Skip to main content
SpringerLink
Log in

The Challenges Raised by the Privacy-Preserving Identity Card

  • Chapter
Cryptography and Security: From Theory to Applications

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6805))

Abstract

A privacy-preserving identity card is a personal device device that allows its owner to prove some binary statements about himself (such as his right of access to some resources or a property linked to his identity) while minimizing personal information leakage. After introducing the desirable properties that a privacy-preserving identity card should fulfill and describing two proposals of implementations, we discuss a taxonomy of threats against the card. Finally, we also propose for security and cryptography experts some novel challenges and research directions raised by the privacy-preserving identity card.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Bangerter, E., Camenisch, J., Lysyanskaya, A.: A cryptographic framework for the controlled release of certified data. In: Proceedings of the 12th International Security Protocols Workshop, pp. 20–42 (2004)

    Google Scholar 

  2. Batina, L., Mentens, N., Verbauwhede, I.: Side channel issues for designing secure hardware implementations. In: Proceeding of the 11th IEEE International On-Line Testing Symposium, pp. 118–121 (2005)

    Google Scholar 

  3. Belenkiy, M., Chase, M., Kohlweiss, M., Lysyanskaya, A.: P-signatures and noninteractive anonymous credentials. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 356–374. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  4. Bichsel, P., Camenisch, J., Groß, T., Shoup, V.: Anonymous credentials on a standard java card. In: Proceedings of the 16th ACM Conference on Computer and Communications Security (CCS 2009), pp. 600–610 (2009)

    Google Scholar 

  5. Birch, D.: Psychic ID: A blueprint for a modern national identity scheme. In: Identity in the Information Society 1(1) (2009)

    Google Scholar 

  6. Blanton, M., Hudelson, W.: Biometric-based non-transferable anonymous credentials. In: Qing, S., Mitchell, C.J., Wang, G. (eds.) ICICS 2009. LNCS, vol. 5927, pp. 165–180. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  7. Bleumer, G.: Biometric yet privacy protecting person authentication. In: Aucsmith, D. (ed.) IH 1998. LNCS, vol. 1525, pp. 99–110. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  8. Boudot, F.: Partial revelation of certified identity. In: Proceedings of the First International Conference on Smart Card Research and Advanced Applications (CARDIS 2000), pp. 257–272 (2000)

    Google Scholar 

  9. Boyd, C., Mathuria, A.: Protocols for Authentication and Key Establishment. Springer, Heidelberg (2003)

    Google Scholar 

  10. Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy. MIT Press, Cambridge (2000)

    Google Scholar 

  11. Brickell, E., Camenisch, J., Chen, L.: Direct anonymous attestation. In: Proceedings of the 11th of the ACM Conference on Computer and Communications Security (CCS 2004), pp. 225–234 (2004)

    Google Scholar 

  12. Bringer, J., Despiegel, V.: Binary feature vector fingerprint representation from minutiae vicinities. In: Proceeding of the 4th IEEE Fourth International Conference on Biometrics: Theory, Applications and Systems, BTAS 2010 (2010)

    Google Scholar 

  13. Bringer, J., Chabanne, H., Pointcheval, D., Zimmer, S.: An application of the Boneh and Shacham group signature scheme to biometric authentication. In: Matsuura, K., Fujisaki, E. (eds.) IWSEC 2008. LNCS, vol. 5312, pp. 219–230. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  14. Calmels, B., Canard, S., Girault, M., Sibert, H.: Low-cost cryptography for privacy in RFID systems. In: Domingo-Ferrer, J., Posegga, J., Schreckling, D. (eds.) CARDIS 2006. LNCS, vol. 3928, pp. 237–251. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  15. Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  16. Camenisch, J., Lysyanskaya, A.: A signature scheme with efficient protocols. In: Cimato, S., Galdi, C., Persiano, G. (eds.) SCN 2002. LNCS, vol. 2576, pp. 268–289. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  17. Camenisch, J., Thomas, G.: Efficient attributes for anonymous credentials. In: Proceedings of the 2008 ACM Conference on Computer and Communications Security (CCS 2008), pp. 345–356 (2008)

    Google Scholar 

  18. Chaum, D.: Security without identification: transaction systems to make Big Brother obsolete. Communications of the ACM 28(10), 1030–1044 (1985)

    Article  Google Scholar 

  19. Chaum, D., van Heyst, E.: Group signatures. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 257–265. Springer, Heidelberg (1991)

    Google Scholar 

  20. Cramer, R., Shoup, V.: A practical public key cryptosystem provably secure against adaptive chosen ciphertext attack. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 13–25. Springer, Heidelberg (1998)

    Google Scholar 

  21. Deswarte, Y., Gambs, S.: A proposal for a privacy-preserving national identity card. Transactions on Data Privacy 3(3), 253–276 (2010)

    MathSciNet  Google Scholar 

  22. Deswarte, Y., Quisquater, J.J., Saydane, A.: Remote integrity checking – how to trust files stored on untrusted servers. In: Proceedings of the 6th IFIP WG 11.5 Working Conference on Integrity and Internal Control in Information Systems (IICIS 2003), pp. 1–11 (2003)

