Trusted Computing to Increase Security and Privacy in eID Authentication

Abstract : Smart cards are popular devices for storing authentication credentials, because they are easily (trans)portable and offer a secure way for storing these credentials. They have, however, a few disadvantages. First, most smart cards do not have a user interface. Hence, if the smart card requires a PIN, users typically have to enter it via an untrusted workstation. Second, smart cards are resource constrained devices which impedes the adoption of advanced privacy-enhancing technologies (PETs) such as anonymous credentials.This paper presents a new solution that addresses these issues. It allows users to enter their PIN via the workstation and securely transfer it to the smart card. The solution further extends existing smart card assisted authentication technology based on X.509 credentials with privacy-preserving features such as multi-show unlinkability and selective disclosure. The system can, hence, be used to improve the privacy properties of these rolled-out infrastructures. The solution relies on a secure execution environment running on the workstation. We have put our solution into practice and implemented a prototype.
Type de document :
Communication dans un congrès
Nora Cuppens-Boulahia; Frédéric Cuppens; Sushil Jajodia; Anas Abou El Kalam; Thierry Sans. 29th IFIP International Information Security Conference (SEC), Jun 2014, Marrakech, Morocco. Springer, IFIP Advances in Information and Communication Technology, AICT-428, pp.485-492, 2014, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-642-55415-5_41〉
Liste complète des métadonnées

Littérature citée [13 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01370406
Contributeur : Hal Ifip <>
Soumis le : jeudi 22 septembre 2016 - 14:40:29
Dernière modification le : jeudi 22 septembre 2016 - 14:51:41

Fichier

978-3-642-55415-5_41_Chapter.p...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Jan Vossaert, Jorn Lapon, Bart Decker, Vincent Naessens. Trusted Computing to Increase Security and Privacy in eID Authentication. Nora Cuppens-Boulahia; Frédéric Cuppens; Sushil Jajodia; Anas Abou El Kalam; Thierry Sans. 29th IFIP International Information Security Conference (SEC), Jun 2014, Marrakech, Morocco. Springer, IFIP Advances in Information and Communication Technology, AICT-428, pp.485-492, 2014, ICT Systems Security and Privacy Protection. 〈10.1007/978-3-642-55415-5_41〉. 〈hal-01370406〉

Partager

Métriques

Consultations de la notice

79

Téléchargements de fichiers

25