Slashdot Mirror

← Back to Stories (view on slashdot.org)

Digital Credentials Offer Enhanced Privacy

Posted by kdawson on from the cypherpunks-write-code dept.

John Q Random writes "Stefan Brands's company credentica.com announced their U-Prove library and SDK implementing ID tokens — also known as digital credentials or private credentials. (Private Credentials are a cool PKI replacement and anonymous e-cash tech that allows you to prove certified attributes like age, credit rating, group membership, etc. without revealing who you are; to allow you to have a digital life without the digital dossier effect inherent in a central databases.) Following this announcement, Adam Back announced credlib, an open source implementation of Brands credentials (and the older more basic Chaum certificates). These developments relate to recent news from IBM's Zurich labs on their identity-mixer project (previously discussed on Slashdot) that is based on the less efficient Jan Camenisch and Anna Lysyanskaya credentials."

49 comments

  1. Identity Theft by biocute · · Score: 3, Insightful

    This is under the presumption that the holder/applicant is who he claims he is.

    I guess it'll just get added to the to-do list of phishers and ID thieves.

    And the fact that (real) sensitive data has to be included to prevent 'leading/sharing' just begs for hacking.

    --
    Virtual Betting on Facebook for non-geeks.
    1. Re:Identity Theft by Anonymous Coward · · Score: 1, Insightful

      How the holder/applicant builds up his/her reputation capital is one issue. Maintaining the integrity of it afterwards is what this technology is all about.

      The fact that Adam Back is involved lends serious credibility to this effort. There may well be weaknesses, as with any scheme. But at least it's been looked at and implemented in part by one of the best in the biz.

      Of course, some wit might point out how do we know it's the real Adam Back? Clearly that's possible to determine, but with our previous technology, it's a bit more painful. Personally, I'm quite confident that it's the real Adam.

    2. Re:Identity Theft by PitaBred · · Score: 1

      /me trundles off to create a website that asks users to upload their private keys to guarantee the strength of the security...

      --
      My blog. Good stuff (when I remember to update it). Read it.
    3. Re:Identity Theft by PopeRatzo · · Score: 1

      Why is it that when I hear from a press release that a new product offers "enhanced privacy" that I immediately think that means "less privacy"?

      This is about the world as it has been made by the corporate masters, and their "interesting" repurposing of words.

      --
      You are welcome on my lawn.
    4. Re:Identity Theft by Zeinfeld · · Score: 2, Interesting
      The fact that Adam Back is involved lends serious credibility to this effort. There may well be weaknesses, as with any scheme. But at least it's been looked at and implemented in part by one of the best in the biz.

      Stefan is not exactly in need of credibility. We all know he can do the business on the technology side.

      The main concerns here are first Stephan has a tendency to prioritize certain political attachments over practical issues. So the question is not whether the system will be as private as claimed but whether it will be realistic enough to be viable. The second concern is navigating the thicket of patent claims various parties control.

      Tony Nadalin and myself have been proposing what appear to be similar schemes independently that do not offer the same degree of academic perfection (there is a possibility of registry default) but the IP is held (as far as we know) by companies that have a bigger interest in something happening than in milking their IP portfolios.

      I don't yet have a white paper on the subject but I did present the scheme at RSA. Details should be comming out soon.

      --
      Looking for an Information Security student project suggestion?
      Try http://dotcrimeManifesto.com/
  2. Well blow me down! by Itninja · · Score: 2, Funny

    At first I thought is said "Digital Credentials Offer Enhanced Piracy"

    "Me SmartCard an' Biometrics allow en' more booty to be plundered, yarhhh!"

    --
    I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
  3. Digital creds = "certs or keys" by xxxJonBoyxxx · · Score: 1, Insightful

    When I read "digital credentials" I immediately thought "(SSL/SMIME) certs and (SSH/PGP) keys". Those are two standard and widely implemented forms of "strong" digital authentication. SSL certs are also already available in hardware tokens, etc, if you like the FOB route. (Just ask the DoD about CAC cards...)

    I don't know why people keep trying to reinvent the wheel here.

