Data-Minimizing Authentication Goes Mobile

Abstract : Authentication is a prerequisite for proper access control to many eservices. Often, it is carried out by identifying the user, while generally, verification of certified attributes would suffice. Even worse, this kind of authentication makes all the user’s transactions linkable and discloses an excessive amount of personal information, and thus erodes the user’s privacy. This is in clear contradiction to the data minimization principle put forth in the European data protection legislation.In this paper, we present data-minimizing mobile authentication, which is a kind of attribute-based authentication through the use of anonymous credentials, thereby revealing substantially less personal information about the user. We describe two typical scenarios, design an architecture, and discuss a prototype implemented on a smart phone which minimizes the disclosure of personal data in a user-to-terminal authentication setting. The prototype uses the Identity Mixer anonymous credential system (Idemix) and realizes short-range communication between the smart phone and the terminal using visual channels over which QR codes are exchanged. Furthermore, the security has been improved and unauthorized sharing of credentials prevented by storing the credentials’ secret key in a secure element hosted by the mobile phone. Our measurements show that the use of smart phones for data-minimizing authentication can be an actual “game changer” for a broad deployment of anonymous credential systems.
Type de document :
Communication dans un congrès
Bart Decker; David W. Chadwick. 13th International Conference on Communications and Multimedia Security (CMS), Sep 2012, Canterbury, United Kingdom. Springer, Lecture Notes in Computer Science, LNCS-7394, pp.55-71, 2012, Communications and Multimedia Security. 〈10.1007/978-3-642-32805-3_5〉
Liste complète des métadonnées

Littérature citée [24 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01540904
Contributeur : Hal Ifip <>
Soumis le : vendredi 16 juin 2017 - 16:47:11
Dernière modification le : vendredi 16 juin 2017 - 16:48:56
Document(s) archivé(s) le : mercredi 10 janvier 2018 - 13:02:16

Fichier

978-3-642-32805-3_5_Chapter.pd...
Fichiers produits par l'(les) auteur(s)

Licence


Distributed under a Creative Commons Paternité 4.0 International License

Identifiants

Citation

Patrik Bichsel, Jan Camenisch, Bart Decker, Jorn Lapon, Vincent Naessens, et al.. Data-Minimizing Authentication Goes Mobile. Bart Decker; David W. Chadwick. 13th International Conference on Communications and Multimedia Security (CMS), Sep 2012, Canterbury, United Kingdom. Springer, Lecture Notes in Computer Science, LNCS-7394, pp.55-71, 2012, Communications and Multimedia Security. 〈10.1007/978-3-642-32805-3_5〉. 〈hal-01540904〉

Partager

Métriques

Consultations de la notice

134

Téléchargements de fichiers

27