Current authentication systems that verify user attributes either require an identity vetting process, eKnow-Your-Customer (eKYC) at the expense of user privacy, or simply prompt the user to claim that they meet the policy without providing proof. We extended the passwordless authentication standard, FIDO2, to provide a method of proving attributes without the need to disclose or store personal information on third-party servers. We explain how FIDO-AC works in this article.
Authentication and authorization are the main processes to secure user-centric digital systems. Usually implemented as loosely coupled algorithms utilizing user data (attributes) to make decisions (e.g., allow or deny), they are the frontlines of any identity and access management (IAM) system. Notably, attributes used for authentication and authorization typically are Personally Identifiable Information (PII), making the abovementioned processes a privacy concern. For example, an authorization policy allowing access only in close proximity to the office might require a precise collection of geolocation data. Similarly, the age verification policy usually requires a date of birth.
The privacy considerations highlighted above underscore the fact that privacy is often not the primary focus when designing identity and access management processes. Regrettably, the absence of the "privacy by design" principle in IAM systems leads to the creation of PII data repositories, thus increasing the risk of unauthorized data leaks. As shown in the recent instances of data breaches, such as the 2022 Optus case [1] and the 2023 Latitude hack [2], PII stores are lucrative targets for adversaries.
Notably, solutions aimed at constructing private, secure, and finely-tuned access control systems do exist. Collectively called Privacy Enhancing Technologies (PETs), they offer a range of mechanisms to safeguard private data. Unfortunately, despite the advancement of PETs, conventional IAM systems tend not to adopt privacy-enhancing technologies, thereby engendering privacy risks and potential data misuse. The 2023 OECD report "Emerging privacy-enhancing technologies" [5] states that PETs are usually not being integrated into production IAM systems due to outdated legislation, knowledge gaps, and technological difficulties. Therefore, despite extensive research into PETs, their adoption within the industry is marginal and often misaligned with commercial objectives. The result of this state of affairs is that systems either blindly trust user's input (e.g., prompts to confirm being above 18 years old) or require complete identity vetting (e.g., eKYC process).
To address these issues, we introduce the FIDO-AC system. We present a detailed proposal for this novel system, which combines the standardized passwordless authentication scheme, FIDO2 with the user's digital and non-shareable identity. FIDO-AC integrates privacy-enhancing technology to ensure that the verifying server solely gains the knowledge of its authorization policy output and no more. We achieve this feature by utilizing zero-knowledge proof (ZKP) technology [9], which makes it possible to prove a statement is true while preserving the confidentiality of secret information (PII in our case). Additionally, ZKP provides anonymity and unlinkability of the data holder, perfectly aligning with the FIDO-AC system requirements.
There are several significant challenges to be overcome in the existing approaches. The challenges arise naturally because the existing proposed anonymous credential systems have not found widespread application in practice due to the overwhelming effort required to bootstrap them. In contrast, existing credentials (such as ePassport, eID, and so on) that are already bootstrapped by the relevant credentials issuing authorities do not have a meaningful notion of unlinkability. Meanwhile, the existence of multiple formats of credentials means that the relying party server would have to separately support different credentials verification procedures. Moreover, we would like the attributes of the user to be non-shareable which means that an additional liveliness test is needed.
The second type of challenge concerns the integration and compatibility with FIDO2. Meaningful integration with FIDO2 would require the FIDO authenticator to sign the additional credentials extension data. Although the notion of extension is present in the FIDO2 standard, most FIDO2 clients do not support any extension in practice. The ad hoc method of simply attaching the credentials without the authenticator's signature on it is not a satisfactory solution.
Finally, we recognize that the introduction of privacy-enhancing technology into existing processes raises concerns about usability. As the success of any technology integration relies on how users and implementers perceive the system, we have identified the main challenges for integrating PETs with FIDO2. In particular, we have focused on addressing challenges related to easy and seamless integration, performance, and user experience.
The main objective of FIDO-AC is to provide a practical solution incorporating FIDO and attributes while maximizing the privacy of the user. To this end, we have derived numerous critical design principles which are summarised below:
1. Privacy Preserving
The unlinkability guarantee of FIDO should be preserved while the attributes of the user should not be exposed directly to the relying party server.
2. Attributes Liveliness
We enforce that the user has a non-sharing credential for the presented user attributes at the time of authentication.
3. Efficiency
Reasonable performance that is comparable to the regular FIDO2 is expected, and the system should also possess scaling capabilities.
4. Compatibility
The proposed solution should be fully compatible with the existing standardized FIDO2 protocol.
5. Pluggable Integration
Integration of the solution should be as effortless as possible and the system can be dropped into the existing system without making significant modification.
6. User-Centric Design
To ease the adoption of the system, the solution should impose minimal user friction.
