digitale ausweise f r physische identifikation
play

Digitale Ausweise fr physische Identifikation? Univ.-Prof. Dr. Ren - PowerPoint PPT Presentation

Feb 07, 2023 •503 likes •797 views

Digitale Ausweise fr physische Identifikation? Univ.-Prof. Dr. Ren Mayrhofer und Michael Hlzl, MSc Institut fr Netzwerke und Sicherheit, Johannes Kepler Universitt Linz Vortrag zur IKT-Sicherheitskonferenz 2016 2016-10-11 11:15, St.

  1. Digitale Ausweise für physische Identifikation? Univ.-Prof. Dr. René Mayrhofer und Michael Hölzl, MSc Institut für Netzwerke und Sicherheit, Johannes Kepler Universität Linz Vortrag zur IKT-Sicherheitskonferenz 2016 2016-10-11 11:15, St. Johann im Pongau

  2. Motivating Scenario: Convergence of Security-Critical Services 2016-10-11 Digitale Ausweise für physische Identifikation 2

  3. Digital Identity: State of the Art  OpenID: some (large) providers, many (small) consumers  Facebook  Google  ...  FIDO  U2F  UAF  Österreichische Bürgerkarte → all optimized for web page login, not physical identification 2016-10-11 Digitale Ausweise für physische Identifikation 3

  4. Motivating Scenario: Convergence of Security-Critical Services 2016-10-11 Digitale Ausweise für physische Identifikation 4

  5. Digital (Photo-) ID for Physical Identification  Online solution: MIA (My Identity App) by Österreichische Staatsdruckerei  App for smart phones for using „virtual“ identity cards  requires online connectivity for verifying these documents  Current project in JRZ u‘smile: AmDL (Austrian mobile Driving License) with partners  A1 Telekom  Drei-Banken-EDV  LG Nexera  NXP Semiconductors  Österreichische Staatsdruckerei  SBA Research 2016-10-11 Digitale Ausweise für physische Identifikation 5

  6. AmDL Use Case 1: Identity Verification by Police  All relevant attributes need to be presented, e.g. ID number:  Name 123456789  Date of birth Surname: EINSTEIN  Full-resolution photo  (optional) Biometric identifiers Givenname: Albert  Vehicle classes  Restrictions/limitations Date of Birth: Sex: 1879-03-14 M  ... Place of Birth:  Only accessible to officially GENUINE Ulm, Germany certified readers Citizenship: USA, Switzerland  Offline ID attributes transfer Signature: and offline verification  Should also work when mobile phone battery is empty! 2016-10-11 Digitale Ausweise für physische Identifikation 6

  7. AmDL Use Case 2: Age Verification  Age verification by e.g.  Automated vending machines ID number:  Bouncers at clubs 123456789  Entrance staff for birthday Surname: rebate promotions EINSTEIN Givenname:  Only age attribute should be Albert transferred in privacy- Date of Birth: Sex: sensitive manner 1879-03-14 M > 16 years  Not the full date of birth! Place of Birth: GENUINE Ulm, Germany  Support binary yes/no answers for specific use case Citizenship: USA, Switzerland Signature: 2016-10-11 Digitale Ausweise für physische Identifikation 7

  8. AmDL Use Case 3: Time-based Ticket for Public Transport  Typical for public transport  Monthly  Yearly  (any time period)  No identifiers should to be transferred (no name, date of birth, etc.) for privacy reasons  Location traces are highly sensitive personal data  Still need to support typical operations  Unforgeability  Revocation (loss, theft, non- payment, etc.) 2016-10-11 Digitale Ausweise für physische Identifikation 8

  9. Requirements Functional Mobility  Real-world identification  Offline  One-to-many  Power-off  Revocation  Scalability Security Privacy  Key confidentiality  Unlinkability  Unforgeability  User control  Communication protection  Privacy-preserving attribute queries  State-of-the-art cryptography 2016-10-11 Digitale Ausweise für physische Identifikation 9

  10. Extensible and Privacy-preserving Mobile eID 2016-10-11 Digitale Ausweise für physische Identifikation 10

  11. Technologies  NFC Secure Element (SE)  Protect identity keys  Integrity assurances  Code isolation  Group signatures  Members can sign on behalf of the group  Anonymity in the group  Unlinkability 2016-10-11 Digitale Ausweise für physische Identifikation 11