    1. Re:Digital creds = "certs or keys" by wirelessbuzzers · · Score: 1

      When I read "digital credentials" I immediately thought "(SSL/SMIME) certs and (SSH/PGP) keys". Those are two standard and widely implemented forms of "strong" digital authentication. SSL certs are also already available in hardware tokens, etc, if you like the FOB route. (Just ask the DoD about CAC cards...)

      I don't know why people keep trying to reinvent the wheel here. Well, if you'd read the summary, you'd have noticed that these add more privacy over traditional certs, while still allowing you to prove credentials. That is, you can prove that you're over 18 without giving any more information about yourself. Compare that with a cert, where at the very least your information can be linked together by cert id.
      --
      I hereby place the above post in the public domain.
    2. Re:Digital creds = "certs or keys" by Anonymous Coward · · Score: 0

      Err.. "Digital Credentials" or "private credentials" are not just certs. These thingies are like anonymous ecash tokens, cypherpunk-level privacy through advanced crypto. Seriously cool stuff. The point is as it says in the summary...

      "Private Credentials are a cool PKI replacement and anonymous e-cash tech that allows you to prove certified attributes like age, credit rating, group membership, etc. without revealing who you are; to allow you to have a digital life without the digital dossier effect inherent in a central databases.)"

      Guess we're not only not reading articles now, but not even reading the summary!!

      Slashdot moderators are idiots if the parent deserves a 4! It deserves a -1 for complete inability to read and comprehend the summary.

    3. Re:Digital creds = "certs or keys" by db32 · · Score: 1

      CAC Card is redundant based on what it is supposed to stand for. In reality it isn't because its a Can't Access Crap Card. It was a great idea, with an implementation that makes you wish the edges of your ID card were sharper so you could just slit your wrists at the computer and be more productive.

      --
      The only change I can believe in is what I find in my couch cushions.
  4. yep by User+956 · · Score: 1

    Following this announcement, Adam Back announced credlib, an open source implementation of Brands credentials (and the older more basic Chaum certificates).

    That certainly sounds like a credlib-able solution to the problem.

    --
    The theory of relativity doesn't work right in Arkansas.
  5. Technolgy can't fix legal/economic problems by Wesley+Felter · · Score: 2, Insightful

    Where is the threat to individual privacy? As I see it, the threat is companies misusing legitimately-obtained personal information. Now let's tie in privacy with today's earlier discussion about credit card fraud. To buy anything over the Net from a reputable vendor, you usually must provide your legal name, home address, and phone number in order for the credit card transaction to be approved. (Buying from less reputable vendors may actually provide more privacy because AFAIK Paypal doesn't expose all these personal details when you make a payment.) What is the chance that VISA/MC/AMEX will re-engineer their systems to be privacy-preserving?

    1. Re:Technolgy can't fix legal/economic problems by John.P.Jones · · Score: 2, Insightful

      > What is the chance that VISA/MC/AMEX will re-engineer their systems to be privacy-preserving?

      Much better when there is a well understood solution to the problem. The technology is a necessary not a sufficient condition for fixing these problems. No it won't magically solve our problems but that doesn't negate the use of developing the technology.

    2. Re:Technolgy can't fix legal/economic problems by Beryllium+Sphere(tm) · · Score: 1

      >What is the chance that VISA/MC/AMEX will re-engineer their systems to be privacy-preserving?

      Pretty high, but only if they are on the hook legally for privacy breaches, or if their customer start swinging business based on privacy concerns. Otherwise nil.

  6. RTFA by Wesley+Felter · · Score: 3, Interesting

    When I read "digital credentials" I immediately thought "(SSL/SMIME) certs and (SSH/PGP) keys". Those are two standard and widely implemented forms of "strong" digital authentication.

    The problem with regular certs is that they are all-or-nothing, so if you disclose your cert to a party, they now have all the information in the cert. For example, consider using a "digital drivers license" to prove your age or using a "digital student ID" to get a student discount; it's totall overkill.

    The summary explains why Brands credentials are an improvement:

    Private Credentials are a cool PKI replacement and anonymous e-cash tech that allows you to prove certified attributes like age, credit rating, group membership, etc. without revealing who you are (emphasis added)

  7. I don't think you understand the tech... by xxxJonBoyxxx · · Score: 2, Insightful

    The problem with regular certs is that they are all-or-nothing, so if you disclose your cert to a party, they now have all the information in the cert. For example, consider using a "digital drivers license" to prove your age or using a "digital student ID" to get a student discount; it's totall overkill.


    You don't put things like "age" or "student ID" on a cert, and you certainly wouldn't put them on a key. Instead, you could use the verified IDs from certs/keys to look up information from a master DB, much like Brands and dozens of other interchangable knuckleheads are proposing.

    Remember, whether you show up to a "verification service" with a magic cookie/ID/BrandsThing or a cert, you're still trusting a third party to only give out a piece of your total profile at a time. All the while, they're probably really selling the whole DB to random spammers, just like your average credit bureau.
    1. Re:I don't think you understand the tech... by Anonymous Coward · · Score: 0

      ha ha ha. I think it is in fact you that doesnt understand the tech, and Wesley did.

      Brands system really does put separate attributes which are literally age, sex, nationality etc in your cert. And you the user choose which attribute or combination of attributes to reveal.

      The CA or issuer would no doubt ask you to show some ID to convince himself that those attributes are true.

      But when you reveal the attribute, the relying party has ZERO information about you other than that attribute (eg age, over18 (without revealing actual age) etc). Brands credentials are the in fact technology opposite of putting database pointers in certificates. In fact that is his critique of X.509 certificates if you read his book!

    2. Re:I don't think you understand the tech... by Beryllium+Sphere(tm) · · Score: 2, Informative

      >Instead, you could use the verified IDs from certs/keys to look up information from a master DB, much like Brands and dozens of other interchangable knuckleheads are proposing.

      That is the exact opposite of what Dr. Brands is proposing, and the existence of a central database full of sensitive information is precisely the problem he's trying to prevent. How anyone could read his PhD thesis without understanding that is beyond my imagination.

      >you're still trusting a third party to only give out a piece of your total profile at a time.

      Not if they don't *have* your complete profile and see only a signed assertion of your age, or your blood type, or whatnot. Even cooler, you can disclose the result of a Boolean without disclosing the terms inside it: with a Brands credential you could assert "either over 18 or an emancipated minor", for example.

  8. anonymous ecash & cypherpunks @ work by Anonymous Coward · · Score: 0

    Brands credentials are also an anonymous ecash technology. Zero-knowledge systems were using this when they were doing privacy tech and the freedom network and all that stuff. (the freedom network was an anonymous IP network like onion routing, Tor but more secure).

    Nice to see some cypherpunks writing code in this post 911 era of security trumps rights of privacy and personal liberty.

  9. All these identity providers listed... by Valdez · · Score: 1
    ...and no CardSpace?

    Oh, thats right, I'm reading /. ;)

    1. Re:All these identity providers listed... by Anonymous Coward · · Score: 0

      That's an identity *framework*, not a provider.

  10. Ah...this is tech for the porn industry, then. by xxxJonBoyxxx · · Score: 1

    That is, you can prove that you're over 18 without giving any more information about yourself.
    Ah...this is tech for the porn industry, then. ;)
  11. TFA is for wussies... by xxxJonBoyxxx · · Score: 1

    Guess we're not only not reading articles now, but not even reading the summary!!


    That's right; I'm a true tech through and through. If manuals are for wimps then TFA is for wussies too. C'mon - Slashdot editors: you need to shorten up those summaries for those of us with post-MTV-era attention spans!
  12. How? by pesc · · Score: 2, Interesting

    I don't need this certificate myself. Can someone explain why I can't obtain one proving my age (42) and sell it to a youngster? All other attributes are masked.

