Towards Attribute-Based Credentials in the Cloud

Krenn, Stephan; Lorünser, Thomas; Salzer, Anja; Striecks, Christoph

doi:10.1007/978-3-030-02641-7_9

Cited by 10 publications

(7 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The sixth group is comprised of six studies [22,23,24,25,26,27] published in the scope of the EU-funded research project CREDENTIAL -Secure Cloud Identity Wallet European. Because of the lack of privacy-preserving storage and advanced identity sharing services in the domain of Identity as a Service, a novel user-centric cloud-based data storage and sharing platform that enhances user privacy was proposed.…”

Section: Resultsmentioning

confidence: 99%

What is a (Digital) Identity Wallet? A Systematic Literature Review

Podgorelec

Alber

Zefferer³

2022

2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC)

View full text Add to dashboard Cite

Identity management is crucial for any electronic service that needs to authenticate its users. Different identitymanagement models have been introduced and rolled out on a large scale during the past decades. Key distinguishing criteria of these models are the storage location of users' identity data and the degree of involvement of central entities such as identity providers, which can potentially track user behavior. Growing privacy awareness has led to a renaissance of usercentric identity-management models during the past few years. In this context, especially the concept of wallets applied to the digital identity domain has recently attracted attention, putting users into direct control of their identity data. Various approaches and solutions relying on this concept have been introduced recently. However, no generally accepted definitions of the concept "digital identity wallet" and of its related features and implementations exist so far, leading to considerable confusion in this domain.This paper addresses this issue by providing a systematic literature review on wallets applied to the digital identity domain to identify, analyze, and compare existing definitions, features, and capabilities of such solutions. By means of two research questions, this paper thereby contributes to a better understanding of identity wallets and the various recent developments in this domain.

show abstract

Section: Resultsmentioning

confidence: 99%

What is a (Digital) Identity Wallet? A Systematic Literature Review

Podgorelec

Alber

Zefferer³

2022

2022 IEEE 46th Annual Computers, Software, and Applications Conference (COMPSAC)

View full text Add to dashboard Cite

show abstract

“…In previous work [25], the need for selective disclosure was identified in a semi-trusted cloud environment and informally proposed to combine PRE and RSS, but did not yet provide a formal definition or concrete constructions. The cloudification of ABCs [28] represents the closest related research to our work and to filling this gap. Their concept enables a semi-trusted cloud service to derive representations from encrypted credentials without learning the underlying plaintext.…”

Section: Related Workmentioning

confidence: 96%

Selective end-to-end data-sharing in the cloud

Hörandner

Ramacher

Roth

2020

J BANK FINANC TECHNOL

View full text Add to dashboard Cite

Cloud-based services, such as Google Drive, Dropbox, or Nextcloud, enable easy-to-use data-sharing between multiple parties, and, therefore, have been widely adopted over the last decade. Nevertheless, privacy challenges hamper their adoption for sensitive data: (1) rather than exposing their private data to a cloud service, users desire end-to-end confidentiality of the shared files without sacrificing usability, e.g., without repeatedly encrypting when sharing the same data set with multiple receivers. (2) Only being able to share full (authenticated) files may force users to expose overmuch information if the data set has not been exactly tailored to the receiver's needs at issue-time. This gap can be bridged by enabling cloud services to selectively disclose only relevant parts of a file without breaking the parts' authenticity. While both challenges have been solved individually, it is not trivial to combine these solutions and maintain their security intentions. In this paper, we tackle this issue and introduce selective end-to-end data-sharing by combining ideas from proxy re-encryption (for end-to-end encrypted sharing) and redactable signature schemes (to selectively disclose a subset of still authenticated parts). We overcome the issues encountered when naively combining these two concepts, introduce a security model, and present a modular instantiation together with implementations based on a selection of various building blocks. We give an extensive performance evaluation of our instantiation and conclude with example applications.

show abstract

“…Furthermore, such systems give the user fine-granular control under which conditions different pseudonyms should be linkable and when they should be fully independent from each other, such that average travel times or speeds could still be made available to the infrastructure provider. We refer the interested reader to [CKL+15] for details on the cryptographic modeling, and to [KLSS17] for a cloud-based instantiation of such credential systems in order to minimize the computational power needed within the vehicle's on-board unit.…”

Section: A Polling Vs Publish/subscribementioning

confidence: 99%

Towards Privacy in Geographic Message Dissemination for Connected Vehicles

Ruehrup

Krenn

2019

2019 IEEE International Conference on Connected Vehicles and Expo (ICCVE)

Self Cite

View full text Add to dashboard Cite

With geographic message dissemination, connected vehicles can be served with traffic information in their proximity, thereby positively impacting road safety, traffic management, or routing. Since such messages are typically relevant in a small geographic area, servers only distribute messages to affected vehicles for efficiency reasons. One main challenge is to maintain scalability of the server infrastructure when collecting location updates from vehicles and determining the relevant group of vehicles when messages are distributed to a geographic relevance area, while at the same time respecting the individual user's privacy in accordance with legal regulations. In this paper, we present a framework for geographic message dissemination following the privacy-by-design and privacy-bydefault principles, without having to accept efficiency drawbacks compared to conventional server-client based approaches.

show abstract

Towards Attribute-Based Credentials in the Cloud

Cited by 10 publications

References 22 publications

What is a (Digital) Identity Wallet? A Systematic Literature Review

What is a (Digital) Identity Wallet? A Systematic Literature Review

Selective end-to-end data-sharing in the cloud

Towards Privacy in Geographic Message Dissemination for Connected Vehicles

Contact Info

Product

Resources

About