On January 20, 2015 ABC4Trust presented the results of four years of intense research and piloting of privacy-enhancing authentication solutions  in a full-day event. The meeting took place right in the heart of the European Quarter in Brussels at the new venue of the Representation of the State of Hessen to the EU,
21 Rue Montoyer, Brussels.

The date conveniently allowed interested privacy experts to attend the
Summit Event in connection with their travel to attend the Computers,
Privacy and Data Protection Conference 2015 (CPDP) which takes place Wednesday 21 until Friday 23 January, 2015 at Les Halles de Schaerbeek in Brussels, Belgium.

 

If you like to be notified about news on the ABC4Trust Summit Event please let us know at:


Please also note the agenda of the upcoming Computers, Privacy and Data Protection conference 2015 which will be held in Brussels 21st - 23rd of January, 2015.

ABC4Trust Information Event in Athens

The ABC4Trust project invited interested people from industry, politics and science to join its information event held in Athens. The project's partners introduced the audience to Privacy-ABCs technologies in general, the architecture and the project's pilots. The presentation slides are available as PDF download (see below).

Date:

September 29, 2014, starting at 10:00h

Venue:

CTI building

Mitropoleos 26-28,
105 63 Athens

Programme

Read more: September 29, 2014 - ABC4Trust Information Event in Athens

The 9th international IFIP summer school on privacy and identity management for the future internet in the age of globalisation took place on September 7-12, 2014 in Patras, Greece.

This year's summer school was hosted by ABC4Trust consortium partner CTI - Computer Technology Institute and Press "Diophantus" located near the University of Patras.

This annual event is organised by the IFIP working groups 9.2, 9.5, 9.6/11.7, 11.4, 11.6 and special interest group 9.2.2. ABC4Trust co-organizes the joint effort of several research projects to keep the IFIP summer school series up. For the event in 2014 summer school was hosted by our Greek ABC4Trust partner CTI with Yannis Stamatiou as organizing committee chair. Further ABC4Trust involvement consisted of Marit Hansen (ULD) as general chair and Jan Camenisch (IBM) as a program committee co-chair.

The IFIP summer school 2014 was interactive in character, and composed of keynote lectures and workshops with master/PhD student presentations. The principle is to bring together junior and senior researchers and practitioners from multiple disciplines to discuss important questions concerning privacy and identity management and related issues in a global environment. To this end, contributions from students at the stage of preparing either a master’s or a PhD thesis are especially encouraged.

ABC4Trust was represented by two keynote speakers and an afternoon workshop, providing three parallel sessions. Furthermore, the project was addressed in several student papers.

Participants of the IFIP Summer School 2014 can view all slides of the ABC4Trust sessions here.

Important Dates

General Chair:  Marit Hansen
PC Co-Chairs:  Jan Camenisch, Simone Fischer-Hübner, Ronald Leenes
Organizing Committee Chair:  Yannis Stamatiou
   
 

After the successful operation of the Patras pilot, ABC4Trust was invited (through the University of Patras Innovation Office) to present its results at a one-day event organized by the Greek Ministry of Foreign Affairs (MFA).

The event will take place on July 17, 2014, at the amphitheatre “Kranidiotis” of the MFA at Akadimias 1 Str., Athens, Greece.

The goal of the event is to promote mature research results (which are ranked above 6 at the Technology Readiness Levels) to interested parties, who might include the immediate exploitation in their business plans.

Invitations were sent to ambassadors and finance/commerce State representatives of foreign countries, as well as to their Greek counterparts. Also, invitations were sent to representatives from the private and public sector in Greece.

ABC4Trust organised a workshop at this year’s  CSP Forum Conference, held in Athens, Greece. The workshop ‘ABC4Trust – Putting Privacy-ABCs into Practice’ consisted of two parts. (‘Track 12’ and ‘Track 15’ on the conference programme.)

All presentations can be found here.

Speakers:

Gregory Neven (IBM) - The Concept of Privacy-ABCs

Jonas Lindstrøm Jensen (Alexandra Institute) - Privacy-ABCs on Mobile Devices

Souheil Bcheri (Eurodocs AB) - Community Interaction Among Pupils

Yannis Stamatiou (Diophantus) - Privacy Preserving Course Evaluation in Educational Institutes

Ahmad Sabouri (Goethe University Frankfurt/Main) - Enabling Privacy Friendly Integration of Cloud Services into Enterprises

Chair: Hannah Obersteller (ULD)

In the first part, Gregory Neven introduced the audience to the idea and the functionalities of Privacy-enhancing Attribute-based Credentials (Privacy-ABCs). After describing existing identification schemes and their weaknesses, Dr. Neven explained the advantages of Privacy-ABCs. Privacy-ABCs allow the user to choose which information – in other words: which attribute – he is willing to reveal. In the following, he focused on the more advanced features such as pseudonyms, revocation, and inspection. While by default Privacy-ABCs allow the user to access a service completely anonymously, the optional feature “inspection” can be enabled if needed. This means, the identity of the user can be revealed conditionally. The user must be informed in advance if inspection is enabled and under which circumstances (inspection grounds) his identity may be revealed. The revocation feature allows the issuer of the credentials to revoke them. This might become necessary if a certain attribute of the user changes; e.g. if he is not a student anymore.

Jonas Lindstrøm Jensen showed examples of how Privacy-ABCs can be used on mobile devices. While the project’s trials were using laptops as devices, it is also possible to use mobile devices like mobile phones or tablets. The advantage is, that most potential users already have one, so there is no need for additional hard ware like smart cards and smart card readers. Mr. Lindstrøm Jensen referred to new use cases and the security and privacy problems that, in turn, appear.

Souheil Bcheri presented the results of one of ABC4Trust’s trials. ABC4Trust set up a School Communication System at a Secondary School in Söderhamn/Sweden. Functionalities like chat and document sharing are provided as well as counselling sessions and political discussions. The pupils, their parents and teachers are enabled to access the network pseudonymously or anonymously, depending on the service they want to use. Since there had not been a similar application before, ABC4Trust had to create it from sketch. The network offers certain “rooms” – Restricted Areas – to certain group of users. Depending on the individual access policy of each of those Restricted Areas, there can be e.g. a chat room that allows access for everyone who can prove that she is not elder than 14 and a girl. The users can create own Restricted Areas and determine their access policies as well.

Building on what had been presented in the first part, in the second part Yannis Stamatiou reported on the results of the second trial of ABC4Trust, also by showing screenshots and video sequences. The project implemented a Course Evaluation System at the University of Patras, Greece. The students are enabled to evaluate their Courses anonymously. At the same time the system guarantees that only duly accredited students can participate in the evaluation. As an incentive to the students to participate in the trial, the students could choose to get another credential. This so-called Tombola credential allowed them to participate in a Tombola at the end of the semester. The inspection feature was used to reveal the identity of the winner. All other credentials were not inspected. The revocation feature was employed to allow the university to revoke a student’s credential when he leaves the university. After the explanation of the system, Prof. Stamatiou talked about the results of an anonymous questionnaire that was answered by the students who participated in the trial. According to the evaluation the students understood the functionality and also trusted the system. Prof. Stamatiou also reported on the future exploitation of the system.

Finally, Ahmad Sabouri gave a presentation on a special future use case of Privacy-ABCs: Use on the Cloud. After giving an introduction to Cloud Services in general, he talked about what might keep enterprises from using them. One major issue is privacy and identity concerns. Identity management in the cloud is different. Mr. Sabouri described the Privacy requirements in the Cloud. While the IdMaaS must not learn about the services the user accesses, the Cloud Provider may be neither able to link a user to his identity, nor to profile the user based on his different accesses. Furthermore, the Cloud Service Provider should not learn about the use of resources and services, while the enterprises should be able to audit those. Then, he explained in how far Privacy-ABCs meet those requirements and mapped the roles of the entities of a Privacy-ABC system.

Questions were answered during and after each presentation.

The annual Trust in Digital Life event took place on April 7th and 8th, 2014 in Vienna.

The ABC4Trust Project organized Track 3 “Identity management” and offered a panel featuring a variety of current applications of Privacy-ABC. The workshop targeted everyone that wants to implement privacy-preserving identity management. The panel demonstrated that usable and trustworthy identity management systems are technically possible and in several cases already a working reality. In the track the following presentations were covered:

General technology presentation of ABCs in ABC4Trust

(Dr. Gregory Neven, IBM)

Privacy respecting ICT innovations in education: electronic course evaluations in higher education and beyond

(Prof. Yannis Stamatiou, Computer Technology Institute and Press)

Restrictive download of documents from cloud storage in FI-Ware

(Robert Seidl, Nokia Solutions and Networks)

Performance of privacy-enhancing cryptography on smartphones

(Dr. Jan Hajny, Brno University of Technology)

Information security supporting data protection

(Dr. Rodica Tirtea, ENISA)

Major questions and discussions in the panel:

• What would be some interesting examples of Privacy-ABCs applications?
  Apart from the pilots of ABC4Trust that deal with privacy-friendly online course evaluation and privacy-friendly school community platform, one could consider e-government polls, age verification and public transportation ticketing to be very relevant problems that can be addressed using Privacy-ABCs.

• There are so many cryptographic solutions to deal with privacy problems. Why to use ABC4Trust framework and not any other one?
  ABC4Trust framework is defined in a generic way based on the identified features that are required from Privacy-ABCs. Therefore it gives the opportunity to any crypto provider to implement the specified interfaces and therefore be pluggable to the framework. ABC4Trust is not limited to any specific technology and it also helps to avoid a lock-in situation.  

• One of the major blocking factors in front of adoption of Privacy-ABCs concerns the application developers not being familiar with the crypto. What can be done in this regard?
  The ABC4Trust project has provided a crypto-agnostic API set to Privacy-ACBs, which relieves the burden of complicated crypto. The reference implementation of ABC4Trust is publicly available on Github along with documentations and integration examples for the developers.

• How is it possible to convey the properties of Privacy-ABCs to the end users?
  Indeed a certain level of trust is needed for the ecosystem to work. Trust in the crypto, trust in the correct implementation of the crypto and trust in the correct deployment of the system are the minimum requirements. Perhaps there should be some consumer protection or verification agencies to help with gaining the trust of the end users in the system and the promised features.

Brussels, February, 28th, 2014: The ABC4Trust project is present at the "EU Cybersecurity Strategy - High Level Conference" with a booth and strong presence of the ABC4Trust members. The one-day Conference is organised by the European Commission, in cooperation with the European External Action Service.
Keynotes have been provided by Ms Neelie Kroes, Commission Vice-President for the Digital Agenda and Mr Maciej Popowski, Deputy Secretary General of the European External Action Service.
In her keynote Ms Neelie Kroes stated that in the field of cybersecurity we in Europe need to say “yes” to data protection and “no” to data protectionism. We also should not get too entangled in viewing ongoing revelations by Edward Snowden but recognize that cybersecurity is also about the aspects directly relevant for the citizens: People trusting that their personal data on social network sites are well protected; users understanding what their cloud service providers are offering, eID solutions allowing to securely authenticate towards services; or children’s sufficiently protected but also empowered to avoid online risks.
ABC4Trust addresses many of the aspects mentioned in the vice president’s keynote. The Swedish Pilot provides a school network for information exchange at a school where pupils are empowered to communicate securely within verified areas while retaining their anonymity to the extent possible or acting under pseudonyms. Data protection and data minimisation is a core feature built into Privacy-enhanced Attribute-based Credentials (Privacy-ABCs) – presumed that the systems are set up accordingly. The data minimisation principle states that (only) the data necessary for a given and defined purpose may be processed. Privacy-ABCs permit to remove data from a certificate that are unnecessary while retaining the integrity of the issuer’s signature for the remaining information.

At the High Level Conference on the EU Cybersecurity Strategy ABC4Trust is present with a booth where both ABC4Trust pilots are on display. Prof. Kai Rannenberg from Goethe University Frankfurt, Germany, is project lead of the ABC4Trust project. The Swedish school pilot is presented by Souheil Bcheri of Eurodocs. Prof. Yannis Stamatiou from The Computer Technology Institute & Press – Diophantus, Greece, shows the university pilot allowing anonymous evaluation of lectures. Harald Zwingelberg from the Unabhängigen Landeszentrum für Datenschutz, Germany, presents comments on legal aspects of Privacy-ABCs to support eID solutions across Europe.

Keynote Speaker Dr. Thomas Kremer, Member of Deutsche Telekom’s Board of Management for Data Privacy, Legal Affairs and Compliance, showing great interest in the ABC4Trust pilot systems

On November 13th 2013, ABC4Trust partner Alexandra Instituttet co-organised a workshop entitled 'ID management' together with with DI ITEK in Copenhagen, Denmark.

Five international experts provided insights on identity related topics such as the internoperationality of national eID solutions, open standards in the field secure management of identities on mobile devices. The event was targeted at IT architects, decision-makers and developers in the field of online services and cloud solutions and fully booked.

The program featured the following presentations:
- Digital authentification solutions, both in general and in relation to NemLogin, Thomas Gundel, IT Crew
- Interoperability among national e-ID infrastructures, Gunnar Nordseth, CEO, Signicat
- International open standards, including OpenID connect and OAuth2, Justin Richer, MITRE
- MS U-Prove and identity management in the cloud, Ronny Bjones
- Secure identity management on mobile devices, Stefan Hebsgaard, Cryptomathic

The third Meeting of the ABC4Trust Reference Group is going to happen on November 13th and 14th, 2013 in Frankfurt, Germany. The Reference Group is a board of selected experts from the relevant stakeholders from inter alia ICT industry, academia, specialized press, data protection authorities, and civil society groups.

The ABC4Trust Reference Group is designed to provide early feedback on the ABC4Trust Project results from different viewpoints, considering the overall value and potential use of the ABC4Trust Project results. As such, it will provide global, non-technical advice to the ABC4Trust Project, focusing on its scientific direction and its prospects for exploitation and research in the mid and longterms. Together with the participants of ABC4Trust, the ABC4Trust Reference Group prepares the transfer of its results to industry and standardisation organisations to support European privacy regulations.

ABC4Trust will be jointly chairing the ACM Digital Identity Management Workshop 2013 together with the FutureID project at the annual Conference on Computer and Communications Security (CCS) of the Special Interest Group on Security, Audit and Control (SIGSAC) of the Association for Computing Machinery (ACM). The conference will be held in Berlin from November 4^th -8^th and is a high profile research conference in the area of cyber security.

The workshop on Digital Identity Management is chaired by Thomas Groß and Marit Hansen of the FutureID and ABC4Trust projects. In five sessions the workshop will explore the central issues in connection with interoperable identity management technologies in the information society:

Session 1: Welcome and Keynote by Claudia Diaz
Session 2: Cryptographic Methods
Session 3: Human Factors and Socio-Economic Aspects
Session 4: Security Considerations
Session 5: eIDs and Identity Management

For further information please refer to the detailed workshop program.

At the European eID Interoperability Concepts and Compliance Conference, ABC4Trust partner IBM Research will be present with a demonstration on Privacy-Preserving Authentication by Attribute-based Credentials. The conference will take place in Biel, Switzerland from May 27^th-28^th, 2012.

Authentication is an all-embracing mechanism in today’s digital society. Current authentication systems require users to provide more personal data than actually necessary, and offer many attack vectors due to insecure authentication methods such as username/passwords. With Privacy-preserving Attribute-based Credentials, systems that allow for minimizing the data released during authentication do exist. A combination of these technologies with eID solutions could provide the necessary security and trust for all participants while preserving the user’s privacy at the same time. In the current discussion for future electronic IDcards and other means to authenticate online and offline, the growing privacy threats for users are not sufficiently reflected. Therefore, any upcoming European and national eID schemas should help citizens to protect their privacy by providing secure authentication methods with which the user can verify only the relevant attributes but does not need to reveal more than these necessary attributes. Users would be enabled to act under a pseudonym with their real identity unknown to the service provider. However, acknowledging risks for service providers, it should be possible to trace back a so far pseudonymous user under certain previously specified conditions. With Privacy-preserving Attribute-based Credentials, such as IBM’s Identity mixer presented at the conference in Biel or Microsoft’s U-Prove, technology can be a key enabler for privacy preserving eID solutions in the future.

The demonstration in the conference’s exhibition area will show data-minimizing authentication with attribute-based credentials based on the scenario of a teenage chat room, where the chat provider requires authentication with respect to a service-specific privacy-preserving policy. When a user wants to enter the chat room, the implementation determines whether and how the user can fulfil the policy with her credentials. A graphical user interface allows the user to select and verify which personal information she wants to use to fulfil the policy. Prior to sending any information, the user interface also provides her with a detailed summary of which information she is about to release to the service provider. Based on the user's input, the prototype generates a cryptographic presentation token that shows fulfilment of the service provider's policy without revealing any unnecessary information. Finally, this presentation token is sent to the service provider for verification who grants access to the chat accordingly. Our prototype is the first implementation of such far reaching data-minimizing privacy-preserving authentication.

Visitors of the demo will learn that it is possible to perform online authentication in a privacy-preserving manner.

Resources:

• For first information on Privacy-ABCs, the problems they can solve and what the project is about see the ABC4Trust Flyer.

• For a description of the demo to be shown in Biel see Bichsel/Preiss, A Comprehensive Framework Enabling Data-Minimizing Authentication, 2011.

• Read more on an architecture to make existing systems of Privacy-ABCs interoperable, and the how the processing of personal data can be limited to enhance privacy and legal compliance: D2.1 Architecture for Attribute-based Credential Technologies.

Privacy-Enhanced Credentials Going Live – From Theory to Practice, ABC4Trust tutorial at CSP EU Forum, Berlin April, 24th 2012

ABC4Trust will hold a tutorial session at the Cyber Security & Privacy EU Forum 2012 (CSP EU FORUM) under the title “Privacy-Enhanced Credentials Going Live – From Theory to Practice”. The tutorial will be part of the CSP EU Forum  in Berlin, Germany,  on April, 24th 2012.

[Update] The organizers published the agenda with the time slot for our tutorial. Join us on the first day of the conference (April 24th) between 16:00 and 18:00. Please note also that the CSP EU forum is now open for registration.

Trustworthy authentication and authorization is one of the main ingredients to ensure secure transactions over the Internet. The currently prevalent solution for user-authentication is by username and password. In case the authorization requires information about the user such as address or credential card number, these information are typically obtained by exchange with other service providers. Increasingly, cryptographic approaches such as X.509 certificates are used that offer stronger security guarantees. Both of these approaches have considerable privacy concerns. Briefly, the users have to reveal their full identity and personal data to one or more service providers even though that amount of information would not be strictly necessary.
In tutorial session the presenters will discuss how Privacy-ABCs can provide the same, or better, level of strong authentication while preserving the privacy of the user. In a nutshell, privacy-ABCs allow the user to establish several partial identities (1) with each service provider, where they only disclose the information that is minimally required for this purpose. For instance, it often might be sufficient to prove the mere fact that the user is over 18 instead of revealing the full date of birth.
The technology to deploy privacy attribute-based credentials is already available with IBM's Identity Mixer  and Microsoft's U-Prove. Currently, both are being integrated and used for two pilots in the EU-funded project ABC4Trust project which takes up the heritage of the European PRIME  and PrimeLife  projects.
This tutorial aims at providing a better understanding of the features and concepts of Privacy-ABCs and its potential application areas. We will also discuss how the ABC4Trust project advances the current state by identifying a common architecture (2) and deploying Privacy-ABCs in real-life environments. Presentations of the two pilot scenarios and a legal assessment of such privacy-enhancing technologies will complete this tutorial.
 
Agenda of the Tutorial session
More precisely, the tutorial consist of the following three parts:

Read more: ABC4Trust Tutorial at CSP EU Forum, Berlin, April, 24th 2012

September 20^th 2011, TITANIA HOTEL, Panepisthmiou 52 , Athens, Greece, "OURANOS" Conference  Center, on the 10th floor.

New and original research results and the latest state-of-the-art in Attribute-based Credentials and Trustworthiness will be presented by scientific experts and businessmen.

Read more: ABC4Trust Public Event in Athens, Greece

Date: June 10th, 2011, from 10:00 to 16:30

Location: IBM Research Zurich, Säumerstrasse 4, 8803 Rüschlikon, Switzerland

Cost: no registration fee

Joint dinner: June 9th, 2011, 19:00 Restaurant Moosegg, Säumerstrasse 31, 8803 Rüschlikon

Trustworthy, yet privacy-preserving authentication is necessary to enable long-term and lifelong privacy for users. Attribute-based credentials offer a solution allowing strong authentication while the user may remain anonymous towards the relying party and without the identity provider learning to know about the websites visited or services deployed by a user. The technology to deploy attribute-based credentials is available with IBM's Identity Mixer and Microsoft's U-Prove. The EC-funded project ABC4Trust now takes up the heritage of the PRIME and PrimeLife projects and will deploy systems using attribute-based credentials in actual production pilots and deliver open reference implementations.

Read more: Joint PrimeLife & ABC4Trust Credential Tutorial