Archives for posts with tag: attribute based credentials

Suppose you want to go to the movies tonight. Or perhaps your favourite band is coming to town. To secure a ticket for the event, you decide to buy one online. You select the event details, make sure you selected the right date and time, choose the e-ticket option (provided the shop even offers alternative delivery options), and you are ready to proceed to checkout and pay.

But wait.

Somewhere along the ordering process you are required to sign in to your account at the online ticket shop. If you don’t have an account yet, you’ll have to create one, and you will probably be asked to provide your full name, home address, phone number and email address. In some cases you will have to provide more information, like your age, and perhaps your credit card number (for future purchases). Doesn’t that surprise you? No? Perhaps you are so used to it now, so conditioned to it, that you no longer really notice this identification step, let alone question it. Apparently you have bought into the myth that ‘they’ always need to know who you are. But do they, really?

Read the rest of this entry »

I was invited to speak at the Bitcoin in Education (BCINED) conference held in Groningen, September 5, 2017. Topic of my presentation: “Blockchain & Identity: Why you should avoid the blockchain like the plague“. While listening to the morning keynotes, praising the many benefits of using blockchains in education and for managing (academic) credentials in particular, I realised my message might provide a very much needed counterpoint. The short summary: using blokchain for identity management is ridiculous.
Read the rest of this entry »

In a recent (dutch) blog post I argued that the latest change in plans for a nationwide eID system in the Netherlands spelled trouble. Instead of the proposed solution I argued that a system using attribute based credentials (ABCs) would be preferable in terms of both security and privacy. One of the solution providers involved in the eID system responded, arguing that using ABCs would in fact be less privacy friendly than the proposed eID system. His argument was that the Dutch eID system would (also) be used to control access to highly sensitive data, like health records, fiscal records, etc. In such systems it is desirable to log all access attempts, to be able to determine after the fact who accessed which records, and whether that was allowed under the circumstances. The untraceability of transactions guaranteed by using ABCs would, according to the author, make this technology therefore unsuitable for such applications. I will show that this argument is false, and that ABCs are perfectly capable of allowing certain transactions to be traced. Unlike the proposed solutions for the Dutch eDI system however, this tracing is only application specific, with the consent and/or explicit knowledge of the user, and not system wide and uncontrolled.

Read the rest of this entry »

Attribute based credentials (ABCs) allow users to prove properties about themselves without disclosing any additional information, and without being traceable. ABCs therefore implement privacy friendly identity management. Within the IRMA project of the Privacy & Identity Lab we are busy making ABCs practical by implementing them on a smart card. This allows them to be used, for instance, in national electronic identity card schemes. We are currently studying how to implement some recent ideas on how to improve ABCs in terms of functionality, securty and privacy.

Read the rest of this entry »

Via Twitter werd ik op deze interessante discussie gewezen op de mailinglist van de Piratenpartij. De discussie ging over het risico van een online identificatieplicht, die mede door ons onderzoek naar IRMA veroorzaakt zou worden.

Read the rest of this entry »

Today I read an interesting paper by Marian Harbach and colleagues from the University of Hannover. They have studied the factors that influence the acceptance of new methods authentication online. In particular, they have studied user attitudes towards using the new German electronic identity card (nPA) as a replacement for username/password based authentication online. This is highly relevant for our own work on IRMA, a platform for authentication based on attribute based credentials.

Read the rest of this entry »

In our IRMA project we are implementing attribute based credentials on a smart card. In fact, we are developing a proof of concept for the Dutch Ministry of the Interior, to show that this technology can, in principle, be embedded on a national identity card to support eID functionality. One important other application of eID’s are digital signatures. The use of smart cards (combined with secure terminals) allow the generation of so called qualified digital signatures as specified in the law. How should these two applications be combined on one smart identity card?

Read the rest of this entry »