19th International Conference on Applied Cryptography and Network Security
| 21-24 June 2021
Hasso Plattner Institute, University of Potsdam, Germany
Privacy-enhancing authentication allows users or devices to authenticate in a pseudonymous und unlinkable manner, revealing only the information that is necessary for each particular purpose. Cryptographic solutions, such as group signatures or (keyed-verification) anonymous credentials exist since more than 20 years now. In this talk, I will give an overview of the different approaches and concepts, their progress in academic research, applications and open challenges, as well as reflect on the status of adoption more than two decades after their invention.
Biography: Anja Lehmann is a Professor at the Hasso-Plattner-Institute, University of Potsdam where she leads the Cybersecurity and Identity Management group. Anja works on the development and analysis of cryptographic protocols with provable security guarantees. Current focus areas are secure and user-friendly identity management, password-based protocols that withstand offline attacks in case of server breaches, as well as privacy-preserving technologies that securely implement the desired functionality in a data-minimizing and privacy-respecting manner. Before joining HPI in 2020, she was a researcher in the Cryptography & Privacy group at IBM Research – Zurich. Anja holds a PhD in computer science from Darmstadt University of Technology in Germany.
OpenID Foundation, Japan
The global pandemic forced many of us to migrate to the cyber-continent at unprecedented speed. In that space, our digital identities become our cornerstones for interacting with each other, and we need to keep these safe and secure.
Biography: Nat Sakimura is a well-known identity and privacy standardization architect at NAT Consulting and the Chairman of the Board of the OpenID Foundation and MyData Japan. Besides being an author/editor of such widely used standards as OpenID Connect, JWT (RFC7519), JWS (RFC7515), OAuth PKCE (RFC7636) ISO/IEC 29100 Privacy Framework Amd.1, and ISO/IEC 29184 Online privacy notice and consent, he helps communities to organize themselves to realize the ideas around identity and privacy.
I will describe how payment fraud has evolved over the past 35 years and the role played by cryptography in this process. The 1980s saw industrial-scale forgery of credit cards, which led to the introduction of cryptographic checksums in the early 1990s; the same period brought some large episodes of ATM card cloning which taught us a lot about how cryptosystems fail. The dotcom boom brought us SSL, and with it more opportunities for card-not-present fraud. The introduction of chip cards using the Europay-MasterCard-Visa (EMV) standard opened up some fascinating high-tech attacks on EMV protocols and even on hardware security modules, but its main effects were to boost mag-strip fraud in the short term and card-not-present fraud in the longer term. In an analogy we used at the time, it was as if a bulldozer had been driven across the landscape, causing the rivers of crime to flow in different channels. I will finish up by discussing the latest attacks on authentication, including SIM swapping.
Biography: Ross Anderson is Professor of Security Engineering at Cambridge University and also at Edinburgh University. He has made many contributions to applied cryptography, from cryptographic APIs and hardware tamper-resistance through applications from powerline communications to payments. He co-developed the AES finalist block cipher Serpent with Eli Biham and Lars Knudsen. He also pioneered the study of the economics of information security, and is PI of the Cambridge Cybercrime Centre, which collects and analyses data about online crime and abuse. He is a Fellow of the Royal Society and the Royal Academy of Engineering; in 2015 he won the Lovelace Medal, the UK's top award in computing.