a smart card based solution for user centric identity
play

A smart card based solution for user- centric identity management - PowerPoint PPT Presentation

Apr 03, 2023 •232 likes •460 views

A smart card based solution for user- centric identity management Jan Vossaert Researcher at KaHo Sint-Lieven Affiliated Researcher at KULeuven 1 Overview Introduction Approach Overview of the architecture Protocols

  1. A smart card based solution for user- centric identity management Jan Vossaert Researcher at KaHo Sint-Lieven Affiliated Researcher at KULeuven 1

  2. Overview • Introduction • Approach • Overview of the architecture • Protocols • Implementation details • Evaluation • Future work 2

  3. Introduction • Traditonal mechanisms for authentication – Password based solutions – X.509 certificates • Drawbacks – Token management – Mobility of tokens – Personalized services 3

  4. Introduction • Solutions – Federated identity management systems • Increased usability • No (or limited) user control • Identity provider can profile users • Web based • One identity provider • User impersonization • Weak login procedures 4

  5. Introduction • Solutions – Electronic identity technology • Increased mobility • No (or limited) user control • Only immutable attributes • Security versus scalability 5

  6. Introduction • Challenges – increased flexibility • Mutable attributes • Multiple identity providers – user control • Personalisation – online and offline services • Feasible revocation strategy 6

  7. Approach SP i ID X • Secure element is mediator between – Identity providers – Service providers • Access to attributes controlled by – external authorities: certificates – user: personalized policies at the card 7

  8. Approach • Privacy properties – No profiling • by identity providers • by collaborating service providers – Access control to personal information • by audit authorities • by user – No user impersonization 8

  9. Overview of the architecture (re)validation audit Deanon. certification service service service authority trusted module Time Handler Service request ID X Handler SP i SP j Cached ID Y (personalized) attributes SP k policies lastValTime SP l keys and SP m ID Z PIN based AC certificates user consent personalisation 9

  10. Overview of the architecture • Service provider certificate – Keeps a list of access rights approved by audit authority – Keeps a list of trusted identity provider (groups) • Identity provider certificate – Keeps a list of access rights • Public keys of root CAs are placed at the card 10

  11. Protocols • Card issuance – Common secret keypair • Prevents profiling – Card specific pseudonym • Used to generate service specific pseudonyms • Card revalidation – Mutual authentication – Card releases chip number • IF stillValid THEN update lastValTime ELSE block_card 11

  12. Protocols • Mutual authentication – Mutual key agreement protocol – SP  CARD • lastValTime used to check validity of SP Certificate • Short-lived server certificates – CARD  SP • proves to be genuine • lastValTime > accValTime 12

  13. Protocols • Access to (personalized) services (6)collect (3)verify attributes policy (1) mutual auth. Service request Handler ID X (2)attribute_query SP i Cert_SP Cached (7)release_attr’s attributes ID Y (personalized) policies lastValTime ID Z Cert_P (4)Attr (5) PIN query - maxRights - retention times for cached attributes - acceptable identity providers - ... 13

  14. Protocols • Access to personalized services – Special attribute  service specific pseudonym • nym IP = Hash(secret||Cert SP .subject) • Deanonymization – Releasing encrypted attributes – Can be decrypted by TTP 14

  15. Implementation details • Prototype on Gemalto TOP IM GX4 smart card – Java Card 2.2.1 – Performance constraints – No clock – Authorisation • PIN based 15

  16. Implementation details • Certificates – Standard X509 certificates • Authentication towards providers • Obtain derived card verifiable certificates – Custom card verifiable certificates • Trusted providers • Attribute ID list/Level of assurance 16

  17. Implementation details • Memory management – No garbage collection – Cached attributes • Value/retention time/LOA/last time of use/identity provider/… • Fixed set of byte arrays with variable length • Least recently used update policy – Static memory configuration 17

  18. Implementation details • Release attributes – Cached attributes – Attribute  identity provider • Personalization policies – Update policy based on PIN – Select cached attributes (persistent attributes) – Assign trust level to service providers – Assign sensitivity level to attributes 18

  19. Evaluation • Trust properties – Card issuer knows common key pair BUT card-specific secret is not known by card issuer – Trust in workstation for user interaction BUT implementation in SIM possible • Scalability & flexibility – Clear separation of duties – Representatives for set of identity providers – Flexible revocation strategy 19

  20. Evaluation • Controlled release of attributes – Access control at multiple levels • certificates, user policies, user consent – Limited value of attributes to SP – Proving properties of attributes – Encrypted attributes  accountability measures • Performance – 2 identity providers: 3461 ms – 1 identity providers: 2287 ms – 0 identity providers: 1110 ms 20

  21. Future work • Building concrete services and identity providers • Integration in Web applications • Fine-grained access policies • From smart card to SIM, dedicated module, ... • Accurate performance results 21

Recommend

Browser based approach for Smart Card Connectivity My Smart Card My Smart Card Kapil Sachdeva

Browser based approach for Smart Card Connectivity My Smart Card My Smart Card Kapil Sachdeva

Browser based approach for Smart Card Connectivity My Smart Card My Smart Card Kapil Sachdeva expiration: 09/10 Karen Lu Ksheerabdhi Krishna Challenges Installing crypto providers Breaks mobility Breaks ubiquity of web

425 views • 8 slides
Quantifying and Clustering User-Centric Considerations About Smart Home Device Adoption Nat M.

