1 / 25

Privacy-Enhancing Identity Management – An Overview –

Privacy-Enhancing Identity Management – An Overview –. Marit Hansen marit.hansen@datenschutzzentrum.de Independent Centre for Privacy Protection Schleswig-Holstein, Germany Dresden – March 30, 2004. Overview. Introduction:  Terminology

aantonio
Télécharger la présentation

Privacy-Enhancing Identity Management – An Overview –

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Privacy-Enhancing Identity Management – An Overview – Marit Hansen marit.hansen@datenschutzzentrum.de Independent Centre for Privacy Protection Schleswig-Holstein, Germany Dresden – March 30, 2004

  2. Overview • Introduction:  Terminology • Privacy-Enhancing Identity Management Systems:  Motivation, Principles, Methods – Core Concept: Pseudonyms – Third Party Services • Status of Identity Management Systems:  Types, Examples, Findings • Conclusion Privacy-Enhancing Identity Management – An Overview

  3. Partial Identities of Alice Identities Management Privacy-Enhancing Identity Management – An Overview

  4. Definition of Terms wrt “Identity” • Physical Identity vs. Digital Identity vs. Virtual Identity • Individual Identity vs. Organisation Identity

  5. Definition of Identity Management in PRIME Identity Managementis managing of own partial identities according to specific situations and contexts: a) choice and development of partial identities b) role making and role taking

  6. IMS IMA + Infrastructure = IMS • IMA = Identity Management Application • IMS = Identity Management System

  7. Overview • Introduction:  Terminology • Privacy-Enhancing Identity Management Systems:  Motivation, Principles, Methods – Core Concept: Pseudonyms – Third Party Services • Status of Identity Management Systems:  Types, Examples, Findings • Conclusion Privacy-Enhancing Identity Management – An Overview

  8. Privacy-Enhancing Identity Management: Motivation • Solves two major problems in the Internet: • Lack of anonymity • Lack of authenticity • Main aim: • Enforcing right to informational self-determination • i.e. the user can control the flow of his/her personal data ... • ... or at least is aware of it Right to informational self-determination: to know what other parties know about oneself Privacy-Enhancing Identity Management – An Overview

  9. Privacy-Enhancing Identity Management: Principles & Methods • Principles for Privacy-Enhancing Technologies (PET) • Data minimisation • Transparency • System integration: built-in privacy protection / privacy by design • User empowering: do-it-yourself privacy protection • Multilateral security: minimal trust required • Methods: • Tailored (un-)linkability (pseudonyms, convertible credentials) • Default setting: as much anonymity as possible or as desired • History and context interpretation • Privacy support for the user: • Good usability for choice of pseudonyms • Privacy control functionality for access, correction, deletion, objection ... Privacy-Enhancing Identity Management – An Overview

  10. Pseudonym Domains (PD):“Unlinkage” of Partial Identities Task of IMS: Providing linkage for authorised parties while preventing unauthorised linkability Privacy-Enhancing Identity Management – An Overview

  11. Scenario “E-Commerce” Privacy-Enhancing Identity Management – An Overview

  12. Scenario “Multi-Purpose Identity ManagementControlled by the User” Core element: pseudonyms Privacy-Enhancing Identity Management – An Overview

  13. Better: Identification Various Properties of Pseudonyms • Pseudonym = identifier [technical point of view] • Pseudonymity does not say anything about the degree of anonymity (= “who is able to reveal its holder”); it covers the whole range between unique identification and anonymity:

  14. Linkability through Re-Use of Pseudonyms • Privacy-oriented default setting in an IMA: • for one-time use: transaction pseudonym • for establishing a relationship: role-relationship pseudonym Requirement: User-controlled (re-) use of pseudonyms

  15. Overview • Introduction:  Terminology • Privacy-Enhancing Identity Management Systems:  Motivation, Principles, Methods – Core Concept: Pseudonyms – Third Party Services • Status of Identity Management Systems:  Types, Examples, Findings • Conclusion Privacy-Enhancing Identity Management – An Overview

