The Austrian eID ecosystem in the public cloud: How to obtain privacy while preserving practicality

摘要

The Austrian eID system constitutes a main pillar within the Austrian e-Government strategy. The eID system ensures unique identification and secure authentication for citizens protecting access to applications where sensitive and personal data are involved. In particular, the Austrian eID system supports three main use cases: identification and authentication of Austrian citizens, electronic representation, and foreign citizen authentication at Austrian public sector applications. For supporting all these use cases, several components - either locally deployed in the applications' domain or centrally deployed - need to communicate with each other. While local deployments have some advantages in terms of scalability, still a central deployment of all involved components would be advantageous, e.g., due to less maintenance efforts. However, a central deployment can easily lead to load bottlenecks because theoretically the whole Austrian population as well as -for foreign citizens - the whole EU population could use the provided services. To mitigate the issue on scalability, in this paper we propose the migration of the main components of the ecosystem into a public cloud. However, a move of trusted services into a public cloud brings up new obstacles, particularly with respect to privacy. To bypass the issue on privacy, in this paper we propose an approach on how the complete Austrian eID ecosystem can be moved into a public cloud in a privacy-preserving manner by applying selected cryptographic technologies (in particular using proxy re-encryption and redactable signatures). Applying this approach, no sensitive data will be disclosed to a public cloud provider by still supporting all three main eID system use cases. We finally discuss our approach based on selected criteria.