Privacy-Enhancing Identity Management – An Overview – Marit Hansen Independent Centre for Privacy Protection Schleswig-Holstein,

Slides:



Advertisements
Similar presentations
Potential Smart Grid standardisation work in ETSI Security and privacy aspects Carmine Rizzo on behalf of Scott CADZOW, C3L © ETSI All rights reserved.
Advertisements

MyGrid Security Issues Simon Miles University of Southampton.
© State Services Commission, 2006 Authentication to access government services What might the future hold? Laurence Millar Deputy Commissioner Information.
Internal Control–Integrated Framework
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy and Trust Frameworks/Systems Presented by Zalia Shams Usable Security –
G53SEC 1 Foundations of Computer Security. G53SEC Overview of Today’s Lecture: Definitions Fundamental Dilemma Data vs. Information Principles of Computer.
Selected bits and pieces from ongoing discussions on privacy Input to WG 3 Dagstuhl, February 8, 2011 Marit Hansen
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Information security An introduction to Technology and law with focus on e-signature, encryption and third party service Yue Liu Feb.2008.
Digital Identities for Networks and Convergence Joao Girao, Amardeo Sarma.
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
© 2004 Mobile VCE June 2004 Security – Requirements and approaches to securing future mobile services Malcolm K Payne BT.
Network Identity Kai Kang 27 th October Outline Introduction –Definition –Five drivers –Basic services –Roadmap Network Identity management approaches.
On Privacy-aware Information Lifecycle Management (ILM) in Enterprises: Setting the Context Marco Casassa Mont Hewlett-Packard.
Understanding Active Directory
FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.
Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.
Long-term Archive Service Requirements draft-ietf-ltans-reqs-00.txt.
Cloud Usability Framework
Cloud Computing Stuart Dillon-Roberts. “In the simplest terms, cloud computing means storing & accessing data & programs over the Internet instead of.
July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.
Digital Cash By Gaurav Shetty. Agenda Introduction. Introduction. Working. Working. Desired Properties. Desired Properties. Protocols for Digital Cash.
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
Sierra Systems itSMF Development Days Presentation March 4 th, 2014 Colin James Assyst Implementation Specialist.
Identity A legal perspective FIDIS WP2 workshop 2/3 december 2003
City Hall of Iasi Ethics in e-guidance, privacy and security devices Date: Author: Cristina Nucuta.
Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz
Chapter 8 Architecture Analysis. 8 – Architecture Analysis 8.1 Analysis Techniques 8.2 Quantitative Analysis  Performance Views  Performance.
About Chris Welch Synergy – Global Reach. Local Service. - Cell Online - USA | South.
Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004.
1 Using EMV cards for Single Sign-On 26 th June st European PKI Workshop Andreas Pashalidis and Chris J. Mitchell.
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
“4WARD – Architecture and Design for the Future Internet” D2.1 Technical Requirement Hoon-gyu Choi
HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
BEHAVIORAL TARGETING IN ADVERTISING By Rita Aliperti.
Introduction: Identity Management – Our Perspective Henry Krasemann, Marit Hansen Unabhängiges Landeszentrum für Datenschutz // Independent Centre for.
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.
1 Analysis of Consumer Issues and Paths for Concrete Approaches Dr. Carsten Orwat Forschungszentrum Karlsruhe in the Helmholtz Association, Institute for.
Presented by: Sanketh Beerabbi University of Central Florida.
Telecom and Informatics 1 Security and Privacy in Distributed Services Trial lecture: Security and Privacy in Distributed Services Richard Torbjørn Sanders.
The privacy risks and rewards of distributed identity Conference Presentation (8 September 2003) Surveillance and Privacy 2003, University of New South.
FIDIS & PRIME Project Views SecurIST Inaugural Workshop Brussels, Kai Rannenberg Goethe University Frankfurt
Distribution and components. 2 What is the problem? Enterprise computing is Large scale & complex: It supports large scale and complex organisations Spanning.
Consumer Authentication for Networked Personal Health Information Redwood Health Information Collaborative March 18, 2008 Josh Lemieux Director, Personal.
Public Works and Government Services Canada Travaux publics et Services gouvernementaux Canada Brenda Watkins Director Policy and Business Strategies Information.
Digital Libraries1 David Rashty. Digital Libraries2 “A library is an arsenal of liberty” Anonymous.
Company LOGO User Authentication Threat Modelling from User and Social Perspective “Defending the Weakest Link: Intrusion.
Educational Template Chapter 11 Data Privacy and Security Ross Fraser Chapter 11 Data Privacy & Security.
NSTIC and the Identity Ecosystem Jim Sheire Senior Advisor NSTIC National Program Office, NIST 14 November 2012.
TMS - Cooperation partner of TÜV SÜD EFFECTIVE SERVICE MANAGEMENT based on ISO/IEC & ISO/IEC
Shibboleth & Federated Identity A Change of Mindset University of Texas Health Science Center at Houston Barry Ribbeck
LEFIS ROVANIEMI MEETING 19TH 20TH JANUARY 2007 Privacy In The Web TATYANA STEFANOVA LEX.BG BULGARIA.
LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.
Designing Identity Federation Policy, the right way Marina Vermezović, Academic Network of Serbia TNC2013 conference 4 May 2013.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Independent Centre for Privacy Protection Schleswig-Holstein
Privacy and Public Policy Implications of IoT
Hybrid Cloud Architecture for Software-as-a-Service Provider to Achieve Higher Privacy and Decrease Securiity Concerns about Cloud Computing P. Reinhold.
Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity and Identity Management – A Consolidated Proposal for Terminology Authors: Andreas.
SECURITY MECHANISM & E-COMMERCE
CONFIDENTIALITY, INTEGRITY, LEGAL INTERCEPTION
PLUG-N-HARVEST ID: H2020-EU
Privacy and Digital Rights Management
Ethical questions on the use of big data in official statistics
Chapter 5 Computer Security
Microsoft Virtual Academy
Presentation transcript:

