Using Anonymous Credentials for eID Authentication in the Public Cloud
Bernd Zwattendorfer
2015
Abstract
Unique identification and secure authentication are important processes in several security-sensitive areas of applications such as e-Government or e-Health. Within Europe, electronic IDs (eIDs) are the means to securely support these processes. In Austria, the Austrian citizen card is used by citizens for identification and authentication at online applications. Identification in Austria is based on a special data structure including multiple personal attributes stored on the citizen card. However, in the current situation it is only possible to disclose the complete identity of a citizen and not only parts of it. To bypass this issue and to increase privacy, in this paper we propose a security architecture which uses anonymous credentials for Austrian eID authentication to enable minimum/selective disclosure. Due to the use of anonymous credentials, our proposed architecture also allows the migration of important components of the Austrian eID system into a public cloud. A public cloud deployment has several advantages, in particular with respect to scalability and cost savings. While public cloud deployment brings up new issues relating to privacy, the use of anonymous credentials can mitigate these issues as they can ensure privacy with respect to the cloud provider.
References
- Alford, T. (2009). The Economics of cloud computing. Booz Allen Hamilton.
- Arora, S. (2008). National e-ID card schemes: A European overview. Information Security Technical Report, 13(2):46-53.
- Brands, S. A. (2000). Rethinking Public Key Infrastructures and Digital Certificates - Building in Privacy. PhD thesis, MIT.
- Camenisch, J., Krontiris, I., Lehmann, A., Neven, G., Paquin, C., and Rannenberg, K. (2012). H2.1- ABC4Trust Architecture for Developers.
- Camenisch, J., Krontiris, I., Lehmann, A., Neven, G., Paquin, C., Rannenberg, K., and Zwingelberg, H. (2011). D2.1 Architecture for Attribute-based Credential Technologies Version 1.
- Camenisch, J. and Lysyanskaya, A. (2001). An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In Pfitzmann, B., editor, EUROCRYPT, pages 93-118.
- Cantor, S., Kemp, J., Philpott, R., and Maler, E. (2009). Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2 .0.
- European Parliament and Council (1999). DIRECTIVE 1999/93/EC on a Community framework for electronic signatures.
- Federal Chancellery (2008). The Austrian E-Government Act. Austrian Federal Law Gazette I, 7:1-11.
- Hollosi, A., Karlinger, G., Rössler, T., and Centner, M. (2014). Die österreichische Bürgerkarte.
- ISO/IEC JTC 1 (2011). ISO/IEC 24760-1:2011 - A framework for identity management - Part 1: Terminology and concepts.
- Lapon, J., Kohlweiss, M., Decker, B. D., and Naessens, V. (2011). Analysis of Revocation Strategies for Anonymous Idemix Credentials. In CMS, pages 3-17.
- Leitold, H., Hollosi, A., and Posch, R. (2002). Security architecture of the Austrian citizen card concept. In ACSAC, pages 391-400.
- Lenz, T., Zwattendorfer, B., Stranacher, K., and Tauber, A. (2014). Identitätsmanagement in O sterreich mit MOA-ID 2.0. eGovernment Review, 13:20-21.
- Nun˜ez, D. and Agudo, I. (2014). BlindIdM: A privacypreserving approach for identity management as a service. International Journal of Information Security, pages 1-17.
- Paquin, C. (2013). U-Prove Cryptographic Specification V1.1.
- Pearson, S. and Benameur, A. (2010). Privacy, Security and Trust Issues Arising from Cloud Computing. In IEEE CloudCom, pages 693-702.
- RFC 6960 (2012). X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP.
- W3C (2007). SOAP Version 1.2 Part 1: Messaging Framework (Second Edition).
Paper Citation
in Harvard Style
Zwattendorfer B. (2015). Using Anonymous Credentials for eID Authentication in the Public Cloud . In Proceedings of the 11th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST, ISBN 978-989-758-106-9, pages 156-163. DOI: 10.5220/0005494901560163
in Bibtex Style
@conference{webist15,
author={Bernd Zwattendorfer},
title={Using Anonymous Credentials for eID Authentication in the Public Cloud},
booktitle={Proceedings of the 11th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,},
year={2015},
pages={156-163},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005494901560163},
isbn={978-989-758-106-9},
}
in EndNote Style
TY - CONF
JO - Proceedings of the 11th International Conference on Web Information Systems and Technologies - Volume 1: WEBIST,
TI - Using Anonymous Credentials for eID Authentication in the Public Cloud
SN - 978-989-758-106-9
AU - Zwattendorfer B.
PY - 2015
SP - 156
EP - 163
DO - 10.5220/0005494901560163