  12. Privacy-preserving Identification ID number: ID number: 123456789 123456789 Surname: Surname: EINSTEIN EINSTEIN Givenname: Givenname: Albert Albert Date of Birth: Sex: Date of Birth: Sex: 1879-03-14 M 1879-03-14 M > 16 years Place of Birth: Place of Birth: GENUINE Ulm, Germany GENUINE Ulm, Germany Citizenship: Citizenship: USA, Switzerland USA, Switzerland Group Signature: Signature: signature of national eID 2016-10-11 Digitale Ausweise für physische Identifikation 12

  13. Privacy-preserving Identification  Privacy-preserving attribute queries ID number:  Attribute inequality query ID number: 123456789 123456789  E.g. above 16 years old? Surname: Surname: EINSTEIN EINSTEIN  Attribute equality query Givenname: Givenname:  E.g. Austrian citizen? Albert Albert Date of Birth: Sex: Date of Birth: Sex:  Group membership query 1879-03-14 M 1879-03-14 M > 16 years  E.g. enrolled to public transport system? Place of Birth: Place of Birth:  E.g. allowed to drive this vehicle class (for GENUINE GENUINE Ulm, Germany Ulm, Germany renting a car)? Citizenship: Citizenship: USA, Switzerland USA, Switzerland == Austrian Signature: Signature: 2016-10-11 Digitale Ausweise für physische Identifikation 13

  14. Group/Division Membership ID number: 123456789 Surname: EINSTEIN Givenname: Albert Date of Birth: Sex: 1879-03-14 M Place of Birth: Ulm, Germany Citizenship: USA, Switzerland Signature:  Extensibility of eID for the use with numerous groups/divisions  e.g. loyalty card, public transport ticket, students card, etc.  Challenge: unlinkability, untraceability 2016-10-11 Digitale Ausweise für physische Identifikation 14

  15. Group/Division Membership  Approach  Pseudonym concept of Austrian Bürgerkarte ID number: 123456789  Each division has an identifier Surname:  eID generates pseudonym for division EINSTEIN id d Givenname: Albert id u, d = H ( id u || id d ) derive  Divisions can add data to eID  Protected with TOFU database C = E ( pk d ,id u ,d ⊕ n || D ) where n is a random nonce and D are data attributes 2016-10-11 Digitale Ausweise für physische Identifikation 15

  16. Extensible and Privacy-preserving Mobile eID 2016-10-11 Digitale Ausweise für physische Identifikation 16

  17. Revocation  Scenarios  User lost her phone (the eID)  Revocation done by user  eID has been withdrawn (e.g. holder deceased)  Done by central authorities  Additional threat: identity theft 2016-10-11 Digitale Ausweise für physische Identifikation 17

  18. Revocation  Usual approach: revocation list  Problem: no ID in group signature  Additional challenges: 1. Items on the revocation list might loose anonymity 2. Additional computation effort 3. Could weaken unlinkability 4. Growing revocation list 2016-10-11 Digitale Ausweise für physische Identifikation 18

  19. Preserving Privacy beyond Revocation  New revocation concept based on  Offline revocation token generation on SE  Bloom filter  Features of our approach  Scalability through efficient revocation check (O(1))  Backwards unlinkability  Verifier-local revocation check  Offline verification 2016-10-11 Digitale Ausweise für physische Identifikation 19

  20. Preserving Privacy beyond Revocation  Revocation list based on bloom filter  Probabilistic data structure  Provides scalability  Revocation token difficult to restore { x, y, z } 0 1 0 1 1 1 0 0 0 0 0 1 0 1 0 0 1 0 w 2016-10-11 Digitale Ausweise für physische Identifikation 20

  21. Preserving Privacy beyond Revocation Revocation filter { x, y, z } 0 1 0 1 1 1 0 0 0 0 0 1 0 1 0 0 1 0  Verifier → Prover  Random identifier ch id v and challenge  Prover → Verifier rt i, v = H ( id v || H ( id u, se || gpk || c i ))  Generated revocation token σ= sign ( gsk i ,ch || rt i,v )  Validation of group membership 2016-10-11 Digitale Ausweise für physische Identifikation 21

  22. Preserving Privacy beyond Revocation  Computation times 2016-10-11 Digitale Ausweise für physische Identifikation 22

  23. Open Issue: Backup of Digital Identity 2016-10-11 Digitale Ausweise für physische Identifikation 23

  24. LIKE ME! Friends with Faces Next Step: Trust us, we have Digital Identity in the Cloud a Privacy Shield! 2016-10-11 Digitale Ausweise für physische Identifikation 24

  25. You can search And we have for everybody assistants Next Step: Data stored for Digital Identity in the Cloud future improvement of all our services 2016-10-11 Digitale Ausweise für physische Identifikation 25

  26. We are looking for interested partners: Next Step: - technology - use cases Digital Identity in the Cloud - funding ... d i g i t a l s e r v i c e d i s c o v e r y , 1 d i s t r i b u t e d n e t w o r k s e t u p [ g l o b a l l y u n i v e r s a l ] [ o p e n ma r k e t ] certify identity 7 V E R I F I E R P E R S O N A L A G E N T T P M D i g i t a l 4 5 2 w o r l d [ l o c a l l y d i f f e r e n t ] 3 B I O M E T R I C 6 S E N S O R T P M provide unique ID 8 trigger reaction P h y s i c a l w o r l d 2016-10-07 Sicherheit in der Digitalisierung 26

Recommend

3A07: Infrastruktur-berwachung gegen physische Schden Robert Krause Bkom Business

3A07: Infrastruktur-berwachung gegen physische Schden Robert Krause Bkom Business

IT-Symposium 2005 07.04.2005 IT-Symposium 2005 3A07: Infrastruktur-berwachung gegen physische Schden Robert Krause Bkom Business Kommunikationssysteme GmbH Kirchheim bei Mnchen Physische Bedrohung Physische Ursachen von IT

354 views • 18 slides
FUTURO DIGITALE PIC number: 949176429 Full legal name Associazione di Promozione Sociale Futuro

FUTURO DIGITALE PIC number: 949176429 Full legal name Associazione di Promozione Sociale Futuro

ASSOCIAZIONE DI PROMOZIONE SOCIALE FUTURO DIGITALE PIC number: 949176429 Full legal name Associazione di Promozione Sociale Futuro Digitale Full legal name (English) A ssociation of Social Promotion Futuro Digitale Acronym APSFD

259 views • 12 slides
Forschung und Lehre fr die Digitale Wirtschaft Presenter: Philipp Benedikt Jung, M. Sc.

Forschung und Lehre fr die Digitale Wirtschaft Presenter: Philipp Benedikt Jung, M. Sc.

Forschung und Lehre fr die Digitale Wirtschaft Presenter: Philipp Benedikt Jung, M. Sc. Univ.-Prof. Dr. Tobias Kollmann Department of Economics and Business Administration Chair of E-Business and E-Entrepreneurship www.netcampus.de Chair of

385 views • 9 slides
Divided differences Tomas Sauer Lehrstuhl fr Mathematik, Schwerpunkt Digitale Bildverarbeitung

Divided differences Tomas Sauer Lehrstuhl fr Mathematik, Schwerpunkt Digitale Bildverarbeitung

Divided differences Tomas Sauer Lehrstuhl fr Mathematik, Schwerpunkt Digitale Bildverarbeitung FORWISS Universitt Passau MAIA 2013, Erice, September 26, 2013 In part joint work with J. Carnicer (Zaragoza) Tomas Sauer (Universitt Passau)

1.99k views • 184 slides
Text Mining Workshop LUCDH Studium Digitale A. Brandsen 25-09-2020 1 Discover the world at

Text Mining Workshop LUCDH Studium Digitale A. Brandsen 25-09-2020 1 Discover the world at

Text Mining Workshop LUCDH Studium Digitale A. Brandsen 25-09-2020 1 Discover the world at Leiden University Discover the world at Leiden University Hello! I am Alex Brandsen PhD candidate at the Faculty of Archaeology / DSRP

489 views • 35 slides
LA TRANSFORMATION DIGITALE DU MONDE DE L'NERGIE Data science in energy industry Data science

LA TRANSFORMATION DIGITALE DU MONDE DE L'NERGIE Data science in energy industry Data science