    --

    )9TSS
    1. Re:How? by Jherek+Carnelian · · Score: 0

      I don't need this certificate myself. Can someone explain why I can't obtain one proving my age (42) and sell it to a youngster? All other attributes are masked.
      Because the system digital signs your identity by tattooing a digital signature of your biometrics across your forehead.
    2. Re:How? by Anonymous Coward · · Score: 0

      Can someone explain why I can't obtain one proving my age (42) and sell it to a youngster? Actually, it sounds like your 42 year old grandson already sold one to you, gramps.
  13. Hah! by TheVelvetFlamebait · · Score: 1

    We both know that isn't the true meaning of piracy!

    --
    You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
  14. False security by syousef · · Score: 1

    True of all such "private" information storage facilities...

    Either the information is kept by someone and can be obtained from the issuer (whether through legitimate legal means or theft. This is valuable information. Unscrupulous people will steal, trade and sell it). You're basically trusting the issuer to keep you safe. SSL certs are kinda like this but there's no pretense of private data being stored encrypted in the cert.

    OR

    Once the certificate is issued there is no way to identify who it is issued to, which means the only way a security hole in the method comes to light is when massive fraud occurs or if someone brags about breaking it. PGP is kinda like this.

    All this does is allow you to buy products or services annoymously from legit vendors, and only so long as the system isn't compromised. The other thing is most non-shady vendors won't want to accept this form of ID/verification. I mean it's great for porn vendors because porn is socially vilified and people don't want to admit to buying it or having it on record. For most other things, the vendor will prefer a method of verification under their control since it'll give them marketing data and also prove to be a better protection against litigation than some anonymous cert.

    --
    These posts express my own personal views, not those of my employer
    1. Re:False security by Watson+Ladd · · Score: 1

      That's what the cryptography is for. You don't need to trust the issuer but in a case of fraud it is possible to tell who you are and at no other time. The math is quite solid, but people's understanding of it is a bit shaky.

      --
      Inventions have long since reached their limit, and I see no hope for further development.-- Frontinus, 1st cent. AD
  15. anti-lending feature (Re:How?) by Anonymous Coward · · Score: 4, Informative

    They have an anti-lending option. Here's how it works: the credential can have multiple private keys, one of which has to be random and the others of which can be secrets you would not be happy to sell to a youngster. (Say like your credit card number, or any other info that could be risky to lend to someone). Without all of the private keys you cant use the credential, so the would be lender, or reseller cant transfer the credential without revealing secrets chosen to be risky to share.

    The CA or credential issuer, he sees secrets when the credential is issued, however you trust him not to abuse those secrets (and maybe you paid him with the same credit card number eg). However due to the crypto magic the CA cant observe nor trace your uses of the credential back to you even with full collusion with relying parties.

    In fact the privacy is unconditionally secure and the user has full control and doesnt have to trust anyone (not CA, not relying parties, etc) only that the software of his credential wallet software is correctly implemented. This software would typically be open source and peer reviewed.

    1. Re:anti-lending feature (Re:How?) by pesc · · Score: 1

      the credential can have multiple private keys, one of which has to be random and the others of which can be secrets you would not be happy to sell to a youngster. (Say like your credit card number, or any other info that could be risky to lend to someone).

      So someone with nothing to lose (a bum?) can't get to verify he's 40?

      Apart from a credit card number (can't you get one-off credit cards or cancel them or report it stolen?) I don't know what kind of information you absolutely can't share.

      --

      )9TSS
    2. Re:anti-lending feature (Re:How?) by Anonymous Coward · · Score: 1, Informative

      You are correct that you cant ultimately prevent lending. Another secret you can put in the private keys is a large denomination ecash coin ... do you trust the guy you sold the credential to for $10 not to cash your $100 deposit?

      Well even that just means the minimum price of the credential resale is set by the issuer.

      There is also something called credential pooling, which means an issuer could make a unified credential which is simultaneously your authentication and credential for many important things, like bank account, mortgage, driving license, passport etc.

      You cant share part of the credential, only the whole credential so then it makes it so you cant share the trivial credential (like say age credential) with
      out sharing something that could get you into id theft issues etc.

      Maybe you can find some one who is really alcholic and destitute who has absolutely nothing to lose, but the set of people who would be willing to sell their id on that basis is much smaller.

      Anyway think of it more as a deterrence than 100% prevention.

