research-article

User-centric identity as a service-architecture for eIDs with selective attribute disclosure

Authors:

Daniel Slamanig,

Klaus Stranacher,

Bernd ZwattendorferAuthors Info & Claims

SACMAT '14: Proceedings of the 19th ACM symposium on Access control models and technologies

Pages 153 - 164

https://doi.org/10.1145/2613087.2613093

Published: 25 June 2014 Publication History

Abstract

Unique identification and secure authentication of users are essential processes in numerous security-critical areas such as e-Government, e-Banking, or e-Business. Therefore, many countries (particularly in Europe) have implemented national eID solutions within the past years. Such implementations are typically based on smart cards holding some certified collection of citizen attributes and hence follow a client-side and user-centric approach. However, most of the implementations only support all-or-nothing disclosure of citizen attributes and thus do not allow privacy-friendly selective disclosure of attributes. Consequently, the complete identity of the citizen (all attributes) are always revealed to identity providers and/or service providers, respectively. In this paper, we propose a novel user-centric identification and authentication model for eIDs, which supports selective attribute disclosure but only requires minimal changes in the existing eID architecture. In addition, our approach allows service providers to keep their infrastructure nearly untouched. Latter is often an inhibitor for the use of privacy-preserving cryptography like anonymous credentials in such architectures. Furthermore, our model can easily be deployed in the public cloud as we do not require full trust in identity providers. This fully features the Identity as a Service-paradigm while at the same time preserves citizens' privacy. We demonstrate the applicability of our model by adopting to the Austrian eID system to our approach.

References

[1]

G. Ateniese, K. Fu, M. Green, and S. Hohenberger. Improved proxy re-encryption schemes with applications to secure distributed storage. ACM Trans. Inf. Syst. Secur., 9(1):1--30, 2006.

Digital Library

[2]

M. Bauer, M. Meints, and M. Hansen. D3.1: Structured Overview on Prototypes and Concepts of Identity Management System. FIDIS, 2005.

[3]

P. Bichsel, J. Camenisch, T. Groß, and V. Shoup. Anonymous credentials on a standard java card. In ACM CCS, pages 600--610. ACM, 2009.

Digital Library

[4]

S. Brands. Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, 2000.

Digital Library

[5]

C. Brzuska, H. C. Pöhls, and K. Samelin. Non-Interactive Public Accountability for Sanitizable Signatures. In EuroPKI, volume 7868 of LNCS. Springer, 2012.

[6]

J. Camenisch and A. Lysyanskaya. An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In Advances in Cryptology - EUROCRYPT 2001, volume 2045 of LNCS, pages 93--118. Springer, 2001.

Digital Library

[7]

European Commission. IDABC. 2009. eID Interoperability for PEGS: Update of Country Profiles., 2009.

[8]

European Parliament and the Council. Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data . http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:en:HTML, 1995.

[9]

European Union. Directive 1999/93/EC of the European Parliament and of the Council of 13. December 1999 on a community framework for electronic signatures.

[10]

C. Hanser and D. Slamanig. Blank Digital Signatures. In ACM ASIACCS '13, pages 95--106. ACM, 2013. http://eprint.iacr.org/2013/130.

Digital Library

[11]

R. Johnson, D. Molnar, D. X. Song, and D. Wagner. Homomorphic Signature Schemes. In CT-RSA '02, volume 2271 of LNCS, pages 244--262. Springer, 2002.

Digital Library

[12]

A. Jøsang and S. Pope. User centric identity management. AusCERT 2005, 2005.

[13]

A. Jøsang, M. A. Zomai, and S. Suriadi. Usability and privacy in identity management architectures. In ACSW '07, pages 143--152, 2007.

Digital Library

[14]

H. Leitold, A. Hollosi, and R. Posch. Security Architecture of the Austrian Citizen Card Concept. In ACSAC 2002, pages 391--402, 2002.

Digital Library

[15]

H. Leitold and B. Zwattendorfer. STORK: Architecture, Implementation and Pilots. In ISSE 2010, pages 131--142, 2010.

[16]

M. Margraf. The new german id card. In ISSE 2010 Securing Electronic Business Processes, pages 367--373. Vieweg+Teubner, 2011.

