ABC4Trust has been listed by the European Commission as an example of a successful EU funded research and innovation in the Societal Challenges areas which already is integrated into commercially viable products, start-ups and services. Read more in the brochure: https://ec.europa.eu/digital-agenda/en/eu-funded-societal-challenges-projects-lab-market

ABC4Trust Clip on Privacy-ABCs

A main part of ABC4Trust's efforts is to explain the problem of linkage and creation of usage patterns when using online services, the functionality and advantages of Privacy-ABCs and how they help the user to protect his or her privacy. Raising the awareness for this issue is not easy as the threat is not obvious.

This basic information is addressed in the video clip ABC4Trust has produced. Furthermore, it explains how Privacy-ABCs come into play. The clip had its premiere at the Summit Event  on January 20, 2015.

The idea behind the clip is to explain Privacy-ABCs and the achievements of ABC4Trust in an entertaining but still informative way. The language used is simple and the duration of the clip does not exceed five minutes.

Download (68 MB)

Download (7 MB)

On youtube: https://www.youtube.com/watch?v=utk4EyoaxAk

All rights reserved.

In its latest Deliverable 4.2 – Final Reference Implementation, ABC4Trust describes how to use a demonstration the project developed in order to allow interested parties to actually try out Privacy-ABCs in practice. Embedded in a hotel room booking scenario, you can follow all steps from obtaining a credential, to make use of it and revoke it in the end.

The demonstration is deployed as a virtual machine in iso format. (Download Virtual Machine)

The scenario showcases most of the features provided by reference implementation, namely issuance with key carry-over, verification and revocation of credentials. Inspection and issuance with carry-over attributes are not included in the demonstration, but could be included in a future version. The scenario is based around the case of booking a hotel room. In order to book a room, a user must possess valid passport and credit card credentials; however the user will be forced to reveal neither her identity nor her credit card number. A potential feature to add in a future version of the demonstration would be to make the credit card number in the presentation token inspectable in case of a (late) cancellation. This would allow the hotel to withdraw a fee from the customer if certain criteria are met. Similarly, an additional issuer of student card credentials could be implemented. This could be used to showcase advanced issuance (where the student’s attributes are carried over from his student card to the credit card credential) as well as the verifier having different presentation policies, offering students a discount.

The demonstration consists of the following services:

A Grails application running the webpage for a hotel, acting as the verifier.

A Grails application running the webpage for a bank, acting as the issuer of credit card credentials.

A Grails application running the webpage of governmental agency, acting as the issuer of passport credentials.

A revocation service, able to revoke credit card credentials.

A user service, able to manage credentials, communication with smartcards and perform presentations of credentials.

A user UI service, providing a GUI for the user service.

For further details please read D4.2 - Final Reference Implementation. (Download: PDF)

The official project flyer is available as download now.

Download PDF

On 26th May 2014, the ABC4Trust project published a new press release on the result of its pilots. The press release can be viewed here.

A report on ABC4Trust's workshop "Putting Privacy-ABCs into Practice" can be found here.

Microsoft released updated U-Prove cryptoarchitecture

Already fully compatible with ABC4Trust engine

On December 19, 2013 Microsoft released a public update to its U-Prove Cryptographic Specification V1.1 and open-source C# SDK. This Revision 3 is now interoperable with the ABC4Trust architecture as recently described in "H2.2. ABC4Trust Architecture for Developers".

This smooth integration had also been enabled by the fact, that ABC4Trust had already used a previously unreleased iteration of this release that is now publicly available.

The updated version can be found on the official U-Prove website.

Online services can use the code to protect customer’s data and reduce exposure to liabilities in case of personal data breaches

“Privacy is an integral part of human dignity and personal freedom”, as Vice-President of the European Commission Viviane Reding stressed at a speech regarding the proposal for a Data Protection Regulation. Personal data breaches cause major liability risks and loss of reputation for businesses and may impact the life of the compromised person in a long term. Protection of personal data is served best by taking data protection aspects into account right from the planning phase. The draft for a General Data Protection Regulation demands privacy by design and privacy by default when developing new processes. This is taken into account by the EU-funded project “Attribute-based Credentials for Trust” (ABC4Trust) that is piloting cryptographic solutions to authenticate persons in a privacy-preserving way with selective disclosure of attributes in authentication processes.

Appropriate privacy-enhancing technologies (PET) as developed in the ABC4Trust project allow secure authentication while only revealing the data essential for the requested service and no longer require verifying every detail of a user’s identity. Reducing data in this early state may aid businesses to comply with these principles by avoiding unnecessary data processing, and citizens gain more privacy. To assist online services in implementing such technologies, the ABC4Trust project has published the source code of the first version of its solution.

Electronic identity solutions are based on attributes about a person with the respective attribute value like the person’s name or date of birth. Classic electronic identification does not allow presentation of selected attributes without invalidating the issuer’s signature and thus risking a rejection. Advanced and privacy-preserving solutions support selective disclosure of attributes: the service provider can only learn those pieces of information that are necessary for the given purpose while the signature verifying the correctness of the information remains intact. The privacy-enhancing attribute-based credentials (Privacy-ABCs) deployed in the ABC4Trust project’s pilots support the above-mentioned attribute selection.

The use of Privacy-ABCs has now become accessible for a broader audience, as the ABC4Trust project has released the first iteration of the Attribute-based Credential Engine (ABCE) implementation. The ABCE allows owners and implementers of online services to leverage the potential of Privacy-ABCs to protect customer’s data and reduce exposure to liabilities in case of personal data breaches.

The first iteration of the ABCE consists of a number of core components and a user interface needed to implement a Privacy-ABC system. The release includes source code and documentation on how to setup and integrate the ABCE and can be found on the ABC4Trust. The components deal with issuing, verifying, inspecting, and revoking privacy-preserving attribute-based credentials, as well as handling the required user interaction. ABC4Trust has developed two applications that are currently deployed and being used by users in two pilot trials; one in Söderhamn, Sweden and the other in Patras, Greece.

Building on the basic components fully functioning support for Privacy-ABCs can be implemented in a given system. The ABCE is provided with adapters for storing keys on smart cards and a very generic user interface. Additional customization will be required regarding the storage of keys and credentials along with the user interaction.

All parts of the ABCE are released under the Apache License 2.0 license. However, the cryptographic engines underlying the ABCE are not currently a part of the ABCE, and must be downloaded separately. The cryptographic engines are IBM Identity Mixer (Version 2.4 or later) and Microsoft U-Prove. The U-Prove binary can be downloaded from https://microsoft.com/u-prove. The IBM Identity Mixer can be downloaded from idemix.

The Annual Privacy Forum 2014 will take place in Athens on 20th and 21th of May 2014 in course of the Greek Presidency of the Council of the EU. The conference is jointly organized by the European Commission's Directorate General for Communications Networks, Content & Technology (DG CONNECT) and the European Union Agency for and Information Security (ENISA).

Local host for the event is the Systems Security Laboratory (SSL) of the University of Piraeus.  The Call for Papers is open.

[Update:] The deadline for proposals has been extended until December 23rd, 2013. Proposed papers should focus on these topics. 

•    Building privacy by design and by default
•     Cryptography for privacy
•     Data protection technologies
•     Economics of privacy and PETs
•     Enhancing privacy in existing systems
•     Identity management and privacy
•     Location and mobility privacy
•     Privacy awareness raising and education
•     Privacy and inference control in databases
•     Privacy and privacy technologies attacks
•     Privacy by policy
•     Privacy models
•     Privacy-enhanced access control or authentication/certification
•     Privacy Friendly Biometrics
•     Privacy-friendly payment mechanisms for PETs and other services
•     Privacy in Online Social Networks
•     Privacy policy languages and tools
•     Pseudonyms, anonymization, identity management, link ability, and reputation
•     Reliability, robustness and abuse prevention in privacy systems
•     Traffic analysis
•     Transparency enhancing tools
•     Usability issues and user interfaces for PETs

The second round of the Patras pilot started on the 4th of November 2013  and will last until mid of February 2014. The participants are 59 volunteers who attend the course “Distributed Systems I” of the Department of Computer Engineering and Informatics, at the University of Patras. They have already obtained their Smart Cards and, according to the pilot scenarios, have received their first attendance unit in the lecture room, on the 4th of November. Their entry to the pilot system is the portal residing in https://ces.cti.gr/Portal/Portal.html The students can, also, download from there a students' manual that describes all the details relevant to their participation in the pilot.

