Thomas Groß

I'm a researcher at the Security and Cryptography group of the IBM Zurich Research Lab. I'm the IBM Research Relationship Manager for Privacy. I've defended my PhD Thesis on the security of browser-based identity federation at the Ruhr-University Bochum. [more...]
[IBM Research, Zurich Laboratory]    [Security and Cryptography group]

Research Interests

My research interests are in security and applied cryptography:

• Anonymous credential systems
• Federated and user-centric identity management
• Formal methods in protocol security proofs
• Protocol analysis and design especially of browser-based protocols
• Security and privacy research

Projects

Cryptography for Privacy-enhanced Identity Management

I'm researching cryptography applications to identity management, mostly in the areas of privacy-enhancing technology (PET), zero-knowledge proofs of knowledge and anonymous credential systems. My overall goal is to establish a combination of strong authentication and privacy in identity management. Much of my research is centered around IBM's anonymous credential system Identity Mixer. Watch IBM's Identity Mixer YouTube video!. Beyond its integration into standardized identity federation protocols, I've contributed to a highly efficient attribute encoding for resource-constrained environments based on prime numbers and divisibility. I'm a contributor to the Identity Mixer community page.

Smart Identity Card

I'm leading an initiative to establish anonymous credential systems on electronic identity cards, more generally on the Java Card platform. We coined this a Smart Identity Card. Whereas we follow the same goal of strong authentication combined with privacy, the Java Card's trust model, limited access to crypto primitives and resource constraints make this a challenge. The system must be secure in face of untrusted terminals and, thus, cannot easily delegate computation to a more powerful device and still achieve practical response times with secure keys. Nevertheless, we were the first to establish a practical and autonomous anonymous credential system on a standard Java Card (on a JCOP 41/v2.2 to be precise). We will publish this result at ACM CCS 2009. The German Society for Computer Science (Gesellschaft für Informatik, GI) recognized this with the Innovation Award 2009.

Federated Identity Management

I'm responsible for research in Federated Identity Management, , a technology that facilitates authentication and attribute exchange accross trust domains. This research involves the application of cryptography and formal methods to protocol standards such as the Security Assertion Markup Language (SAML), Liberty Alliance Project, and WS-Federation. I contributed significantly to the architecture and research prototype of the Tivoli Federated Identity Manager (TFIM).

Publications

Have a look at my publication list, the group publications of the security group of the IBM Zurich Research Lab, or DBLP (>2002). [more...]

Pointers

• IBM Zurich Research Lab
  • Computer Science
  • My business page (usually not up-to-date)
• Identity Mixer community page
  • Smart Identity Card project
• Ruhr-University Bochum
  • Chair for System Security (Ahmad-Reza Sadeghi)
  • Chair for Network and Data Security (Jörg Schwenk)
  • Chair for Embedded Security (Christof Paar)
• Saarland University
• European Research Projects:
  • PRIME - Privacy and Identity Management for Europe (EU FP6)
  • PrimeLife (EU FP7)
• Networks of Excellency:
  • ECRYPT - European Network of Excellency in Cryptology
  • FIDIS - Future of Identity in the Information Society
• Professional Organizations:
  • ACM - Association for Computing Machinery
  • IEEE - Institute of Electrical and Electronics Engineers
  • IACR - International Association for Cryptologic Research
  • GI - German Society for Computer Science (Gesellschaft für Informatik)
  • IAPP - International Association of Privacy Professionals
  • SJDM - Society of Judgement and Decision Making
  • EATA - European Association of Transactional Analysis