MCH2022 Curated content
IRMA and Verifiable Credentials
Nowadays, when a user wants to authenticate mostly centralized systems, such as DigiD in the Netherlands, are utilized. Extreme events can impact the reliability of such systems. Decentralized, and more privacy-preserving systems, such as [IRMA](https://irma.app/) can help to build more reliable authentication infrastructures. With IRMA, a user can store signed attributes, such as their full name or address, within the IRMA mobile app. Subsequently, the user can disclose a subset of her attributes to parties during an authentication session. The [Verifiable Credentials (VC)](https://www.w3.org/TR/vc-data-model/) standard helps to make such systems interoperable, that is, users can use attributes across different credential systems. With a proof of concept, we show how to make IRMA VC-compliant.
During extreme events, such as power outages or big floods, centralized systems are especially vulnerable as their availability can be impacted. This could result in that the whole system is unusable. Therefore, it is beneficial to develop decentralized infrastructures, as one is not dependent on centralized components.
Digital authentication nowadays is mostly done via centralized systems, such as DigiD, the authentication system of governmental services in the Netherlands. Every authentication session goes through a central authority, which makes the system centralized. Additionally, from a privacy-perspective, an issue is that such a system can keep track on which sites users authenticate. To achieve more system reliability and more user privacy, it is desirable to develop authentication systems that are working in a more decentralized manner.
One existing solution to this challenge is [IRMA](https://irma.app/). IRMA stands for I Reveal My Attributes and is developed by the Dutch non-profit organization [Privacy By Design](https://privacybydesign.foundation/). A central element of IRMA is a mobile app, which the foundation promotes as a digital passport on your own mobile device. Users can collect signed attributes, a set of attributes is called a credential, from authoritative parties. An attribute is for instance, your Dutch BSN, full name, or email address. IRMA protects the privacy of individuals by letting the individuals decide which attributes they want to disclose to whom, and by implementing advanced cryptography, including zero-knowledge proof techniques. Consequently, the receiving party can validate the authenticity of the disclosed credentials without the need to contact the party that issued the credentials.
[Verifiable Credentials (VC)](https://www.w3.org/TR/vc-data-model/) is a standard developed by the W3C. It provides a data model and a syntax aiming to make credential systems interoperable, for instance, it can enable users to disclose credentials issued by one system to another system.
Currently, IRMA can only be used within the IRMA ecosystem, that is, among servers and mobile apps that use the IRMA attributes. However, it would be desirable that people are able to use such advanced technologies and authentic attributes on the entire web across different systems. This avoids that people need different apps to be used, that could contain the same attributes, with different systems. Our research shows that it is possible to make IRMA VC-compliant via a proof of concept. Subsequently, through VCs, IRMA attributes are available for servers and apps outside the IRMA ecosystem. Similarly, other credentials can become universally verifiable.
As decentralized systems become increasingly more available, governments and other organizations can utilize reliable and privacy protecting authentication widely. This benefits everyone – even and especially during extreme events.
Additional information
| Type | Short Talk |
|---|---|
| Language | English |
More sessions
| 7/22/22 |
⚠️ Warning! This talk may contain hackers. There may be hackers in the room. There may be hackers surrounding the room. There may be hackers recording this. There may be hackers listening in. There may be hackers that exfiltrate data. There may be hackers wearing shirts. There may be hackers carrying spying devices. OH NO! There are hackers EVERYWHERE! What can we do now, except having a party?
|
| 7/22/22 |
What do big tech, synthesizers, the crucifixion and Matthäus Passion have in common? Find the answer in the tech performance The Silicon Passion. We’ve all embraced big tech —but is it a warm hug or a strangulation? Bear witness to a debate of biblical proportions between tech nerds, technology and its users. In The Silicon Passion SETUP, in collaboration with de Transmissie (David Schwarz en Derk Stenvers) and Rodrigo Ferreira, is looking for a way out of the pit that technology has ...
|
| 7/22/22 |
Lightning talks are a 5 to 10 minute quick talk on an interesting subject. They can be with or without slides, and with or without proper preparation. if you weren't accepted in the main CfP, this is also a great opportunity to give an abridged version of your talk. These sessions will be available to sign up to later on, with details on the wiki: https://wiki.mch2022.org/Static:Lightning_Talks
|
| 7/22/22 |
In this workshop, we will learn how to assemble tiny parts on circuit boards by building an electronic touch-activated purring kitten. Anyone can do it. Yes, even you who never touched anything electronic before. Takes 120mins, 20€/kit, avoid caffeine immediately before. Max 10 participants per session, sign up on PAPER at the Hardware Hacking Area.
|
| 7/22/22 |
This is a submission for a keynote talk at MCH2022. The Internet is both a familiar, comfortable place as well as a bottomless rabbit hole you can lose yourself in. The Internet has always been like this from its inception, the difference now is the scale and consequences are almost immeasurable - and it tests the limits of human imagination. When you look into the mirror of the Internet what you see reflected back depends on what you are looking for. It has become largely a reflection of ...
|
| 7/22/22 |
Have you ever forgotten a passphrase or lost a hardware token? Lost access to enough Bitcoin to buy a pizza or two? Encryption is fundamental to securing our liberties, but key and password management remain difficult even for professionals, let alone the general public. This talk presents Passcrow, an Open Source project attempting to address one of crypto's largest usability issues: password and key recovery in a decentralized environment.
|
| 7/22/22 |
Thanks to DNSSEC and DANE, it is possible to automatically verify user@domain.name identities by checking with domain.name servers. The real problem however, is integration with existing protocols, instead of inventing something completely new and perhaps web-only. The purpose of our work on Realm Crossover mechanisms has been to design generic solutions that extend many different application protocols, without changing their protocol specs.
|