  16. Identity Management and Third Party Support 1/2 • Infrastructure security and resilience • Certification services: • Possibly supporting various degrees of data minimisation, e.g., by allowing pseudonymous but accountable authentication(incl. convertible credentials). • Mediator services, e.g.: • Identity brokers reveal the identity of a pseudonym holder under specific circumstances. • Liability services clear a debt or settle a claim on behalf of the pseudonym holder. • A value broker may perform the exchange of goods without revealing additional personal data. Privacy-Enhancing Identity Management – An Overview

  17. Identity Management and Third Party Support 2/2 • Separation of knowledge: • E.g., unlinkability of the “who (buys)” and the “what (is bought)” in a partially on-line purchase may be achieved by applying separation of knowledge between payment and delivery services. • Reference information: • A privacy information service can give input on privacy information data such as security and privacy risks with respect to the IMA deployed, which may influence the behaviour of the system. • The privacy information service could also be offered in a peer-to-peer manner. Privacy-Enhancing Identity Management – An Overview

  18. Overview • Introduction:  Terminology • Privacy-Enhancing Identity Management Systems:  Motivation, Principles, Methods – Core Concept: Pseudonyms – Third Party Services • Status of Identity Management Systems:  Types, Examples, Findings • Conclusion Privacy-Enhancing Identity Management – An Overview

  19. Types of Today’s IMS • Access Management • For authentication: • password and account management • single sign-on • digital signatures • combined with authorisations / credentials • Additionally reachability management • Different pseudonyms • Different sets of personal data bound to pseudonyms,incl. form filling • Additionally reputation management • Pseudonym Management Privacy-Enhancing Identity Management – An Overview

  20. Centralised Identity: Single IMS provider Easier to maintain Less effort in user support Cheaper Concentrate personal data of people (content and data trails) Put big responsibilities on the providers Are attractive targets for attackers May act as convenient data bases of other interested parties Federated Identity a) User-side identity administration b) Multiple IMS providers User can be in control (a) No concentration of personal data (b) IM solution for SME (a,b) Put bigger responsibilities on the user (a) More effort in user support (a) Standardisation of protocols/interfaces necessary (b) Example: Federated Identities in Liberty Alliance Centralised vs. Federated Identity  Question of Trust

  21. Findings of Study “Identity Management Systems (IMS): Identification and Comparison” (JRC Seville) • Approx. 100 IMA identified • Detailed evaluation for 7 IMA: • Single Sign-On: • Microsoft Passport • Liberty Alliance (in spec. process, > 150 companies involved) • Yodlee • Form Filler: • Mozilla Navigator • DigitalMe • CookieCooker • E-Mail Client: Outlook Express • Usage: • Big user numbers only when integrated such as Microsoft Passport (200 million accounts, 3.5 billion authentications per month, 91 websites supported) Privacy-Enhancing Identity Management – An Overview

  22. Findings of IMS Evaluation in IMS Study • State-of-the-Art of IMS: • Main goal: usefulness • Deficiencies concerning privacy and security functionality, and if realised: usability problems • Digital evidence is not addressed (lack of liability / no non-repudiation), no support for law enforcement • Identity theft is not prevented • Little functionality, limited purposes • No general solutions, no standards • Trustworthy computer systems and infrastructure are still missing no trustworthy and secure IMS possible • Business models:Service and software mostly free for users Today’s IMS: Playground for users & service providers Privacy-Enhancing Identity Management – An Overview

  23. Overview • Introduction:  Terminology • Privacy-Enhancing Identity Management Systems:  Motivation, Principles, Methods – Core Concept: Pseudonyms – Third Party Services • Status of Identity Management Systems:  Types, Examples, Findings • Conclusion Privacy-Enhancing Identity Management – An Overview

  24. Conclusion • Privacy-Enhancing Identity Management:Providing linkage for authorised parties (esp. the user) while preventing unauthorised linkability • Importance of user’s sovereignty • Today’s approaches: not sufficient or even privacy invasive • Building blocks for Privacy-Enhancing IMSare readily available • PRIME will demonstrate solutions for Privacy-Enhancing IMS with a focus on usability Privacy-Enhancing Identity Management – An Overview

  25. Thank you for your attention!Questions? Privacy-Enhancing Identity Management – An Overview

More Related