dr. Thomas Gross: "I’m very pleased with [your thesis]. As well as the technical contribution you make itself, I feel that your work makes an important contribution to the community around attribute-based credential and, further, showing feasibility of these systems."
Prof. Dr. Simone Fischer-Hübner: "I found [this thesis] very well written and interesting"
dr. Meilof Veeningen: "I think [this thesis] is a very nice piece of work"
Prof. Dr. Jaap Top: "I stud[ied the] PhD thesis manuscript with pleasure!"
Bridging the cryptographic design of ABCs with the real world
- the Ph.D. thesis of Gergely Alpár (ISBN 978-94-6295-052-8) -
The thesis can be downloaded here (2.94MB)
My defence took place at the Radboud University, at 10:30 on January 15, 2015. More information is on the university's website.
My paranymphs were Louiza Papachristodoulou and Wouter Lueks. Thank you guys for your thorough work! :)
Supervisors:
| Prof. dr. Bart Jacobs | Supervisor |
| Dr. Jaap-Henk Hoepman | Co-supervisor |
Doctoral Thesis Committee:
| Prof. dr. Eric Verheul | Radboud University, Nijmegen |
| Prof. dr. Jaap Top | University of Groningen |
| Prof. dr. Josep Domingo-Ferrer | Universitat Rovira i Virgili, Spain |
| Prof. dr. Simone Fischer-Hübner | Karlstad University, Sweden |
| Dr. Thomas Gross | University of Newcastle upon Tyne, UK |
Opposition Committee:
| Prof. dr. Eric Verheul | Radboud University, Nijmegen |
| Prof. dr. Jaap Top | University of Groningen |
| Prof. dr. Josep Domingo-Ferrer | Universitat Rovira i Virgili, Spanje |
| Prof. dr. Simone Fischer-Hübner | Karlstad University, Zweden |
| Prof. dr. Ronald Leenes | Tilburg University |
| Prof. mr. dr. M. Hildebrandt | Radboud University, Nijmegen |
| Dr. ir. E. Poll | Radboud University, Nijmegen |
Attribute-based credentials (ABC)
provide a new way to authenticate using selectively disclosed personal
attributes, possibly without identification. Smart-card technology has now
become sufficiently advanced to implement and deploy ABC. This thesis focusses
on the cryptographic and broader technical challenges of applying ABC in
identity management, both online and offline.
Chapter 2 discusses identity management technologies. We show that many security, privacy and usability issues are present. In our view the main reasons for these problems are the legacy of traditional identity management, having its origin in centralised organisations, and the ubiquity of ad hoc solutions devised in the ever expanding digital world. In a more general sense, the main problem seems to stem from the lack of an identity meta-layer and from the overspill of personal data processed by a great number of systems. We put forward recommendations about how to ameliorate this identity crisis and what research directions are ahead of us in this context.
The cryptographic techniques of ABC provide a novel approach in authentication, one of the main functions within identity management: Personal information can be proven without identification. Chapter 3 provides a description and comparison of the two major ABC technologies, U-Prove and Idemix. In such a system there are two main procedures. In the issuing procedure an issuer (or identity provider) provisions an attribute-based credential to the user, and in the verification procedure the user selectively discloses the necessary attributes from already existing credentials to a service provider (aka a verifier). A smart card is a suitable choice for carrying credentials related to a user since it is secure, personal and stays under the user's control. Furthermore, as recent efficient implementation results show, the smart-card technology is now ready for performing all the necessary computation for ABC. We call a card with such an ABC implementation an ABC card.
Since attributes are not necessarily identifiable, verification can be completely anonymous. This offers unprecedented privacy for the user. However, the communication between an ABC card and a verifier should be secured to make sure that an adversary cannot eavesdrop on disclosed attributes. Chapter 4 studies this problem. The main challenge lies in the fact that mutual authentication is required for setting up a secure channel, while an ABC card remains anonymous. We introduce therefore a credential that proves validity of an ABC card without revealing any identifying information. Such a credential is issued only to verified cards, and then this validity can be checked by verifiers and used for bootstrapping trust (without identification). We offer two different solutions for establishing a secure channel. Both of them have different properties in terms of efficiency and privacy. In particular, one scheme is more efficient, the other one provides privacy not only for the ABC card but also for the verifier. This latter functionality gives rise to potentially new applications in which the verifier also needs privacy.
Another approach to provide confidentiality for selectively disclosed attributes may be required when a personal device or the infrastructure is not suitable for establishing a secure channel. ABC can also be implemented on RFID tags, which typically communicate with the tag reader (acting as a verifier) in a simpler way without the possibility to set up a secure channel. Chapter 5 explores this challenge. We give a solution in which the prover (RFID tag) 'wraps' the selective disclosure proof using the public key of a verifier in a way that only this designated verifier can open and retrieve the disclosed attributes along with the corresponding proof. A relatively small change in the verification protocol suffices on the tag's side. However, a modification in the infrastructure is necessary: instead of credential signatures an authentic database is used for valid tag identifiers. The technique offers further cryptographic potential in hiding a statement together with a zero-knowledge proof that it proves; this can be called a `zero-knowledge proof with statement recovery' referring to the conceptual similarity with a digital signature with message recovery.
Chapter 6 describes a new paradigm in identity management based on attributes. Our starting point is the given cryptographic ABC techniques, the ABC cards and the secure communication required in practice. While designing such an identity management system, one encounters many questions and possible solutions. To provide security, privacy and transparency in attribute-based identity management, we need to introduce new concepts, including credential design, a scheme manager, a card management application. Furthermore, to motivate the need for this technology, we describe several use cases from very simple proofs (like, over 18), through a secure login process, to a privacy-friendly authorisation with multiple attributes (like anonymous membership and age verification) and to the issuance of a new credential based on attributes already present on the ABC card. Finally, in order to set up such a new system, we need to outline a secure card provisioning process that preserves user privacy for the whole life-time of an ABC card. Although there are some open challenges (e.g., a privacy-friendly and efficient revocation solution, an implementation of increased security level), attribute-based identity management is becoming practical.
Ultimately, some exciting questions are yet to be answered in the near future. What approach can make secure, privacy-friendly and user-centred attribute-based identity management widely used? Will a top-down or a bottom-up approach succeed? What will the killer application be: a national identity infrastructure, a loyalty system, extended enterprise identity management or some novel business application?
Last modified: October 22, 2015.