842 research outputs found
A Decentralised Digital Identity Architecture
Current architectures to validate, certify, and manage identity are based on
centralised, top-down approaches that rely on trusted authorities and
third-party operators. We approach the problem of digital identity starting
from a human rights perspective, with a primary focus on identity systems in
the developed world. We assert that individual persons must be allowed to
manage their personal information in a multitude of different ways in different
contexts and that to do so, each individual must be able to create multiple
unrelated identities. Therefore, we first define a set of fundamental
constraints that digital identity systems must satisfy to preserve and promote
privacy as required for individual autonomy. With these constraints in mind, we
then propose a decentralised, standards-based approach, using a combination of
distributed ledger technology and thoughtful regulation, to facilitate
many-to-many relationships among providers of key services. Our proposal for
digital identity differs from others in its approach to trust in that we do not
seek to bind credentials to each other or to a mutually trusted authority to
achieve strong non-transferability. Because the system does not implicitly
encourage its users to maintain a single aggregated identity that can
potentially be constrained or reconstructed against their interests,
individuals and organisations are free to embrace the system and share in its
benefits.Comment: 30 pages, 10 figures, 3 table
On the efficiency of revocation in RSA-based anonymous systems
© 2016 IEEEThe problem of revocation in anonymous authentication systems is subtle and has motivated a lot of work. One of the preferable solutions consists in maintaining either a whitelist L-W of non-revoked users or a blacklist L-B of revoked users, and then requiring users to additionally prove, when authenticating themselves, that they are in L-W (membership proof) or that they are not in L-B (non-membership proof). Of course, these additional proofs must not break the anonymity properties of the system, so they must be zero-knowledge proofs, revealing nothing about the identity of the users. In this paper, we focus on the RSA-based setting, and we consider the case of non-membership proofs to blacklists L = L-B. The existing solutions for this setting rely on the use of universal dynamic accumulators; the underlying zero-knowledge proofs are bit complicated, and thus their efficiency; although being independent from the size of the blacklist L, seems to be improvable. Peng and Bao already tried to propose simpler and more efficient zero-knowledge proofs for this setting, but we prove in this paper that their protocol is not secure. We fix the problem by designing a new protocol, and formally proving its security properties. We then compare the efficiency of the new zero-knowledge non-membership protocol with that of the protocol, when they are integrated with anonymous authentication systems based on RSA (notably, the IBM product Idemix for anonymous credentials). We discuss for which values of the size k of the blacklist L, one protocol is preferable to the other one, and we propose different ways to combine and implement the two protocols.Postprint (author's final draft
Scaling Distributed Ledgers and Privacy-Preserving Applications
This thesis proposes techniques aiming to make blockchain technologies and smart contract platforms practical by improving their scalability, latency, and privacy. This thesis starts by presenting the design and implementation of Chainspace, a distributed ledger that supports user defined smart contracts and execute user-supplied transactions on their objects. The correct execution of smart contract transactions is publicly verifiable. Chainspace is scalable by sharding state; it is secure against subsets of nodes trying to compromise its integrity or availability properties through Byzantine Fault Tolerance (BFT). This thesis also introduces a family of replay attacks against sharded distributed ledgers targeting cross-shard consensus protocols; they allow an attacker, with network access only, to double-spend resources with minimal efforts. We then build Byzcuit, a new cross-shard consensus protocol that is immune to those attacks and that is tailored to run at the heart of Chainspace. Next, we propose FastPay, a high-integrity settlement system for pre-funded payments that can be used as a financial side-infrastructure for Chainspace to support low-latency retail payments. This settlement system is based on Byzantine Consistent Broadcast as its core primitive, foregoing the expenses of full atomic commit channels (consensus). The resulting system has extremely low-latency for both confirmation and payment finality. Finally, this thesis proposes Coconut, a selective disclosure credential scheme supporting distributed threshold issuance, public and private attributes, re-randomization, and multiple unlinkable selective attribute revelations. It ensures authenticity and availability even when a subset of credential issuing authorities are malicious or offline, and natively integrates with Chainspace to enable a number of scalable privacy-preserving applications
Fast IDentity Online with Anonymous Credentials (FIDO-AC)
Web authentication is a critical component of today's Internet and the
digital world we interact with. The FIDO2 protocol enables users to leverage
common devices to easily authenticate to online services in both mobile and
desktop environments following the passwordless authentication approach based
on cryptography and biometric verification. However, there is little to no
connection between the authentication process and users' attributes. More
specifically, the FIDO protocol does not specify methods that could be used to
combine trusted attributes with the FIDO authentication process generically and
allows users to disclose them to the relying party arbitrarily. In essence,
applications requiring attributes verification (e.g. age or expiry date of a
driver's license, etc.) still rely on ad-hoc approaches, not satisfying the
data minimization principle and not allowing the user to vet the disclosed
data. A primary recent example is the data breach on Singtel Optus, one of the
major telecommunications providers in Australia, where very personal and
sensitive data (e.g. passport numbers) were leaked. This paper introduces
FIDO-AC, a novel framework that combines the FIDO2 authentication process with
the user's digital and non-shareable identity. We show how to instantiate this
framework using off-the-shelf FIDO tokens and any electronic identity document,
e.g., the ICAO biometric passport (ePassport). We demonstrate the practicality
of our approach by evaluating a prototype implementation of the FIDO-AC system.Comment: to be published in the 32nd USENIX Security Symposium(USENIX 2023
Assessment of attribute-based credentials for privacy-preserving road traffic services in smart cities
Smart cities involve the provision of advanced services for road traffic users. Vehicular ad hoc networks (VANETs) are a promising communication technology in this regard. Preservation of privacy is crucial in these services to foster their acceptance. Previous approaches have mainly focused on PKI-based or ID-based cryptography. However, these works have not fully addressed the minimum information disclosure principle. Thus, questions such as how to prove that a driver is a neighbour of a given zone, without actually disclosing his identity or real address, remain unaddressed. A set of techniques, referred to as Attribute-Based Credentials (ABCs), have been proposed to address this need in traditional computation scenarios. In this paper, we explore the use of ABCs in the vehicular context. For this purpose, we focus on a set of use cases from European Telecommunications Standards Institute (ETSI) Basic Set of Applications, specially appropriate for the early development of smart cities. We assess which ABC techniques are suitable for this scenario, focusing on three representative ones—Idemix, U-Prove and VANET-updated Persiano systems. Our experimental results show that they are feasible in VANETs considering state-of-the-art technologies, and that Idemix is the most promising technique for most of the considered use cases.This work was supported by the MINECO grant TIN2013-46469-R (SPINY: Security and Privacy in the Internet of You); the CAM grant S2013/ICE-3095 (CIBERDINE: Cybersecurity, Data, and Risks) and by the MINECO grant TIN2016-79095-C2-2-R (SMOG-DEV - Security mechanisms for fog computing: advanced security for devices). Jose Maria de Fuentes and Lorena Gonzalez were also supported by the Programa de Ayudas para la Movilidad of Carlos III University of Madrid
Anonymity and trust in the electronic world
Privacy has never been an explicit goal of authorization mechanisms. The traditional
approach to authorisation relies on strong authentication of a stable identity
using long term credentials. Audit is then linked to authorization via the same
identity. Such an approach compels users to enter into a trust relationship with
large parts of the system infrastructure, including entities in remote domains. In
this dissertation we advance the view that this type of compulsive trust relationship
is unnecessary and can have undesirable consequences. We examine in some
detail the consequences which such undesirable trust relationships can have on
individual privacy, and investigate the extent to which taking a unified approach
to trust and anonymity can actually provide useful leverage to address threats to
privacy without compromising the principal goals of authentication and audit. We
conclude that many applications would benefit from mechanisms which enabled
them to make authorization decisions without using long-term credentials. We
next propose specific mechanisms to achieve this, introducing a novel notion of
a short-lived electronic identity, which we call a surrogate. This approach allows
a localisation of trust and entities are not compelled to transitively trust other entities
in remote domains. In particular, resolution of stable identities needs only
ever to be done locally to the entity named. Our surrogates allow delegation, enable
role-based access control policies to be enforced across multiple domains,
and permit the use of non-anonymous payment mechanisms, all without compromising
the privacy of a user. The localisation of trust resulting from the approach
proposed in this dissertation also has the potential to allow clients to control the
risks to which they are exposed by bearing the cost of relevant countermeasures
themselves, rather than forcing clients to trust the system infrastructure to protect
them and to bear an equal share of the cost of all countermeasures whether or not
effective for them. This consideration means that our surrogate-based approach
and mechanisms are of interest even in Kerberos-like scenarios where anonymity
is not a requirement, but the remote authentication mechanism is untrustworthy
- …