Boosting privacy online - anonymous credentials in the browser

Author(s) and publish date

By:
Published:
Skip to 4 comments

Identity matters! In everyday life we present different "faces" to different people according to the social context, e.g. family, personal, and professional. Our online life is the same, and our privacy depends on keeping these different faces compartmentalized. To support this, we need ways to restrict access to services. As an example, a social website used by college students could be restricted to fellow students and off limits to everyone else including college staff and past students. You certainly don't want potential employers sifting through the site and rejecting your job application on the grounds of some loose talk or revealing party photo!

A powerful way to implement this is with anonymous credentials. Imagine the student union providing electronic credentials to all students that asserts that you are a current student at that college/university. This is an electronic equivalent of a student ID card. When you go online to the social website operated by the student union, you are asked to prove you are a current student, but not for your actual identity.

I have been working with Patrik Bischel (IBM Zurich Labs) on an implementation of this approach based upon a Firefox extension and the open source idemix (identity mixer) library. The extension recognizes policy references in web page markup and asks the user for a PIN or pass phrase to unlock her credentials and construct a zero knowledge proof which is then sent to the website for verification. The browser extension is written in JavaScript and uses LiveConnect to communicate with the Java idemix library. The webserver is Apache2 and proof verification is implemented as a Java servlet on a backend Tomcat server.

This has been done with support from the EU PrimeLife project, and we hope to be able to make the extension and servlet widely available in the near future. Further work is needed on tools for simplifying the creation of credentials and proof specifications, and there are opportunities for integrating biometric techniques as alternatives to typing a PIN or pass phrase. One possibility would be for the browser to confirm your identity by taking a photo of your face with the camera built into phones and notebook computers. Another would be to ask you to repeat aloud a few randomly chosen digits and use the built in microphone for voice authentication. We've also discussed the role of physical tokens such as smart cards, and USB sticks for credential stores, but this is hindered by a lack of platform independent ways to access these from browser extensions.

As Dave Birch is fond of saying, there is no privacy without security. Anonymous credentials provide a powerful new way to boost privacy on the Web, and it is time to turn them from a laboratory curiosity into widely deployed solutions. I look forward to working on incorporating them in W3C's suite of standards for Web platforms.

Related RSS feed

Comments (4)

Comments for this post are closed.