Secure Cloud Identity Wallet

CREDENTIAL – seCuRE clouD idENTIty wALlet – was an innovation action funded under the European Union’s Horizon 2020 research and innovation programme. The project brought together eleven partners from six member countries of the EU, and had a duration of 36 months. In a nutshell, the main goal of CREDENTIAL was to leverage existing and develop new cryptographic tools and techniques to develop a privacy-preserving, cloud-based, and end-to-end secure platform for identity provisioning and data sharing.

CREDENTIAL developed a software stack that allows users to store all their potentially sensitive identity data in a central cloud environment referred to as the “CREDENTIAL Wallet” (or just “Wallet”). It offers functionality similar to existing identity providers, with the main difference that it does not learn the identity information of user while it is still able to give very high formal authenticity guarantees to service providers (aka relying parties) requesting data upon user authentication. Furthermore, the Wallet can be used to store arbitrary data in an encrypted form, while still offering highly usable and intuitive interfaces to share the data with data receivers. Finally, to fully put users back into control of their data, users are given the possibility to define access rights on a very fine-granular basis, i.e. users may not only grant access on a file level, but can also define who is allowed to access which parts of a document, while – in the case of signed documents – still ensuring the data receiver that the received document parts have not been maliciously modified by the user.

To achieve these goals, CREDENTIAL is specifically aimed at the following objectives.
• Adaption and improvement of cryptographic methods to securely store and share identity data
• Protection of access to identity data with strong authentication mechanisms
• Development of a user-friendly and portable system for identity data access and management
• Creation of enabling technologies for service providers and data consumers
• Transfer of the project results into market-ready technologies and standards

The CREDENTIAL Wallet was showcased in pilots from the high-security domains eGovernment, eHealth, and eBusiness. All three pilots - using the entire Wallet or single components thereof - proved the technical feasibility and practical efficiency of the CREDENTIAL Wallet. Furthermore, using the feedback received from the pilot testers and based on usability and HCI expertise within the project consortium, it was further demonstrated that high usability and strong security and privacy guarantees can be achieved simultaneously and do not necessary have to be antagonists if planned from the very beginning even in a complex system.

The technical work in the project can be divided into three tracks, which we briefly summarize in the following. Track I was focusing on collecting requirements and identifying gaps in existing technologies; Track II focused on closing these gaps, and designing, implementing, and demonstrating a user-friendly, highly secure, and privacy-preserving architecture for identity management and data sharing; finally, Track III focused on dissemination and exploitation of the project findings.

Track I – Use Case Definition, Requirements Elicitation, and Gap Analysis
In a first step, we identified a total of 15 potential storyboards for the three piloting domains, i.e. where a storyboard describes a high-level functionality that the CREDENTIAL Wallet offers to a user. Those storyboards were then iteratively refined to business and logical use cases. A subset of these use cases was then refined in detail for inclusion in the piloting phase of the project. Furthermore, a functional, legal, organizational, technical, usability, privacy and security requirements to the envisioned software components have been defined. Finally, a profound assessment of existing technologies has been performed in the domains of privacy-enhancing technologies, authentication to the cloud, identity protocols, and pilot-specific technologies. Based on this assessment, concrete primitives and protocols have been suggested and recommended for further research and usage in CREDENTIAL.

Track II – Research, Development, Implementation, and Demonstration
On the one hand, this track performed research on how to close the gaps related to cryptographic and security-related technologies.
On the other hand, a detailed architecture for the CREDENTIAL Wallet was defined. Besides the server-side components, this also included the UI design for the client side (an Android mobile application). This architecture was realized in an iterative process. In order to guarantee that all requirements defined in Track I are actually satisfied, a privacy-impact assessment for the CREDENTIAL Wallet has been carried out, and the code has been tested by professional penetration testers to also guarantee security in the implementation level.
In parallel to the development of the CREDENTIAL Wallet, the pilot partners started the integration of the Wallet into existing platforms and applications, in order to demonstrate the real-world usability of our results in the domains of eGovernment, eHealth, and eBusiness. The realized scenarios were then successfully tested with external users.

Track III – Communication, Dissemination, and Exploitation
CREDENTIAL has already performed significant work in order to disseminate and exploit the project’s results:
• more than 20 academic and non-academic technical articles were released, and numerous project-related presentations were held;
• relevant academic and industry events were attended;
• multiple (sessions at) conferences have been (co-)organized;
• liaisons with relevant research and standardization initiatives have been established;
• a new ISO/IEC standardization project on redactable signatures, one of the core cryptographic components used within CREDENTIAL, has been initiated;
• the website and social media accounts were actively used, and several technical and non-technical videos explaining the project ambition and pilots were made available;
• a patent on CREDENTIAL results has been granted;
• detailed exploitation and business plans per partner and for the entire consortium have been defined.

In the following we briefly summarize the main scientific and research findings obtained within CREDENTIAL so far.
Significant progress was made regarding the adoption and improvements of CREDENTIAL's core cryptographic primitives, in particular concerning the combination of redactable signatures and proxy re-encryption which was necessary to allow for the privacy-preserving and selective cloud-based sharing of authentic (i.e. signed) data between data owners and receivers. Combined with the overall approach of CREDENTIAL, these findings will in particular become relevant to achieve the goal of data minimization. Also, research regarding the long-term security of proxy re-encryption schemes has led to the first forward-secure such scheme in the literature, which again will contribute to reducing the trust that has to be put into cloud services. Furthermore, we have analysed various existing identity protocols including, e.g. SAML or OpenID Connect which could be extended to support proxy re-encryption. To maximally secure the users’ authentication to the cloud, the consortium focused on, and analysed, wide-spread technologies like FIDO.