Gergely Alpár

Efficient Selective Disclosure on Smart Cards Using Idemix

In this paper we discuss an efficient implementation for selective disclosure of attribute-based credentials on smart cards. In this context we concentrate on the implementation of this core feature of IBM’s Identity Mixer (Idemix) technology. Using the MULTOS platform we are the first to provide this feature on a smart card. We compare Idemix with Microsoft’s U-Prove technology, as the latter also offers selective disclosure of attributes and has been implemented on a smart card [10].

Using NFC phones for proving credentials

In this paper we propose a new solution for mobile payments called Tap2 technology. To use it, users need only their NFC-enabled mobile phones and credentials implemented on their smart cards. An NFC device acts like a bridge between service providers and secure elements and the secure credentials (on the card) are never revealed. In this way, secure authentication can be obtained by means of anonymous credentials, implemented on a smart card to provide the functionality with minimal data disclosure. We propose to use zero-knowledge proofs based on attribute-based anonymous credentials to provide the security and privacy requirements in mobile payments. Other use cases include online shopping, easy payment, eGoverment proofs etc.

Fast Revocation of Attribute-Based Credentials for Both Users and Verifiers

Attribute-based credentials allow a user to prove properties about herself anonymously. Revoking such credentials, which requires singling them out, is hard because it is at odds with anonymity. All revocation schemes proposed to date either sacrifice anonymity altogether, require the parties to be online, or put high load on the user or the verifier. As a result, these schemes are either too complicated for low-powered devices like smart cards or they do not scale. We propose a new revocation scheme that has a very low computational cost for users and verifiers, and does not require users to process updates. We trade only a limited, but well-defined, amount of anonymity to make the first practical revocation scheme that is efficient at large scales and fast enough for smart cards.

Designated attribute-based proofs for RFID applications

Recent research has shown that using public-key cryptography in order to meet privacy requirements for RFID tags is not only necessary, but also now practically feasible. This has led to the development of new protocols like the Randomized Schnorr [6] identification protocol. This protocol ensures that the identity of a tag only becomes known to authorised readers. In this paper we generalize this protocol by introducing an attribute-based identification scheme. The proposed scheme preserves the designation of verification (i.e., only an authorised reader is able to learn the identity of a tag) while it allows tags to prove any subset of their attributes to authorised readers. The proposed scheme is proven to be secure and narrow-strong private.

New directions in IoT privacy using attribute-based authentication

The Internet of Things (IoT) is a ubiquitous system that incorporates not only the current Internet of computers, but also smart objects and sensors. IoT technologies often rely on centralised architectures that follow the current business models. This makes efficient data collection and processing possible, which can be beneficial from a business perspective, but has many ramifications for users privacy. As communication within the IoT happens among many devices from various contexts, they need to authenticate each other to know that they talk to the intended party. Authentication, typically including identification, is the proof of identity information. However, transactions linked to the same identifier are traceable, and ultimately make people also traceable, hence their privacy is threatened. We propose a framework to counter this problem. We argue that applying attribute-based (AB) authentication in the context of IoT empowers users to maintain control over what data their devices disclose. At the same time AB authentication provides the possibility of data minimisation and unlinkability of user transactions. Therefore, this approach improves substantially user privacy in the IoT.

A secure channel for attribute-based credentials: [short paper]

Attribute-based credentials (ABCs) are building blocks for user-centric identity management. They enable the disclosure of a minimum amount of information about their owner to a verifier, typically a service provider, to authorise the credential owner for some service, application, or resource. By directly applying attribute-disclosure protocols, the data is revealed not only to the verifier, but anyone who has access to the communication channel. Moreover, as verifiers are not intrinsically authenticated, one can accidentally reveal attributes to the wrong party. Therefore, a secure channel has to be established between the prover and the verifier. Although efficient ABC smart-card implementations exist, not always can they perform all prover features. An equality proof, for instance, is essential in creating pseudonyms that enable temporary identification and eventually establishing a channel. Without this feature, other techniques have to be developed. In this paper we apply a more general notion of authentication that does not require card identification or pseudonyms. Based on this concept, we propose a security model that includes mutual authentication and setting up a channel between a card and a verifier. We present two efficient and provably secure protocols under standard assumptions in the random oracle model.

Fast revocation of attribute-based credentials for both users and verifiers☆

Attribute-based credentials allow a user to prove properties about herself anonymously. Revoking such credentials, which requires singling them out, is hard because it is at odds with anonymity. All revocation schemes proposed to date either sacrifice anonymity altogether, require the parties to be online, or put high load on the user or the verifier. As a result, these schemes are either too complicated for low-powered devices such as smart cards or they do not scale. We propose a new revocation scheme that has a very low computational cost for users and verifiers, and does not require users to process updates. We trade only a limited, but well-defined, amount of anonymity to make the first practical revocation scheme that is efficient at large scales and fast enough for smart cards.

Towards Practical Attribute-Based Signatures

An attribute-based signature ABS is a special digital signature created using a dynamic set of issued attributes. For instance, a doctor can sign a medical statement with his name, medical license number and medical speciality. These attributes can be verified along with the signature by any verifier with the correct public keys of the respective attribute issuers. This functionality not only makes ABS a much more flexible alternative to the standard PKI-based signatures, but also offers the ability to create privacy-preserving signatures. However, none of the ABS constructions presented in the literature is practical or easily realizable. In fact, to the best of our knowledge, there is currently no ABS implementation used in practice anywhere. This is why we put forward a new ABS technique based on the IRMA attribute-based authentication. IRMA already has an efficient and practical smart-card implementation, and an experimental smart-phone implementation too. They are currently used in several pilot projects. In this paper, we propose an ABS scheme based on the existing IRMA technology, extending the currently available IRMA devices with ABS functionality. We study the practical issues that arise due to the introduction of the signature functionality to an existing attribute-based authentication scheme, and we propose possible cryptographic and infrastructural solutions. We also discuss use cases and implementation aspects.

Towards Practical Attribute-Based Identity Management: the IRMA Trajectory

IRMA is an abbreviation for “I Reveal My Attributes”, and at the same time it is the name of a project run by the Digital Security group of the University of Nijmegen and its partners to get attribute-based identity management up and running. This hands-on approach forces us to elaborate many unexplored issues, leading to a better understanding of attributes and their possibilities and challenges.

Avoiding man-in-the-middle attacks when verifying public terminals

An individual who intends to engage in sensitive transactions using a public terminal such as an ATM needs to trust that (a) all communications are indeed carried out with the intended terminal, (b) such communications are confidential, and (c) the terminal’s integrity is guaranteed. Satisfying such requirements prevents man-in-the-middle attacks and eavesdropping.