We described the design of FIDO-AC with respect to the design principles in the following section while omitting technical details. Figure 1 shows the FIDO-AC system at a glance. The separable nature of the FIDO-AC extension component enables backward compatibility with the FIDO2 protocol and facilitates the pluggable integration of FIDO-AC to the existing FIDO system. Our FIDO-AC system consists of three distinct entities:
- User (Application, Authenticator, Client)
- Mediator
- Relying Party (FIDO RP Server)
In addition to the standard authenticator and client, we introduced a FIDO-AC application element that is responsible for facilitating the communication between eID and client. Furthermore, the application also computes the corresponding ZKP needed by FIDO-AC. The mediator is introduced to perform the liveliness test and attestation. Lastly, the relying party would enforce its attribute policy along with the standard FIDO authentication.
To achieve the first design principle of privacy preserving, we make use of zero-knowledge proof and randomization to transform credentials into anonymous credentials (AC) that are unlinkable. In particular, the ICAO eID (ePassport) that we used in the FIDO-AC is linkable across its static public key. The possibility of the server acting as the mediator is eliminated because of the linkability of ePassport credentials. We ensure that the mediator attests to an eID identifier that has already been randomized and the user would then prove the eID attributes satisfy the server policy.
The liveliness test by the mediator in FIDO-AC supports any electronic credentials that implement some form of a simple challenge-response protocol that asserts the knowledge of secrets. The mediator would then attest to the liveliness of the presented credentials. The user could then prove the attested credentials indeed satisfied the server policies in zero-knowledge. The eID-agnostic nature of the mediator also serves as a common interface for which different credentials could be used in the system.
To address the FIDO2 compatibility issue, we augmented the challenge used by the server to include the AC data. According to our experimental data, various major authenticators could easily handle the padded challenge with AC. This approach circumvents the not well-supported FIDO extension approach and allows the authenticator to sign the AC data along with the challenge.
As a whole, the FIDO-AC system only requires the user to additionally use the NFC function of their mobile phones to scan the eID to complete the FIDO-AC process. In the ePassport cases, some information about the ePassport needs to be entered into the application before scanning. It can be remedied by employing computer vision to quickly parse the necessary data from the ePassport, thus eliminating tedious manual entry by the user. Moreover, the input phase is only one-time, and the data could be cached and locked behind the enrolled user biometrics.
We proved FIDO-AC preserves the unlinkability and security guarantee of FIDO2 in the extended FIDO2 formal model based on Barbosa et al. [3] and Hanzlik et al. [4] that incorporate the notion of attribute and its privacy. In particular, we showed that FIDO-AC achieves attribute privacy because of the zero-knowledge proof. The server origin privacy is achieved due to the absence of server information in the request processed by the mediator. Attribute unforgeability depends on the security of the eID used for the attributes. The formal model, the proof of security and privacy, and detailed technical FIDO-AC design descriptions can be found in the FIDO-AC paper [6].
We have implemented an end-to-end demonstration of FIDO-AC scheme and the implementation can be found along with a demo video [8] in the online repository [7]. The implementation is comprised of three components:
- A user-facing mobile application that communicates with the eID and the FIDO authentication mechanism.
- A local mediator that verifies the presence of a live eID.
- An AC-verification program that verifies the ZKP and mediator signature.
We tested the FIDO-AC implementation using a Google Pixel 6 Pro Android device and a standard D4s v3 Microsoft Azure cloud instance with 4 vcpus and 16 GB memory. We would like to emphasise that our implementation is not fully optimized and further optimization efforts may help to improve the running time. Table 1 summarised the performance result. Reading the eID for attribute information takes about one second. The reading could be performed offline and cached in storage to reduce the runtime of the online authentication phase. In contrast, performing the liveliness check with the eID takes less than a second and it is the only part where the strategies of preprocessing or caching cannot be applied. Proving predicates over attributes in zero-knowledge takes a couple of seconds. Fortunately, it can be preprocessed for the usual pools of potential predicates that the server is interested in. On the other hand, the verification of the additional AC component introduced by FIDO-AC is very fast and only takes about <10 ms.
From all the above points, it can be seen that FIDO-AC is efficient in practice. By employing offline preprocessing and caching on the user device, the online phase of the FIDO-AC for the user side could be completed within seconds while incurring a very small computational overhead of about 10 ms for the server.
| Operation | Platform | Time (ms) |
|---|---|---|
| eID Reading | Mobile | 1059.40 |
| Livelieness Check | Mobile | 740.92 |
| ZK Verification | PC | 8.19 |
| ZK Prove | Mobile | 3375.61 |
Attributes verification should neither compromise the user's privacy nor should it be content with the user's assertion without any accompanying proof. We designed FIDO-AC which provides a streamlined process for combining user authentication with attribute verification. FIDO-AC scheme preserves the security and unlinkability guarantees of FIDO while simultaneously allowing the user to disclose attributes selectively. We showed the practicality of the proposed scheme with our implementation and its performance evaluation. We believe that FIDO-AC will contribute towards data minimization and thus mitigate the severity of future data leaks.
