransferable Anonymous Credentials

The Impact of Cryptography on Platform Security

Mobile Electronic Payments

10 Secure Electronic Transactions: Overview, Capabilities, and Current Status

Electronic Voting Protocol Analysis with the Inductive Method

Security in Electronic Payment Systems

A User-centric Federated Single Sign-on System

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

A Guide to EMV. Version 1.0 May Copyright 2011 EMVCo, LLC. All rights reserved.

Group Signatures: Authentication with Privacy

Protocols for Secure Cloud Computing

Ciphire Mail. Abstract

Entrust Smartcard & USB Authentication

Implementation and Adaptation of the Pseudonymous PKI for Ubiquitous Computing for Car-2-Car Communication

Privacy in Cloud Computing Through Identity Management

Acronym Term Description

Single Sign-On Secure Authentication Password Mechanism

Biometrics, Tokens, & Public Key Certificates

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

OIO SAML Profile for Identity Tokens

IBM Payment Registry Delivers a Certificate Authority to Promote More-Secure Credit Card Transactions over the Internet

INFORMATION TECHNOLOGY SECURITY: PORTFOLIO OVERVIEW

Extended SSL Certificates

Secure Cloud Identity Wallet

Design and Implementation of the idemix Anonymous Credential System

Rights Management Services

ECC Certificate Addendum to the Comodo EV Certification Practice Statement v.1.03

Digital Identity Management

Security Digital Certificate Manager

Notarized Federated Identity Management for Web Services

Security Digital Certificate Manager

1. Product Overview 2. Product Features 3. Comparison Chart 4. Product Applications 5. Order Information 6. Q & A

Procedure for How to Enroll for Digital Signature

Electronic Cash Payment Protocols and Systems

A blind digital signature scheme using elliptic curve digital signature algorithm

TELECOMMUNICATION NETWORKS

Digital Certificates Demystified

Introducing etoken. What is etoken?

Smart Card Application Development Using Java

IBM i Version 7.3. Security Digital Certificate Manager IBM

Privacy-preserving Digital Identity Management for Cloud Computing

How To Protect Privacy In A Computer System

HTTPS is Fast and Hassle-free with CloudFlare

Extending DigiD to the Private Sector (DigiD-2)

INTEGRATION GUIDE MS OUTLOOK 2003 VERSION 2.0

GENERIC SECURITY FRAMEWORK FOR CLOUD COMPUTING USING CRYPTONET

Glossary of Key Terms

NIST s FIPS 201: Personal Identity Verification (PIV) of Federal Employees and Contractors Masaryk University in Brno Faculty of Informatics

ECCA 2014 Conference Santander

Microsoft Identity Lifecycle Manager & Gemalto.NET Solutions. Jan 23 rd, 2007

Fighting product clones through digital signatures

Card Management System Integration Made Easy: Tools for Enrollment and Management of Certificates. September 2006

D7.1 Application Description for Students

Key & Data Storage on Mobile Devices

Floating Car Data from Smartphones: What Google And Waze Know About You and How Hackers Can Control Traffic

ALPTEKİN KÜPÇÜ. Assistant Professor of Computer Science and Engineering

RF-Enabled Applications and Technology: Comparing and Contrasting RFID and RF-Enabled Smart Cards

NIST Test Personal Identity Verification (PIV) Cards

Enabling SSL and Client Certificates on the SAP J2EE Engine

What Issuers Need to Know Top 25 Questions on EMV Chip Cards and Personalization

Getting Started with AD/LDAP SSO

Server based signature service. Overview

Public Key Applications & Usage A Brief Insight

PUBLIC Secure Login for SAP Single Sign-On Implementation Guide

A Movie Streaming Application & ABC4Trust as Services in the Cloud. Dr. Anja Lehmann

ARTICLE 29 Data Protection Working Party

Privacy-preserving Data-aggregation for Internet-of-things in Smart Grid

Transcription:

Attribute-proving for Smart Cards progress made over the past two years ir. Pim Vullers p.vullers@cs.ru.nl Institute for Computing and Information Sciences Digital Security 5th October 2011 Pim Vullers e-transport Forum Attribute-proving for Smart Cards 1 / 15

Outline Pim Vullers e-transport Forum Attribute-proving for Smart Cards 2 / 15

(Verheul, Radboud University) Main ingredient: Attribute certificate Single attribute Issuer s signature Prover s public key Issuance Issuer learns the public key Strongly identifying Attribute proving Fresh blinding of certificate and public key for each session Untraceable Performance Keep smart card implementation in mind while designing. Pim Vullers e-transport Forum Attribute-proving for Smart Cards 3 / 15

