Skip to main content
main-content

Über dieses Buch

The need for information privacy and security continues to grow and gets increasingly recognized. In this regard, Privacy-preserving Attribute-based Credentials (Privacy-ABCs) are elegant techniques to provide secure yet privacy-respecting access control. This book addresses the federation and interchangeability of Privacy-ABC technologies. It defines a common, unified architecture for Privacy-ABC systems that allows their respective features to be compared and combined Further, this book presents open reference implementations of selected Privacy-ABC systems and explains how to deploy them in actual production pilots, allowing provably accredited members of restricted communities to provide anonymous feedback on their community or its members. To date, credentials such as digitally signed pieces of personal information or other information used to authenticate or identify a user have not been designed to respect the users’ privacy. They inevitably reveal the identity of the holder even though the application at hand often needs much less information, e.g. only the confirmation that the holder is a teenager or is eligible for social benefits. In contrast, Privacy-ABCs allow their holders to reveal only their minimal information required by the applications, without giving away their full identity information. Privacy-ABCs thus facilitate the implementation of a trustworthy and at the same time privacy-respecting digital society.

The ABC4Trust project as a multidisciplinary and European project, gives a technological response to questions linked to data protection.

Viviane Reding

(Former Vice-president of the European Commission, Member of European Parliament)

Inhaltsverzeichnis

Frontmatter

Chapter 1. Introduction

Abstract
ABC4Trust advances trustworthy yet privacy-protecting ways of identity management. Therefore this chapter starts with an introduction to identity management and its privacy issues. Then it gives a first overview on Privacy-ABCs for privacy enhanced identity management and introduces the ABC4Trust Project goals and pilots.
Kai Rannenberg, Welderufael Tesfay, Ahmad Sabouri

Chapter 2. An Architecture for Privacy-ABCs

Abstract
One of the main objectives of the ABC4Trust project was to define a common, unified architecture for Privacy-ABC systems to allow comparing their respective features and combining them into common platforms. The chapter presents an overview of features and concepts of Privacy-ABCs and introduces the architecture proposed by ABC4Trust, describing the layers and components as well as the highlevel APIs. We also present the language framework of ABC4Trust through an example scenario. Furthermore, this chapter investigates integration of Privacy-ABCs with the existing Identity Management protocols and also analyses the required trust relationships in the ecosystem of Privacy-ABCs.
Patrik Bichsel, Jan Camenisch, Maria Dubovitskaya, Robert R. Enderlein, Stephan Krenn, Ioannis Krontiris, Anja Lehmann, Gregory Neven, Christian Paquin, Franz-Stefan Preiss, Kai Rannenberg, Ahmad Sabouri

Chapter 3. Cryptographic Protocols Underlying Privacy-ABCs

Abstract
In this chapter we present the Cryptographic Engine which provides the cryptographic functionality used in the ABC Engine, such as issuance or presentation of credentials. We first describe the architecture of the Cryptographic Engine, explain the building blocks it uses, and explain how they are bound together. We then describe the cryptographic primitives that the library uses to instantiate those building blocks.
Patrik Bichsel, Jan Camenisch, Maria Dubovitskaya, Robert R. Enderlein, Stephan Krenn, Anja Lehmann, Gregory Neven, Franz-Stefan Preiss

Chapter 4. Comparison of Mechanisms

Abstract
In this chapter we compare Privacy-ABC schemes based on the security, functionality and efficiency they offer. The aim of this is to help researchers and application developers choose an schemes and parameters most suitable for their application.
Michael Østergaard Pedersen, Gert Læssøe Mikkelsen, Fatbardh Veseli, Ahmad Sabouri, Tsvetoslava Vateva-Gurova

Chapter 5. Legal Data Protection Considerations

Abstract
This chapter gives an overview of relevant legal issues for the use of Privacy-ABCs. However, only legal issues stemming from privacy or data protection laws are examined. Further considerations regarding general civil or contractual problems are left aside, since they would require specific knowledge of the intended use-case and the involved entities.
Marit Hansen, Felix Bieker, Daniel Deibler, Hannah Obersteller, Eva Schlehahn, Harald Zwingelberg

Chapter 6. School Community Interaction Platform: the Soderhamn Pilot of ABC4Trust

