43 research outputs found
Fast IDentity Online with Anonymous Credentials (FIDO-AC)
Web authentication is a critical component of today's Internet and the
digital world we interact with. The FIDO2 protocol enables users to leverage
common devices to easily authenticate to online services in both mobile and
desktop environments following the passwordless authentication approach based
on cryptography and biometric verification. However, there is little to no
connection between the authentication process and users' attributes. More
specifically, the FIDO protocol does not specify methods that could be used to
combine trusted attributes with the FIDO authentication process generically and
allows users to disclose them to the relying party arbitrarily. In essence,
applications requiring attributes verification (e.g. age or expiry date of a
driver's license, etc.) still rely on ad-hoc approaches, not satisfying the
data minimization principle and not allowing the user to vet the disclosed
data. A primary recent example is the data breach on Singtel Optus, one of the
major telecommunications providers in Australia, where very personal and
sensitive data (e.g. passport numbers) were leaked. This paper introduces
FIDO-AC, a novel framework that combines the FIDO2 authentication process with
the user's digital and non-shareable identity. We show how to instantiate this
framework using off-the-shelf FIDO tokens and any electronic identity document,
e.g., the ICAO biometric passport (ePassport). We demonstrate the practicality
of our approach by evaluating a prototype implementation of the FIDO-AC system.Comment: to be published in the 32nd USENIX Security Symposium(USENIX 2023
Electronic Voting: 6th International Joint Conference, E-Vote-ID 2021, Virtual Event, October 5–8, 2021: proceedings
This volume contains the papers presented at E-Vote-ID 2021, the Sixth International
Joint Conference on Electronic Voting, held during October 5–8, 2021. Due to the
extraordinary situation brought about by the COVID-19, the conference was held
online for the second consecutive edition, instead of in the traditional venue in
Bregenz, Austria. The E-Vote-ID conference is the result of the merger of the EVOTE
and Vote-ID conferences, with first EVOTE conference taking place 17 years ago in
Austria. Since that conference in 2004, over 1000 experts have attended the venue,
including scholars, practitioners, authorities, electoral managers, vendors, and PhD
students. The conference focuses on the most relevant debates on the development of
electronic voting, from aspects relating to security and usability through to practical
experiences and applications of voting systems, also including legal, social, or political
aspects, amongst others, and has turned out to be an important global referent in
relation to this issue
Sixth International Joint Conference on Electronic Voting E-Vote-ID 2021. 5-8 October 2021
This volume contains papers presented at E-Vote-ID 2021, the Sixth International Joint Conference on Electronic Voting, held during October 5-8, 2021. Due to the extraordinary situation provoked by Covid-19 Pandemic, the conference is held online for second consecutive edition, instead of in the traditional venue in Bregenz, Austria. E-Vote-ID Conference resulted from the merging of EVOTE and Vote-ID and counting up to 17 years since the _rst E-Vote conference in Austria. Since that conference in 2004, over 1000 experts have attended the venue, including scholars, practitioners, authorities, electoral managers, vendors, and PhD Students. The conference collected the most relevant debates on the development of Electronic Voting, from aspects relating to security and usability through to practical experiences and applications of voting systems, also including legal, social or political aspects, amongst others; turning out to be an important global referent in relation to this issue.
Also, this year, the conference consisted of:
· Security, Usability and Technical Issues Track
· Administrative, Legal, Political and Social Issues Track
· Election and Practical Experiences Track
· PhD Colloquium, Poster and Demo Session on the day before the conference
E-VOTE-ID 2021 received 49 submissions, being, each of them, reviewed by 3 to 5 program committee members, using a double blind review process. As a result, 27 papers were accepted for its presentation in the conference. The selected papers cover a wide range of topics connected with electronic voting, including experiences and revisions of the real uses of E-voting systems and corresponding processes in elections.
We would also like to thank the German Informatics Society (Gesellschaft für Informatik) with its ECOM working group and KASTEL for their partnership over many years. Further we would like to thank the Swiss Federal Chancellery and the Regional Government of Vorarlberg for their kind support. EVote-
ID 2021 conference is kindly supported through European Union's Horizon 2020 projects ECEPS (grant agreement 857622) and mGov4EU (grant agreement 959072). Special thanks go to the members of the international program committee for their hard work in reviewing, discussing, and shepherding papers. They ensured the high quality of these proceedings with their knowledge and experience
Advances in Information Security and Privacy
With the recent pandemic emergency, many people are spending their days in smart working and have increased their use of digital resources for both work and entertainment. The result is that the amount of digital information handled online is dramatically increased, and we can observe a significant increase in the number of attacks, breaches, and hacks. This Special Issue aims to establish the state of the art in protecting information by mitigating information risks. This objective is reached by presenting both surveys on specific topics and original approaches and solutions to specific problems. In total, 16 papers have been published in this Special Issue
The Prom Problem: Fair and Privacy-Enhanced Matchmaking with Identity Linked Wishes
In the Prom Problem (TPP), Alice wishes to attend a school dance with Bob and needs a risk-free, privacy preserving way to find out whether Bob shares that same wish. If not, no one should know that she inquired about it, not even Bob. TPP represents a special class of matchmaking challenges, augmenting the properties of privacy-enhanced matchmaking, further requiring fairness and support for identity linked wishes (ILW) – wishes involving specific identities that are only valid if all involved parties have those same wishes.
The Horne-Nair (HN) protocol was proposed as a solution to TPP along with a sample pseudo-code embodiment leveraging an untrusted matchmaker. Neither identities nor pseudo-identities are included in any messages or stored in the matchmaker’s database. Privacy relevant data stay within user control. A security analysis and proof-of-concept implementation validated the approach, fairness was quantified, and a feasibility analysis demonstrated practicality in real-world networks and systems, thereby bounding risk prior to incurring the full costs of development.
The SecretMatch™ Prom app leverages one embodiment of the patented HN protocol to achieve privacy-enhanced and fair matchmaking with ILW. The endeavor led to practical lessons learned and recommendations for privacy engineering in an era of rapidly evolving privacy legislation. Next steps include design of SecretMatch™ apps for contexts like voting negotiations in legislative bodies and executive recruiting. The roadmap toward a quantum resistant SecretMatch™ began with design of a Hybrid Post-Quantum Horne-Nair (HPQHN) protocol. Future directions include enhancements to HPQHN, a fully Post Quantum HN protocol, and more
Principles of Security and Trust
This open access book constitutes the proceedings of the 8th International Conference on Principles of Security and Trust, POST 2019, which took place in Prague, Czech Republic, in April 2019, held as part of the European Joint Conference on Theory and Practice of Software, ETAPS 2019. The 10 papers presented in this volume were carefully reviewed and selected from 27 submissions. They deal with theoretical and foundational aspects of security and trust, including on new theoretical results, practical applications of existing foundational ideas, and innovative approaches stimulated by pressing practical problems