      (Anyway even if one could somehow make it 100% impossible to transfer, there is still online renting... ie I leave my computer on, and leave my credential running, and set it up to answer over18 requests for other people for a fee).

    3. Re:anti-lending feature (Re:How?) by MichaelSmith · · Score: 1

      Well even that just means the minimum price of the credential resale is set by the issuer.

      Well not really. If the ecash coin has $1000 in it and I want to sell my identify for $100 then the price to the buyer is $1100 and he gets $1000 back straight away.

      --
      http://michaelsmith.id.au
    4. Re:anti-lending feature (Re:How?) by Anonymous Coward · · Score: 0

      The way this ecash coin lending deterrence works is the credential itself would be revoked if you (or the person you leant or sold the credential to) spent the anti-lend embedded ecash coin.

  16. Efficiency is an open question by SiliconEntity · · Score: 1

    It remains to be seen at this point whether the Camenisch/Lysyanskaya Idemix credentials are really "less efficient" than Brands. Certainly the CL credential work is newer. Brands' stuff is good but the field does not stand still. Until we see benchmarks putting them side by side, it is too early to say which is more efficient.

  17. ecash: privacy and security not at odds by Anonymous Coward · · Score: 0

    Parent poster hints at inherent security problems with lack of audit trail with epayments based on private credentials. (Audit trail to reconcile transactions and detect fraud.)

    In fact parent poster is uninformed and speculating... audit and balancing of transactions is fully supported by ecash or etoken system using private credentials. (Just not in a way that reveals users buying habits). The merchant receives a signed receipt which he will deposit at the bank. Either verification is online and immediate, or offline; in the online case attempted fraud is rejected immediately, in the offline case attempts to double-spend reveal the identity of the fraudster (this is called "fraud tracing" in ecash parlance.)

    Likewise rest of speculation is also bogus; briefly to each argument:

    - no one but porn cares about privacy -- oh yeah? care to post your library lending record?, your book purchase record? your magazine purchase record? log of everything you ever bought for cash?

    - infers some issue with proofs under litigation? -- wrong, the merchant has a signed receipt -- much better proof than a merchant has with credit card, why do you think credit card fees are high? -- to cover the fraud losses from aggressive repudiations (false claims of fraud by customer), and stolen credit card fraud...

    1. Re:ecash: privacy and security not at odds by syousef · · Score: 1

      Huh? Are you misunderstanding me on purpose?

      If you kept your library lending record on such a token you'd be smoking wacky weed! You might keep some summary information like a trust rating. Or you might just keep it to basics like age, country of residency etc. The reason that anon payments would be useful is in case you didn't trust the vendor to keep your information secret. You already trust the public library not to publish your lending record. However you might not trust a porn retailer not to put you on a mailing list or publish your history. In that case verifying you're 18 without giving additional information would be useful.

      As for issues with litigation what would you rather say if you were accused of selling porn to a minor? Your honour I have cert number 121332293478294 that says whoever I sold this to was over 18, or your honour I accepted payment from Mr Jarvis Flugelbund of 6 Acacia lane, Pornsville, who submitted a fax of his drivers license that clearly shows he's 32?

      --
      These posts express my own personal views, not those of my employer
  18. No, I don't think *you* understand the tech... by Anonymous Coward · · Score: 0

    Um, Mr. Knucklehead, sir?

    I suggest you read Brands' thesis, or any of his patents, before you spout any more idiotic falsehoods. Your talking about central databases is positive proof that you don't have the beginning of a glimmer of a clue about how this works, and I'm afraid it's not amenable to explanation to a cretin in the space of a Slashdot post.

    Just for clarity: There is no central database. The information is in fact encoded in the "certificate". This is done using cryptographic mechanisms that allow the "certificate" to be used to prove various things, without disclosing other things. These proofs can in fact be conducted without communicating with the issuer at all.

    Brands is a crappy businessman, but he's a very competent cryptographer, and has made significant original contributions to this field. You, on the other hand, well...

    Thanks, and have a nice day.

