privacy preserving e-petitions - PowerPoint PPT Presentation

About This Presentation
Title:

privacy preserving e-petitions

Description:

Basic Research project funded by IWT. Focus on security and privacy ... National ID can be user to bootstrap privacy friendlier IDM, while preventing Sybil attacks ... – PowerPoint PPT presentation

Number of Views:93
Avg rating:3.0/5.0
Slides: 13
Provided by: Clau405
Category:

less

Transcript and Presenter's Notes

Title: privacy preserving e-petitions


1
privacy preserving e-petitions
  • Claudia Diaz, Hannelore Dekeyser,
  • Markulf Kohlweiss, Girma Nigusse
  • K.U.Leuven
  • IDIS Workshop
  • 29/05/2008
  • Work done in the context of the ADAPID project

2
ADAPID
  • Advanced applications for e-ID cards
  • Basic Research project funded by IWT
  • Focus on security and privacy
  • Belgian e-ID based on PKI with X509 certificates
  • Hard to build privacy friendly applications
  • E-Government
  • Hard to find applications where anonymity is
    arguably necessary

3
Petitions in the physical world
  • Formal request addressed to an authority and
    signed by numerous individuals
  • Typically citizens provide
  • Unique identifier (name, national ID number)
  • Signature
  • Verification
  • Validating that the signatures correspond to the
    identifiers
  • Discarding multiple/invalid signatures

4
Electronic petitions
  • Benefits of going electronic
  • Many resources are needed in order to physically
    collect the signatures
  • Manual signature verification is a costly and
    tedious process
  • Drawbacks
  • Easy to cheat (e.g., knowledge of other peoples
    name and ID number)
  • Countermeasures may disenfranchise petition
    signers (e.g., IP detection)
  • Good example of ICT enabling participatory
    e-democracy

5
The naive e-petition implementation
  • Have users sign the petitions with their e-ID
  • Select petition
  • Sign using the e-ID (2-factor authentication)
  • Validate signature and check that the petition
    has not yet been signed with that e-ID
  • Count (or discard) the signature
  • Privacy risks
  • Leak sensitive information on political beliefs,
    religious inclinations, etc. (this may prevent
    some people from signing)
  • Through unique identifiers, petition signatures
    can be linked to other data

6
e-petition requirements
  • Basic requirements
  • Authentication citizen is who claims to be
    (i.e., no impersonation)
  • Authorization citizen is entitled to sign (e.g.,
    age gt 18)
  • Integrity, Confidentiality
  • Multiple signing prevention
  • Verifiability all valid signatures are counted
  • Privacy requirements
  • Signer anonymity citizen unlinkable to petition
    (i.e., not possible to identify who are the
    signers)

7
Anonymous credential protocols
  • Active area of research in cryptography
  • They rely on cryptographic protocols and
    Zero-Knowlege proofs to reduce to the bare
    minimum the amount of information disclosed
  • Flexible protocols, many options possible
  • Example
  • CI issues a credential to U that encodes Us age
  • U can prove to V that his age is above/below a
    threshold
  • V can check that this is certified by CI
  • V does not learn Us exact age

8
PKI vs anonymous credentials
PKI
Anonymous credentials
  • Signed by a trusted issuer
  • Certification of attributes
  • Authentication (secret key)
  • Double-signing detection
  • Data minimization
  • Users are anonymous
  • Users are unlinkable in different contexts
  • Signed by a trusted issuer
  • Certification of attributes
  • Authentication (secret key)
  • Double-signing detection
  • No data minimization
  • Users are identifiable
  • Users can be tracked (Signature linkable to other
    contexts where e-ID is used)

9
Architecture
10
Properties
  • Only citizens entitled to sign can do so
  • Possession of e-ID knowledge of PIN
  • Attribute verification (e.g., age, locality)
  • One credential per citizen
  • Citizens can sign only once (multiple signing is
    detectable so that repeated signatures can be
    deleted)
  • Collusion of credential issuer and e-Petition
    server does not reveal the identity of a signer
  • Verifiability through publishing the protocol
    transcripts

11
Summary and conclusions
  • Summary of the paper
  • Motivation for privacy preserving e-petitions
  • Requirement study
  • Introduction to anonymous credentials
  • Architectural design combining existing
    technologies
  • Legal issues
  • To be added details of the protocols and
    implementation
  • Proof-of-concept
  • We can satisfy seemingly contradictory
    requirements
  • Security properties can be achieved without
    identifiability
  • National ID can be user to bootstrap privacy
    friendlier IDM, while preventing Sybil attacks

12
Thank you!
Write a Comment
User Comments (0)
About PowerShow.com