    Google Scholar 

  23. Dodis, Y., Reyzin, L., Smith, A.: Fuzzy extractors, a brief survey of results from 2004 to 2006. In: Tuyls, P., Skoric, B., Kevenaar, T. (eds.) Security with Noisy Data, ch. 5. Springer, Heidelberg (2007)

    Google Scholar 

  24. European Union, Directive 95/46/EC of the European Parliament and of the Council of 24 October (1995), on the protection of individuals with regard to the processing of personal data and on the free movement of such data, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML

  25. European Network and Information Security Agency (ENISA) position paper, Privacy features of European eID card specifications, http://www.enisa.europa.eu/doc/pdf/deliverables/enisa_privacy_features_eID.pdf

  26. Franz, M., Meyer, B., Pashalidis, A.: Attacking unlinkability: The importance of context. In: Borisov, N., Golle, P. (eds.) PET 2007. LNCS, vol. 4776, pp. 1–16. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  27. Fujisaki, E., Okamoto, T.: Statistical zero knowledge protocols to prove modular polynomial relations. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 16–30. Springer, Heidelberg (1997)

    Google Scholar 

  28. Goldreich, O., Micali, S., Wigderson, A.: Proofs that yield nothing but their validity for all languages in NP have zero-knowledge proof systems. Journal of the ACM 38(3), 691–729 (1991)

    Article  MathSciNet  MATH  Google Scholar 

  29. Groth, J., Sahai, A.: Efficient non-interactive proof systems for bilinear groups. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 415–432. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  30. Guajardo, J., Skoric, B., Tuyls, P., Kumar, S., Bel, T., Blom, A., Jan Schrijen, G.: Anti-counterfeiting, key distribution, and key storage in an ambient world via physical unclonable functions. Information Systems Frontiers 11(1), 19–41 (2009)

    Article  Google Scholar 

  31. Haberman, B., Mills, D.: Network time protocol version 4: autokey specification, RFC5906 (June 2010), http://www.ietf.org/rfc/rfc5906.txt

  32. Hao, F., Anderson, R., Daugman, J.: Combining cryptography with biometrics effectively. IEEE Transactions on Computers 55(9), 1081–1088 (2006)

    Article  Google Scholar 

  33. Impagliazzo, R., Miner More, S.: Anonymous credentials with biometrically-enforced non-transferability. In: Proceedings of the 2003 ACM Workshop on Privacy in the Electronic Society (WPES 2003), pp. 60–71 (2003)

    Google Scholar 

  34. Juels, A., Wattenberg, M.: A fuzzy commitment scheme. In: Proceedings of the 6th ACM Conference on Computer and Communications Security (CCS 1999), pp. 28–36 (1999)

    Google Scholar 

  35. Lysyanskaya, A., Rivest, R.L., Sahai, A., Wolf, S.: Pseudonym systems (Extended abstract). In: Heys, H.M., Adams, C.M. (eds.) SAC 1999. LNCS, vol. 1758, pp. 184–199. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  36. Maji, H.K., Prabhakaran, M., Rosulek, M.: Attribute-based signatures. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 376–392. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  37. Naccache, D., Frémanteau, P.: Unforgeable identification device, identification device reader and method of identification. Patent Thomson Consumer Electronics (1992)

    Google Scholar 

  38. Pashalidis, A., Meyer, B.: Linking anonymous transactions: the consistent view attack. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 384–392. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  39. Ravi, S., Raghuanathan, A., Chadrakar, S.: Tamper resistance mechanisms for secure embedded systems. In: Proceedings of the 17th International Conference on VLSI Design (VLSID 2004), pp. 605–611 (2004)

    Google Scholar 

  40. Ratha, N., Connell, J., Bolle, R.: Enhancing security and privacy in biometrics-based authentication systems. IBM Systems Journal 40(3), 614–634 (2001)

    Article  Google Scholar 

  41. Sebé, F., Domingo Ferrer, J., Ballesté, A.M., Deswarte, Y., Quisquater, J.J.: Efficient remote data possession checking in critical information infrastructures. IEEE Transcations on Knowledge and Data Engineering 20(8), 1034–1038 (2008)

    Article  Google Scholar 

  42. Shoup, V.: Why chosen ciphertext security matters, IBM Research Report RZ 3076 (November 1998)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. CNRS; LAAS, 7 avenue du Colonel Roche, F-31077, Toulouse, France

    Yves Deswarte

  2. Université de Toulouse; UPS, INSA, INP, ISAE; LAAS, F-31077, Toulouse, France

    Yves Deswarte

  3. Université de Rennes 1 - INRIA / IRISA, Campus Universitaire de Beaulieu, 35042, Rennes, France

    Sébastien Gambs

Authors
  1. Yves Deswarte
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sébastien Gambs
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Département d’informatique, École normale supérieure, 45 Rue d’Ulm, 75231, Paris Cedex 05, France

    David Naccache

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Deswarte, Y., Gambs, S. (2012). The Challenges Raised by the Privacy-Preserving Identity Card. In: Naccache, D. (eds) Cryptography and Security: From Theory to Applications. Lecture Notes in Computer Science, vol 6805. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28368-0_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-28368-0_25

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-28367-3

  • Online ISBN: 978-3-642-28368-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation