23 November 2020
An Education in Preserving Privacy
Secure user authentication and sharing of personal data are core activities in an increasingly interconnected world. Over the last few decades, multiple mechanisms realising this task have been developed, ranging from password-based authentication over biometrics and multi-factor authentication to online identity providers. However, while giving sufficiently high security guarantees for many application domains, most approaches do not pay sufficient attention to the users' privacy, leading to over-identification and insufficient protection of the users' personal data.
Another piece of the puzzle initially outlined in ‘Composing a Picture from the Puzzle Pieces’ is a demonstrator use case on privacy-preserving identity management as illustrated in an educational context – although the techniques and ambition are equally applicable in many other processes and scenarios.
For instance, existing solutions often do not allow a user to selectively disclose personal attributes while keeping other data secret. As an example, when authenticating to a movie streaming service, it is necessary to prove that one owns a valid account and is old enough to watch a certain movie. It might not be necessary to reveal one’s full identity or even one’s precise date of birth. Similarly, when requesting a senior discount, there is no need to reveal one’s full identity – proving one’s age would be sufficient.
Alternatively, solutions allowing for such minimal disclosure of information are typically using an online identity provider which vouches for the correctness of a user’s claim. However, in such cases the online identity provider typically learns a full metadata profile about the user, as it is actively involved in any authentication process.
To overcome these challenges, the main ambitions of CyberSec4Europe’s pilot on privacy-preserving identity management are:
- Minimise the disclosure of personal data when sharing information in online identity management scenarios, including metadata
- Ensure that user have full control over their information and which data is revealed to whom
- Give formal authenticity and integrity guarantees for all data revealed to the verifier
- Support service providers comply with legal regulations such as the GDPR
Learning to use ABC
In order to achieve these goals, the core technology will be an anonymous credential systems (or attribute-based credentials (ABCs)). This cryptographic technology allows a user to receive a signature on her attributes (say, name, birth date, nationality). Then later to selectively disclose parts of this information (birth date etc.) to a service provider, while blanking out all other information (i.e., name, nationality).
Standard digital signatures are invalidated as soon as a single bit of the signed data is changed. ABCs still give the receiving party cryptographic authenticity guarantees on the revealed information, while fully protecting the user’s privacy. Even more, the user may decide to only prove that she is eligible for a discount without revealing her full birth date. This can even be done in a way that gives high metadata privacy guarantees, as authentications performed by one user cannot be linked to each other – unless the user explicitly consents to link-ability during the authentication session.
Certified Job Applications
CyberSec4Europe will demonstrate this technology in the educational domain. Specifically, the pilot will allow users to receive digital certificates for passed courses and degrees from their university department. The users may then use these certificates in a privacy-preserving way in different contexts. For instance, students may prove that they have a university degree in a first formal round of a job application phase, without having to reveal the full name stated on the degree (e.g., in cases where applications are handled in a semi-anonymised way in order to avoid a gender-bias). Or students may prove to public authorities that they earned a sufficient number of ECTS points (European Credit Transfer and Accumulation System) during the last semester in order to be eligible for some student allowance, without having to reveal the specific grades and courses taken.
The first phase of the pilot, covering the fundamental functionalities, will be executed over the next few weeks at CTI. The lessons learned regarding functionality, usability, and scalability will be taken into consideration for the further development and second piloting phase to be executed in 2022.
Stephan Krenn, AIT