Title: Data-minimizing authentication goes mobile
Other Titles: Proceedings
Authors: Bichsel, Patrik
Camenisch, Jan
De Decker, Bart
Lapon, Jorn
Naessens, Vincent
Sommer, Dieter #
Issue Date: Sep-2012
Publisher: Springer
Host Document: 13th Joint IFIP TC6 and TC11 Conference on Communications and Multimedia Security - CMS 2012 September 3th - September 5th, 2012, Canterbury, UK vol:1 issue:13 edition:1st pages:55-71
Series Title: LNCS
Conference: Conference on Communications and Multimedia Security (CMS) edition:13 location:Canterburry, UK date:3-5 September 2012
Abstract: Authentication is a prerequisite for proper access control to many e-services. Often, it is carried out by identifying the user, while generally, verification of certified attributes would suffice. Even worse, this kind of authentication makes all the user's transactions linkable and discloses an excessive amount of personal information, and thus erodes the user's privacy. This is in clear contradiction to the data minimization principle put forth in the European data protection legislation.

In this paper, we present data-minimizing mobile authentication, which is a kind of attribute-based authentication through the use of anonymous credentials, thereby revealing substantially less personal information about the user. We describe two typical scenarios, design an architecture, and discuss a prototype implemented on a smart phone which minimizes the disclosure of personal data in a user-to-terminal authentication setting. The prototype uses the Identity Mixer anonymous credential system (Idemix) and realizes short-range communication between the smart phone and the terminal using visual channels over which QR codes are exchanged. Furthermore, the security has been improved and unauthorized sharing of credentials prevented by storing the credentials' secret key in a secure element hosted by the mobile phone. Our measurements show that the use of smart phones for data-minimizing authentication can be an actual ``game changer'' for a broad deployment of anonymous credential systems.
ISBN: 978-3-642-32804-6
ISSN: 0302-9743
Publication status: published
KU Leuven publication type: IC
Appears in Collections:Informatics Section
Technologiecluster Computerwetenschappen
Computer Science Technology TC, Technology Campuses Ghent and Aalst
# (joint) last author

Files in This Item:
File Description Status SizeFormat
Paper18(1).pdfArticle Published 285KbAdobe PDFView/Open Request a copy

These files are only available to some KU Leuven Association staff members


All items in Lirias are protected by copyright, with all rights reserved.