Prime Discount
expires in
Register Now


Decentralized Enterprise

Decentralized Enterprise

Combined Session
Thursday, June 06, 2024 12:00—13:00

How Decentralized Identities can Improve the Security in Enterprise Networks

The session will show how SSI can develop its full potential when used in enterprise communication networks. The speaker will talk about his current research on the integration of SSI in the Kerberos protocol (used for authentication in Windows network environments) and in the Extensible Authentication Protocol (used for enterprise network environments). The integration of SSI in those protocols used by most companies today provides a tremendous enhancement in network security and also benefits user experience and privacy protection.

Prof. Dr. Ronald Petrlic
TH N├╝rnberg
Dr. Ronald Petrlic is a professor of information security at the Nuremberg Institute of Technology. In his research, he is dealing with cybersecurity and technical data protection. At the moment,...
Advancing Secure Credentialing: The Impact of Non-Interactive Threshold Signature Schemes

In the realm of identity management within zero trust security frameworks, the "never trust, always verify" paradigm is critical. This approach, a departure from traditional IT security models, assumes no inherent trust in users, devices, or networks, regardless of their location or origin. It emphasizes continuous verification and authentication, fundamentally changing the way access and credentials are managed.

In this context, the role of signature schemes in credential issuance is critical. Traditional methods that rely on a single issuing instance are incompatible with the Zero Trust philosophy. To align with this approach, threshold signature schemes become indispensable. These schemes distribute the responsibility of credential issuance across multiple parties (or isolated systems within a domain), thereby eliminating single points of failure in the process.

The prominent BBS+ signature scheme stands out in this distributed approach. On the one hand, it offers compatibility with various zero-knowledge proof schemes, and on the other hand, it allows credential holders to selectively disclose certain attributes, thereby strengthening both privacy and security in line with zero-trust principles. However, when adapting schemes like BBS+ to a threshold setting, a key challenge arises: the issuance process becomes highly interactive, requiring continuous communication between all issuers during signing. This interaction creates bottlenecks for systems that need to issue large numbers of credentials and introduces potential security risks by providing additional attack vectors.

To overcome these challenges, recent advances in the form of so-called "Pseudorandom Correlation Generators" offer an interesting approach. By facilitating a pre-processing phase, this new cryptographic primitive enables non-interactive credential issuance by schemes such as BBS+, eliminating the need for per-credential issuer communication. This development dramatically reduces communication overhead while ensuring complete isolation between issuing instances.

This talk will provide a high-level overview of these advances and their implications for credential issuance in zero-trust environments, highlighting how they can potentially improve the security and efficiency of digital identity management systems.

Leandro Rometsch
TU Darmstadt
Leandro studied Computer Science and IT Security at Technische Universität Darmstadt in Germany. His research interests are primarily focused on applied cryptography and secure multi-party...
Secure your ticket
Be quick before the Prime Discount expires in
00d 00h 00m 00 s
Get a ticket
Almost Ready to Join EIC 2024?
Reach out to our team with any remaining questions
Get in touch