LA TRANSFORMATION DIGITALE DU MONDE DE L'NERGIE Data science in energy industry Data science in energy industry 40% of the mondial energy consumption Data science in energy industry 40% of the mondial energy consumption Data science in

1.57k views • 71 slides
Interaktionsdesign Interaktionsdesign E2008 Lektion 5 Lektion 5 Lringsml Lringsml

Interaktionsdesign Interaktionsdesign E2008 Lektion 5 Lektion 5 Lringsml Lringsml

Interaktionsdesign Interaktionsdesign E2008 Lektion 5 Lektion 5 Lringsml Lringsml At forst den historiske baggrund for aktuelle digitale interaktionsparadigmer Dourish (kap 1) Weiser At kende til de vsentligste

1.77k views • 118 slides
Innovation policy for Industry 4.0 Remarks from Giorgio Mosca Chair of Cybersecurity Steering

Innovation policy for Industry 4.0 Remarks from Giorgio Mosca Chair of Cybersecurity Steering

Innovation policy for Industry 4.0 Remarks from Giorgio Mosca Chair of Cybersecurity Steering Committee Confindustria Digitale Director Strategy & Technologies - Security & IS Division, Leonardo Agenda A technological shift (OT + IT

486 views • 36 slides
Towards copy-evident JPEG images Andrew B. Lewis and Markus G. Kuhn Computer Laboratory

Towards copy-evident JPEG images Andrew B. Lewis and Markus G. Kuhn Computer Laboratory

Towards copy-evident JPEG images Andrew B. Lewis and Markus G. Kuhn Computer Laboratory Informatik 2009: Workshop Digitale Multimedia-Forensik Techniken und Anwendungsgebiete Physical document security Documents of value (currency,

475 views • 19 slides
Avolio Francesca AReS Puglia Politiche, Strategie e priorit di livello Comunitario in tema

Avolio Francesca AReS Puglia Politiche, Strategie e priorit di livello Comunitario in tema

Avolio Francesca AReS Puglia Politiche, Strategie e priorit di livello Comunitario in tema di Sanit digitale CRESCITA SOSTENIBILE Investment in health is also crucial to stimulating sustainable economic development in Europe, given

645 views • 48 slides
The Italian Digital Team Old SOAP Framework SOAP & REST Agenda The New Framework

The Italian Digital Team Old SOAP Framework SOAP & REST Agenda The New Framework

ROBERTO POLLI TEAM PER LA TRASFORMAZIONE DIGITALE INTEROPERABILITY RULES FOR AN EUROPEAN API ECOSYSTEM: DO WE STILL NEED SOAP? The Italian Digital Team Old SOAP Framework SOAP & REST Agenda The New Framework Standardization &

308 views • 30 slides
rohc Robust Header Compression 50th IETF March 2001 Minneapolis Chairs: Carsten Bormann

rohc Robust Header Compression 50th IETF March 2001 Minneapolis Chairs: Carsten Bormann

rohc Robust Header Compression 50th IETF March 2001 Minneapolis Chairs: Carsten Bormann <cabo@tzi.org> Mikael Degermark <micke@cs.arizona.edu> Mailing List: rohc@cdt.luth.se Digitale Medien und Netze 1 50 th IETF: Agenda (from

552 views • 30 slides
OpenDocument Format The future of ODF Jos van den Oever Logius / KOOP Ministery for the

OpenDocument Format The future of ODF Jos van den Oever Logius / KOOP Ministery for the

OpenDocument Format The future of ODF Jos van den Oever Logius / KOOP Ministery for the Interior The Netherlands Jos van den Oever Ministery of the Interior The Netherlands Logius, dienst digitale overheid What is the point of ODF?

485 views • 31 slides
rohc Robust Header Compression 52nd IETF December 2001 Salt Lake City Chairs: Carsten Bormann

rohc Robust Header Compression 52nd IETF December 2001 Salt Lake City Chairs: Carsten Bormann

rohc Robust Header Compression 52nd IETF December 2001 Salt Lake City Chairs: Carsten Bormann <cabo@tzi.org> Mikael Degermark <micke@cs.arizona.edu> Mailing List: rohc@cdt.luth.se Digitale Medien und Netze 1 52 nd IETF: Agenda

1.86k views • 149 slides

More recommend