Skip to main content
SpringerLink
Log in

Towards a Full-Featured Implementation of Attribute Based Credentials on Smart Cards

  • Conference paper
Cryptology and Network Security (CANS 2014)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8813))

Included in the following conference series:

Abstract

Attribute-based Credentials (ABCs) allow citizens to prove certain properties about themselves without necessarily revealing their full identity. Smart cards are an attractive container for such credentials, for security and privacy reasons. But their limited processing power and random access storage capacity pose a severe challenge. Recently, we, the IRMA team, managed to fully implement a limited subset of the Idemix ABC system on a smart card, with acceptable running times. In this paper we extend this functionality by overcoming the main hurdle: limited RAM. We implement an efficient extended Pseudo-Random Number Generator (PRNG) for recomputing pseudorandomness and reconstructing variables. Using this we implement Idemix standard and domain pseudonyms, AND proofs based on prime-encoded attributes, and equality proofs of representation modulo a composite, together with terminal verification and secure messaging. In contrast to prior work that only addressed the verification of one credential with only one attribute (particularly, the master secret), we can now perform multi-credential proofs on credentials of 5 attributes and complex proofs in reasonable time. We provide a detailed performance analysis and compare our results to other approaches.

The work described in this paper has been supported under the ICT theme of the Cooperation Programme of the 7th Framework Programme of the European Commission, GA number 318424 (Future ID). This research is conducted within the Privacy and Identity Lab (PI.lab) and funded by SIDN.nl ( http://www.sidn.nl ). The authors would like to thank the anonymous reviewers for their valuable comments and suggestions to improve the quality of the paper.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. EU FP7 Future ID (2014), http://www.futureid.eu/ (accessed August 11, 2014)

  2. EU FP7 Secure idenTity acrOss boRders linKed (STORK) 2.0 (2014), https://www.eid-stork2.eu/ (accessed August 11, 2014)

  3. Akinyele, J.A., Garman, C., Miers, I., Pagano, M.W., Rushanan, M., Green, M., Rubin, A.D.: Charm: a framework for rapidly prototyping cryptosystems. J. Cryptographic Engineering 3(2), 111–128 (2013)

    Article  Google Scholar 

  4. Alpár, G., Hoepman, J.-H.: A secure channel for attribute-based credentials: [short paper]. In: Digital Identity Management, pp. 13–18 (2013)

    Google Scholar 

  5. Alpár, G., Hoepman, J.-H., Siljee, J.: The identity crisis. security, privacy and usability issues in identity management. CoRR, abs/1101.0427 (2011)

    Google Scholar 

  6. Baldimtsi, F., Lysyanskaya, A.: Anonymous credentials light. In: ACM Conference on Computer and Communications Security, pp. 1087–1098 (2013)

    Google Scholar 

  7. Barker, E., Kelsey, J.: NIST Special Publication 800-90A: Recommendation for Random Number Generation Using Deterministic Random Bit Generators (2012)

    Google Scholar 

  8. Batina, L., Hoepman, J.-H., Jacobs, B., Mostowski, W., Vullers, P.: Developing efficient blinded attribute certificates on smart cards via pairings. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 209–222. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  9. Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard Java Card. In: ACM Conference on Computer and Communications Security, pp. 600–610 (2009)

    Google Scholar 

  10. Brands, S.A.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)

    Google Scholar 

  11. BSI. TR-03110: Advanced Security Mechanisms for Machine Readable Travel Documents

    Google Scholar 

  12. Camenisch, J., Chaabouni, R., Shelat, A.: Efficient protocols for set membership and range proofs. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 234–252. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  13. Camenisch, J., Groß, T.: Efficient attributes for anonymous credentials (extended version). IACR Cryptology ePrint Archive, 2010:496 (2010)

    Google Scholar 

  14. Camenisch, J., Van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: ACM Conference on Computer and Communications Security, pp. 21–30 (2002)

    Google Scholar 

  15. Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  16. Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  17. Camenisch, J., Michels, M.: Separability and efficiency for generic group signature schemes (Extended abstract). In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 413–430. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  18. Camenisch, J., Shoup, V.: Practical verifiable encryption and decryption of discrete logarithms. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 126–144. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  19. Camenisch, J., Stadler, M.: Efficient group signature schemes for large groups. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 410–424. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  20. Cantor, S., Kemp, J., Philpott, R., Maler, E.: Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0. Technical report (March 2005)

    Google Scholar 

  21. Chaum, D.: Blind signatures for untraceable payments. In: CRYPTO, pp. 199–203 (1982)

    Google Scholar 

  22. Damgård, I.: Commitment schemes and zero-knowledge protocols. In: Damgård, I. (ed.) EEF School 1998. LNCS, vol. 1561, pp. 63–86. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  23. Ferguson, N., Schneier, B., Kohno, T.: Cryptography Engineering: Design Principles and Practical Applications. Wiley Publishing (2010)

    Google Scholar 

  24. Fiat, A., Shamir, A.: How to prove yourself: Practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987)

    Chapter  Google Scholar 

  25. Fujisaki, E., Okamoto, T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16–30. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  26. Impagliazzo, R., Luby, M.: One-way functions are essential for complexity based cryptography. In: Proceedings of the 30th Annual Symposium on Foundations of Computer Science, SFCS 1989, pp. 230–235. IEEE Computer Society, Washington, DC (1989)

    Google Scholar 

  27. ISO/IEC. International standard 7816–4

    Google Scholar 

  28. Lehmann, A., Bichsel, P., Bruegger, B., Camenisch, J., Garcia, A.C., Gross, T., Gutwirth, A., Horsch, M., Houdeau, D., Hühnlein, D., Kamm, F.-M., Krenn, S., Neven, G., Rodriguez, C.B., Schmölz, J., Bolliger, C.: Survey and analysis of existing eid and credential systems. Technical Report Deliverable D32.1, FutureID (2013)

    Google Scholar 

  29. Luby, M., Rackoff, C.: Pseudo-random permutation generators and cryptographic composition. In: Proceedings of the Eighteenth Annual ACM Symposium on Theory of Computing, STOC 1986, pp. 356–363. ACM, New York (1986)

    Chapter  Google Scholar 

  30. Maler, E., Reed, D.: The Venn of Identity: Options and Issues in Federated Identity Management. IEEE Security and Privacy 6(2), 16–23 (2008)

    Article  Google Scholar 

  31. Mostowski, W., Vullers, P.: Efficient U-Prove implementation for anonymous credentials on smart cards. In: Rajarajan, M., Piper, F., Wang, H., Kesidis, G. (eds.) SecureComm 2011. LNICST, vol. 96, pp. 243–260. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  32. Naumann, I., Hogben, G.: Privacy features of European eID card specifications. Network Security 2008(8), 9–13 (2008)

    Article  Google Scholar 

  33. Recordon, D., Reed, D.: OpenID 2.0: A Platform for User-centric Identity Management. In: Proceedings of the Second ACM Workshop on Digital Identity Management, DIM 2006, pp. 11–16. ACM, New York (2006)

    Chapter  Google Scholar 

  34. Standards for Efficient Cryptography Group. Sec 2: Recommended elliptic curve domain parameters. SECG2 (2000)

    Google Scholar 

  35. Sterckx, M., Gierlichs, B., Preneel, B., Verbauwhede, I.: Efficient implementation of anonymous credentials on java card smart cards. In: 1st IEEE International Workshop on Information Forensics and Security (WIFS 2009), pp. 106–110. IEEE, London (2009)

    Chapter  Google Scholar 

  36. Vullers, P., Alpár, G.: Efficient selective disclosure on smart cards using idemix. In: Fischer-Hübner, S., de Leeuw, E., Mitchell, C. (eds.) IDMAN 2013. IFIP AICT, vol. 396, pp. 53–67. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Radboud University Nijmegen, ICIS DS, Nijmegen, The Netherlands

    Antonio de la Piedra, Jaap-Henk Hoepman & Pim Vullers

Authors
  1. Antonio de la Piedra
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jaap-Henk Hoepman
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pim Vullers
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Informatics, Athens University of Economics & Business, 76, Patission Str., 10434, Athens, Greece

    Dimitris Gritzalis

  2. Department of Informatics and Telecommunications, Panepistimiopolis, National and Kapodistrian University of Athens, 15784, Athens, Greece

    Aggelos Kiayias

  3. FORTH-ICS, Vassilika Vouton, P.O. Box 1385, 711 10, Heraklion, Crete, Greece

    Ioannis Askoxylakis

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

de la Piedra, A., Hoepman, JH., Vullers, P. (2014). Towards a Full-Featured Implementation of Attribute Based Credentials on Smart Cards. In: Gritzalis, D., Kiayias, A., Askoxylakis, I. (eds) Cryptology and Network Security. CANS 2014. Lecture Notes in Computer Science, vol 8813. Springer, Cham. https://doi.org/10.1007/978-3-319-12280-9_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-12280-9_18

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-12279-3

  • Online ISBN: 978-3-319-12280-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation