Mixing Identities with Ease
0 likes205 views
The document discusses privacy issues with authentication and identification. It proposes using an "Identity Mixer" which uses anonymous credential systems to allow users to selectively release attributes about themselves during authentication. The Identity Mixer aims to address challenges in its issuing and proving protocols, such as signing credentials for unknown attributes, selective release of attributes, and property proofs.
Mixing Identities with Ease
- 1. Patrik Bichsel, Jan Camenisch IBM Research – Zurich 18 November 2010 IFIP IDMAN 2010, Oslo Mixing Identities with Ease 1 / 14 ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 2. IBM Research – Zurich Motivation Where do we authenticate? How? 2 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 3. IBM Research – Zurich Motivation Where do we authenticate? How? 2 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 4. IBM Research – Zurich Motivation Identification instead of authentication Dispersion of many attributes Profiling and behavioral analysis Loss of control over their own data Problem We communicate too much information! Solution Use privacy-friendly authentication solutions such as anonymous credential systems. 3 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 5. IBM Research – Zurich Motivation Identification instead of authentication Dispersion of many attributes Profiling and behavioral analysis Loss of control over their own data Problem We communicate too much information! Solution Use privacy-friendly authentication solutions such as anonymous credential systems. 3 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 6. IBM Research – Zurich Motivation Identification instead of authentication Dispersion of many attributes Profiling and behavioral analysis Loss of control over their own data Problem We communicate too much information! Solution Use privacy-friendly authentication solutions such as anonymous credential systems. 3 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 7. IBM Research – Zurich Motivation Identification instead of authentication Dispersion of many attributes Profiling and behavioral analysis Loss of control over their own data Problem We communicate too much information! Solution Use privacy-friendly authentication solutions such as anonymous credential systems. 3 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 8. IBM Research – Zurich Motivation Identification instead of authentication Dispersion of many attributes Profiling and behavioral analysis Loss of control over their own data Problem We communicate too much information! Solution Use privacy-friendly authentication solutions such as anonymous credential systems. 3 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 9. IBM Research – Zurich Outline Motivation Identity Mixer Introduction Challenges Specification Language Conclusion 4 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 10. IBM Research – Zurich Outline Motivation Identity Mixer Introduction Challenges Specification Language Conclusion 4 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 11. IBM Research – Zurich Outline Motivation Identity Mixer Introduction Challenges Specification Language Conclusion 4 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 12. IBM Research – Zurich Outline Motivation Identity Mixer Introduction Challenges Specification Language Conclusion 5 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 13. IBM Research – Zurich Identity Mixer Introduction 6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 14. IBM Research – Zurich Identity Mixer Introduction 6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 15. IBM Research – Zurich Identity Mixer Introduction 6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 16. IBM Research – Zurich Identity Mixer Introduction 6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 17. IBM Research – Zurich Identity Mixer Introduction 6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 18. IBM Research – Zurich Identity Mixer Introduction 6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 19. IBM Research – Zurich Identity Mixer Introduction 6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 20. IBM Research – Zurich Identity Mixer Introduction 6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 21. IBM Research – Zurich Identity Mixer Introduction 6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 22. IBM Research – Zurich Identity Mixer Introduction 6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 23. IBM Research – Zurich Identity Mixer Introduction 6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 24. IBM Research – Zurich Identity Mixer Introduction 6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 25. IBM Research – Zurich Identity Mixer Introduction 6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 26. IBM Research – Zurich Identity Mixer Introduction 6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 27. IBM Research – Zurich Identity Mixer Introduction 6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 28. IBM Research – Zurich Identity Mixer Introduction 6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 29. IBM Research – Zurich Outline Motivation Identity Mixer Introduction Challenges Specification Language Conclusion 7 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 30. IBM Research – Zurich Identity Mixer - Challenges Issuing Protocol Description of Credentials Signing unknown and committed attributes Creating credential updates Proving Protocol Selective release of attributes Property proofs (e.g., inequality, set membership) Additional cryptographic values (e.g., verifiable encryption) Usage limitation 8 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 31. IBM Research – Zurich Identity Mixer - Challenges Issuing Protocol Description of Credentials Signing unknown and committed attributes Creating credential updates Proving Protocol Selective release of attributes Property proofs (e.g., inequality, set membership) Additional cryptographic values (e.g., verifiable encryption) Usage limitation 8 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 32. IBM Research – Zurich Identity Mixer - Challenges Issuing Protocol Description of Credentials Signing unknown and committed attributes Creating credential updates Proving Protocol Selective release of attributes Property proofs (e.g., inequality, set membership) Additional cryptographic values (e.g., verifiable encryption) Usage limitation 8 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 33. IBM Research – Zurich Outline Motivation Identity Mixer Introduction Challenges Specification Language Conclusion 9 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 34. IBM Research – Zurich Specification Language - Credential Structure 10 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 35. IBM Research – Zurich Specification Language - Credential Structure 10 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 36. IBM Research – Zurich Specification Language - Credential Structure 10 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 37. IBM Research – Zurich Specification Language - Credential Structure 10 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 38. IBM Research – Zurich Specification Language - Credential Structure 10 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 39. IBM Research – Zurich Specification Language - Credential Structure 10 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 40. IBM Research – Zurich Specification Language - Proof Specification 11 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 41. IBM Research – Zurich Specification Language - Proof Specification 11 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 42. IBM Research – Zurich Specification Language - Proof Specification 11 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 43. IBM Research – Zurich Specification Language - Proof Specification 11 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 44. IBM Research – Zurich Specification Language - Proof Specification 11 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 45. IBM Research – Zurich Specification Language - Proof Specification 11 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 46. IBM Research – Zurich Specification Language - Proof Specification 11 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 47. IBM Research – Zurich Conclusion Results Abstraction from underlying cryptography Language for system components Implementation Future Work Connection to Standards (e.g., SAML) Interoperability (e.g., U-Prove) 12 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 48. IBM Research – Zurich Conclusion Results Abstraction from underlying cryptography Language for system components Implementation Future Work Connection to Standards (e.g., SAML) Interoperability (e.g., U-Prove) 12 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 49. IBM Research – Zurich Conclusion Results Abstraction from underlying cryptography Language for system components Implementation Future Work Connection to Standards (e.g., SAML) Interoperability (e.g., U-Prove) 12 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 50. IBM Research – Zurich Conclusion Finally we can use advanced authentication systems! 13 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
- 51. IBM Research – Zurich Thank you! Implementation http://prime.inf.tu-dresden.de/idemix/ Talk http://www.zurich.ibm.com/˜pbi/ 14 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation