USING eID PSEUDONYMITY AND ANONYMITY FOR ...

5 downloads 11 Views 1017KB Size Report
our daily life, furthermore "Today's online users have high expectations for the Internet and its impact on our lives ... The web service provider must obtain an authorization certificate for accessing specific .... Computer Science, pages 93–118.

USING eID PSEUDONYMITY AND ANONYMITY FOR STRENGTHENING USER FREEDOM IN INTERNET Blerim Rexha, Ehat Qerimi, Vehbi Neziri and Ramadan Dervishi1

Abstract When the Internet was designed in early 70s it main goal was to establish communication between two parties. Few decades later a saying “on the Internet, nobody knows you’re a dog” was coined, representing the fundamental user right - freedom of choosing his identity in the Internet. The recent rapid growth of electronic and mobile services over Internet required strong user authentication mechanisms, where user identity was derived from his personal and biometric data. For some contemporary Internet applications this strong authentication is not desirable in society since it reduces the user freedom to express his opinion without a fear for unjust negative consequences. This paper presents an efficient solution using national biometric identity cards (eID) for conducting anonymous transactions over Internet, where by user identity is substituted by his pseudonym stored in eID biometric contact less card. The testing environment consists of two applications: (i) commenting the article in e-News, and (ii) casting a vote in a electronic election system. Paper concludes with the list strengthens and limitations of proposed solution.

1. Introduction The roots of today’s Internet goes back to early ’70 of last century, based on research published by Leonard Kleinrock at Massachusetts Institute of Technology (MIT) about packet switching techniques. The first network had only four nodes at first test, but later on it grew to 15 nodes. The first network control protocol was born in 1972 as specified in Request for Comments #1 (RFC1). The main goal of this network and todays Internet still remains achieving the communication between the parties connected to network [1]. According to Internet World Stats Internet usage growths for period 2000-2014 was 741% and Internet penetration in World level is about 42% [2]. With this high usage of Internet, as main communication platform of a modern user, two issues raised up: (i) user identification and authentication, and (ii) user security and privacy. User identification and authentication is mainly a feature required by web service providers in order to provide more personalized content to its users. Hypertext Transfer Protocol (HTTP), as defined in [3], [4] is a stateless application protocol for distributed and collaborative information systems. User identification is usually implemented using HTTP cookies, as proposed by [5]. But there are many cases where user identification is not desired, his security and privacy more required features. To achieve the user security and privacy on Internet the Secure Socket Layer (SSL) was coined, as specified in [6]. But all these techniques are not enough satisfactory for modern user, where the privacy is becoming the main concern. The standard authentication procedures are based on: (i) something you know, (ii) something you have, and (iii) something you are, as described in [7], are well established but there are cases, where 1

University of Prishtina, Faculty of Electrical and Computer Engineering Kodra e Diellit p.n. 10000 - Prishtina, Kosovo

user identity should not be revealed, i.e. user privacy should not be violated. Many authors have given different definitions for user privacy, such as “freedom from unauthorized intrusion” [8] or “Information privacy is the claim of individuals, groups, or institutions to determine for themselves when, how and to what extent information about them is communicated to others” from Columbia University professor Alan Westin in his work “Privacy and Freedom” [9]. A survey conducted by Internet Society revealed the user behavior and Internet’s heavy impact in our daily life, furthermore "Today’s online users have high expectations for the Internet and its impact on our lives and society, while also expressing concerns over censorship and excessive governmental controls” [10]. Therefore many governments have realized this fundamental user concern and are approaching toward this issue by creating different mechanism for anonymous user (citizen) authentication. German national ID card (eID) is an example where user privacy is in the first place. The web service provider must obtain an authorization certificate for accessing specific data stored in ID card. The authentication process requires a user’s secret PIN and his consent for accessing specific data groups. Furthermore German eID supports diversified pseudonym for every web service provider [11].

1.1. SSL is not good enough In general security in computer networks can be applied in three levels, as presented in Figure 1 [12]. In cases where point-to-point security is needed the application layer security is used, whereas the SSL is a transport protocol intended to provide security for any network client/server application. Internet Protocol (IP) security is usually part of the operating system (OS) and is intended to provide security from node to node, for the whole network traffic.

Figure 1: Network security levels [12] SSL was built for web application early on, and its primary use remains securing web transaction from client to server. But user sensitive data (personal, biometric or financial) are revealed at server side, i.e. stored as clear text. Because of these sensitive data, many online merchants are becoming

more and more attractive for cyber-attacks. The witnessed attacks on different important organizations and online business including banking, shopping, university admissions, and various governmental activities, have been addressed in [13], where it is stated that today’s networks are facing two forms of trust erosion: (i) decline in customer confidence in the integrity of products, and (ii) mounting evidence that malicious actors are defeating trust mechanisms and user privacy, thus calling into question the effectiveness of network and application assurance, authentication, and authorization architectures.

1.2. Challenges using pseudonymity and anonymity There is a global tendency of newspapers, as well as other content providers, to move its content online, many of them are now available only online thus abandoning the paper format and many other provide partially their content online. But all of them allow user (reader) comments on web published articles. To make a comment usually a reader must first register to e-News with his chosen nick (user) name – i.e. pseudonym or using credentials from trusted third part, such as Facebook. In general these comments tend to increase the quality of the article but there are also cases where in such comments are public offenses either to author or to hosting e-News web service provider. Similar case was registered at the European Court of Human Rights, in October 2013, Delfi AS vs. Estonia, where the Estonian news website Delfi was liable for insulting comments by readers in an article. The court concluded that the company Delfi AS "should have expected offensive posts, and exercised an extra degree of caution so as to avoid being held liable for damage to an individual’s reputation" and its standard procedure, i.e. notice and take down comments moderation system was "insufficient for preventing harm being cause to third parties" [14].

2. Assuring pseudonymity and anonymity using national ID card The Ministry of Internal Affairs of Government of Kosovo has issued first biometric national ID cards in December 2013 [15]. The Kosovo national ID card host three applications, as presented in Figure 2 and it uses SLE 78CLX1280P 16 bit crypto processor from Infineon. It has 128 kByte EEPROM and supports RSA 4096 key bit length, ECC up to 521 bit and 3DES and AES up to 256 bit length and the communication with outside world is done using the Near Field Communication (NFC) protocol [16].

Figure 2: Kosovo biometric ID card and hosted apps

The national ID card middleware communicates using the Public Key Cryptographic Standard (PKCS) #11 and Crypto Service Provider (CSP) with cryptographic interested apps. The web authentication with biometric ID card is done using X.509 certificates in two forms: (i) identity certificate or (ii) anonym certificate, whereby the corresponding private key never leaves the card [17]. The user certificates are presented in Figure 3, whereby one can notice that for online authentication useful are the [IDENT] and [PSEUDO] certificates.

Figure 3: User certificates in Mozilla store The [IDENT] certificates holds the real attributes of citizen as well as the 2048 bit public key. The [PSEUDO] certificate as any X.509 certificate and holder’s subject is a pseudonym generated by following sequence [17]: ::= [] (1) A sample pseudonym identifier would look like this: PNKS000005FCB13AB120EC5B6C6EB2456727BA9C2C0B54AC3B6

(2)

This pseudonym identifier provides no traceability of the card holder’s real identity to the web service provider.

3. Using [PSEUDO] certificate In this paper is proposed an efficient solution for assuring the user privacy, i.e. his anonymity through usage of his anonym identity, [PSEUDO] certificate, stored in citizen’s national ID card. Access to its corresponding private key is PIN protected. This pseudonym will be used as initial key or as root pseudonym for every service provider thus disabling the traceability among different service providers. Similar approach was proposed also by Camenisch and Lysyanskaya [18], even

though digital X.509 certificates are heavily criticized by Brands [9], for disclosing many unnecessary user details. Considering this, the new biometric Kosovo’s national ID cards in its [PSEUDO] certificate has no user data, only necessary certification authority (CA) data. To authenticate with [IDENT] and [PSEUDO] certificate and to access data inside the card, a sample demo was developed and is hosted at the university domain (eid.uni-pr.edu). The developed web application enables [PSEUDO] authentication, after successful PIN presentation, and shows all information stored in such certificate, as presented in Figure 4.

Figure 4: [PSEUDO] certificate details

3.1 Posting to a e-News Many global but also local newspapers have shifted their content online. User discussions are common places where readers make their comments about published articles in e-News. Currently, to make a post user needs to authenticate using his username or email address and his password, as presented in Figure 5. Registration is straight forward process, consisting of three text boxes without any protection from diverse botnets accessing the registration form and thus filling in automatic manner the forms. Recently, many e-News services also accept a “Facebook Login” as authentication model. “Facebook Login” uses user’s Facebook credentials to login into HTTP service using the OAuth 2.0 Authorization Framework, as described in [19]. In “Disqus”, “Facebook” and many other identification services user does not need to prove his identity!

Figure 5: Credential form in disqus.com Therefore a new registration form is proposed, this form should have at least three fields: (i) Username, (ii) Password, and (iii) Pseudonym taken from [PSEUDO] certificate. The value of pseudonym acts like primary key, in one portal shall exist only one pseudonym per user, i.e. user can not open multiple accounts with different usernames, which in reality are linked to one real person, as it is in “Disqus” and “Facebook”.

3.2 Casting a vote One of the fundaments of our modern society is the right to elect end to be elected which is exercised through a voting system. The voting could be for electing the president of the country or electing student representatives in student assembly. These procedures are mainly carried out in paper form. There are few countries that allow electronic voting and accept the outcome of such process! After casting a ballot sheet into a ballot box, it mixes with other ballot sheets in box and it becomes anonym, it is not linkable to a specific voter. Assuring trustworthiness of electronic election system and voter’s privacy are fundamental pillars of democracy. An efficient e-Voting system based on X.509 user certificates is presented in [20]. For casting a vote using [PSEUDO] certificate following approach is proposed, and presented in Figure 6: At authentication server: 1. User authenticates using [PSEUDO] certificate, 2. User presents the PIN, At voting server: 3. User calculates the hash value of hPP = SHA1(PSEUDO and PIN), using Secure Hash Algorithm 1 (SHA1) and from this point hPP is considered as derived PSEUDO for user, 4. In voting database are stored hPP and voting result

Authentication Sever (with Pseudo Certificate)

e-Voting User

Application Server for e-Voting

Figure 6: Casting a vote using [PSEUDO] certificate

4. Conclusion Using the pseudonymity and anonymity can be applied in many fields of e-Services, as listed [21], but there are selected two of them: (i) posting to an e-News and (ii) casting a vote. There are critics expressed by [9] regarding the usage of X.509 certificates and Public Key Infrastructure, nevertheless the proposed solution using [PSEUDO] X.509 certificate strengthens the fundamental citizen right, i.e. the freedom of speech, as it does not reveal his real identity. Readers of e-News should be encouraged to comment on published articles, but they should be responsible for their comments, if a court asks so, as presented in [14]. Using [PSEUDO] certificate to participate in a public debate about the published article does not need an extra registration nor using a trusted third part authentication services, its usage is transparent and happens during the page load of e-News portal. Furthermore, the constrain set: one [PSEUDO] profile per e-News, makes all readers equal in terms of their opinion’s impact to article. Casting a vote using [PSEUDO] certificate assures the voting commission that online participants are real and eligible citizens, as this certificate and eID card is issued only to national citizens. The proposed technical solution for casting a vote assures user privacy since the hash functions are one way, even the [PSEUDO] value is public but the user PIN is known only by user. Since the PIN is known only to user, he can check at any time if his casted electronic vote is in a ballot box. Furthermore the casted electronic vote can be stored in voting server as plain text as there is no possible link to [PSEUDO] or real person, thus eliminating the decryption time needed for calculating the election final results.

References [1]

James. F. Kurosse. &. Keith. W. Ross, Computer Networking - A top down approach, New York: Pearson, 2012.

[2]

Internet World Stats available at http://www.internetworldstats.com/stats.htm, accessed December 2014.

[3]

Berners-Lee, Tim. "HyperText Transfer Protocol". World Wide Web Consortium, available at http://www.w3.org/Protocols/HTTP/AsImplemented.html, accessed February 2014.

[4]

R. Fielding and J. Reschke, Hypertext Transfer Protocol (HTTP/1.1): Authentication, RFC7235, June 2014.

[5]

A. Barth., HTTP State Management Mechanism, RFC6265, April 2011.

[6]

Freier, et al., The SSL Protocol Version 3.0, RFC6101, August 2011.

[7]

Mark Stamp, Information security: principles and practice, Published by John Wiley & Sons, Inc., Hoboken, New Jersey, ISBN978-0-470-62639-9, 2011.

[8]

Simson Garfinkel & Gene Spafford. Web Security, Privacy & Commerce 2Ed. O’Reilly Inc., USA, ISBN = 0-596-00045-6, November 2001.

[9]

Stefan A Brands. Rethinking Public Key Infrastructure and Digital Certificates, Building in Privacy (Ph.D. thesis updated as book). The MIT Press, ISBN = 0-262-02491-8, 2000.

[10]

Internet Society available at https://www.internetsociety.org/news/global-internet-usersurvey-reveals-attitudes-usage-and-behavior, accessed December 2014.

[11]

W. Fumy and M. Paeschke, Eds., Handbook of eID Security. Erlangen: Publicis Publishing, 2011.

[12]

Eduardo B Fernandez. Web services security - current status and future, 2002

[13]

Cisco 2014 Annual Security Report, 2014

[14]

John Sunyer, The threat facing online comments - Financial Times, 23 May 2014

[15]

Ministry of Internal Affairs, Kosovo, available at http://www.mpbks.org/repository/docs/MIA_Bulletin,_31.12.2013.pdf , accessed December 2014

[16]

Infineon, technical details for SLE 78CLX1280P available at http://www.infineon.com/, accessed December 2014

[17]

Giesecke & Devrient GmbH, Help files and technical notes for HIGHSEC eID App Middleware, February 2014

[18]

Jan Camenisch and Anna Lysyanskaya. An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation. In Birgit Pfitzmann, editor, Advances in Cryptology - EUROCRYPT 2001, volume 2045 of Lecture Notes in Computer Science, pages 93–118. Springer, Berlin, 2001

[19]

D. Hardt, The OAuth 2.0 Authorization Framework, RFC6749, October 2012.

[20]

Blerim Rexha, Vehbi Neziri and Ramadan Dervishi. Improving authentication and transparency of e-Voting system – Kosovo case. International Journal of Computers and Communications, Volume 6, Issue 1, 2012

[21]

Niklas Auerbach. Anonymous Digital Identity in e-Government. Ph.D Dissertation, University of Zurich, 2004