Abstract
The Norrtullskolan school in Söderhamn, Sweden, hosted one of the ABC4Trust trials, where a privacy-respecting School Community Interaction Platform, built upon Privacy-ABCs, was deployed to boost communication between pupils, their parents and school personnel. In this chapter, we present an overview of the scope and the scenarios, and elaborate on the results we achieved through the design, deployment, operation and evaluation phases of this pilot.
Ahmad Sabouri, Souheil Bcheri, Jimm Lerch, Eva Schlehahn, Welderufael Tesfay

Chapter 7. Course Evaluation in Higher Education: the Patras Pilot of ABC4Trust

Abstract
In this chapter we describe one of the pilots of the ABC4Trust project that we developed in order to offer privacy-preserving course evaluations at universities. The distinctive feature of this application is that the pilot system can authenticate students, with respect to their eligibility to evaluate a course, without requiring from them any identifying information. Thus, it is impossible for the system to link participants with their evaluations and, therefore, participants’ privacy is protected while the system is certain to receive evaluations only from eligible participants. In this chapter we describe the pilot context, the high level architecture of the pilot system as well as a questionnaire-based evaluation process for user acceptance. Along with a usability evaluation of the pilot prototype, we considered possible user acceptance factors for Privacy-ABCs and developed a novel model of user acceptance in a privacy critical setting.
Yannis Stamatiou, Zinaida Benenson, Anna Girard, Ioannis Krontiris, Vasiliki Liagkou, Apostolos Pyrgelis, Welderufael Tesfay

Chapter 8. Experiences and Feedback from the Pilots

Abstract
This chapter focuses on the experiences gained during the development and operation of the pilot applications molten down to give both technical and legal feedback to future adopters of Privacy-ABC technologies.
Norbert Götze, Daniel Deibler, Robert Seidl

Chapter 9. Technical Implementation and Feasibility

Abstract
This chapter provides application developers with a presentation of the implemented reference implementation of the ABC4Trust architecture and protocols as well as a presentation on how to get started using the reference implementation. The reference implementation includes the ABC-Engines of the different entities, namely the User, Issuer, Verifier, Inspector, and Revocation Authority, and the smart card implementation for the User. This chapter also presents results of a perturbation analysis of the reference implementation. Even though the ABC4Trust focused on a server-desktop environment, we have done some proof of concept implementations and analysis of the feasibility of using smart phones for the user side of a Privacy-ABC setup; these results are also presented in this chapter.
Gert Læssøe Mikkelsen, Kasper Damgård, Hans Guldager, Jonas Lindstrøm Jensen, Jesus Garcia Luna, Janus Dam Nielsen, Pascal Paillier, Giancarlo Pellegrino, Michael Bladt Stausholm, Neeraj Suri, Heng Zhang

Chapter 10. Privacy-ABC Usage Scenarios

Abstract
The decision to employ Privacy-ABC systems and operate them is highly dependent on the business model, requirements and capabilities of the potential adopters. Nevertheless, more knowledge about various use cases of Privacy-ABCs and the problems that can be addressed by them may influence the benefits perceived by the decision makers. In this chapter, we present additional scenarios, beyond the pilots described in Chapters 6 and 7, and discuss their issues that can be resolved by Privacy-ABCs. These scenarios include eIDs, anonymous participation in decisions and polls, use of cloud services within enterprises, bank as Identity Service Provider, and preventing tracking the relying parties.
Joerg Abendroth, Marit Hansen, Ioannis Krontiris, Ahmad Sabouri, Eva Schlehahn, Robert Seidl, Harald Zwingelberg

Chapter 11. Establishment and Prospects of Privacy-ABCs

Abstract
In this chapter, a glance into the future is taken. In 2014, the European Regulation on Electronic Identification and Trust Services came into force. This will have influence on future usage of Privacy-ABCs (Section 11.1). Support for the adoption and distribution of Privacy-ABCs that help users’ privacy could be provided by various stakeholders as sketched in Section 11.2. One main driver can be standardization. Section 11.3 presents an overview of the most relevant standardisation projects for ABC4Trust, discusses concrete contributions to these standards, and gives some insights on how to achieve a higher degree of trustworthiness in the Privacy-ABC technologies through certification.
Marit Hansen, Hannah Obersteller, Kai Rannenberg, Fatbardh Veseli

Chapter 12. Further Challenges

Abstract
ABC4Trust was able to progress the vision of privacy-friendly identity management being widely used and protecting privacy in a digital world several steps further. However there are still challenges open. In this chapter we outline some of them.
Kai Rannenberg, Jan Camenisch, Ahmad Sabouri, Welderufael Tesfay

Backmatter

Weitere Informationen

Premium Partner

    Bildnachweise