Attribute based Credentials and Selective Context Separation
In this rather long post, I’d like to discuss the practical difficulty of securely collecting and combining attributes from different contexts when one starts using a system based on attribute based credentials. How do you determine that two separate contexts really belong to the same person? How do you ensure that a few people colluding cannot create a supercredential combining their individual attributes.
(more…)
They will stop at nothing.
A recent Wired article discusses the impact of biometric passports on the operations of intelligence agencies. The problem is that with such passports, it is much harder for a spy to assume a new identity (as the identity is linked to a biometric property). Moreover, hotels typically scan the passport of all guests checking in. This data can be cross-checked in real-time with data gathered at the border crossing and entered in immigration databases to see whether a guest officially entered the country, or whether his passport data appears to have changed in the meantime.
The following quotes make very clear that intelligence agencies will stop at nothing to prevent detection of this (and by extension, for anything else).
Custom iOS keyboards to enter time and date.
When playing with my favourite calendar app it struck me it could be improved with a better way to enter the date and the time of an appointment. So I designed a few custom iOS keyboard layouts for this purpose.
The new German eId card has security, privacy and usability limitations.
I recently learnt that the new German identity card (or nPA for neuer Personalausweis has security, privacy and usability problems. This was brought to my attention during a number of discussions with experts, as well as a recent publication by a group of researcher from Frauenhofer SIT. The findings have been verified against the official documentation. The issues concern the eID application on the card that is to be used for authentication on the Internet (and not the electronic passport functionality that is also present on the same card).
Unlinkability equals untraceability
When discussing privacy properties of a system, people often say their system offers both unlinkability and untraceability. To me that does not make much sense, because they essentially boil down to the same thing.
leave a comment