TY - GEN
T1 - Anonymous credentials on a standard Java card
AU - Bichsel, Patrik
AU - Camenisch, Jan
AU - Groß, Thomas
AU - Shoup, Victor
PY - 2009
Y1 - 2009
N2 - Secure identity tokens such as Electronic Identity (eID) cards are emerging everywhere. At the same time user-centric identity management gains acceptance. Anonymous credential schemes are the optimal realization of user-centricity. However, on inexpensive hardware platforms, typically used for eID cards, these schemes could not be made to meet the necessary requirements such as future-proof key lengths and transaction times on the order of 10 seconds. The reasons for this is the need for the hardware platform to be standardized and certified. Therefore an implementation is only possible as a Java Card applet. This results in severe restrictions: little memory (transient and persistent), an 8-bit CPU, and access to hardware acceleration for cryptographic operations only by defined interfaces such as RSA encryption operations. Still, we present the first practical implementation of an anonymous credential system on a Java Card 2.2.1. We achieve transaction times that are orders of magnitudes faster than those of any prior attempt, while raising the bar in terms of key length and trust model. Our system is the first one to act completely autonomously on card and to maintain its properties in the face of an untrusted terminal. In addition, we provide a formal system specification and share our solution strategies and experiences gained and with the Java Card.
AB - Secure identity tokens such as Electronic Identity (eID) cards are emerging everywhere. At the same time user-centric identity management gains acceptance. Anonymous credential schemes are the optimal realization of user-centricity. However, on inexpensive hardware platforms, typically used for eID cards, these schemes could not be made to meet the necessary requirements such as future-proof key lengths and transaction times on the order of 10 seconds. The reasons for this is the need for the hardware platform to be standardized and certified. Therefore an implementation is only possible as a Java Card applet. This results in severe restrictions: little memory (transient and persistent), an 8-bit CPU, and access to hardware acceleration for cryptographic operations only by defined interfaces such as RSA encryption operations. Still, we present the first practical implementation of an anonymous credential system on a Java Card 2.2.1. We achieve transaction times that are orders of magnitudes faster than those of any prior attempt, while raising the bar in terms of key length and trust model. Our system is the first one to act completely autonomously on card and to maintain its properties in the face of an untrusted terminal. In addition, we provide a formal system specification and share our solution strategies and experiences gained and with the Java Card.
KW - Anonymous credential systems
KW - Java card
KW - Privacy-enhancing systems
KW - Smart card
UR - http://www.scopus.com/inward/record.url?scp=74049125197&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=74049125197&partnerID=8YFLogxK
U2 - 10.1145/1653662.1653734
DO - 10.1145/1653662.1653734
M3 - Conference contribution
AN - SCOPUS:74049125197
SN - 9781605583525
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 600
EP - 610
BT - CCS'09 - Proceedings of the 16th ACM Conference on Computer and Communications Security
T2 - 16th ACM Conference on Computer and Communications Security, CCS'09
Y2 - 9 November 2009 through 13 November 2009
ER -