(Verheul, Radboud University) Results Good performance: Batina et al. (2010): 1.5 seconds (for 1 attribute) Hoepman, Jacobs and Vullers (2010): 0.6 seconds (for 1) Anonymous credentials on smart cards are becoming possible Issues This protocol proves only a single attribute (efficiency) Attributes do not have values Revocation is not supported by the current protocol Major bottleneck is the limited access to the cryptographic coprocessor of the Java Card smart card Pim Vullers e-transport Forum Attribute-proving for Smart Cards 4 / 15

Outline Pim Vullers e-transport Forum Attribute-proving for Smart Cards 5 / 15

(Brands, Microsoft) Main ingredient: token Multiple attributes Token s public key Issuer s signature Blind issuance Issuer does not learn the public key, only the attribute values Issuer unlinkability Selective disclosure Prover can decide which (properties of) attributes to show Data minimisation Traceability Public key and signature can be used as a pseudonym. Pim Vullers e-transport Forum Attribute-proving for Smart Cards 6 / 15

(Brands, Microsoft) Results Previous Java Card implementation: Tews and Jacobs (2009) 5 seconds (for 2 attributes), 8 seconds (for 4) Previous MULTOS implementation: 2.9 seconds (for 2 out of 5 attributes), 9 seconds (issuing 5) Efficient MULTOS impl.: Mostowski and Vullers (2011) 0.5 seconds (for 2), 0.8 seconds (for 5) Compatible with SDK (only smart card limitations) Pim Vullers e-transport Forum Attribute-proving for Smart Cards 7 / 15

(Brands, Microsoft) time (ms) 6000 5489 4808 4181 3623 3095 2784 2933 3131 2281 2521 0 1 2 3 4 5 # attributes Figure: token issuance times ( : computation, : overhead). Pim Vullers e-transport Forum Attribute-proving for Smart Cards 8 / 15

(Brands, Microsoft) time (ms) time (ms) 1000 550 487 433 372 304 245 0 0 1 2 # disclosed (a) 2 stored attributes 1000 869 814 764 708 648 651 586 594 530 469 406 343 0 0 1 2 3 4 5 (b) 5 stored attributes # disclosed Figure: Attribute proving times ( : computation, : overhead). Pim Vullers e-transport Forum Attribute-proving for Smart Cards 9 / 15

(Brands, Microsoft) Results Previous Java Card implementation: Tews and Jacobs (2009) 5 seconds (for 2 attributes), 8 seconds (for 4) Efficient MULTOS impl.: Mostowski and Vullers (2011) 0.5 seconds (for 2), 0.8 seconds (for 5) Compatible with SDK (only smart card limitations) Issues The token serves as a pseudonym (multi-show linkability) Microsoft pursues a different smart card approach Advanced features (derived attributes) are costly Our MULTOS cards have little RAM and limited cryptography Pim Vullers e-transport Forum Attribute-proving for Smart Cards 10 / 15

Outline Pim Vullers e-transport Forum Attribute-proving for Smart Cards 11 / 15

(Camenisch & Lysyanskaya, IBM Research Zürich) Components Pseudonyms Camenisch-Lysyanskaya signatures blind signature scheme self-blindable signatures Zero-knowledge proofs Features Both issuer and multi-show unlinkability Efficient attributes encoding Complexity The many zero-knowledge proofs make it hard to understand and lead to a high computational complexity. Pim Vullers e-transport Forum Attribute-proving for Smart Cards 12 / 15

(Camenisch & Lysyanskaya, IBM Research Zürich) Results Direct Anonymous Attestation Commercial use of anonymous credentials Anonymous authentication of a TPM No attributes Java Card implementations (of DAA): Bichsel et al. (2009): 7.5 seconds Sterckx et al. (2009): 3 seconds Issues Complexity (steep learning curve) Only smart card implementations for DAA Memory management seems to be the biggest problem Pim Vullers e-transport Forum Attribute-proving for Smart Cards 13 / 15

Outline Pim Vullers e-transport Forum Attribute-proving for Smart Cards 14 / 15

Anonymous credentials on smart cards are becoming possible Our results are in line with previous work Major bottleneck: Java Cards: limited access to the cryptographic coprocessor MULTOS: little RAM and limited cryptography (RSA > 1024, ECC) support Challenges for future research Implementing on MULTOS Study of other schemes (German ID card, French scheme) Dealing with smart card platform shortcomings Adoption (ongoing project with Novay) Pim Vullers e-transport Forum Attribute-proving for Smart Cards 15 / 15

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information