Quantifying and Clustering User-Centric Considerations About Smart Home Device Adoption Nat M.

Do Privacy and Security Matter to Everyone? Quantifying and Clustering User-Centric Considerations About Smart Home Device Adoption Nat M. Barbosa , Zhuohao Zhang, Yang Wang The Smart Home Adoption-Concern Conundrum

639 views • 10 slides
Smart Cards Carrying certificates around How do you use your [digital] identity? Install your

Smart Cards Carrying certificates around How do you use your [digital] identity? Install your

4/25/08 Smart Cards Carrying certificates around How do you use your [digital] identity? Install your certificate in browser On-computer keychain file Need there be more? 1 4/25/08 Smart cards Smart card Portable device

316 views • 4 slides
Internet Identity Initiatives Internet Identity Initiatives RL Bob Morgan University of

Internet Identity Initiatives Internet Identity Initiatives RL Bob Morgan University of

Internet Identity Initiatives Internet Identity Initiatives RL Bob Morgan University of Washington and Internet2 EMC2 Mlaga, S pain October 2006 Topics Topics Internet identity buzzwords/ proj ects: user-centric, sxip, dix,

395 views • 18 slides
Smart( Java )Card ... What & Why What - smart card Tiny PC without Human Interface

Smart( Java )Card ... What & Why What - smart card Tiny PC without Human Interface

Smart( Java )Card ... What & Why What - smart card Tiny PC without Human Interface capabilities CPU : 16b/32b RISC @ handful of MhZ Math co-processor: RSA/DES/AES/ECC RAM : X KB HDD : XX..XXX KB (EEPROM) NET :

568 views • 36 slides
Osmocom SIMtrace SIM card protocol tracing - why and how Harald Welte Harald Welte Osmocom

Osmocom SIMtrace SIM card protocol tracing - why and how Harald Welte Harald Welte Osmocom

Osmocom SIMtrace SIM card protocol tracing - why and how Harald Welte Harald Welte Osmocom SIMtrace November 2014 1 / 30 SIM Cards Smart Card Basics Terminology SIM Subscriber Identity Module USIM Universal Subscriber Identity Mdoule

682 views • 31 slides
B2C Creative Presentation 31.07.2009 Travel in Europe The new identity card lets you go on

B2C Creative Presentation 31.07.2009 Travel in Europe The new identity card lets you go on

B2C Creative Presentation 31.07.2009 Travel in Europe The new identity card lets you go on holiday in Europe without your passport. Fingerprint technology makes the new identity card so secure that European countries even accept it instead of

571 views • 26 slides
Summary User-centric Social Social Multimedia Multimedia Computing From Users: user-perceptive

Summary User-centric Social Social Multimedia Multimedia Computing From Users: user-perceptive

Summary User-centric Social Social Multimedia Multimedia Computing From Users: user-perceptive Content User-centric Cross-Network multimedia content analysis Multimedia computing On Users: social multimedia User activity-based user

498 views • 22 slides
Internet Identity Workshop IIW 2008b Introduction Johannes Ernst NetMesh Inc.

Internet Identity Workshop IIW 2008b Introduction Johannes Ernst NetMesh Inc.

Internet Identity Workshop IIW 2008b Introduction Johannes Ernst NetMesh Inc. http://netmesh.info/jernst Johannes Ernst Modern Identity History Facebook Proprietary et al. Yadis URL-based Age of identity Card-based interop

1.01k views • 24 slides
Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based

Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based

Contents Background Key Escrow free Identity-based Identity-based Cryptosystem Cryptosystem Identity-based Signature Conclusion Manik Lal Das DA-IICT, Gandhinagar, India About DA-IICT and Our Group DA-IICT is a private university,

563 views • 35 slides
User centric Cost based Flight Efficiency and Equity indicators . Dr. Javier Lpez

User centric Cost based Flight Efficiency and Equity indicators . Dr. Javier Lpez

User centric Cost based Flight Efficiency and Equity indicators . Dr. Javier Lpez Leons (Boeing Research & Technology Europe) Marcos Sanz Bravo (CRIDA A.I.E.) Belgrade, 30 of November 2017 Authors JAVIER LOPEZ LEONES , MANUEL

591 views • 58 slides
Identity Based Key Agreement Protocols N.P . Smart Department of Computer Science, University

Identity Based Key Agreement Protocols N.P . Smart Department of Computer Science, University

Identity Based Key Agreement Protocols N.P . Smart Department of Computer Science, University Of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB. Joint work with Liqun Chen and Michael Cheng 24th July 2006 N.P .

