Send in your ideas. Deadline December 1, 2024
logo
hex
Vendor stores
Apple store
Google play store
Grant
Theme fund: NGI0 PET
Period: 2019-04 — 2019-04
More projects like this
Middleware and identity

IRMA made easy

Usability research into attribute based authentication

Authentication methods, like passwords, often involve a trade-off between usability and security. Secure passwords are a hassle to use, and easy-to-use passwords are often also easy to guess or to brute force. Clearly, there is a need for authentication methods that are both secure and user-friendly. The IRMA mobile app can fill this gap. It was originally developed with a strong focus on providing secure and privacy-friendly authentication. This project will focus on making IRMA easy to use for everyone. We will conduct a formal large-scale evaluation of IRMA that focuses on usability in general as well as on accessibility (i.e. for users with disabilities) in particular. By doing so, usability hindrances can be identified and improved, making IRMA user-friendly and accessible for users with the widest range of capabilities.

Why does this actually matter to end users?

Often, on the internet, we give away a lot more information than necessary. Imagine a situation where a student wants to claim a discount offered to students by an online book store. That means she will somehow need to prove to in fact be entitled to the discount. When you walk into a normal book store, you are able to buy a book without telling any of the staff who you are. And yet, online, it is somehow perceived as reasonable for the student in our example to have to upload a picture of their student ID in order to qualify for the very same discount. This ID contains lots of unnecessary GDPR protected information in addition to the student affiliation. Think about your name and especially it also contains sensitive biometric information. The online book store does not have a legitimate interest in the color of the students skin, or even in their name - often, that means they are just a search engine away from knowing a lot more about you than you care to think about. All they care about is not having to give unnecessary discounts to people other than students.

Technically, it is of course entirely feasible to minimise what is shared. What if you were to find some credible organisation that would be willing and able to vouch for your claims? If you trust me, and I say to the book store owner I know for a fact you have a valid student card. Would you still need to see the card yourself? Of course there are many claims (in technical terms called "attributes") people may need to fulfil: being a student or entitled to a discount for seniors, being legally adult to see some movie or a verified minor to be allowed in a kids chatroom, being a journalist to attend a press webstream or being unemployed to qualify for benefits. With the open source IRMA project (IRMA stands for "I reveal my attributes") you as a user are in full control who gets to see what very specific attributes, and you don't have to worry about the rest. Many applications may claim such broad capabilities, but this unique open source application can actually deliver. It has a solid academic base, with over a decade of research of top cryptography experts backing up the technology.

The technical basis may be extremely solid, but there is a sociotechnical dimension to this as well. The open source project is now at the point where it is getting deployed at some scale out there in the wild. And of course, as with any new technology, not all users fit within the original design. Users do not always behave predictably. And the diversity among users is huge - and so is their technical skill set. Elderly, children, people with disabilities - they all bring in new usability requirements. Without good usability and inclusive design, even the best technology will fail in the market. The next phase of the IRMA open source project is all about iterating on the technology to make it useful to a broad audience. The project entails implementing a number of experimental new designs, iterate over different tradeoffs and carefully studying how actual users interact with them and which options achieve the best result. The most reliable protection of data is to have as little of it out there. IRMA has the potential to be a game changer for privacy.

Run by Radboud University

Logo NLnet: abstract logo of four people seen from above Logo NGI Zero: letterlogo shaped like a tag

This project was funded through the NGI0 PET Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 825310.