Attribute-based Credentials for Trust (ABC4Trust) is to deepen the understanding in such technologies, to enable their efficient and effective deployment in practice, and to foster their federation in different domains.
Almost all applications and services based on computer systems require some authentication of participants to establish trust relations. Given the weakness of simple authentication methods like password-based authentication, multiple alternate techniques have been developed to provide a higher degree of security. Cryptographic certificates are one known example of this. Although such certificates offer sufficient security for many purposes, they cannot be regarded as privacy-friendly.
Any usage of such a certificate may expose identity information of the holder (e.g. name and age) to the party requesting the authentication, but there are various scenarios where the user of such certificates unnecessarily reveals more information than needed. E.g. if proof is required that the user is of a given age or student of a university, neither the identity nor the exact birth date needs to be known by the other party. Revealing more information than necessary not only harms the privacy of the users, but also increases the risk of information abuse (e.g. identity fraud) and furthermore enables linkability of the usages. Processing more data than necessary also violates the principles laid down in Art. 6 sec. 1 lit. c) and e) of the EU Data Protection Directive 95/64/ EC.
ABC4Trust addresses the federation and "interchangeability" of technologies that support trustworthy yet privacy-preserving Attribute-based Credentials (Privacy ABCs). Privacy ABCs allow a holder to reveal and prove just the minimal information required by the application, without giving away full identifying information. They furthermore allow their holder to transform them into a presentation token providing only a subset of attribute values stored in the original credential while preserving a valid signature. These credentials thus facilitate the implementation of a trustworthy and at the same time privacy-protecting information society.
Addressing Privacy risks of existing federated identity management architectures
Using certificates in typical federated identity management (IdM) architectures poses several risks to the privacy of the user (see Figure 1). Classical certificates as they are commonly used within X.509 architectures cannot be changed without invalidating the issuer's signature. This makes it impossible to strip off unnecessary personal information before presentation forcing users to reveal more data than actually needed for the purpose.
Some federated IdM architectures, e.g. for single sign-on (SSO), require a communication of the user with the ID provider (IDP) as part of each authentication. This unintentionally reveals profiles of communication habits towards the IDP. Whenever the token request also contains information about the relying party, interest profiles of the user can be aggregated. Even worse from a privacy perspective are setups where the relying party (RP) directly communicates with the IDP (e.g. payment systems with real-time verification of the balance).
Due to their design, ABCs and the underlying cryptographic mechanisms are designated for building privacy-enhancing technologies. The aforementioned ABC4Trust pilots will utilize the technology for authentication by ABCs. In the following, the operation of ABCs will be illustrated showing the potential for privacy-enhancing authentication. ABC technology omits the risks identified for classical IdM infrastructures while preserving the advantages of federated IdM architectures.
Policy context of Privacy ABCs
As Privacy ABCs allow combining both - privacy preserving but yet trustworthy and reliable authentication - the development done within ABC4Trust directly contributes to several Action Areas of the Digital Agenda including the areas "Trust and security" and "Building digital confidence". The research done is closely related to the European data protection legislation, namely to the Directives 95/46/EC and 2002/58/EC as well as their enactments in member states' legislation.
Privacy ABCs alone and together with other mature privacy enhancing technology (PET) have a high potential to influence the ongoing development in the domain of data protection and privacy. This will influence the understanding and definition of what appropriate technical and organisational measures to ensure adequate data protection are. Data controllers are already obliged under the current legal framework to implement such measures. Visioning the future of data protection in Europe due regard to the current draft General Data Protection Regulation must be held. According to Article 23 Para. 3 of the draft General Data Protection Regulation the EU Commission will be empowered to adopt delegated acts further specifying measures and mechanisms ensuring adequate data protection. With Privacy ABCs available and ready for deployment it can be requested from service providers to ensure privacy preserving authentication and use of pseudonyms also in areas where a demand of trust and security on the side of the service provider exists.
The rapid development in electronic Identification schemas across Europe has shown the need of trust and security for the users. Privacy ABCs could enhance upcoming generations of eIDs with more advanced and secure authentication features that preserve the privacy of the users. To this end the a deployment in the architectures of a potentially upcoming European citizen card as well as in several national eID initiatives may be possible.
The technology developed and piloted within ABC4Trust addresses wide variety target groups. Directly beneficial is the technology for all persons with the need to securely authenticate themselves towards any kind of service while preserving as much anonymity and privacy as possible. Therefore any entity that demands some kind of authentication can benefit from the enhanced trust relation with its users or better compliance with data protection legislation.
ABC4Trust consists of 12 well-known partners from 5 EU Member States and Switzerland. All partners of the Consortium are well recognized players in their competence area.
