privacy-enhancing identity management – an overview – marit hansen...
Post on 12-Jan-2016
219 Views
Preview:
TRANSCRIPT
Privacy-Enhancing Identity Management – An Overview –
Marit Hansenmarit.hansen@datenschutzzentrum.de
Independent Centre for Privacy Protection Schleswig-Holstein, Germany
Dresden – March 30, 2004
Privacy-Enhancing Identity Management – An Overview2
Overview
• Introduction: Terminology
• Privacy-Enhancing Identity Management Systems: Motivation, Principles, Methods
– Core Concept: Pseudonyms– Third Party Services
• Status of Identity Management Systems: Types, Examples, Findings
• Conclusion
Privacy-Enhancing Identity Management – An Overview3
Partial Identities of Alice
MasterCard
Diners Club
Government
Alice
Telecom-munication
Leisure
BoyfriendBob
Travel
Shopping
Work
Payment
Health Care
HealthStatus
CreditRating
Interests
Age
DrivingLicence
TaxStatus
NameBirthday
Birthplace
Good-Conduct
Certificate
Insurance
PhoneNumber
BloodGroup
ForeignLanguages
Income
Diary
Address
CellphoneNumber Likes &
DislikesLegend:
Identityof Alice
PartialIdentityof Alice
Identities
Management
• Individual Identity vs. Organisation Identity
Definition of Terms wrt “Identity”
• Physical Identity vs. Digital Identity vs. Virtual Identity
Definition of Identity Management in PRIME
Identity Management is managing of own partial
identities according to specific
situations and contexts:
a) choice and development of partial identities
b) role making and role taking
IMA + Infrastructure = IMS
• IMA = Identity Management Application• IMS = Identity Management System
IMS
Privacy-Enhancing Identity Management – An Overview7
Overview
• Introduction: Terminology
• Privacy-Enhancing Identity Management Systems: Motivation, Principles, Methods
– Core Concept: Pseudonyms– Third Party Services
• Status of Identity Management Systems: Types, Examples, Findings
• Conclusion
Privacy-Enhancing Identity Management – An Overview8
Privacy-Enhancing Identity Management: Motivation
• Solves two major problems in the Internet:– Lack of anonymity
– Lack of authenticity
• Main aim:– Enforcing right to informational self-determination
– i.e. the user can control the flow of his/her personal data ...
– ... or at least is aware of it
Right to informational self-determination:
to know what other parties know about oneself
Privacy-Enhancing Identity Management – An Overview9
Privacy-Enhancing Identity Management: Principles & Methods
• Principles for Privacy-Enhancing Technologies (PET)– Data minimisation
– Transparency
– System integration: built-in privacy protection / privacy by design
– User empowering: do-it-yourself privacy protection
– Multilateral security: minimal trust required
• Methods:– Tailored (un-)linkability (pseudonyms, convertible credentials)
– Default setting: as much anonymity as possible or as desired
– History and context interpretation
– Privacy support for the user:
• Good usability for choice of pseudonyms
• Privacy control functionality for access, correction, deletion, objection ...
Privacy-Enhancing Identity Management – An Overview10
Pseudonym Domains (PD):“Unlinkage” of Partial Identities
Task of IMS: Providing linkage for authorised parties while preventing unauthorised linkability
Privacy-Enhancing Identity Management – An Overview11
Scenario “E-Commerce”
Privacy-Enhancing Identity Management – An Overview12
Scenario “Multi-Purpose Identity ManagementControlled by the User”
Core element:
pseudonyms
• Pseudonym = identifier [technical point of view]• Pseudonymity does not say anything about the degree of
anonymity (= “who is able to reveal its holder”); it covers the whole range between unique identification and anonymity:
Various Properties of Pseudonyms
Better: Identification
Linkability through Re-Use of Pseudonyms
Privacy-oriented default setting in an IMA:– for one-time use: transaction pseudonym– for establishing a relationship: role-relationship pseudonym
Requirement:
User-controlled (re-)
use of pseudonyms
Privacy-Enhancing Identity Management – An Overview15
Overview
• Introduction: Terminology
• Privacy-Enhancing Identity Management Systems: Motivation, Principles, Methods
– Core Concept: Pseudonyms– Third Party Services
• Status of Identity Management Systems: Types, Examples, Findings
• Conclusion
Privacy-Enhancing Identity Management – An Overview16
Identity Management and Third Party Support 1/2
• Infrastructure security and resilience
• Certification services:– Possibly supporting various degrees of data minimisation, e.g.,
by allowing pseudonymous but accountable authentication(incl. convertible credentials).
• Mediator services, e.g.:– Identity brokers reveal the identity of a pseudonym holder under
specific circumstances.
– Liability services clear a debt or settle a claim on behalf of the pseudonym holder.
– A value broker may perform the exchange of goods without revealing additional personal data.
Privacy-Enhancing Identity Management – An Overview17
Identity Management and Third Party Support 2/2
• Separation of knowledge:– E.g., unlinkability of the “who (buys)” and the “what (is bought)”
in a partially on-line purchase may be achieved by applying separation of knowledge between payment and delivery services.
• Reference information: – A privacy information service can give input on privacy
information data such as security and privacy risks with respect to the IMA deployed, which may influence the behaviour of the system.
– The privacy information service could also be offered in a peer-to-peer manner.
Privacy-Enhancing Identity Management – An Overview18
Overview
• Introduction: Terminology
• Privacy-Enhancing Identity Management Systems: Motivation, Principles, Methods
– Core Concept: Pseudonyms– Third Party Services
• Status of Identity Management Systems: Types, Examples, Findings
• Conclusion
Privacy-Enhancing Identity Management – An Overview19
– For authentication:
• password and account management
• single sign-on
• digital signatures
• combined with authorisations / credentials
– Additionally reachability management
– Different pseudonyms
– Different sets of personal data bound to pseudonyms,incl. form filling
– Additionally reputation management
Types of Today’s IMS
• Access Management
• Pseudonym Management
Example:Federated Identitiesin Liberty Alliance
Question of Trust
Centralised vs. Federated Identity
Centralised Identity:
Single IMS provider
+ Easier to maintain+ Less effort in user support+ Cheaper– Concentrate personal data of
people (content and data trails)– Put big responsibilities on the
providers– Are attractive targets for attackers– May act as convenient data bases
of other interested parties
Federated Identity
a) User-side identity administration
b) Multiple IMS providers+ User can be in control (a)+ No concentration of personal data (b)+ IM solution for SME (a,b)± Put bigger responsibilities on the user (a)– More effort in user support (a)– Standardisation of protocols/interfaces
necessary (b)
Privacy-Enhancing Identity Management – An Overview21
Findings of Study “Identity Management Systems (IMS): Identification and Comparison” (JRC Seville)
• Approx. 100 IMA identified• Detailed evaluation for 7 IMA:
– Single Sign-On:
• Microsoft Passport
• Liberty Alliance (in spec. process, > 150 companies involved)
• Yodlee
– Form Filler:
• Mozilla Navigator
• DigitalMe
• CookieCooker
– E-Mail Client: Outlook Express
• Usage: Big user numbers only when integrated such as
Microsoft Passport (200 million accounts, 3.5 billion authentications per month, 91 websites supported)
Privacy-Enhancing Identity Management – An Overview22
Findings of IMS Evaluation in IMS Study
State-of-the-Art of IMS:– Main goal: usefulness
– Deficiencies concerning privacy and security functionality, and if realised: usability problems
– Digital evidence is not addressed (lack of liability / no non-repudiation), no support for law enforcement
– Identity theft is not prevented
– Little functionality, limited purposes
– No general solutions, no standards
– Trustworthy computer systems and infrastructure are still missing no trustworthy and secure IMS possible
– Business models: Service and software mostly free for users
Today’s IMS: Playground for users & service providers
Privacy-Enhancing Identity Management – An Overview23
Overview
• Introduction: Terminology
• Privacy-Enhancing Identity Management Systems: Motivation, Principles, Methods
– Core Concept: Pseudonyms– Third Party Services
• Status of Identity Management Systems: Types, Examples, Findings
• Conclusion
Privacy-Enhancing Identity Management – An Overview24
Conclusion
• Privacy-Enhancing Identity Management:Providing linkage for authorised parties (esp. the user) while preventing unauthorised linkability
• Importance of user’s sovereignty
• Today’s approaches: not sufficient or even privacy invasive
• Building blocks for Privacy-Enhancing IMSare readily available
PRIME will demonstrate solutions for Privacy-Enhancing IMS with a focus on usability
Privacy-Enhancing Identity Management – An Overview25
Thank you for your attention!
Questions?
top related