I2PA, U-prove, and Idemix: An Evaluation of Memory Usage and Computing Time Efficiency in an IoT Context

The Internet of Things (IoT), in spite of its innumerable advantages, brings many challenges namely issues about users' privacy preservation and constraints about lightweight cryptography. Lightweight cryptography is of capital importance since IoT devices are qualified to be resource-constrained. To address these challenges, several Attribute-Based Credentials (ABC) schemes have been designed including I2PA, U-prove, and Idemix. Even though these schemes have very strong cryptographic bases, their performance in resource-constrained devices is a question that deserves special attention. This paper aims to conduct a performance evaluation of these schemes on issuance and verification protocols regarding memory usage and computing time. Recorded results show that both I2PA and U-prove present very interesting results regarding memory usage and computing time while Idemix presents very low performance with regard to computing time

Efficient U-Prove Implementation for Anonymous Credentials on Smart Cards

Contains fulltext : 103326.pdf (author's version ) (Closed access

Efficient U-Prove Implementation for Anonymous Credentials on Smart Cards

Summary. In this paper we discuss an efficient implementation of anonymous credentials on smart cards. In general, privacy-preserving protocols are computationally intensive and require the use of advanced cryptography. Implementing such protocols for smart cards involves a trade-off between the requirements of the protocol and the capabilities of the smart card. In this context we concentrate on the implementation of Microsoft’s U-Prove technology on the MULTOS smart card platform. Our implementation aims at making the smart card independent of any other resources, either computational or storage. In contrast, Microsoft suggests an alternative approach based on device-protected tokens which only uses the smart card as a security add-on. Given our very good performance results we argue that our approach should be considered in favour of Microsoft’s one. Furthermore we provide a brief comparison between Java Card and MULTOS which illustrates our choice to implement this technology on the latter more flexible and low-level platform rather than the former

With a Little Help from My Friends: Constructing Practical Anonymous Credentials

Anonymous credentials (ACs) are a powerful cryptographic tool for the secure use of digital services, when simultaneously aiming for strong privacy guarantees of users combined with strong authentication guarantees for providers of services. They allow users to selectively prove possession of attributes encoded in a credential without revealing any other meaningful information about themselves. While there is a significant body of research on AC systems, modern use-cases of ACs such as mobile applications come with various requirements not sufficiently considered so far. These include preventing the sharing of credentials and coping with resource constraints of the platforms (e.g., smart cards such as SIM cards in smartphones). Such aspects are typically out of scope of AC constructions, and, thus AC systems that can be considered entirely practical have been elusive so far. In this paper we address this problem by introducing and formalizing the notion of core/helper anonymous credentials (CHAC). The model considers a constrained core device (e.g., a SIM card) and a powerful helper device (e.g., a smartphone). The key idea is that the core device performs operations that do not depend on the size of the credential or the number of attributes, but at the same time the helper device is unable to use the credential without its help. We present a provably secure generic construction of CHACs using a combination of signatures with flexible public keys (SFPK) and the novel notion of aggregatable attribute-based equivalence class signatures (AAEQ) along with a concrete instantiation. The key characteristics of our scheme are that the size of showing tokens is independent of the number of attributes in the credential(s) and that the core device only needs to compute a single elliptic curve scalar multiplication, regardless of the number of attributes. We confirm the practical efficiency of our CHACs with an implementation of our scheme on a Multos smart card as the core and an Android smartphone as the helper device. A credential showing requires less than 500 ms on the smart card and around 200 ms on the smartphone (even for a credential with 1000 attributes)

Aprimoramento da privacidade em infraestruturas de chaves públicas centradas no usuário e baseadas em notários

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Ciência da Computação, Florianópolis, 2014.Este trabalho tem como objetivo propor novas alternativas de Infraestrutura de Chaves Públicas (ICP) para prover um melhor gerenciamento das identidades, dos atributos e da privacidade dos usuários finais no âmbito de uma Infraestrutura de Autenticação e Autorização (IAA). Neste trabalho são descritas três alternativas: ICP Baseada em Atributos, ICP Centrada no Usuário e ICP Centrada no Usuário com Autenticação Anônima. A partir de uma visão crítica apresentada ao modelo de uma ICP X.509 e também com o uso de certificados de atributos, foram levantadas as limitações de suas adoções e utilizações, bem como a falta de suporte e o fornecimento na privacidade do usuário. Baseadas em Autoridades Notariais para fornecer a confiabilidade dos dados, as propostas utilizam-se do paradigma centrado no usuário para prover um maior controle para o usuário gerenciar e apresentar seus atributos, facilitando nos procedimentos de emissão e verificação das credenciais. As principais diferenças entre as propostas estão no fornecimento de diferentes níveis de privacidade para o usuário final e por meio da utilização de diferentes mecanismos criptográficos, tais como a Criptografia Baseada em Identidades (CBI) e provas de autenticação zero-knowledge. As propostas são analisadas e comparadas entre si e entre cinco outros sistemas, protocolos ou tecnologias utilizadas em uma IAA: ICP X.509 com certificados de atributos, OpenID, framework Shibboleth, U-Prove e Idemix. As suas escolhas se dão pela ampla utilização ou pelos resultados de projetos e pesquisas no meio acadêmico e privado, destacando ou não na privacidade do usuário. Mostra-se que as alternativas de ICP permitem uma simplificação na emissão de credenciais com chaves criptográficas, na verificação destas credenciais, no suporte a diferentes níveis de privacidade para o usuário, com uma alternativa em definir um justo modelo de negócio e a possibilidade de utilização em procedimentos de assinatura de documentos eletrônicos.Abstract : This work aims to propose new alternatives for Public Key Infrastructure (PKI) to improve the management of identities, attributes and privacy of end users within an Authentication and Authorization Infrastructure (AAI). In this work three alternatives are described: PKI Based on Attributes, User-Centric PKI and User-Centric PKI with Anonymous Authentication. From a critical view introduced to the X.509 PKI model and also with the use of attributes certificates, was raised the limitations of their adoption and uses, as well as the lack of the support and the supply of the user's privacy. Based on Notary Authorities to provide data reliability, the proposed alternatives use of user-centric paradigm to provide more control for the user to manage and to present their attributes, making it easier procedures for issuing and verificating credentials. The main differences between the proposals are in providing different levels of end-user's privacy and through the use of different cryptographic mechanisms, such as Identity-Based Cryptography (IBC) and zero-knowledge authentication proofs. The proposals are analyzed and compared with each other and with five other systems, protocols or technologies used in an IAA: X.509 PKI with attribute certificates, OpenID, Shibboleth framework, U-Prove and Idemix. The choices are given by the widespread use or the results from academic and private's research and projects, focusing or not on user's privacy. It is shown that the PKI's alternatives allow a simplification in the issuance of credentials with cryptographic keys, the verification of that credentials, in supporting different levels of user's privacy, an alternative to defining a fair business model and the possibility of using in procedures for signing electronic documents