Early-bird Discount
expires in
Register Now


Decentralized Enterprise

Decentralized Enterprise

Combined Session
Thursday, June 06, 2024 12:00—13:00
Location: A 05-06
Log in to download presentations

How Decentralized Identities can Improve the Security in Enterprise Networks

Watch the video


The session will show how SSI can develop its full potential when used in enterprise communication networks. The speaker will talk about his current research on the integration of SSI in the Kerberos protocol (used for authentication in Windows network environments) and in the Extensible Authentication Protocol (used for enterprise network environments). The integration of SSI in those protocols used by most companies today provides a tremendous enhancement in network security and also benefits user experience and privacy protection.

Prof. Dr. Ronald Petrlic
TH N├╝rnberg
Dr. Ronald Petrlic is a professor of information security at the Nuremberg Institute of Technology. In his research, he is dealing with cybersecurity and technical data protection. At the moment,...
Advancing Secure Credentialing: The Impact of Non-Interactive Threshold Signature Schemes

Watch the video


In the realm of identity management within zero trust security frameworks, the "never trust, always verify" paradigm is critical. This approach, a departure from traditional IT security models, assumes no inherent trust in users, devices, or networks, regardless of their location or origin. It emphasizes continuous verification and authentication, fundamentally changing the way access and credentials are managed.

In this context, the role of signature schemes in credential issuance is critical. Traditional methods that rely on a single issuing instance are incompatible with the Zero Trust philosophy. To align with this approach, threshold signature schemes become indispensable. These schemes distribute the responsibility of credential issuance across multiple parties (or isolated systems within a domain), thereby eliminating single points of failure in the process.

The prominent BBS+ signature scheme stands out in this distributed approach. On the one hand, it offers compatibility with various zero-knowledge proof schemes, and on the other hand, it allows credential holders to selectively disclose certain attributes, thereby strengthening both privacy and security in line with zero-trust principles. However, when adapting schemes like BBS+ to a threshold setting, a key challenge arises: the issuance process becomes highly interactive, requiring continuous communication between all issuers during signing. This interaction creates bottlenecks for systems that need to issue large numbers of credentials and introduces potential security risks by providing additional attack vectors.

To overcome these challenges, recent advances in the form of so-called "Pseudorandom Correlation Generators" offer an interesting approach. By facilitating a pre-processing phase, this new cryptographic primitive enables non-interactive credential issuance by schemes such as BBS+, eliminating the need for per-credential issuer communication. This development dramatically reduces communication overhead while ensuring complete isolation between issuing instances.

This talk will provide a high-level overview of these advances and their implications for credential issuance in zero-trust environments, highlighting how they can potentially improve the security and efficiency of digital identity management systems.

Leandro Rometsch
PhD Student
Technical University Darmstadt
Leandro studied Computer Science with a focus on IT Security and is currently pursuing a PhD with the Chair of Implementation Security at Darmstadt Technical University. His primary research...
Securing the Foundations of Verifiable Credential Ecosystems

Watch the video


As verifiable credentials are adopted at scale in ecosystems around the world, addressing security and privacy challenges is becoming increasingly important. In this talk, I will discuss some of the most pressing issues around protocols and credential formats and how they can — or cannot — be addressed.

Using the OpenID and IETF specifications as examples, I will discuss the challenges of establishing trust, mitigating replay and phishing attacks, avoiding linkability and tracking, securing cross-device flows, addressing confidentiality and (non-)repudiation, and more. While some of these issues are well known in identity protocols, others only arise in the context of verifiable credentials.

As an editor of the OAuth Security Best Current Practice draft, the Cross-Device Flow Best Current Practice draft, the SD-JWT and SD-JWT VC specifications, and a contributor to many other specifications in this area, I will share my experiences and insights from moving from the world of OAuth and OpenID to the world of verifiable credentials.

Dr. Daniel Fett
Security and Standardization Expert
Daniel holds a Ph.D. in Computer Science for the development of new methods for analyzing the security of web standards. Leveraging this background, he has worked for the past several years to...
Almost Ready to Join EIC 2024?
Reach out to our team with any remaining questions
Get in touch