AN EXTENSIBLE AND PRIVACY- PRESERVING MOBILE ID Michael Hölzl, MSc Institute of Networks and Security, JKU Linz IKT Sicherheitskonferenz 2017 26. September 2017, Villach
Digital Identity: State of the Art OpenID: some (large) providers, many (small) consumers Facebook Google ... FIDO U2F UAF Governmental eIDs (German ePerso, Austrian “Bürgerkarte”, etc.) → optimized for web page login, not physical identification Extensibility in a Privacy-preserving eID 2
Motivating Scenario: Convergence of Security-Critical Services Extensibility in a Privacy-preserving eID 3
Mobile eID Use Case 1: Driving license verification by Police All relevant attributes need to be presented, e.g. ID number: Name 123456789 Date of birth Surname: Full-resolution photo EINSTEIN Vehicle classes Givenname: Albert Restrictions/limitations ... Date of Birth: Sex: 1879-03-14 M Offline ID attributes transfer and Place of Birth: GENUINE offline verification Ulm, Germany Citizenship: Should also work when mobile USA, Switzerland phone battery is empty! Signature: Extensibility in a Privacy-preserving eID 4
Mobile eID Use Case 2: Age Verification Age verification by e.g. Automated vending machines ID number: Bouncers at clubs 123456789 Entrance staff for birthday Surname: rebate promotions EINSTEIN Givenname: Only age attribute should be Albert transferred in privacy- Date of Birth: Sex: sensitive manner 1879-03-14 M > 16 years Place of Birth: GENUINE Ulm, Germany Citizenship: USA, Switzerland Signature: Extensibility in a Privacy-preserving eID 5
Mobile eID Use Case 3: Time-based Ticket for Public Transport Typical for public transport Monthly ID number: Yearly 123456789 (any time period) Surname: EINSTEIN No identifiers should be Givenname: transferred Albert Location traces are highly Date of Birth: Sex: sensitive personal data 1879-03-14 M > 16 years Place of Birth: GENUINE Ulm, Germany Citizenship: USA, Switzerland Signature: Extensibility in a Privacy-preserving eID 6
Extensible and Privacy-preserving Mobile eID Extensibility in a Privacy-preserving eID 7
Building Blocks NFC Secure Element (SE) Protect identity keys & integrity assurances Code isolation Can be powered by the NFC field Downside: constrained performance (see [1]) Attribute-based Credentials (ABC) Issuance of attributes within a cryptographic container (credential) by trusted authority Allows selective disclosure (SD) of these attributes Downside: operations can become time-consuming (especially on an SE, e.g. [2]) Extensibility in a Privacy-preserving eID 8
Extensibility and Privacy-preserving Mechanisms Domains eID derives pseudonym for each enrolled ID number: 123456789 domain Surname: Domain can add data attributes to eID (e.g. EINSTEIN Givenname: transport ticket validity period) Albert Trust-on-First-Use (TOFU) database protects derive against pseudonym linking Profiles Controlled by user Defines the set of accessible attributes Can be associated with a domain Extensibility in a Privacy-preserving eID 9
Secure Channel Protocols Purpose eID validation Profile selection Attribute exchange We define two processes Domain enrollment Verification Extensibility in a Privacy-preserving eID 10
Protocols: Domain Enrollment Initiated by eID holder on mobile device User approves with PIN/password Secure channel between SE and domain manager Based on Alpár and Hoepmann in [3] ABC to authenticate session keys Use of the nonce of the selective disclosure (SD) mechanism Combined with a domain pseudonym derivation Extensibility in a Privacy-preserving eID 11
Protocols: Domain Enrollment Extensibility in a Privacy-preserving eID 12
Evaluation Storage Space on SE Each enrolled domain requires: 1x EC-point, 1x profile description (e.g. 4 bytes for 32 attributes) ➔ 69 bytes Computation times on SE Domain enrollment Verification Extensibility in a Privacy-preserving eID 13
Austrian mobile Driving License (AmDL) Current prototype at research center u'smile Extensibility in a Privacy-preserving eID 14
Conclusion Mobile eID for real-world identification Possibility to use it for many services ID number: 123456789 Protocols for efficient attribute Surname: EINSTEIN exchange Givenname: Albert Date of Birth: Sex: 1879-03-14 M Place of Birth: Ulm, Germany Protocols can be run on smart cards Citizenship: USA, Switzerland Signature: within reasonable time (below 2s) Extensibility in a Privacy-preserving eID 15
AN EXTENSIBLE AND PRIVACY- PRESERVING EID Michael Hölzl, MSc Institute of Networks and Security, JKU Linz JOHANNES KEPLER hoelzl@ins.jku.at UNIVERSITÄT LINZ Altenberger Str. 69 4040 Linz, Österreich www.jku.at
Bibliography [1] M. Hölzl, R. Mayrhofer, and M. Roland. Requirements for an Open Ecosystem for Embedded Tamper Resistant Hardware on Mobile Devices. In Proceedings of International Conference on Advances in Mobile Computing & Multimedia , MoMM ’13, pages 249–252. ACM, 2013. [2] P. Vullers and G. Alpár. Efficient Selective Disclosure on Smart Cards Using Idemix. In Policies and Research in Identity Management (IDMAN) , pages 53–67. Springer Berlin Heidelberg, Apr. 2013. [3] G. Alpár and J.-H. Hoepman. A Secure Channel for Attribute-based Credentials: [Short Paper]. In Proceedings of the 2013 ACM Workshop on Digital Identity Management, DIM ’13, pages 13–18. ACM, 2013. Extensibility in a Privacy-preserving eID 17
Credits Icons SIM Card by Arthur Shlain from the Noun Project People pattern by Gregor Cresnar from the Noun Project Agreement by Chameleon Design from the Noun Project Smart Phone by Emily Haasch from the Noun Project Airplane Ticket by Creative Stall from the Noun Project Bus tickets by Iulia Ardeleanu from the Noun Project Loyalty Card by icon 54 from the Noun Project Business card by Karthik Aathis from the Noun Project Extensibility in a Privacy-preserving eID 18
Recommend
More recommend