[17]

Modinis. The Status of Identity Management in European eGovernment initiatives. Deliverable D3.5, 2006.

[18]

I. Naumann and G. Hogben. Privacy Features of European eID Card Specifications. Technical report, European Network and Information Security Agency (ENISA), 2009.

[19]

D. Nunez, I. Agudo, and J. Lopez. Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services. In IEEE CloudCom 2012, pages 241 -- 248, 2012.

Digital Library

[20]

J. Palfrey and U. Gasser. CASE STUDY: Digital Identity Interoperability and eInnovation. Berkman Publication Series, 2007.

[21]

Republic of Austria. Austrian Federal Act on Provisions facilitating electronic communications with public Bodies; part I, Nr. 10/2004. Federal law Gazette, 2004.

[22]

A. Sabouri, I. Krontiris, and K. Rannenberg. Attribute-Based Credentials for Trust (ABC4Trust). In TrustBus 2012, volume 7449 of LNCS, pages 218--219. Springer, 2012.

[23]

A. Siddhartha. National e-id card schemes: A european overview. Inf. Secur. Tech. Rep., 13(2):46--53, May 2008.

Digital Library

[24]

R. Steinfeld, L. Bull, and Y. Zheng. Content Extraction Signatures. In ICISC 2001, volume 2288 of LNCS, pages 285--304. Springer, 2001.

Digital Library

[25]

B. Zwattendorfer and D. Slamanig. On Privacy-Preserving Ways to Porting the Austrian eID System to the Public Cloud. In SEC 2013, AICT, pages 300--314. Springer, 2013.

[26]

B. Zwattendorfer and D. Slamanig. Privacy-preserving realization of the stork framework in the public cloud. In SECRYPT, pages 419--426, 2013.

Cited By

Song XXu GHuang YDong J(2024)DID-HVC-based Web3 healthcare data security and privacy protection schemeFuture Generation Computer Systems10.1016/j.future.2024.04.015158(267-276)Online publication date: Sep-2024
https://doi.org/10.1016/j.future.2024.04.015
Kim DKokuryo J(2024)Establishing altruistic ethics to use technology for Social Welfare—How Japan manages Web3 and self-sovereign identity in local communitiesElectronic Markets10.1007/s12525-023-00684-x34:1Online publication date: 18-Jan-2024
https://doi.org/10.1007/s12525-023-00684-x
Lenz TKrnjic V(2018)Towards Domain-Specific and Privacy-Preserving Qualified eID in a User-Centric Identity Model2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)10.1109/TrustCom/BigDataSE.2018.00160(1157-1163)Online publication date: Aug-2018
https://doi.org/10.1109/TrustCom/BigDataSE.2018.00160
Show More Cited By

Index Terms

User-centric identity as a service-architecture for eIDs with selective attribute disclosure
1. Security and privacy
  1. Human and societal aspects of security and privacy
  2. Security services
    1. Authentication
2. Social and professional topics
  1. Computing / technology policy
    1. Privacy policies

Recommendations

Integrating OpenID with proxy re-encryption to enhance privacy in cloud-based identity services
CLOUDCOM '12: Proceedings of the 2012 IEEE 4th International Conference on Cloud Computing Technology and Science (CloudCom)

The inclusion of identity management in the cloud computing landscape represents a new business opportunity for providing what has been called Identity Management as a Service (IDaaS). Nevertheless, IDaaS introduces the same kind of problems regarding ...
The Austrian eID ecosystem in the public cloud

The Austrian eID system constitutes a main pillar within the Austrian e-Government strategy. The eID system ensures unique identification and secure authentication for citizens protecting access to applications where sensitive and personal data are ...
Design strategies for a privacy-friendly Austrian eID system in the public cloud

Secure identification and authentication are essential processes in sensitive areas of application such as e-Government or e-Health. In Austria, the official eID is the so called the Austrian citizen card and a means of choice for secure citizen ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

SACMAT '14: Proceedings of the 19th ACM symposium on Access control models and technologies

June 2014

234 pages

ISBN:9781450329392

DOI:10.1145/2613087

General Chair:
Sylvia Osborn
University of Western Ontario, Canada
,
Program Chairs:
Mahesh V. Tripunitara
University of Waterloo, Canada
,
Ian M. Molloy
IBM Research, USA

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 25 June 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Seventh Framework Programme

Conference

SACMAT '14

Sponsor:

SIGSAC

SACMAT '14: 19th ACM Symposium on Access Control Models and Technologies

June 25 - 27, 2014

Ontario, London, Canada

Acceptance Rates

SACMAT '14 Paper Acceptance Rate 17 of 58 submissions, 29%;

Overall Acceptance Rate 177 of 597 submissions, 30%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

11
Total Citations
View Citations
324
Total Downloads

Downloads (Last 12 months)23
Downloads (Last 6 weeks)2

Reflects downloads up to 30 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Song XXu GHuang YDong J(2024)DID-HVC-based Web3 healthcare data security and privacy protection schemeFuture Generation Computer Systems10.1016/j.future.2024.04.015158(267-276)Online publication date: Sep-2024
https://doi.org/10.1016/j.future.2024.04.015
Kim DKokuryo J(2024)Establishing altruistic ethics to use technology for Social Welfare—How Japan manages Web3 and self-sovereign identity in local communitiesElectronic Markets10.1007/s12525-023-00684-x34:1Online publication date: 18-Jan-2024
https://doi.org/10.1007/s12525-023-00684-x
Lenz TKrnjic V(2018)Towards Domain-Specific and Privacy-Preserving Qualified eID in a User-Centric Identity Model2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)10.1109/TrustCom/BigDataSE.2018.00160(1157-1163)Online publication date: Aug-2018
https://doi.org/10.1109/TrustCom/BigDataSE.2018.00160
Winterleitner ASpichiger A(2017)Personenidentifikatoren. Analyse der gesamtschweizerischen KostenWirkungen von E-Government10.1007/978-3-658-20271-2_15(383-424)Online publication date: 23-Nov-2017
https://doi.org/10.1007/978-3-658-20271-2_15
Derler DRamacher SSlamanig D(2017)Homomorphic Proxy Re-Authenticators and Applications to Verifiable Multi-User Data AggregationFinancial Cryptography and Data Security10.1007/978-3-319-70972-7_7(124-142)Online publication date: 23-Dec-2017
https://doi.org/10.1007/978-3-319-70972-7_7
Zwattendorfer BSlamanig D(2016)The Austrian eID ecosystem in the public cloudJournal of Information Security and Applications10.1016/j.jisa.2015.11.00427:C(35-53)Online publication date: 1-Apr-2016
https://dl.acm.org/doi/10.1016/j.jisa.2015.11.004
Rmeileh SPalomar EShah H(2016)ALOC: Attribute Level of Confidence for a User-Centric Attribute AssurancePrivacy and Identity Management. Time for a Revolution?10.1007/978-3-319-41763-9_16(239-252)Online publication date: 7-Jul-2016
https://doi.org/10.1007/978-3-319-41763-9_16
Reimair FTeufl PZefferer T(2016)CrySIL: Bringing Crypto to the Modern UserWeb Information Systems and Technologies10.1007/978-3-319-30996-5_4(70-90)Online publication date: 2016
https://doi.org/10.1007/978-3-319-30996-5_4
Zwattendorfer BSlamanig D(2015)Design strategies for a privacy-friendly Austrian eID system in the public cloudComputers and Security10.1016/j.cose.2015.03.00252:C(178-193)Online publication date: 1-Jul-2015
https://dl.acm.org/doi/10.1016/j.cose.2015.03.002
Derler DSlamanig D(2015)Rethinking Privacy for Extended Sanitizable Signatures and a Black-Box Construction of Strongly Private SchemesProceedings of the 9th International Conference on Provable Security - Volume 945110.1007/978-3-319-26059-4_25(455-474)Online publication date: 24-Nov-2015
https://dl.acm.org/doi/10.1007/978-3-319-26059-4_25
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents