A secure channel for attribute-based credentials

Gergely Alpár, Jaap-Henk Hoepman
2013 Proceedings of the 2013 ACM workshop on Digital identity management - DIM '13  
Attribute-based credentials (ABCs) are building blocks for user-centric identity management. They enable the disclosure of a minimum amount of information about their owner to a verifier, typically a service provider, to authorise the credential owner for some service, application, or resource. By directly applying attribute-disclosure protocols, the data is revealed not only to the verifier, but anyone who has access to the communication channel. Moreover, as verifiers are not intrinsically
more » ... henticated, one can accidentally reveal attributes to the wrong party. Therefore, a secure channel has to be established between the prover and the verifier. Although efficient ABC smart-card implementations exist, not always can they perform all prover features. An equality proof, for instance, is essential in creating pseudonyms that enable temporary identification and eventually establishing a channel. Without this feature, other techniques have to be developed. In this paper we apply a more general notion of authentication that does not require card identification or pseudonyms. Based on this concept, we propose a security model that includes mutual authentication and setting up a channel between a card and a verifier. We present two efficient and provably secure protocols under standard assumptions in the random oracle model.
doi:10.1145/2517881.2517884 dblp:conf/dim/AlparH13 fatcat:d64hv4lc3ze5vawworkw5wh55u