Attribute Based Credentials (ABC) allow users to prove certain properties about themselves (e.g. age, race, license, etc.) without revealing their full identity. ABC are therefore important to protect the privacy of the user. The IRMA (I Reveal My Attributes) project of the Radboud University Nijmegen has created the first full and efficient implementation of this technology on smart cards. This allows ABC technology to be used in practice both on the Internet as well as in the physical world. We will discuss ABCs in general, the IRMA system, it's advantages and pitfalls, and future work.
Attribute Based Credentials (ABC) allow users to prove certain properties about themselves (e.g. age, race, license, etc.) without revealing their full identity. They provide unlinkability, both between issuance of the credential and subsequebtly proving ownership of the credential, as well as between subsequent ownership proces at a service provider. This makes it impossible to track a user as she uses her credentials on the web. This makes ABCs a powerful privacy enhancing technology. Smart cards are an appealing container to store such credenentials: they are secure, and can be caried by the user in an ordinary wallet. However, ABC use complex cryptography to achieve their privacy preserving properties, thus far evading efficient implementations on such smart cards. The IRMA (I Reveal My Attributes) project of the Radboud University Nijmegen (together with SURFnet and TNO) has created the first full and efficient implementation of this technology on smart cards. The implementation is based on the Idemix technology orginally developed by IBM. The smart card is contactless, to allow NFC enabled smart phones and tablets as readers. This makes it easy to use IRMA cards on the web, or to prove credentials in a small shop on the tablet owned by the shopkeeper. We will discuss ABCs in general, the IRMA system and it's implementation particular, and give a demo of how an IRMA card can be used in practice (using a smart phone as the card reader). More importantly though we will discuss the advantages and disadvantages of ABC technology, compared to other identity management approaches. We will especially discuss the risk of having a ubiquitous authentication infrastructure that ABCs would provide when implemented on national identity cards, and outline ways to mitigate these risks.
Speakers: Jaap-Henk Hoepman