Mixing Identities with Ease
51
Patrik Bichsel, Jan Camenisch IBM Research – Zurich 18 November 2010 IFIP IDMAN 2010, Oslo Mixing Identities with Ease 1 / 14 ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
-
Upload
patrik-bichsel -
Category
Technology
-
view
127 -
download
1
Transcript of Mixing Identities with Ease
Patrik Bichsel, Jan CamenischIBM Research – Zurich18 November 2010
IFIP IDMAN 2010, Oslo
Mixing Identities with Ease
1 / 14 ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Motivation
Where do we authenticate?
How?
2 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Motivation
Where do we authenticate?
How?
2 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Motivation
Identification instead of authentication
Dispersion of many attributes
Profiling and behavioral analysis
Loss of control over their own data
ProblemWe communicate too much information!
SolutionUse privacy-friendly authentication solutions such as anonymous
credential systems.
3 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Motivation
Identification instead of authentication
Dispersion of many attributes
Profiling and behavioral analysis
Loss of control over their own data
ProblemWe communicate too much information!
SolutionUse privacy-friendly authentication solutions such as anonymous
credential systems.
3 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Motivation
Identification instead of authentication
Dispersion of many attributes
Profiling and behavioral analysis
Loss of control over their own data
ProblemWe communicate too much information!
SolutionUse privacy-friendly authentication solutions such as anonymous
credential systems.
3 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Motivation
Identification instead of authentication
Dispersion of many attributes
Profiling and behavioral analysis
Loss of control over their own data
ProblemWe communicate too much information!
SolutionUse privacy-friendly authentication solutions such as anonymous
credential systems.
3 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Motivation
Identification instead of authentication
Dispersion of many attributes
Profiling and behavioral analysis
Loss of control over their own data
ProblemWe communicate too much information!
SolutionUse privacy-friendly authentication solutions such as anonymous
credential systems.
3 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Outline
Motivation
Identity Mixer
Introduction
Challenges
Specification Language
Conclusion
4 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Outline
Motivation
Identity Mixer
Introduction
Challenges
Specification Language
Conclusion
4 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Outline
Motivation
Identity Mixer
Introduction
Challenges
Specification Language
Conclusion
4 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Outline
Motivation
Identity Mixer
Introduction
Challenges
Specification Language
Conclusion
5 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Identity Mixer Introduction
6 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Outline
Motivation
Identity Mixer
Introduction
Challenges
Specification Language
Conclusion
7 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Identity Mixer - ChallengesIssuing Protocol
Description of Credentials
Signing unknown and committed attributes
Creating credential updates
Proving ProtocolSelective release of attributes
Property proofs (e.g., inequality, set membership)
Additional cryptographic values (e.g., verifiable encryption)
Usage limitation
8 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Identity Mixer - ChallengesIssuing Protocol
Description of Credentials
Signing unknown and committed attributes
Creating credential updates
Proving ProtocolSelective release of attributes
Property proofs (e.g., inequality, set membership)
Additional cryptographic values (e.g., verifiable encryption)
Usage limitation
8 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Identity Mixer - ChallengesIssuing Protocol
Description of Credentials
Signing unknown and committed attributes
Creating credential updates
Proving ProtocolSelective release of attributes
Property proofs (e.g., inequality, set membership)
Additional cryptographic values (e.g., verifiable encryption)
Usage limitation
8 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Outline
Motivation
Identity Mixer
Introduction
Challenges
Specification Language
Conclusion
9 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Specification Language - Credential Structure
10 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Specification Language - Credential Structure
10 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Specification Language - Credential Structure
10 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Specification Language - Credential Structure
10 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Specification Language - Credential Structure
10 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Specification Language - Credential Structure
10 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Specification Language - Proof Specification
11 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Specification Language - Proof Specification
11 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Specification Language - Proof Specification
11 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Specification Language - Proof Specification
11 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Specification Language - Proof Specification
11 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Specification Language - Proof Specification
11 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Specification Language - Proof Specification
11 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Conclusion
ResultsAbstraction from underlying cryptography
Language for system components
Implementation
Future WorkConnection to Standards (e.g., SAML)
Interoperability (e.g., U-Prove)
12 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Conclusion
ResultsAbstraction from underlying cryptography
Language for system components
Implementation
Future WorkConnection to Standards (e.g., SAML)
Interoperability (e.g., U-Prove)
12 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Conclusion
ResultsAbstraction from underlying cryptography
Language for system components
Implementation
Future WorkConnection to Standards (e.g., SAML)
Interoperability (e.g., U-Prove)
12 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Conclusion
Finally we can use advanced authentication systems!
13 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
IBM Research – Zurich
Thank you!
Implementation http://prime.inf.tu-dresden.de/idemix/
Talk http://www.zurich.ibm.com/˜pbi/
14 / 14 Patrik Bichsel, Jan Camenisch | Mixing Identities with Ease | 18 November 2010 | ibmStyle.tex 2010-09-12 pbi © 2010 IBM Coorporation
