This page collects scientific all publications in the context of the IRMA project.
Bart Jacobs. Wat ben je? In M. Geels and T. van Opijnen, editors, Nederland in Ideeën, Maven Publishing, 2013, p.261-264. (article in Dutch)
Merel Koning, Paulan Korenhof, Gergely Alpár and Jaap-Henk Hoepman. The ABCs of ABCs: an analysis of attribute-based credentials in the light of data protection, privacy and identity.
Abstract. Our networked society increasingly needs secure identity systems. The Attribute-based credential (ABC) technology is designed to be privacy-friendlier than contemporary authentication methods, which often suffer from information leakage. So far, however, some of the wider implications of ABC have not been appropriately discussed, mainly because they lie outside of the research scope of most cryptographers and computer engineers. This paper explores a range of such implications, shows that there are potential risks associated with the wider introduction of ABC in society, and makes the case that legal and societal aspects of ABC be subjected to extended interdisciplinary research.
Gergely Alpár and Jaap-Henk Hoepman. A Secure Channel for Attribute-Based Credentials [Short paper]. In Proceedings of the 2013 ACM Workshop on Digital Identity Management (DIM 2013), Berlin, Germany, November 8, 2013, pages 13-18. (paper and presentation)
Abstract. Attribute-based credentials (ABCs) are building blocks for user-centric identity management. They enable the disclosure of a minimum amount of information about their owner to a verifier, typically a service provider, to authorise the credential owner for some service, application, or resource.
By directly applying attribute-disclosure protocols, the data is revealed not only to the verifier, but anyone who has access to the communication channel. Moreover, as verifiers are not intrinsically authenticated, one can accidentally reveal attributes to the wrong party. Therefore, a secure channel has to be established between the prover and the verifier.
Although efficient ABC smart-card implementations exist, not always can they perform all prover features. An equality proof, for instance, is essential in creating pseudonyms that enable temporary identification and eventually establishing a channel. Without this feature, other techniques have to be developed. In this paper we apply a more general notion of authentication that does not require card identification or pseudonyms. Based on this concept, we propose a security model that includes mutual authentication and setting up a channel between a card and a verifier. We present two efficient and provably secure protocols under standard assumptions in the random oracle model.
Gergely Alpár and Bart Jacobs. Credential Design in Attribute-Based Identity Management. . In Ronald Leenes and Eleni Kosta, editors, Bridging distances in technology and regulation, pages 189-204, 3rd TILTing Perspectives Conference, Tilburg, NL, April 25-26, 2013. (paper and presentation)
Abstract. Attribute-based credentials are cryptographically secured carriers of properties that hold for a particular individual. They are the basic building blocks of many upcoming privacy-enhancing technologies and user-centric identity management systems. There are a number of limitations and requirements besides security and privacy, such as usability and efficiency, that have to be taken into account when designing specific credentials in practice.
This paper elaborates several realistic on-line and off-line use cases in attribute-based identity management; moreover, it identifies and analyses some of the design issues that require a decision or solution. It provides the most important credential design principles and also shows how setting up an attribute-based credential system formalises identity relationships in society.
Pim Vullers and Gergely Alpár. Efficient Selective Disclosure on Smart Cards using Idemix. In Chris Mitchell et al., editor, IFIP IDMAN. Springer Science and Business Media, 2013. (paper and presentation)
Abstract. In this paper we discuss an efficient implementation for selective disclosure of attribute-based credentials on smart cards. In this context we concentrate on the implementation of this core feature of IBM’s Identity Mixer (Idemix) technology. Using the MULTOS platform, we are the first to provide this feature on a smart card. We compare Idemix with Microsoft’s U-Prove technology, as the latter also offers selective disclosure of attributes and has been previously implemented on a smart card.