Download PDF

Anonymous Credentials in Practice: Realizing Anonymous Applications and Services

Publication date: 2017-04-04


Put, Andreas
De Decker, Bart


Software-engineering, Privacy-Enhancing-Technologies, Security


Security and privacy are requirements that keep gaining importance in today's information-driven world. Every system or application connected to the Internet has to be sufficiently secured. However, information leaks and security breaches are commonplace, even though many can be prevented by the proper use of proven security and privacy technologies. This PhD focuses on facilitating the development of secure and privacy-preserving applications. To do so, we propose an application development technique together with a framework implementation that separates the concerns between the application developer, the security expert, the service provider and the user. Priman is a security and privacy-enhancing application development framework that enables developers to integrate security and privacy enhancing technologies in their applications. The technologies offered by the framework mainly focus on access control, data storage protection and transport layer protection. In order to facilitate developers in creating secure applications, Priman separates the concerns of developers with security experts, service providers and users as well as offering a uniform, high-level API. Priman recognizes that developers are not necessarily security experts, and hence, it allows developers to build their applications without needing to know a.) which security technology is used in the application and b.) how to configure these security technologies. The abstractions made by Priman shift the technology-specific configuration details from the application code to configuration policies. In essence, this means that application code written with the Priman framework is independent from the technology used underneath. Developers can use the abstract, high- level building blocks offered by Priman to build complex protocols and applications, while these building blocks are configured in configuration policies by a security expert. Furthermore, service providers and users can change application behavior by specifying authentication and privacy preferences. Furthermore, this PhD applies the Priman development strategy and framework to three existing applications or services that have strict security requirements. In addition, we analyze the application's privacy properties by performing a Privacy by Design analysis. Finally, we show our conclusions and lessons learned from applying Priman in practical scenarios and hands-on sessions with industry partners.