-
Privacy-Preserving Authentication: Theory vs. Practice
Authors:
Daniel Slamanig
Abstract:
With the increasing use of online services, the protection of the privacy of users becomes more and more important. This is particularly critical as authentication and authorization as realized on the Internet nowadays, typically relies on centralized identity management solutions. Although those are very convenient from a user's perspective, they are quite intrusive from a privacy perspective and…
▽ More
With the increasing use of online services, the protection of the privacy of users becomes more and more important. This is particularly critical as authentication and authorization as realized on the Internet nowadays, typically relies on centralized identity management solutions. Although those are very convenient from a user's perspective, they are quite intrusive from a privacy perspective and are currently far from implementing the concept of data minimization. Fortunately, cryptography offers exciting primitives such as zero-knowledge proofs and advanced signature schemes to realize various forms of so-called anonymous credentials. Such primitives allow to realize online authentication and authorization with a high level of built-in privacy protection (what we call privacy-preserving authentication). Though these primitives have already been researched for various decades and are well understood in the research community, unfortunately, they lack widespread adoption. In this paper, we look at the problems, what cryptography can do, some deployment examples, and barriers to widespread adoption. Latter using the example of the EU Digital Identity Wallet (EUDIW) and the recent discussion and feedback from cryptography experts around this topic. We also briefly comment on the transition to post-quantum cryptography.
△ Less
Submitted 4 March, 2025; v1 submitted 13 January, 2025;
originally announced January 2025.
-
The Austrian eID Ecosystem in the Public Cloud: How to Obtain Privacy While Preserving Practicality
Authors:
Bernd Zwattendorfer,
Daniel Slamanig
Abstract:
The Austrian eID system constitutes a main pillar within the Austrian e-Government strategy. The eID system ensures unique identification and secure authentication for citizens protecting access to applications where sensitive and personal data is involved. In particular, the Austrian eID system supports three main use cases: Identification and authentication of Austrian citizens, electronic repre…
▽ More
The Austrian eID system constitutes a main pillar within the Austrian e-Government strategy. The eID system ensures unique identification and secure authentication for citizens protecting access to applications where sensitive and personal data is involved. In particular, the Austrian eID system supports three main use cases: Identification and authentication of Austrian citizens, electronic representation, and foreign citizen authentication at Austrian public sector applications. For supporting all these use cases, several components -- either locally deployed in the applications' domain or centrally deployed -- need to communicate with each other. While local deployments have some advantages in terms of scalability, still a central deployment of all involved components would be advantageous, e.g. due to less maintenance efforts. However, a central deployment can easily lead to load bottlenecks because theoretically the whole Austrian population as well as -- for foreign citizens -- the whole EU population could use the provided services. To mitigate the issue on scalability, in this paper we propose the migration of main components of the ecosystem into a public cloud. However, a move of trusted services into a public cloud brings up new obstacles, particular with respect to privacy. To bypass the issue on privacy, in this paper we propose an approach on how the complete Austrian eID ecosystem can be moved into a public cloud in a privacy-preserving manner by applying selected cryptographic technologies (in particular using proxy re-encryption and redactable signatures). Applying this approach, no sensitive data will be disclosed to a public cloud provider by still supporting all three main eID system use cases. We finally discuss our approach based on selected criteria.
△ Less
Submitted 14 January, 2016;
originally announced January 2016.
-
Towards a New Paradigm for Privacy and Security in Cloud Services
Authors:
Thomas Loruenser,
Charles Bastos Rodriguez,
Denise Demirel,
Simone Fischer-Huebner,
Thomas Gross,
Thomas Langer,
Mathieu des Noes,
Henrich C. Poehls,
Boris Rozenberg,
Daniel Slamanig
Abstract:
The market for cloud computing can be considered as the major growth area in ICT. However, big companies and public authorities are reluctant to entrust their most sensitive data to external parties for storage and processing. The reason for their hesitation is clear: There exist no satisfactory approaches to adequately protect the data during its lifetime in the cloud. The EU Project Prismacloud…
▽ More
The market for cloud computing can be considered as the major growth area in ICT. However, big companies and public authorities are reluctant to entrust their most sensitive data to external parties for storage and processing. The reason for their hesitation is clear: There exist no satisfactory approaches to adequately protect the data during its lifetime in the cloud. The EU Project Prismacloud (Horizon 2020 programme; duration 2/2015-7/2018) addresses these challenges and yields a portfolio of novel technologies to build security enabled cloud services, guaranteeing the required security with the strongest notion possible, namely by means of cryptography. We present a new approach towards a next generation of security and privacy enabled services to be deployed in only partially trusted cloud infrastructures.
△ Less
Submitted 21 July, 2015; v1 submitted 19 June, 2015;
originally announced June 2015.
