pki versus private credentials1 stefan brands zero-knowledge systems inc. montreal
Post on 18-Dec-2015
229 views
TRANSCRIPT
![Page 1: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/1.jpg)
PKI versus Private Credentials 1
PKI versus Private Credentials
Stefan Brands
Zero-Knowledge Systems Inc.
Montreal
![Page 2: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/2.jpg)
PKI versus Private Credentials2
Digital Certificates:
sequences of zeros and ones (of a mathematical structure)
verifiable with 100 % accuracy by computers
transferable electronically (no human intervention, fast)
unforgeable (crypto protection) can specify any kind of data
![Page 3: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/3.jpg)
PKI versus Private Credentials3
Identity Certificates:
CA digital signature binds public key to real name
secret key signs message (prevents replay, non-repudiation)
verify by applying CA's public key use as authenticated pointer into
databases (like SSNs)
![Page 4: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/4.jpg)
PKI versus Private Credentials4
![Page 5: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/5.jpg)
PKI versus Private Credentials5
Federal PKIs:
USA (Access Certificates for Electronic Services, FPKI)
United Kingdom (CLOUD COVER) Australia (Public Key Auth.
Framework, Gatekeeper) Canada (Canada Public Key
Infrastructure) Hong Kong (identity certificates to
most residents)
![Page 6: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/6.jpg)
PKI versus Private Credentials6
In the future:
mobile phones watches televisions cars computerized household
appliances …
![Page 7: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/7.jpg)
PKI versus Private Credentials7
Drawbacks to organizations: transaction delays loose business (faulty/ irrelevant
data, online connection fails) central database verification hard to protect databases against
hackers and insiders privacy standards bring
compliance costs Manage CRLs / online validation
![Page 8: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/8.jpg)
PKI versus Private Credentials8
Privacy concerns:
traceability (CA, verifiers, wiretappers, intel. agencies)
linkability (in and across PKIs) non-repudiable evidence discrimination (consults any
database) errors (database, identities) no control over secondary use revocation (CRL, online whitelists)
![Page 9: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/9.jpg)
PKI versus Private Credentials9
Legislation ineffective:
does not deter criminals stopping violations takes long legislation implemented ? technologies faster than law theft / modification by hackers ? misuse by employees ? laws may be amended, changed,
exempted, overturned, or ignored database audits -> accessibility
![Page 10: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/10.jpg)
PKI versus Private Credentials10
Privacy design goals:
control (selective disclosure) anonymity unlinkability no self-authenticating records smartcard implementations
![Page 11: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/11.jpg)
PKI versus Private Credentials11
Private Credentials:
similar to coins and public transport tickets (not identifiable)
meet all privacy design goals practical security benefits
![Page 12: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/12.jpg)
PKI versus Private Credentials12
Issuing a Private Credential: Certificate binds public key to
attributes CA cannot learn user's public key
and CA's signature (blinding) CA encodes attributes into user's
secret key
![Page 13: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/13.jpg)
PKI versus Private Credentials13
Showing a Private Credential: Send public key and CA signature selectively disclose property of
attributes sign message (= authenticate
property) replay prevention
![Page 14: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/14.jpg)
PKI versus Private Credentials14
Note:
different attributes in different or same Private Credentials
anyone can be CA one attribute may be identity selective disclosure unlinkability
![Page 15: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/15.jpg)
PKI versus Private Credentials15
Selective disclosure:
show part of attribute data without revealing more (think: marker)
more powerful than paper-based certificates (Boolean properties, n out of m, intervals)
works across different Private Credentials
![Page 16: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/16.jpg)
PKI versus Private Credentials 16
![Page 17: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/17.jpg)
PKI versus Private Credentials17
![Page 18: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/18.jpg)
PKI versus Private Credentials18
Reissuance:
refresh previously issued Credential without knowing attributes
update Credential's attributes before refreshing
![Page 19: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/19.jpg)
PKI versus Private Credentials19
Dossier-Resistance:
verifier gets zero evidence of transaction; or
verifier gets self-authenticating evidence of a message or a part of the disclosed property
self-authenticating evidence can be limited to designated parties
![Page 20: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/20.jpg)
PKI versus Private Credentials20
Fraud protections:
reduce identity fraud eliminate central database risks limited-show property (identity
computable if shown too often) discourage lending (encode secret
of user) discourage discarding (tie
unfavorable attributes in)
![Page 21: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/21.jpg)
PKI versus Private Credentials21
![Page 22: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/22.jpg)
PKI versus Private Credentials22
Smartcard implementation: strong protection against loss,
theft, extortion, lending,copying, discarding, etc
can use standard 8-bit chips use desktop computer, notebook,
handheld, mobile phone, … user's computer protects privacy,
smartcard cannot leak data
![Page 23: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/23.jpg)
PKI versus Private Credentials23
Benefits to organizations: prevent unfair competition no law enforcement intrusions reduce identity fraud foster fair competition cheapest way to comply with
privacy principles improve transaction finality cultivate goodwill
![Page 24: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/24.jpg)
PKI versus Private Credentials24
Private Credentials can subsume X.509:
two attributes: certificate holder's X.500 name, all other fields
restrict entropy of X.509 validity period
restrict entropy of extension fields set serial number to hash of the
public key or to zero
![Page 25: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/25.jpg)
PKI versus Private Credentials25
Sample applications:
electronic cash digital pseudonyms for public
forums and virtual communities access control (VPNs, subscription
services, Web sites, databases) digital copyright protection
(certificates permit use of works) electronic voting
![Page 26: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/26.jpg)
PKI versus Private Credentials26
(continued)
electronic patient files electronic postage automated data bartering online auctions financial securities trading pay-per-view tickets public transport ticketing electronic food stamps road-toll pricing
![Page 27: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/27.jpg)
PKI versus Private Credentials27
(continued)
national ID cards (with privacy) permission-based marketing Web site personalization multi-agent systems collaborative filtering loyalty schemes electronic gambling medical prescriptions
![Page 28: PKI versus Private Credentials1 Stefan Brands Zero-Knowledge Systems Inc. Montreal](https://reader030.vdocument.in/reader030/viewer/2022032800/56649d235503460f949f9672/html5/thumbnails/28.jpg)
PKI versus Private Credentials28
For more information:
“Rethinking Public Key Infrastructures and Digital Certificates; Building in Privacy,” ISBN 0-262-02491-8, MIT Press August 2000, 356 pp.
“Private Cedentials,” whitepaper, Zero-Knowledge Systems, September 2000
[email protected] www.xs4all.nl/~brands