User-Centric Identity Management Using Trusted Modules

Vossaert, Jan; Lapon, Jorn; Decker, Bart De; Naessens, Vincent

doi:10.1007/978-3-642-22633-5_11

Cited by 9 publications

(2 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…anonymous/pseudonymous authentication and selective disclosure) that anonymous credentials do. A few exceptions, such as the German eID system and the system proposed in [11], do provide similar privacy preserving features.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Trusted Computing to Increase Security and Privacy in eID Authentication

Vossaert

Lapon

Decker

et al. 2014

ICT Systems Security and Privacy Protection

Self Cite

View full text Add to dashboard Cite

Part 11: Privacy IIInternational audienceSmart cards are popular devices for storing authentication credentials, because they are easily (trans)portable and offer a secure way for storing these credentials. They have, however, a few disadvantages. First, most smart cards do not have a user interface. Hence, if the smart card requires a PIN, users typically have to enter it via an untrusted workstation. Second, smart cards are resource constrained devices which impedes the adoption of advanced privacy-enhancing technologies (PETs) such as anonymous credentials.This paper presents a new solution that addresses these issues. It allows users to enter their PIN via the workstation and securely transfer it to the smart card. The solution further extends existing smart card assisted authentication technology based on X.509 credentials with privacy-preserving features such as multi-show unlinkability and selective disclosure. The system can, hence, be used to improve the privacy properties of these rolled-out infrastructures. The solution relies on a secure execution environment running on the workstation. We have put our solution into practice and implemented a prototype

show abstract

Section: Related Workmentioning

confidence: 99%

“…If the PIN verification succeeds (8), the card signs the challenge and transfers the resulting signature and the certificate (cert u ) to the PAL (9-10). The PAL now verifies the authentication (11)(12). If the verification succeeds, the PAL extracts the requested attributes (atts) from cert u (13).…”

Section: Protocolsmentioning

confidence: 99%

Trusted Computing to Increase Security and Privacy in eID Authentication

Vossaert

Lapon

Decker

et al. 2014

ICT Systems Security and Privacy Protection

Self Cite

View full text Add to dashboard Cite

show abstract

Making OpenID Mobile and Privacy-Friendly

Boukayoua

Dewitte

Naessens

2014

Lecture Notes in Electrical Engineering

Self Cite

View full text Add to dashboard Cite

OpenID is a widely used single sign-on standard that allows users to access different services using the same authentication. However, its usage poses a number of issues regarding privacy and security. This paper evaluates the OpenID standard and introduces three mobile strategies, two of which are validated using a prototype implementation. Significant privacy and trust improvements are attained through the use of an identity management architecture that leverages the properties of a tamperproof module. Furthermore, our approach makes OpenID more suitable for omnipresent mobile use. We remain interoperable with the OpenID standard and no modifications to the mobile platform are required.

show abstract