• PDF / 190,603 Bytes
• 8 Pages / 439.363 x 666.131 pts Page_size
• 100 Downloads / 204 Views

DOWNLOAD

REPORT

KU Leuven, Department of Computer Science, Technology Campus Ghent Gebroeders Desmetstraat 1, 9000 Ghent, Belgium {firstname.lastname}@cs.kuleuven.be 2 KU Leuven, Department of Computer Science, iMinds-DistriNet Celestijnenlaan 200A, 3001 Heverlee, Belgium {firstname.lastname}@cs.kuleuven.be

Abstract. Smart cards are popular devices for storing authentication credentials, because they are easily (trans)portable and offer a secure way for storing these credentials. They have, however, a few disadvantages. First, most smart cards do not have a user interface. Hence, if the smart card requires a PIN, users typically have to enter it via an untrusted workstation. Second, smart cards are resource constrained devices which impedes the adoption of advanced privacy-enhancing technologies (PETs) such as anonymous credentials. This paper presents a new solution that addresses these issues. It allows users to enter their PIN via the workstation and securely transfer it to the smart card. The solution further extends existing smart card assisted authentication technology based on X.509 credentials with privacy-preserving features such as multi-show unlinkability and selective disclosure. The system can, hence, be used to improve the privacy properties of these rolled-out infrastructures. The solution relies on a secure execution environment running on the workstation. We have put our solution into practice and implemented a prototype.

1

Introduction

With an increasing number of online services, the need for reliable secure authentication grows ever stronger. Hence, many governments are issuing eID cards that enable citizens to authenticate and prove several personal properties. This allows the user to establish a secure authenticated session with a remote service provider. The remote service provider can control access to his service based on the released information. These eID systems are often implemented using a smart card to protect the credentials of the user. These systems, however, also have multiple drawbacks. First, as with many smart card based systems, the user typically enters his PIN via the workstation. This allows malware on the workstation to intercept the PIN which may lead to further abuse. Second, many systems use X.509 credential technology to authenticate the user. This type of credential, however, does not offer the same privacy preserving features as anonymous credential systems. N. Cuppens-Boulahia et al. (Eds.): SEC 2014, IFIP AICT 428, pp. 485–492, 2014. c IFIP International Federation for Information Processing 2014 

486

J. Vossaert et al.

This paper presents a strategy that tackles these issues. The contribution of this paper is twofold. First, it presents a solution that allows users to securely enter their PIN via a workstation to activate the authentication credentials on their smart card. The solution further extends existing smart card assisted authentication technology based on X.509 credentials with privacy-preserving features such as multi-show unlinkability and selective disclosure.

Recommend Documents

Trusted Computing

181 29 49MB

Editorial: Security and Privacy in Computing and Communications

160 68 284KB

Trusted Computing and Information Security 12th Chinese Conference,

131 56 26MB

Security and Privacy in New Computing Environments Second EAI Intern

178 88 46MB

A Survey on Privacy and Security in Mobile Cloud Computing

188 72 156MB

Privacy-Preserving Implicit Authentication

203 51 257KB

A mobile and portable trusted computing platform

158 41 466KB

Cyber Security and Privacy 4th Cyber Security and Privacy Innovation

248 110 7MB

Mobile Security and Privacy

184 69 49MB

Smartphone Security and Privacy

170 37 49MB

Trusted Computing Systeme Konzepte und Anforderungen

146 95 3MB

Exploiting Group Signature to Implement User Authentication in Cloud Computing

170 112 356KB