Archives for posts with tag: IRMA

In a recent (dutch) blog post I argued that the latest change in plans for a nationwide eID system in the Netherlands spelled trouble. Instead of the proposed solution I argued that a system using attribute based credentials (ABCs) would be preferable in terms of both security and privacy. One of the solution providers involved in the eID system responded, arguing that using ABCs would in fact be less privacy friendly than the proposed eID system. His argument was that the Dutch eID system would (also) be used to control access to highly sensitive data, like health records, fiscal records, etc. In such systems it is desirable to log all access attempts, to be able to determine after the fact who accessed which records, and whether that was allowed under the circumstances. The untraceability of transactions guaranteed by using ABCs would, according to the author, make this technology therefore unsuitable for such applications. I will show that this argument is false, and that ABCs are perfectly capable of allowing certain transactions to be traced. Unlike the proposed solutions for the Dutch eDI system however, this tracing is only application specific, with the consent and/or explicit knowledge of the user, and not system wide and uncontrolled.

Read the rest of this entry »

Attribute based credentials (ABCs) allow users to prove properties about themselves without disclosing any additional information, and without being traceable. ABCs therefore implement privacy friendly identity management. Within the IRMA project of the Privacy & Identity Lab we are busy making ABCs practical by implementing them on a smart card. This allows them to be used, for instance, in national electronic identity card schemes. We are currently studying how to implement some recent ideas on how to improve ABCs in terms of functionality, securty and privacy.

Read the rest of this entry »

Via Twitter werd ik op deze interessante discussie gewezen op de mailinglist van de Piratenpartij. De discussie ging over het risico van een online identificatieplicht, die mede door ons onderzoek naar IRMA veroorzaakt zou worden.

Read the rest of this entry »

Today I read an interesting paper by Marian Harbach and colleagues from the University of Hannover. They have studied the factors that influence the acceptance of new methods authentication online. In particular, they have studied user attitudes towards using the new German electronic identity card (nPA) as a replacement for username/password based authentication online. This is highly relevant for our own work on IRMA, a platform for authentication based on attribute based credentials.

Read the rest of this entry »

In our IRMA project we are implementing attribute based credentials on a smart card. In fact, we are developing a proof of concept for the Dutch Ministry of the Interior, to show that this technology can, in principle, be embedded on a national identity card to support eID functionality. One important other application of eID’s are digital signatures. The use of smart cards (combined with secure terminals) allow the generation of so called qualified digital signatures as specified in the law. How should these two applications be combined on one smart identity card?

Read the rest of this entry »

In a previous blog post I discussed the difference in security and flexibility between attribute based credentials (used in our IRMA project) and the German eID system. Now I will discuss the additional privacy protection offered by attributed based credentials, compared to a more centralised approach where attributes are stored on one or more central servers.

Read the rest of this entry »

In our IRMA project we develop a platform to support attribute based credentials (ABC) on a smart card. We believe the IRMA scheme is more secure and more flexible than the attestation based approach (as used by the German eID system, that use the placeholder name Mustermann on their sample cards). Below I will explain why.

Read the rest of this entry »