Before the start of the pilot, the students were shown brief introductory slides on the concepts of Privacy-ABCs, the goals of the pilot as well as the use cases.  After the end of the slide presentation, the lecturer and CTI members initiated an open discussion related to the concepts of Privacy-ABCs, the objectives of the project and the scenarios of the pilot. Their interest in the pilot as well as the Privacy-ABCs was high and we expect them to give, in the end, a very helpful evaluation of the technology they used.

On the 23^rd of November 2012, 32 students of the course “Distributed Systems I” of the Department of Computer Engineering & Informatics at the University of Patras, Greece, started their participation in one of the two pilots that were developed within the context of the ABC4Trust project. This pilot is about remote evaluation of courses that students have attended throughout the semester, using “minimal disclosure” technologies that the ABC4Trust project developed in a reference implementation. Students are allowed to evaluate the course in the end of the semester after proving, anonymously, that they have attended the course sufficiently many times (i.e. over a preset attendance threshold), that they are students of the University, and that they have registered for the course under evaluation. The students have smart cards which they use in order to collect attendance units in class by passing the cards near a contactless reader of a class attendance application. After the semester has ended, they will use their smart cards in order to prove to the course evaluation system their eligibility to participate in the evaluation of the course.

This group of students will use the Idemix technology developed by IBM. Another group of 32 students will soon start their participation too, using the U-Prove technology introduced by Microsoft. We expect that after the pilot has ended (beginning of fall 2013) the students will be able to give accurate opinions from the users’ perspective. These opinions will enable the ABC4Trus consortium to proceed to enhancements of the reference implementation that will take account the students’ opinions towards increased usability, user friendliness, and ease of use.

After the success of the last IFIP Summer School “Privacy and Identity Management for emerging Internet Applications throughout a Person’s Lifetime” in September 2011, ABC4Trust is again collaborating with other projects and several IFIP (International Federation for Information Processing) working groups to arrange a Summer School in 2013. This 8^th International Summer School, organised jointly by the IFIP Working Groups 9.2, 9.5, 9.6/11.7, 11.4, 11.6 and projects such as ABC4Trust, A4Cloud, PRISMS, DigiDeas and FutureID, will focus on “Privacy and Identity Management for Emerging Services and Technologies”. It will be held in Nijmegen, the Netherlands, from June 17 to 21, 2013. The local organisers are PI.lab and Radboud University Nijmegen.

The aim of the Summer School is to encourage young academic and industry entrants to the privacy and identity management world to share their own ideas, build up a collegial relationship with others, gain experience in making presentations, and potentially publish a paper through the resulting book proceedings. It takes a holistic approach to society and technology and supports interdisciplinary exchange in the keynote lectures, tutorials and workshops. In particular, participants' contributions that combine technical, legal, regulatory, socio-economic, social or societal, ethical, anthropological, philosophical, or psychological perspectives are welcome. The school is interactive in character, and is composed of a combination of keynote lectures and workshops with PhD student presentations. Contributions are selected based on an extended abstract review by a Summer School Programme Committee.

Website of the IFIP Summer School 2013

Call for Papers

The ABC4Trust web-team congratulates our colleague Jan Camisch from IBM Research - Zurich as well as the co-authors Stephan Krenn and Victor Shoup for being awarded with the Best Paper Award at the 17th annual AsiaCrypt Conference held in Seoul, Korea, on December 4th - 8th, 2011.

The paper provides a method to design efficient cryptographic proof protocols that can be proven secure in a very strong security model. This assures that a protocols security is retained no matter in what environment a protocol is used. An example of such protocols are the privacy-enhancing technologies designed and applied in the ABC4Trust project.

The contribution with the title "A Framework for Practical Universally Composable Zero-Knowledge Protocols" has been published in the Springer LNCS series.
 

Abstract

Zero-knowledge proofs of knowledge (ZK-PoK) for discrete logarithms and related problems are indispensable for practical cryptographic protocols. Recently, Camenisch, Kiayias, and Yung provided a specification language (the CKY-language) for such protocols which allows for a modular design and protocol analysis: for every zero-knowledge proof specified in this language, protocol designers are ensured that there exists an efficient protocol which indeed proves the specified statement.

However, the protocols resulting from their compilation techniques only satisfy the classical notion of ZK-PoK, which is not retained are when they used as building blocks for higher-level applications or composed with other protocols. This problem can be tackled by moving to the Universal Composability (UC) framework, which guarantees retention of security when composing protocols in arbitrary ways. While there exist generic transformations from Σ-protocols to UC-secure protocols, these transformation are often too inefficient for practice.

In this paper we introduce a specification language akin to the CKY-language and a compiler such that the resulting protocols are UC-secure and efficient. To this end, we propose an extension of the UC-framework addressing the issue that UC-secure zero-knowledge proofs are by definition proofs of knowledge, and state a special composition theorem which allows one to use the weaker – but more efficient and often sufficient – notion of proofs of membership in the UC-framework. We believe that our contributions enable the design of practically efficient protocols that are UC-secure and thus themselves can be used as building blocks.

To download the full paper see Springerlink

With the Report "Architecture for Attribute-based Credential Technologies" (Privacy ABCs) the ABC4Trust consortium published the first version of the architecture design for the deployment of Attribute-based credentials. The ABC4Trust project will brings this privacy preserving technology to life in two pilots. The first pilot provides a social network for pupils in a secondary school in Söderhamn, Sweden. The second pilot will allow anonymous yet securely authenticated evaluation of classes at the University of Patras, Greece.

The architecture report provides the basis for the pilots and describes central aspects of the technology as it will be deployed in ABC4Trust. The architecture report has been designed to decompose future (reference) implementations of Privacy-ABC technologies into sets of modules and specify the abstract functionality of these components in such a way that they are independent from algorithms or cryptographic components used underneath.

The report also provides an analysis regarding the applicability of the ABC4Trust architecture to the popular existing identity protocols and frameworks such as WS-*, SAML, OpenID, OAuth and X.509.

Abstract

The goal of ABC4Trust is to address the federation and interchangeability of technologies that support trustworthy yet privacy-preserving Attribute-based Credentials (Privacy-ABC).

Towards this goal, one of the main objectives of the project is to define a common, unified architecture for Privacy-ABC systems to allow comparing their respective features and combining them on common platforms. The first version of this architecture is described in the deliverable at hand. Its main contribution is the specification of the data artifacts exchanged between the implicated entities (i.e. issuer, user, verifier, revocation authority, etc.), in such a way that the underlying differences of concrete Privacy-ABC implementations are abstracted away through the definition of formats that can convey information independently from the mechanism-specific cryptographic data. It also defines all technology-agnostic components and corresponding APIs a system needs to implement in order to perform the corresponding operations, i.e. to process an obtained issuance/presentation policy, perform the selection of applicable credentials for a given policy or to trigger the mechanism-specific generation of the cryptographic evidence.

How Privacy-ABCs can be applied in existing identity protocols and frameworks such as WS-*, SAML, OpenID, OAuth and X.509 and how Privacy-ABCs can help to alleviate some of the security, privacy and scalability issues of these protocols is also discussed.

Visit the download page or directly download the report as PDF-file.

September 20^th 2011, TITANIA HOTEL, Panepisthmiou 52 , Athens, Greece, "OURANOS" Conference  Center, on the 10th floor.

For more information click here

Date: September 5-9, 2011 Location: University of Trento/Italy

ABC4Trust jointly supports the The IFIP Summer School together with PrimeLife and other European and national projects related to privacy and IT security. Please consider your participation. The preliminary agenda as of today can be found below. For details, updates and registration please visit the website of the IFIP Summer School 2011.

Call for Participation IFIP Summer School 2011

Seventh International Summer School organised jointly by the IFIP Working Group 9.2, 9.6/11.7, 11.4, 11.6

IFIP Summer School 2011

to be held at the University of Trento, Italy,
on 5-9 September 2011 in cooperation with the EU funded projects:
PrimeLife, ABC4Trust, Endorse, NESSOS, TAS3,  the Norwegian e-Me, PETweb II
and Swedish U-PrIM (in cooperation with HumanIT) projects

Summer School Website: http://disi.unitn.it/security/ifip-summerschool2011/index.html

Early Bird registration until 20th August 2011
 

 
Invited keynotes include:

Di Nicola Andrea, University of Trento, Italy
Allessandro Armando, FBK, Italy
David Chadwick, University of Kent, UK
Jean-Pierre Seifert, TU Berlin, Germany
Peter Gullberg, Gemalto, Sweden
Marit Hansen, ULD / Vice Data Protection Commissioner, Germany
Riitta Hellman, Karde AS / Norwegian Computing Center, Norway
Eleni Kosta, KU Keuven, Belgium
Gregory Neven, IBM Research Zurich, Switzerland
Charles Raab, Edinburgh University, UK
Sarah Spiekerman, University of Vienna, Austria
 

[Edit: Due to recent changes in the agenda and possible further changes please view the latest version of the agenda directly at the Summer School's website. Thank you.]

Date: September 5-9, 2011 Location: University of Trento/Italy

Excerpt from the Call for Papers:
Internet applications, such as Web 2.0 applications and cloud computing, increasingly pose privacy dilemmas. When they communicate over the Internet, individuals leave trails of personal data which may be stored for many years to come. These developments raise substantial new challenges for personal privacy at the technical, social, ethical, regulatory, and legal levels: How can privacy be protected in emerging Internet applications such as collaborative scenarios and virtual communities? What frameworks and tools could be used to gain, regain and maintain informational self-determination and lifelong privacy?

These questions will be addressed by this year's IFIP Summer School on Privacy and Identity Management for Emerging Internet Applications throughout a person's lifetime. After the success of the 2009 and 2010 PrimeLife/IFIP Summer Schools, IFIP (International Federation for Information Processing), Working Groups 9.2, 9.6/11.7 11.4, 11.6 will in cooperation with the PrimeLife project consortium and the projects ABC4Trust, Endorse, NESSOS, PETweb II, U-PrIm  jointly hold a multidisciplinary summer school. A special focus of the 2011 IFIP Summer School will be on application scenarios and use cases to assess the extent to which the PrimeLife project outcomes and other research results can be practically applied.

For previous Summer Schools see: http://www.cs.kau.se/IFIP-summerschool

Date: June 10th, 2011, from 10:00 to 16:30

Location: IBM Research Zurich, Säumerstrasse 4, 8803 Rüschlikon, Switzerland

Cost: no registration fee

Joint dinner: June 9th, 2011, 19:00 Restaurant Moosegg, Säumerstrasse 31, 8803 Rüschlikon

Trustworthy, yet privacy-preserving authentication is necessary to enable long-term and lifelong privacy for users. Attribute-based credentials offer a solution allowing strong authentication while the user may remain anonymous towards the relying party and without the identity provider learning to know about the websites visited or services deployed by a user. The technology to deploy attribute-based credentials is available with IBM’s Identity Mixer and Microsoft’s U-Prove. The EC-funded project ABC4Trust now takes up the heritage of the PRIME and PrimeLife projects and will deploy systems using attribute-based credentials in actual production pilots and deliver open reference implementations.

PrimeLife and ABC4Trust organize a joint tutorial explaining the basics of the technology, its potential spheres of application for privacy-enhancing technologies and some building blocks of the underlying cryptography. The tutorial will be held in Rüschlikon (near Zurich) on Friday June 10, 2011 and hosted by IBM Research Zurich.

Tutorials will be given by expert researchers from Microsoft and IBM, presenting a common view on Privacy-ABC technologies that encompasses both the U-Prove and Identity Mixer technologies.

09:30 Welcome coffee in the IBM Cafeteria

10:00 start of Session 1

General introduction to privacy-enhanced attribute-based credentials (Privacy-ABCs)

• Comparison to traditional public-key credentials
• High-level concepts and features
• Cryptographic building blocks (high-level overview)

Download Slides

Session 2

Integrating Privacy-ABCs in identity management architectures and policy languages

Download Slides

13:00 Lunch in the IBM Cafeteria

14:00 Session 3

Real-life application scenarios & demos

Download Slides

Download Slides

Session 4

Questions and discussions

16:30 End of the tutorial

PrimeLife is pleased to invite participants arriving on Thursday evening for a dinner. Attendees of the PrimeLife Summit Event and the SEC2011 may conveniently join the meeting by extending their stay in Switzerland and commute via train from Lucerne to Zurich.
Hotel rooms have been reserved in Rüschlikon for booking until the May 20th.

For questions, registration and accommodation information please contact: This email address is being protected from spambots. You need JavaScript enabled to view it.

Updates and further information: http://www.primelife.eu/events/workshops

Update: Agenda as PDF