human identity - a security perspective
DESCRIPTION
Human identity - a security perspective. Thomas Kriegelstein. Security - Goals. Secrecy No disclosure of the document Integrity Discovery of changes to the document Accountability Knowledge/Proof of the document‘s origin require cryptographic mechanisms to achieve them. Availability - PowerPoint PPT PresentationTRANSCRIPT
Human identity - a security perspective
Thomas Kriegelstein
TU Dresden
Security - Goals
SecrecyNo disclosure of the document
IntegrityDiscovery of changes to the document
AccountabilityKnowledge/Proof of the document‘s origin
require cryptographic mechanisms to achieve them.
Availability requires organisational mechanisms to achieve it.
TU Dresden
Security – Mechanisms
Encryption/Decryption Integrity protection/testing Signature generation/verification
They require a secret. The secret lies in keys not algorithms. They require cryptographic keys .
TU Dresden
Implications of Anonymity
Anonymity is the state of being not identifiable within a set of subjects, the anonymity set.
All elements are different. All use different cryptographic keys.
Use of keys for accountability impossible.
TU Dresden
Implications of Pseudonymity
Pseudonymity is the use of pseudonyms as IDs.
User accounts, e-mail addresses are considered pseudonyms. Ongoing usage of pseudonyms provides/increases linkability.
Pseudonyms within computer security utilize authentication to prevent usage by strangers.
TU Dresden
Usage of Pseudonyms I
Type of the pseudonym is determined by pseudonym‘s reuse:
transactionpseudonym
rolerelationshippseudonym
rolepseudonym
relationshippseudonym
personalpseudonym
anonymity
linkability
TU Dresden
Usage of Pseudonyms II
Linkability can not decrease. Linkability should be small beforehand of pseudonym‘s reuse.
Anonymity is required. Management should not increase linkability:
Of pseudonyms.Of actions.
TU Dresden
Implications on Identity
Mapping from pseudonym to human being is needed. Can be achieved by:
What he knows.What he possesses.What he is. What is known about him.
No use of such a mapping without trust to it, unless usage is enforced.
TU Dresden
The Big Picture
Trus
tee User
1
User2
ID2
ID1
Me others
others
Me
P4 P3
P1
P2
System boundary
TU Dresden
Conclusions
Trustworthy use of different pseudonyms requires anonymity. Linkability of pseudonyms can‘t be guaranteed. Linkability of actions can‘t be reduced. Management should not increase linkability.
Within computer security there are goals to achieve, pseudonyms to use and policies to enforce, but there is no identity apart from equality of bit strings or linkability of pseudonyms.
TU Dresden
Conditional Anonymity Revocation
User2 User1Trustee JudgeAction/P4
ensureDetectable P4/P2
Link P4/P3
P4 linked
P4 linked/P4
Action performed/P2
detect P4/P1
detect P4/Judge
P4 is ID1