Privacy-preserving Realization of the STORK Framework in the Public Cloud

Bernd Zwattendorfer, Daniel Slamanig

Abstract

The STORK framework – enabling secure eID federation across European countries – will be the dominant identification and authentication framework across Europe in the future. While still in its start up phase, adoption of the STORK framework is continuously increasing and high loads can be expected, since, theoretically, the entire population of the European Union will be able to run authentications through this framework. This can easily lead to scalability issues, especially for the proxy-based (PEPS) approach in STORK, which relies on a central gateway being responsible for managing and handling citizen authentications. In order to mitigate the associated scalability issues, the PEPS approach could be moved into the public cloud. However, a move of a trusted service into the public cloud brings up new obstacles, especially with respect to citizens’ privacy. In this paper we propose an approach how this move could be successfully realized by still preserving citizens’ privacy and keeping existing national eID infrastructures untouched. We present the approach in detail and evaluate its capability with respect to citizens’ privacy protection as well as its practicability. We conclude, that the proposed approach is a viable way of realizing an efficient and scalable Pan-European citizen identification and authentication framework.

References

  1. An, J. H. (2001). Authenticated Encryption in the PublicKey Setting: Security Notions and Analyses. IACR Cryptology ePrint Archive, 2001:79.
  2. Chow, S. S. M., Weng, J., Yang, Y., and Deng, R. H. (2010). Efficient Unidirectional Proxy Re-Encryption. In AFRICACRYPT, pages 316-332.
  3. Green, M. and Ateniese, G. (2007). Identity-Based Proxy Re-encryption. In ACNS, pages 288-306.
  4. Leitold, H. and Zwattendorfer, B. (2010). STORK: Architecture, Implementation and Pilots. In ISSE, pages 131-142.
  5. STORK (2011a). STORK D5.7.3 Functional Design for PEPS, MW models and interoperability.
  6. STORK (2011b). STORK D5.8.3b Interface Specification.
  7. Zwattendorfer, B., Sumelong, I., and Leitold, H. (2013). Middleware Architecture for Cross-Border Identification and Authentication. JIAS, 8(2):107-118.
Download


Paper Citation


in Harvard Style

Zwattendorfer B. and Slamanig D. (2013). Privacy-preserving Realization of the STORK Framework in the Public Cloud . In Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013) ISBN 978-989-8565-73-0, pages 419-426. DOI: 10.5220/0004533204190426


in Bibtex Style

@conference{secrypt13,
author={Bernd Zwattendorfer and Daniel Slamanig},
title={Privacy-preserving Realization of the STORK Framework in the Public Cloud},
booktitle={Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)},
year={2013},
pages={419-426},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0004533204190426},
isbn={978-989-8565-73-0},
}


in EndNote Style

TY - CONF
JO - Proceedings of the 10th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2013)
TI - Privacy-preserving Realization of the STORK Framework in the Public Cloud
SN - 978-989-8565-73-0
AU - Zwattendorfer B.
AU - Slamanig D.
PY - 2013
SP - 419
EP - 426
DO - 10.5220/0004533204190426