  19. Sigh...PKI REPLACEMENT? by SecretSauce · · Score: 1

    Is PKI that broken that we already need a replacement? Seems to do the job for me...

    1. Re:Sigh...PKI REPLACEMENT? by david.emery · · Score: 1

      I dunno. I find the whole PKI thing to be incredibly baroque and subject to failure/inconsistency/difficulty-of-use (what's the opposite of ease-of-use?).

      Now maybe when I get it all set up right, it'll run OK. But so far getting it set up has proven to be a massive time sink for me, and I'm still not there yet.

              dave

  20. Brands creds 10-100x faster than CL (open q. ha) by Anonymous Coward · · Score: 0

    Well even without benchmarks, and I guess now with credlib you could go compare idemix source code perf to credlib, its patently obvious that Brands creds are at least an order of magnitude faster.

    Brands issuing protocol requires the user to perform the equivalent of one at most RSA full exponentiation and 5 small exponentiations, and all of the small exponentiations can be precomputed.

    CL requires several full RSA exponentiations, and also they cant be precomputed.

    Showing is similarly an order of magnitude slower with CL.

    Also Brands protocols work over EC which give another factor of 10 speed up.

    So overall estimate 10 - 100x faster. Doesnt sound a very "open" question, at a fundamental algorithmic level CL is clearly way slower, 10-100x is not a small factor open to going one way or the other in an implementation efficiency bake off.

  21. Um, what the ACs said.... by Hizonner · · Score: 1

    They're exactly correct. But this post puts somebody's credentials behind their position. :-)

  22. Oblig. Dilbert by Anonymous Coward · · Score: 0

    Private Credentials are a cool PKI replacement and anonymous e-cash tech that allows you to prove certified attributes like age, credit rating, group membership, etc. without revealing who you are; to allow you to have a digital life without the digital dossier effect inherent in a central databases.

    Bingo, sir.

  23. Re:Brands creds 10-100x faster than CL (open q. ha by Anonymous Coward · · Score: 0
    Right, and not doing any crypto at all is 1000000000000x faster than Brands' credentials.

    The whole point of these credentials is that you can obtain it and then show it, and the bits you reveal when showing it do not say anything about who you are and when you got the credential, not even to the entity that issued the credential in the first place. (Magic, huh?)

    In Brands' system, each credential can only be used once: the second time I use it, I reveal the very same bits as the first time I used it, so if I keep using it, I become identifiable by these bits. So every time that I plan to show a Brands credential, I must go back to the issuer and get a fresh copy.

    Whereas in the CL system, you get a multi-show credential that you can show as many times as you want and it will look different every time.

    Of course we're comparing apples and oranges because when you don't need the multi-show feature why not use Brands.

  24. Re:Brands creds 10-100x faster than CL (open q. ha by Anonymous Coward · · Score: 0

    In Brands' system, each credential can only be used once Not quite. True, re-use of the same credential reveals some of the same bits, but there are reasons you would want to do so. Off the top of my head: 1) using Brands's credentials for a psudonymous authentication system (I re-auth to a service using the same credential as the last time so I get personalized service that can't be traced back to my true identity) and 2) successively proving more about myself to a service (prove over-18 the first time, then prove my postal code later using the same credential).

    That aside, Brands has a wicked mechanism for issuing multiple identical credentials in parallel, so it's not the case that you have to go back to the issuer to get a fresh copy after each use. Grab 10 or 100 at a go and use them willy-nilly.
  25. But will it work in the marketplace? by fizzbin · · Score: 1

    The technology to do this one way or another has been around for years, at least since David Chaum's blinded signatures and e-cash. The problem is getting it to be marketable.

    There are 2 hurdles to this product:

    1. Digital certificates of any kind are hard to get Joe average user to understand and adopt. How many people use PGP style email encryption, let alone user SSL certificates?

    2. More seriously, how many online business are willing, not only not to collect customer data, but to go to sigificant expense to avoid collecting customer data?

    Since customer data is generally viewed as having value to businesses, you are in effect asking business to spend money to make less money. That just won't happen, unless customers demand it. And I don't see that happening anytime soon (see #1 above).

    --
    Fizz