540 views • 39 slides
Smart Card to Mitigate Logical Attacks Tiana Razafindralambo, Guillaume Bouffard, Bhagyalekshmy N

Smart Card to Mitigate Logical Attacks Tiana Razafindralambo, Guillaume Bouffard, Bhagyalekshmy N

A Dynamic Syntax Interpretation for Java based Smart Card to Mitigate Logical Attacks Tiana Razafindralambo, Guillaume Bouffard, Bhagyalekshmy N Thampi , and Jean-Louis Lanet Smart Secure Devices (SSD) Team, XLIM/ Universit de Limoges, France

466 views • 17 slides
User-Centric Perspective UCP Working Group Our approach to this theme - We started by defining

User-Centric Perspective UCP Working Group Our approach to this theme - We started by defining

User-Centric Perspective UCP Working Group Our approach to this theme - We started by defining concepts and terms we thought were relevant - We told stories/use cases of user-centric process models in the wild as well as

907 views • 19 slides
Towards a Privacy-Preserving National Identity Card Yves Deswarte, Sbastien Gambs

Towards a Privacy-Preserving National Identity Card Yves Deswarte, Sbastien Gambs

Towards a Privacy-Preserving National Identity Card Yves Deswarte, Sbastien Gambs yves.deswarte@laas.fr, sebastien.gambs@irisa.fr Toulouse, France National Identity Card ! Discloses more information " No information leakage than needed

395 views • 8 slides
Smart Card Data in Public Transport Paul Bouman Also based on work of: Evelien van der Hurk,

Smart Card Data in Public Transport Paul Bouman Also based on work of: Evelien van der Hurk,

Department of Technology & Operations Management Smart Card Data in Public Transport Paul Bouman Also based on work of: Evelien van der Hurk, Timo Polman, Leo Kroon, Peter Vervest and Gbor Marti Complexity in Public Transport:

2.21k views • 55 slides
Electronic Treasury Enterprise Card GSA Smart Card Handbook Panel Discussion Smart Cards in

Electronic Treasury Enterprise Card GSA Smart Card Handbook Panel Discussion Smart Cards in

Electronic Treasury Enterprise Card GSA Smart Card Handbook Panel Discussion Smart Cards in Government 2004 March 10, 2004 What is the Electronic Treasury Enterprise Card (E-TREC)? E-TREC is the result of the Treasury Departments

507 views • 9 slides
Reverse engineering smart cards Christian M. Ams uss linuxwochen@christian.amsuess.com

Reverse engineering smart cards Christian M. Ams uss linuxwochen@christian.amsuess.com

Reverse engineering smart cards Christian M. Ams uss linuxwochen@christian.amsuess.com http://christian.amsuess.com/ 2010-05-06 Overview objective understand smart card communication based on sniffable communication hardware standard card

468 views • 20 slides
Moderator-controlled Information Sharing by Identity-based Aggregate Signatures for Information

Moderator-controlled Information Sharing by Identity-based Aggregate Signatures for Information

Moderator-controlled Information Sharing by Identity-based Aggregate Signatures for Information Centric Networking Tohru Asami 1 , Byambajav Namsraijav 1 , Yoshihiko Kawahara 1 , Kohei Sugiyama 2 , Atsushi Tagami 2 , Tomohiko Yagyu 3 , Kenichi

442 views • 29 slides
Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications

Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications

Secure Scuttlebutt: An Identity-Centric Protocol for Subjective and Decentralized Applications Dominic Tarr (SSB, New Zealand) Erick Lavoie (McGill University, Montreal) Aljoscha Meyer (TU Berlin, Germany) Christian Tschudin (U of

501 views • 18 slides
Intelligent Networks with a Owner-Centric design. ENABLING NEXT THE GENERATION INTERNET IoT is

Intelligent Networks with a Owner-Centric design. ENABLING NEXT THE GENERATION INTERNET IoT is

Intelligent Networks with a Owner-Centric design. ENABLING NEXT THE GENERATION INTERNET IoT is not a Cloud game It is a Network game What is IoT? Non-Legal Identity Legal Identity Legal Identity Non-Legal Identity IAM Legal Identity

248 views • 22 slides
SMART IMPLANT The only solution on the market that can make practically any appliance smart. A

SMART IMPLANT The only solution on the market that can make practically any appliance smart. A

SMART IMPLANT The only solution on the market that can make practically any appliance smart. A unique solution from FIBARO FIBARO listen intently to our customers and professional installers and analyze their needs to develop cutting-edge

353 views • 11 slides
K Keystroke based User t k b d U Identification on Smart Phones Saira Zahid 1 , Muhammad

K Keystroke based User t k b d U Identification on Smart Phones Saira Zahid 1 , Muhammad

RAID 2009 K Keystroke based User t k b d U Identification on Smart Phones Saira Zahid 1 , Muhammad Shahzad 1 , Syed Ali Khayam 1,2 , , , y y , Muddassar Farooq 1 1 Next Generation Intelligent Networks Research Center 2 School of

546 views • 28 slides
Sun Java TM System Identity Solution Stuart Sim Chief Architect Global Education & Research

Sun Java TM System Identity Solution Stuart Sim Chief Architect Global Education & Research

Sun Java TM System Identity Solution Stuart Sim Chief Architect Global Education & Research Sun Microsystems Agenda Business Drivers for Identity Management Suns Identity Management Solution Sun Java System Access Manager

1.12k views • 87 slides

More recommend