Boosting privacy online - anonymous credentials in the browser
Identity matters! In everyday life we present different "faces" to different people according to the social context, e.g. family, personal, and professional. Our online life is the same, and our privacy depends on keeping these different faces compartmentalized. To support this, we need ways to restrict access to services. As an example, a social website used by college students could be restricted to fellow students and off limits to everyone else including college staff and past students. You certainly don't want potential employers sifting through the site and rejecting your job application on the grounds of some loose talk or revealing party photo!
A powerful way to implement this is with anonymous credentials. Imagine the student union providing electronic credentials to all students that asserts that you are a current student at that college/university. This is an electronic equivalent of a student ID card. When you go online to the social website operated by the student union, you are asked to prove you are a current student, but not for your actual identity.
I have been working with Patrik Bischel (IBM Zurich Labs) on an implementation of this approach based upon a Firefox extension and the open source idemix (identity mixer) library. The extension recognizes policy references in web page markup and asks the user for a PIN or pass phrase to unlock her credentials and construct a zero knowledge proof which is then sent to the website for verification. The browser extension is written in JavaScript and uses LiveConnect to communicate with the Java idemix library. The webserver is Apache2 and proof verification is implemented as a Java servlet on a backend Tomcat server.
This has been done with support from the EU PrimeLife project, and we hope to be able to make the extension and servlet widely available in the near future. Further work is needed on tools for simplifying the creation of credentials and proof specifications, and there are opportunities for integrating biometric techniques as alternatives to typing a PIN or pass phrase. One possibility would be for the browser to confirm your identity by taking a photo of your face with the camera built into phones and notebook computers. Another would be to ask you to repeat aloud a few randomly chosen digits and use the built in microphone for voice authentication. We've also discussed the role of physical tokens such as smart cards, and USB sticks for credential stores, but this is hindered by a lack of platform independent ways to access these from browser extensions.
As Dave Birch is fond of saying, there is no privacy without security. Anonymous credentials provide a powerful new way to boost privacy on the Web, and it is time to turn them from a laboratory curiosity into widely deployed solutions. I look forward to working on incorporating them in W3C's suite of standards for Web platforms.
I think this represents a real leap forward in terms of portable credentials management. However I would like to see the technology integrated into browsers.
Biometric elements need to be more automated and streamlined too. Perhaps tomorrow's touch-screen keyboards will automatically read fingerprints.
W3C is working on platform independent means to access a device's camera and microphone, and in principle this could be extended to a fingerprint scanner. Browser based authentication would keep the biometrics within the device, but biometrics aren't generally 100% repeatable. This can be improved by using multiple biometric techniques together, e.g. recording both video and audio while the user repeats aloud a few random digits presented to him/her on screen. This makes it harder to spoof, and helps with problems with lighting or sound quality, or even colds. If the biometrics don't provide a conclusive authentication, a fall back is to ask for a pass phrase. This also helps with adapting to changes in the biometrics over time.
Yes, I think that the increasing focus of W3C standards on privacy is important. Increasingly, privacy policies on websites seem to be beginning to incorporate these standards. This is also in line with the increasing focus of the law in relation to protecting the privacy of consumers. In recent times, with the introduction of the Anti-Spam legislation and the more general privacy laws in Australia there are now heavy penalties which can be imposed by the government for failing to take adequate steps to protect the privacy of consumers. For this reason, I think it is right the W3C standards reflect this increased focus on the rights of privacy which law makers seem to be taking.
I have been studying the concepts behind anonymous credentials which were originally conceived by David Chaum in 1985. The work by IBM Research is exemplary in embodying these concepts. However regarding the use of biometics I feel that they are too invasive and open an area for theft. A one way hash of a biometric would be better.