In ABC4Trust the following two pilot trials are conducted:
By taking into account the collection of criteria and the implementation of necessary infrastructure (identity service provider, infrastructure to issue credentials, attribute databases, etc.), the evaluation of these pilots will provide a clear proof of concept of both the unified attribute-based credentials approach as well as the reference architecture, providing at the same time feedback for enhancements.
ABC4Trust aims at making Attribute-based Credentials interoperable by providing a unified architecture to deploy existing cryptographic solutions. The ABC4Trust architecture will be built into a reference implementation and tested within two pilot trials. ABC4Trust builds on the two available products in the field of Privacy ABCs: IBM's Identity Mixer and Microsoft's U-Prove. As these solutions are supported by two of the leading ICT companies, they are among the best candidates to provide input to standardization in this domain.
A contribution of this project to the state of the art will be the definition of such a common unified architecture for federating and interchanging different ABC systems in a way that:
ABC4Trust considers standardization to be a strong outreach activity, which has thus gained considerable attention from the project. The report "D8.4 Architecture for Standardisation V1" published by the project outlines the landscape of the relevant standardization bodies and projects, and takes first steps into looking into the viability of having an impact on the most relevant ones. In this regard, ABC4Trust has identified two groups of high relevance within ISO/IEC JTC 1/SC 27, namely Working Groups (WG) 2 and 5.
Taking from the results of the work done on the definition of the first version of the ABC4Trust architecture, the report addresses concrete proposals to three specific projects underway within WG 5, namely ISO/IEC 24760-2, ISO/IEC 29101 and ISO/IEC 29191.
"ISO/IEC 24760-2: Information technology - Security techniques - A framework for identity management - Part 2: Reference architecture and requirements "focuses on the description of the lifecycle model of identity information, providing guidelines for the implementation of systems for the management of identity information, and specifying requirements for the implementation and operation of a framework for identity management. The report suggests a number of improvements to the current working draft of ISO/IEC 24760-2. Additionally, ABC4Trust also presents a mapping of some of the terms used in the two (ABC4Trust and ISO/IEC 24760-2) architectures.
The report also presents the ABC4Trust Architecture in the spirit of the "ISO/IEC 29101: Information Technology - Security Techniques - Privacy Architecture Framework". The presented comparison takes the current version of the ABC4Trust architecture, adapting it to the structure and terminology of ISO/IEC 29101. This comparison outlines how the ABC4Trust architecture already implements many of the privacy-enhancing features by design, reducing the additional implementation burden for an application that uses this architecture to also comply with ISO/IEC 29101. In addition, the comparison presented here can also be used as an annex to the upcoming version of the ISO/IEC 29101.
The objectives of ABC4Trust are
The results of the project will enable stakeholders to better understand privacy-preserving ABC technologies and to compare the relative merits of different technologies in different scenarios. ABC4Trust will launch trials deploying attribute-based credentials at a Greek university and a Swedish secondary school. For this ABC4Trust will deploy the existing Privacy ABC technologies by IBM (Identity Mixer) and Microsoft (U-Prove).
Results: Progress beyond the state of the art:
ABC4Trust understands dissemination as an important task that is continuously performed throughout the project's lifetime. Besides addressing the scientific and industry community, e.g. by contributing to conferences and scientific journals, the project undertakes dissemination actions to reach further relevant target audiences. Please refer to the section "Events" on the ABC4Trust website for past and upcoming events.
Major ABC4Trust dissemination Events:
June 2011 Joint ABC4Trust and PrimeLife Credential Tutorial
Sept. 2011 Public Event in Athens introducing Privacy ABCs to Greek officials
April 2012 ABC4Trust Tutorial at the CSP EU conference in Berlin
Upcoming ABC4Trust standardisation workshop
The project has established the ABC4Trust Reference Group with about 30 experts from industry, academia, data protection authorities, politics and NGOs. The reference Group provides first feedback on project's results and planned activities. Being relevant peers in their own groups the members of the reference group also serve as peers to disseminate the idea of Privacy ABCs into their respective group.
The ABC4Trust project as a whole, individual partner organisations or single researchers have well established contacts to relevant peer groups. These contacts are applied for providing expertise to and gathering feedback from these peers. ABC4Trust has established contact with several related European and national research projects for a variety of activities such as joint workshops, organizing conference sessions or summer schools.
A selection of ABC4Trust predecessor projects and past cooperation partners
A selection of ABC4Trust's cooperation network:
This field will be completed by the submitter when the lessons learnt have been identified and understood. It will include references to the project's reports with respective content. Such content is expected once the project's pilots are finished and the results have been analysed.