Your personal identity data was worth several hundred dollars on the black market 10 years ago. Today, it’s worth pocket change. Why? Because it’s easier to steal this information than ever before.

As more pieces of our lives go online, we regularly have to authenticate ourselves for service providers, including social media tools and e-commerce sites. Today, identity authentication is realized by mirroring the paper-based processes in the electronic realm, but this often exposes an excessive amount of personal information. For example, when you show your driver’s license to prove your age, you also unintentionally share your address.

Protecting Personal Information in the Paper Age

Because electronic information is much harder to control and protect than information on paper, this praxis erodes our privacy and puts us at risk. Indeed, the flow of information in today’s electronic networks is virtually impossible to follow and assess. Thus, it is important that data is always protected and kept secret and that disclosure is minimized whenever possible.

Consider this fictional transaction: Alice, a movie buff, wants to stream the classic film “Alice in Wonderland” from BestMovies, an online movie service. Before it will stream the movie, BestMovies requires proof that Alice satisfies the necessary access control rules, i.e., that Alice has bought a subscription and is older than 12 years of age.

In the paper-based world, the clerk at BestMovies would tell Alice what proof is required, and Alice would present her BestMovies subscription card and her driver’s license or some other government-issued ID. The clerk would verify the two documents for authenticity and specifically check Alice’s birthdate. While the clerk would see all of her information, he would most likely forget shortly thereafter, assuming he views hundreds of similar documents per day. Thus, Alice’s privacy and information security is retained.

Moving Toward Digital Solutions

The same doesn’t hold true in the digital world. Like Neil Armstrong’s footprints on the lunar surface, the information will not be forgotten, but rather stored — most likely in the cloud, which is often poorly protected.

Unfortunately, this native transposition is exactly what is typically done: The identity providers issue a credential to the users containing their attributes. When authenticating with the credential, the user has no choice but to transmit the full set of credentials to the provider no matter what data is being requested. Apart from revealing more information than often necessary, users can be tracked across different service providers because of the uniqueness of their certificates. Some popular examples of such technologies that follow this approach include X.509 client certificates as well as existing government eID solutions.

The second approach requires the identity provider to be online and involved in all of its users’ authentication transactions. While the issuer can certify only those attributes that are explicitly required (which is good for privacy), there’s a privacy bottleneck in the system that can track all its users’ transactions. From a security point of view, this approach is not ideal: The identity provider needs to be highly available but also highly protected from cybercriminals, which are contradicting requirements.

Neither of these approaches is completely satisfactory from a privacy and security point of view because they both require users to reveal more information than necessary. To solve this, the team at IBM Research – Zurich developed Identity Mixer. Identity Mixer uses advanced, provably secure cryptographic algorithms to authenticate users while providing only the minimally necessary information, without revealing any collateral and unintended data, to simultaneously achieve both privacy and security.

How Identity Mixer Works

In its simplest form, Identity Mixer works similar to traditional attribute-based credentials with a few crucial differences. Each user has a single secret key but can have multiple public keys that correspond to it. In a way, this secret key is the user’s secret identity, and users can derive as many public identities from it as necessary. For example, Alice could use one identity for BestMovies and another to pay her taxes online. Each transaction gets a different public key, leaving no privacy breadcrumbs.

Alice can get an attributed certified credential such as an eID, a driver’s license or a membership card by sending one of her public keys to the issuer of the desired credential. The issuer will then sign that public key along with Alice’s attributes, which vouches for and sends the resulting credential back to Alice. Alice stores the received credential in her digital wallet, which can run on her mobile phone, computer, another preferred device or via a cloud-based wallet. This process is conceptually identical to one of the X.509 attribute certificates, except Identity Mixer uses different cryptographic algorithms.

When Alice is requested to authenticate to a service — let’s say she wants to stream “Alice in Wonderland” from BestMovies again — the service provider will send her a presentation policy stating the information needed to proceed. In the example, the presentation policy would state BestMovies requires Alice to prove that she’s older than 12 according to government-issued credentials and that she possesses a valid subscription credential from BestMovies. This is the second difference to traditional approaches, where users are typically asked to identify themselves in order for the service provider to evaluate whether the user satisfies the access control policy.

Now, having received the presentation policy, Alice’s digital wallet will offer her a choice of which credentials she can use to satisfy it, or the wallet will point out which credentials she is missing. After Alice has selected the necessary credentials, her wallet will use a cryptographic algorithm to transform her credentials into a presentation token, which she can then send to BestMovies, the verifier.

This transformation is the third and probably most important difference to the traditional approaches. The presentation token consists only of the information that Alice needs and is willing to reveal instead of the full set of attributes contained in her credentials. Thus, the presentation token would just contain the attributes “User is older than 12 according to a credential issued by the government” and “User possesses a subscription credential by BestMovies with a nonexpired validity date.” The presentation token validates with the public verification key. Then the verifier can check the validity of the token using the issuer’s verification key with the cryptographic verification algorithm and learn only the information about Alice that was specified in the presentation policy — nothing more.

Want to give Identity Mixer a spin? You only need a Web browser to test the ultimate tool for both privacy protection and security.

More Information

Identity Mixer offers many more extended features than the ones explained above, including exclusive pseudonyms, multicredential tokens and designated inspectors. Learn more about the privacy-preserving characteristics and data-minimizing strategies implemented on Identity Mixer’s website.

You can also discover some of the developments happening in the world of identity and authentication by checking out groups such as Attribute-based Credentials for Trust (ABC4Trust), both which is changing the way organizations manage authentication and access.

More from Identity & Access

CISA, NSA Issue New IAM Best Practice Guidelines

4 min read - The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) recently released a new 31-page document outlining best practices for identity and access management (IAM) administrators. As the industry increasingly moves towards cloud and hybrid computing environments, managing the complexities of digital identities can be challenging. Nonetheless, the importance of IAM cannot be overstated in today's world, where data security is more critical than ever. Meanwhile, IAM itself can be a source of vulnerability if not implemented…

4 min read

The Importance of Accessible and Inclusive Cybersecurity

4 min read - As the digital world continues to dominate our personal and work lives, it’s no surprise that cybersecurity has become critical for individuals and organizations. But society is racing toward “digital by default”, which can be a hardship for individuals unable to access digital services. People depend on these digital services for essential online services, including financial, housing, welfare, healthcare and educational services. Inclusive security ensures that such services are as widely accessible as possible and provides digital protections to users…

4 min read

What’s Going On With LastPass, and is it Safe to Use?

4 min read - When it comes to password managers, LastPass has been one of the most prominent players in the market. Since 2008, the company has focused on providing secure and convenient solutions to consumers and businesses. Or so it seemed. LastPass has been in the news recently for all the wrong reasons, with multiple reports of data breaches resulting from failed security measures. To make matters worse, many have viewed LastPass's response to these incidents as less than adequate. The company seemed…

4 min read

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

8 min read - View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

8 min read