Atjaunināt sīkdatņu piekrišanu

Attribute-based Credentials for Trust: Identity in the Information Society [Hardback]

3.00/5 (2 ratings by Goodreads)
Edited by , Edited by , Edited by
  • Formāts: Hardback, 391 pages, height x width: 235x155 mm, weight: 7332 g, 122 Illustrations, black and white; XV, 391 p. 122 illus., 1 Hardback
  • Izdošanas datums: 13-Jan-2015
  • Izdevniecība: Springer International Publishing AG
  • ISBN-10: 3319144383
  • ISBN-13: 9783319144382
Citas grāmatas par šo tēmu:
  • Hardback
  • Cena: 91,53 €*
  • * ši ir gala cena, t.i., netiek piemērotas nekādas papildus atlaides
  • Standarta cena: 107,69 €
  • Ietaupiet 15%
  • Grāmatu piegādes laiks ir 3-4 nedēļas, ja grāmata ir uz vietas izdevniecības noliktavā. Ja izdevējam nepieciešams publicēt jaunu tirāžu, grāmatas piegāde var aizkavēties.
  • Daudzums:
  • Ielikt grozā
  • Piegādes laiks - 4-6 nedēļas
  • Pievienot vēlmju sarakstam
Attribute-based Credentials for Trust: Identity in the Information SocietyPalielināt
  • Formāts: Hardback, 391 pages, height x width: 235x155 mm, weight: 7332 g, 122 Illustrations, black and white; XV, 391 p. 122 illus., 1 Hardback
  • Izdošanas datums: 13-Jan-2015
  • Izdevniecība: Springer International Publishing AG
  • ISBN-10: 3319144383
  • ISBN-13: 9783319144382
Citas grāmatas par šo tēmu:
Permanent link: https://www.kriso.lv/db/9783319144382.html
Keywords:
The need for information privacy and security continues to grow and gets increasingly recognized. In this regard, Privacy-preserving Attribute-based Credentials (Privacy-ABCs) are elegant techniques to provide secure yet privacy-respecting access control. This book addresses the federation and interchangeability of Privacy-ABC technologies. It defines a common, unified architecture for Privacy-ABC systems that allows their respective features to be compared and combined Further, this book presents open reference implementations of selected Privacy-ABC systems and explains how to deploy them in actual production pilots, allowing provably accredited members of restricted communities to provide anonymous feedback on their community or its members. To date, credentials such as digitally signed pieces of personal information or other information used to authenticate or identify a user have not been designed to respect the users privacy. They inevitably reveal the identity of the holder even though the application at hand often needs much less information, e.g. only the confirmation that the holder is a teenager or is eligible for social benefits. In contrast, Privacy-ABCs allow their holders to reveal only their minimal information required by the applications, without giving away their full identity information. Privacy-ABCs thus facilitate the implementation of a trustworthy and at the same time privacy-respecting digital society.

The ABC4Trust project as a multidisciplinary and European project, gives a technological response to questions linked to data protection.

Viviane Reding (Former Vice-president of the European Commission, Member of European Parliament)
1 Introduction
1(10)
Kai Rannenberg
Welderufael Tesfay
Ahmad Sabouri
1.1 Identity Management and its Privacy Issues
1(2)
1.2 Privacy-ABCs for Privacy Enhanced Identity Management
3(1)
1.3 The ABC4Trust Project Goals
4(2)
1.4 Overview of the Pilots
6(5)
1.4.1 Online Course Evaluation
6(1)
1.4.2 School Community Interaction Platform
7(2)
References
9(2)
2 An Architecture for Privacy-ABCs
11(68)
Patrik Bichsel
Jan Camenisch
Maria Dubovitskaya
Robert R. Enderlein
Stephan Krenn
Ioannis Krontiris
Anja Lehmann
Gregory Neven
Christian Paquin
Franz-Stefan Preiss
Kai Rannenberg
Ahmad Sabouri
2.1 Concepts and Features of Privacy-ABCs
12(16)
2.1.1 User Attributes
12(2)
2.1.2 Existing Solutions
14(1)
2.1.3 Basic Concepts of Privacy-ABCs
14(10)
2.1.4 Security and Privacy Features
24(4)
2.2 Architecture Highlights
28(1)
2.3 Architectural Design
29(4)
2.3.1 Overview of the Components
30(3)
2.4 Deployment of the Architecture
33(9)
2.4.1 Setup and Storage
33(3)
2.4.2 Presentation of a Token
36(2)
2.4.3 Issuance of a Credential
38(3)
2.4.4 Inspection
41(1)
2.4.5 Revocation
41(1)
2.5 Language Framework
42(12)
2.5.1 Example Scenario
43(1)
2.5.2 Credential Specification
43(1)
2.5.3 Issuer, Revocation, and System Parameters
44(1)
2.5.4 Presentation Policy with Basic Features
45(3)
2.5.5 Presentation and Issuance Token
48(1)
2.5.6 Presentation Policy with Extended Features
49(2)
2.5.7 Interaction with the User Interface
51(3)
2.6 Applicability to Existing Identity Infrastructures
54(12)
2.6.1 WS*
54(2)
2.6.2 SAML
56(2)
2.6.3 OpenID
58(1)
2.6.4 OAuth
59(3)
2.6.5 X.509 PKI
62(3)
2.6.6 Integration Summary
65(1)
2.7 Trust Relationships in the Ecosystem of Privacy-ABCs
66(8)
2.7.1 The Meaning of Trust
66(1)
2.7.2 Related Work
67(1)
2.7.3 Trust Relationships
67(7)
2.8 Policy-based View of the Architecture
74(5)
References
75(4)
3 Cryptographic Protocols Underlying Privacy-ABCs
79(30)
Patrik Bichsel
Jan Camenisch
Maria Dubovitskaya
Robert R. Enderlein
Stephan Krenn
Anja Lehmann
Gregory Neven
Franz-Stefan Preiss
3.1 Overview of Cryptographic Architecture
80(13)
3.1.1 Key Generation Orchestration
81(1)
3.1.2 Presentation Orchestration
82(1)
3.1.3 Verification Orchestration
83(1)
3.1.4 Issuance Orchestration
84(4)
3.1.5 Building Blocks
88(2)
3.1.6 Proof Engine
90(3)
3.2 Cryptographic Primitives
93(16)
3.2.1 Algebraic Background
93(2)
3.2.2 Zero-Knowledge Proofs of Knowledge
95(2)
3.2.3 Commitment Schemes
97(2)
3.2.4 Blind Signature Schemes
99(4)
3.2.5 Verifiable Encryption
103(1)
3.2.6 Scope-Exclusive Pseudonyms
104(1)
3.2.7 Revocation
105(2)
References
107(2)
4 Comparison of Mechanisms
109(34)
Michael Østergaard Pedersen
Gert Laessøe Mikkelsen
Fatbardh Veseli
Ahmad Sabouri
Tsvetoslava Vateva-Gurova
4.1 Theoretical Comparison -- Security Properties and Claims
110(6)
4.1.1 Computational Assumptions
111(1)
4.1.2 Security Aspects of Privacy-ABC Schemes
112(2)
4.1.3 Key Sizes in Practice
114(2)
4.2 Practical Comparison
116(27)
4.2.1 Comparison Criteria for Privacy-ABC Technologies
117(7)
4.2.2 Functionality Comparison
124(4)
4.2.3 Efficiency Comparison
128(8)
4.2.4 Security Assurance Comparison
136(3)
References
139(4)
5 Legal Data Protection Considerations
143(20)
Marit Hansen
Felix Bieker
Daniel Deibler
Hannah Obersteller
Eva Schlehahn
Harald Zwingelberg
5.1 Legal Requirements
143(9)
5.1.1 Concepts of Anonymity and Pseudonymity
144(1)
5.1.2 Applicable Law
145(1)
5.1.3 General Principles and Protection Goals
145(3)
5.1.4 Legal Roles
148(1)
5.1.5 Legal Grounds
149(2)
5.1.6 Data Security Measures
151(1)
5.2 Applying Legal Requirements to Privacy-ABCs
152(11)
5.2.1 Transparency and Intervenability for Privacy-ABCs
152(2)
5.2.2 Contractual Fixation of Processing on Behalf of the Controller
154(1)
5.2.3 Modelling the Inspection Process
155(3)
5.2.4 Considerations Concerning the Revocation Process
158(2)
References
160(3)
6 School Community Interaction Platform: the Soderhamn Pilot of ABC4Trust
163(34)
Ahmad Sabouri
Souheil Bcheri
Jimm Lerch
Eva Schlehahn
Welderufael Tesfay
6.1 Application Description
164(9)
6.1.1 Pilot Key Scenarios
164(3)
6.1.2 Requirements
167(1)
6.1.3 The Key Design Elements
168(4)
6.1.4 Security and Privacy Highlights
172(1)
6.2 Deployment and Operation of the Pilot
173(9)
6.2.1 The Deployment Architecture
173(4)
6.2.2 Initialization and the Roll-out Process
177(1)
6.2.3 Specification of the Key Use Cases
178(4)
6.3 Evaluation of the School Pilot
182(15)
6.3.1 Evaluation of the Deployment
182(4)
6.3.2 Evaluation of User Experience
186(7)
6.3.3 Conclusion
193(1)
References
194(3)
7 Course Evaluation in Higher Education: the Patras Pilot of ABC4Trust
197(44)
Yannis Stamatiou
Zinaida Benenson
Anna Girard
Ioannis Krontiris
Vasiliki Liagkou
Apostolos Pyrgelis
Welderufael Tesfay
7.1 Application Description
198(6)
7.1.1 The Basic Requirements and Functionalities of the Pilot
200(2)
7.1.2 Advanced Features and Functionalities
202(2)
7.2 Deployment and Operation of the Pilot
204(11)
7.2.1 The Deployment Architecture
205(6)
7.2.2 Policy Specifications for the Main Use Cases
211(4)
7.3 Evaluation of Usability and User Acceptance of Privacy-ABCs
215(20)
7.3.1 Research Questions: Usability and User Acceptance
216(1)
7.3.2 Conceptual Development of a User Acceptance Model
217(4)
7.3.3 Additional Factors of User Acceptance
221(2)
7.3.4 Research Methodology
223(4)
7.3.5 Results of User Feedback and Usability Evaluation
227(2)
7.3.6 Results on User Acceptance Factors
229(3)
7.3.7 Insights into the Understanding of Privacy-ABCs
232(2)
7.3.8 Discussion of the Evaluation Results
234(1)
7.3.9 Limitations and Future Work
235(1)
7.4 Conclusion
235(6)
References
236(5)
8 Experiences and Feedback from the Pilots
241(14)
Norbert Gotze
Daniel Deibler
Robert Seidl
8.1 The Project Setup
242(3)
8.1.1 Development and Operational Work-Split
242(1)
8.1.2 Processing Contracts between Developers and Operators
242(1)
8.1.3 Pilot Applications
243(2)
8.2 Lessons Learned from the Pilots
245(10)
8.2.1 Usability
245(2)
8.2.2 Strategy for Adopting Privacy-ABC Technologies
247(1)
8.2.3 Language Support
248(1)
8.2.4 Debugging
248(1)
8.2.5 Bootstrapping the System
249(1)
8.2.6 The Smart Cards
250(1)
8.2.7 Inspector Application Enhancements
251(1)
8.2.8 Some Pitfalls
251(2)
8.2.9 Data Transfer
253(1)
References
254(1)
9 Technical Implementation and Feasibility
255(64)
Gert Laeessøe Mikkelsen
Kasper Damgard
Hans Guldager
Jonas Lindstrøm Jensen
Jesus Garcia Luna
Janus Dam Nielsen
Pascal Paillier
Giancarlo Pellegrino
Michael Bladt Stausholm
Neeraj Suri
Heng Zhang
9.1 The Reference Implementation
256(26)
9.1.1 Obtaining and Compiling the Source Code
257(4)
9.1.2 Deployment of the ABCE as Web Services
261(5)
9.1.3 Integrating the ABCE in Custom Solutions
266(2)
9.1.4 Generating Parameters
268(1)
9.1.5 Example Applications
269(1)
9.1.6 The Hotel Booking Demo Scenario
269(9)
9.1.7 Access Control Based on Birthdate
278(2)
9.1.8 Handling Revocation
280(1)
9.1.9 Setting Up Your Own Test Privacy-ABC System
281(1)
9.1.10 Implementation Considerations
281(1)
9.1.11 Obtaining the ABC4Trust Demo Applications
282(1)
9.2 ABC4Trust in Smart Cards
282(17)
9.2.1 Privacy-ABCs on Smart Cards: Prior Art
282(1)
9.2.2 Introducing ABC4Trust Lite
283(3)
9.2.3 Functional Model for Privacy-ABC Systems
286(9)
9.2.4 Instantiating U-Prove, Idemix and other Privacy-ABC Systems
295(1)
9.2.5 The "Counter" Mechanism
295(3)
9.2.6 Summary of the APDU Command Set
298(1)
9.2.7 Potential Extensions
299(1)
9.3 ABC4Trust on Smartphones
299(6)
9.3.1 ABCE on Android
300(2)
9.3.2 Privacy ABCs in JavaScript
302(3)
9.3.3 Smart Card Emulation
305(1)
9.4 Perturbation Analysis
305(14)
9.4.1 Overall Approach
306(1)
9.4.2 Overview of the PA Methodology
307(4)
9.4.3 Detailed Methodology
311(2)
9.4.4 Detailed Overview of the Results
313(2)
References
315(4)
10 Privacy-ABC Usage Scenarios
319(26)
Joerg Abendroth
Marit Hansen
Ioannis Krontiris
Ahmad Sabouri
Eva Schlehahn
Robert Seidl
Harald Zwingelberg
10.1 Review of the Main Actors from a Business Perspective
320(6)
10.1.1 User
321(1)
10.1.2 Verifier
322(1)
10.1.3 Issuer (with or without IdM)
323(3)
10.2 Some Typical Privacy-ABC Scenarios
326(19)
10.2.1 Scenario: eIDs
326(4)
10.2.2 Scenario: Anonymous Participation in Decisions and Polls
330(3)
10.2.3 Use of Cloud Service within Enterprises
333(4)
10.2.4 Scenario: Bank as Identity Service Provider
337(2)
10.2.5 Scenario: Do not Track Relying Parties
339(3)
References
342(3)
11 Establishment and Prospects of Privacy-ABCs
345(16)
Marit Hansen
Hannah Obersteller
Kai Rannenberg
Fatbardh Veseli
11.1 eIDAS Regulation and ABC4Trust
345(5)
11.1.1 Suggestion "Emphasise the Concept of Authentication instead of Identification"
346(2)
11.1.2 Suggestion "Remove Barriers for Privacy-preserving eID Solutions"
348(1)
11.1.3 Suggestion "Clarify Applicability of Data Protection Requirements also for eID Services"
348(1)
11.1.4 Privacy-ABCs in the eIDAS Landscape
349(1)
11.2 How Stakeholders Can Support Privacy-ABCs
350(4)
11.2.1 "State of the Art" and "Best Practice"
350(2)
11.2.2 Support of Stakeholders
352(2)
11.3 Standardization and Certification
354(7)
11.3.1 Framework Standardizations
354(2)
11.3.2 Certification of Presentation Policies
356(2)
References
358(3)
12 Further Challenges
361(8)
Kai Rannenberg
Jan Camenisch
Ahmad Sabouri
Welderufael Tesfay
12.1 Enabling Users to Manage Their Identities and the Identity Management Process
362(3)
12.1.1 Devices Suitable for Managing Identities
362(1)
12.1.2 Interfaces for Identity Management
363(1)
12.1.3 Minimizing the Installation Effort
364(1)
12.1.4 Additional Services that Help the Users to Manage Their Data and Protect Their Privacy
364(1)
12.2 Usage of Privacy-ABCs by Relying Parties and Service Providers
365(4)
12.2.1 Boundaries between Different Domains
365(1)
12.2.2 Interoperability and Compatibility with Existing Technologies
366(1)
12.2.3 Enabling Prototypes and Trials
366(1)
12.2.4 Standardization
367(2)
A ABC4Trust Workpackages and Deliverables
369(4)
A.1 Workpackages
369(1)
A.2 Deliverables
370(3)
B ABC4Trust Consortium
373(8)
Contributors 381
Kai Rannenberg holds the Deutsche Telekom Chair of Mobile Business & Multilateral Security at Goethe University Frankfurt, Germany. Before he was with Microsoft Research Cambridge, UK, focussing on personal security devices and privacy technologies. Kai has been coordinating several leading EU research projects including the Network of Excellence Future of Identity in the Information Society and the Integrated Project Attribute based Credentials for Trust (ABC4Trust). Kai`s awards include the IFIP Silver Core and the Alcatel SEL Foundation Dissertation Award.

Jan Camenisch is a globally renowned cryptographer and a senior researcher at IBM's Research Laboratory in Rüschlikon, Switzerland. His mission is, by inventing and using cryptography to try to regain the fading privacy of our increasingly electronic society. He is a member of the IBM Academy of Technology and was the technical leader of the EU-funded projects PrimeLifePRIME and currently holds an ERC Advanced Grant. In 2010 he received the prestigious ACM SIGSAC Outstanding Innovation Award and in 2013 the IEEE Computer Society Technical Achievement Award.

Ahmad Sabouri is a scientific researcher and doctoral candidate at the Deutsche Telekom Chair of Mobile Business & Multilateral Security at Johann Wolfgang Goethe University Frankfurt, Germany, with a focus on Privacy-respecting Identity Management. Since 2011, he has a key role in various activities within the ABC4Trust EU project, including project coordination, architecture design, and management of the pilots.