Data Minimisation in Communication Protocols: A Formal Analysis Framework and Application to Identity Management (original) (raw)
Related papers
Formal Privacy Analysis of Communication Protocols for Identity Management
2012
ABSTRACT With the growing amount of personal information exchanged over the Internet, privacy is becoming more and more a concern for users. In particular, personal information is increasingly being exchanged in Identity Management (IdM) systems to satisfy the increasing need for reliable on-line identification and authentication. One of the key principles in protecting privacy is data minimization. This principle states that only the minimum amount of information necessary to accomplish a certain goal should be collected. Several "privacy-enhancing" IdM systems have been proposed to guarantee data minimization. However, currently there is no satisfactory way to assess and compare the privacy they offer in a precise way: existing analyses are either too informal and high-level, or specific for one particular system. In this work, we propose a general formal method to analyse privacy in systems in which personal information is communicated and apply it to analyse existing IdM systems. We first elicit privacy requirements for IdM systems through a study of existing systems and taxonomies, and show how these requirements can be verified by expressing knowledge of personal information in a three-layer model. Then, we apply the formal method to study four IdM systems, representative of different research streams, analyse the results in a broad context, and suggest improvements. Finally, we discuss the completeness and (re)usability of the proposed method.
Enabling user privacy in identity management systems
2010 IEEE International Conference on Information Theory and Information Security, 2010
(Royaume-Uni) Commentaire [ML1]: J'ai homogénéisé en fonction du format pour ICITIS Mis en forme : Police :(Par défaut) Times New Roman, Anglais (Royaume-Uni) Mis en forme : Police :(Par défaut) Times New Roman Mis en forme : Police :(Par défaut) Times New Roman, Anglais (Royaume-Uni) Mis en forme : Allemand (Allemagne) Mis en forme : Anglais (Royaume-Uni) Code de champ modifié Mis en forme : Anglais (Royaume-Uni) Mis en forme : Anglais (Royaume-Uni) Mis en forme : Français (France) Mis en forme : Anglais (Royaume-Uni) Code de champ modifié Mis en forme : Français (France)
Privacy requirements in identity management solutions
2007
In this paper we highlight the need for privacy of user data used in digital identity management systems. We investigate the issues from the individual, business, and government perspectives. We provide surveys related to the growing problem of identity theft and the sociological concerns of individuals with respect to the privacy of their identity data. We show the privacy concerns, especially with respect to health and biometric data, where the loss of privacy of that data may have serious consequences.
2017
With the increasing amount of personal data stored and processed in the cloud, economic and social incentives to collect and aggregate such data have emerged. Therefore, secondary use of data, including sharing with third parties, has become a common practice among service providers and may lead to privacy breaches and cause damage to users since it involves using information in a non-consensual and possibly unwanted manner. Despite numerous works regarding privacy in cloud environments, users are still unable to control how their personal information can be used, by whom and for which purposes. This paper presents a mechanism for identity management systems that instructs users about the possible uses of their personal data by service providers, allows them to set their privacy preferences and sends these preferences to the service provider along with their identification data in a standardized, machine-readable structure, called privacy token. This approach is based on a three-dim...
Privacy in Identity & Access Management systems
2011
This chapter surveys the approaches for addressing privacy in open identity and access management systems that have been taken by a number of current systems. The chapter begins by listing important privacy requirements and discusses how three systems that are being incrementally deployed in the Internet, namely SAML 2.0, CardSpace, and eID, address these requirements. Subsequently, the findings of recent European research projects in the area of privacy for I&AM systems are discussed. Finally, the approach taken to address the identified privacy requirements by ongoing projects is described at a high level. The overall goal of this chapter is to provide the reader with an overview of the diversity of privacy issues and techniques in the context of I&AM.
Privacy in Identity and Access Management Systems
Technologies and Frameworks
This chapter surveys the approaches for addressing privacy in open identity and access management systems that have been taken by a number of current systems. The chapter begins by listing important privacy requirements and discusses how three systems that are being incrementally deployed in the Internet, namely SAML 2.0, CardSpace, and eID, address these requirements. Subsequently, the findings of recent European research projects in the area of privacy for I&AM systems are discussed. Finally, the approach taken to address the identified privacy requirements by ongoing projects is described at a high level. The overall goal of this chapter is to provide the reader with an overview of the diversity of privacy issues and techniques in the context of I&AM.
PriMan: a privacy-preserving identity framework
PriMan is presented; privacy-preserving user-centric identity management middleware which defines and groups the required functionality. It offers the application developer a uniform technology-agnostic interface to use and combine different types of privacy enhancing technologies. Moreover, the PriMan framework defines all the components and their functionality required to raise the development of privacy enhanced client-server applications to a higher level.
Privacy in Business Processes by Identity Management (D14.2)
Privacy is not only a concern of customers. Service providers also fear privacy violations as a main hurdle for the acceptance of personalised services. Furthermore, the protection of privacy is an interest of service providers who take on customer relationship management activities of several service providers. They manage customers' profiles, e.g. in loyalty programs and ehealth scenarios with electronic patient records, and offer the service of aggregation. If it is possible to link profiles of a customer without the need of such service providers, latter would not benefit from their aggregation service. Three case studies show privacy threats in business processes with personalised services. The objective of this study is to identify privacy threats in business processes with personalised services, to suggest process models for modelling privacyaware business processes and to derive security requirements for user-centric identity management in order to preserve privacy. The scenarios and use cases presented in this study are recommended for nontechnical readers, whereas the analysis of user-centric identity management protocols and approaches for identity management extensions are recommended for technical readers.
Self-service Privacy: User-Centric Privacy for Network-Centric Identity
IFIP Advances in Information and Communication Technology, 2010
User privacy has become a hot topic within the identity management arena. However, the field still lacks comprehensive frameworks even though most identity management solutions include built-in privacy features. This study explores how best to set up a single control point for users to manage privacy policies for their personal information, which may be distributed (scattered) across a set of network-centric identity management systems. Our goal is a user-centric approach to privacy management. As the number of schemas and frameworks is very high, we chose to validate our findings with a prototype based on the Liberty Alliance architecture and protocols.
Modeling identity-related properties and their privacy strength
2011
In the last years several attempts to define identity-related properties such as identifiability, pseudonymity and anonymity have been made to analyze the privacy offered by information systems and protocols. However, these definitions are generally incomparable, making it difficult to generalize the results of their analysis. In this paper, we propose a novel framework for formalizing and comparing identity-related properties. The framework employs the notions of detectability, associability and provability to assess the knowledge of an adversary. We show how these notions can be used to specify well-known identity-related properties and classify them with respect to their logical relations and privacy strength. We also demonstrate that the proposed framework is able to capture and compare several existing definitions of identity-related properties. r r