IBM researchers today announced Identity Mixer, a cloud-based technology that holds potential to help consumers better protect online personal data.
|
Dr. Anna Lysyanskaya |
The cryptographic algorithm encrypts the certified identity attributes of a user, such as their age, nationality, address and credit card number in a way that allows the user to reveal only selected pieces to third parties. The result, consumers don't lose any data, and businesses don't have to worry about securing it. (try for yourself)
Dr. Anna Lysyanskaya, a professor of computer science at Brown University, co-invented the technology with IBM cryptographer Dr. Jan Camenisch. The two worked together on Identity Mixer more than a decade ago when Anna was a summer intern at IBM's Zurich Lab, publishing a number of seminal papers on anonymous credential systems.
Today, on Data Privacy Day, we caught up with Anna to look back and to hear about her current research.
While I know it was some time ago, can you reflect on your internship at IBM Research in Zurich and share how it helped prepare you for your career?
Anna: I originally wanted to spend
a summer in Zurich because I just wanted to mix it up, to take a summer
break. Little did I know that it would lead to a collaboration with
Jan and a research breakthrough that has been supremely important to my
research career.
Did you know back then how important privacy would be 10-15 years later?
Anna: Yes, it was pretty
clear to me even back then that, unless we take serious steps to adopt
privacy-protecting technologies, all our activities could easily be
tracked.
Do you have any anecdotes or stories about when you and Jan were developing the idea for Identity Mixer?
Anna: A
pretty funny one is that we initially thought, towards the end of the
summer in 1999, that anonymous credentials, which would eventually be called Identity Mixer, was a pretty
straightforward idea given the prior work both of us had done. So when I
came back in the summer of 2000, we figured we should work that one out quickly
just to tie loose ends from the previous summer, and then move on to
other, more challenging problems. I guess we are still tying those
loose ends, because we are still working on anonymous credentials.
Now that we have looked back, what are you currently working on?
Anna: Jan's and my most-recent
collaboration, also with Anja Lehmann and Gregory Neven of IBM Zurich,
is on password-authenticated secret sharing, which we nicknamed the Memento Protocol, after the Christopher Nolan film of the same name.
Here, we considered a
scenario where users' data is backed up by a collection of servers,
chosen by each user in such a way that the user is relatively certain
that they won't all conspire against him or her. We showed that all a human user really needs to remember in this setting is a short
password – the same every time, no need to ever change it – in order
to gain secure access to his data. This work appeared in the most
recent CRYPTO conference.
Other things I have
been working on range from non-interactive zero-knowledge proofs, to
physically uncloneable functions to, yes, more anonymous credentials.
What will online privacy look like five years from now?
Anna: Hopefully
we have, with the recent stories of data breaches, reached a point where large corporations understand that
they need to protect the privacy of their data and their users. So this
may lead to better security; whether five years is soon enough is not
clear to me at this point, but I hope so.
In
my opinion, a missing ingredient is leadership. I think IBM can show
leadership in educating the industry on what can be done, and how to do
it, and also how not to do it. It is already doing it to a large
extent, and hopefully can do more.
Another
missing ingredient is education, and not just for undergraduates, but
also for practitioners. Here at Brown we are working on a Master's
program that will consist of a mix of on-campus and remote learning, and
will teach executives what they need to know about security, privacy,
and related law and policy. We are very excited about this!
Join Anna, Jan and other experts today, 28 January at 10:00 AM New York (16:00 Paris) for a live Tweet Chat about
Identity Mixer and privacy technologies. Use #identitymixer. For details visit
http://ibm.biz/identitymixer
Labels: cryptography, cybersecurity, IBM Research - Zurich, identity mixer, privacy