Privacy-Enhancing Identity Management – An Overview – Marit Hansen Independent Centre for Privacy Protection Schleswig-Holstein, Germany Dresden – March 30, 2004

Privacy-Enhancing Identity Management – An Overview2 Overview Introduction:  Terminology Privacy-Enhancing Identity Management Systems:  Motivation, Principles, Methods – Core Concept: Pseudonyms – Third Party Services Status of Identity Management Systems:  Types, Examples, Findings Conclusion

Privacy-Enhancing Identity Management – An Overview3 Partial Identities of Alice Identities Management

Individual Identity vs. Organisation Identity Definition of Terms wrt “Identity” Physical Identity vs. Digital Identity vs. Virtual Identity

Definition of Identity Management in PRIME Identity Management is managing of own partial identities according to specific situations and contexts: a) choice and development of partial identities b) role making and role taking

IMA + Infrastructure = IMS IMA = Identity Management Application IMS = Identity Management System IMS

Privacy-Enhancing Identity Management – An Overview7 Overview Introduction:  Terminology Privacy-Enhancing Identity Management Systems:  Motivation, Principles, Methods – Core Concept: Pseudonyms – Third Party Services Status of Identity Management Systems:  Types, Examples, Findings Conclusion

Privacy-Enhancing Identity Management – An Overview8 Privacy-Enhancing Identity Management: Motivation Solves two major problems in the Internet: –Lack of anonymity –Lack of authenticity Main aim: –Enforcing right to informational self-determination –i.e. the user can control the flow of his/her personal data... –... or at least is aware of it Right to informational self-determination: to know what other parties know about oneself

Privacy-Enhancing Identity Management – An Overview9 Privacy-Enhancing Identity Management: Principles & Methods Principles for Privacy-Enhancing Technologies (PET) –Data minimisation –Transparency –System integration: built-in privacy protection / privacy by design –User empowering: do-it-yourself privacy protection –Multilateral security: minimal trust required Methods: –Tailored (un-)linkability (pseudonyms, convertible credentials) –Default setting: as much anonymity as possible or as desired –History and context interpretation –Privacy support for the user: Good usability for choice of pseudonyms Privacy control functionality for access, correction, deletion, objection...

Privacy-Enhancing Identity Management – An Overview10 Pseudonym Domains (PD): “Unlinkage” of Partial Identities Task of IMS: Providing linkage for authorised parties while preventing unauthorised linkability

Privacy-Enhancing Identity Management – An Overview11 Scenario “E-Commerce”

Privacy-Enhancing Identity Management – An Overview12 Scenario “Multi-Purpose Identity Management Controlled by the User” Core element: pseudonyms

Pseudonym = identifier [technical point of view] Pseudonymity does not say anything about the degree of anonymity (= “who is able to reveal its holder”); it covers the whole range between unique identification and anonymity: Various Properties of Pseudonyms Better: Identification

Linkability through Re-Use of Pseudonyms Privacy-oriented default setting in an IMA: –for one-time use: transaction pseudonym –for establishing a relationship: role-relationship pseudonym Requirement: User-controlled (re-) use of pseudonyms

Privacy-Enhancing Identity Management – An Overview15 Overview Introduction:  Terminology Privacy-Enhancing Identity Management Systems:  Motivation, Principles, Methods – Core Concept: Pseudonyms – Third Party Services Status of Identity Management Systems:  Types, Examples, Findings Conclusion

Privacy-Enhancing Identity Management – An Overview16 Identity Management and Third Party Support 1/2 Infrastructure security and resilience Certification services: –Possibly supporting various degrees of data minimisation, e.g., by allowing pseudonymous but accountable authentication (incl. convertible credentials). Mediator services, e.g.: –Identity brokers reveal the identity of a pseudonym holder under specific circumstances. –Liability services clear a debt or settle a claim on behalf of the pseudonym holder. –A value broker may perform the exchange of goods without revealing additional personal data.

Privacy-Enhancing Identity Management – An Overview17 Identity Management and Third Party Support 2/2 Separation of knowledge: –E.g., unlinkability of the “who (buys)” and the “what (is bought)” in a partially on-line purchase may be achieved by applying separation of knowledge between payment and delivery services. Reference information: –A privacy information service can give input on privacy information data such as security and privacy risks with respect to the IMA deployed, which may influence the behaviour of the system. –The privacy information service could also be offered in a peer-to-peer manner.

Privacy-Enhancing Identity Management – An Overview18 Overview Introduction:  Terminology Privacy-Enhancing Identity Management Systems:  Motivation, Principles, Methods – Core Concept: Pseudonyms – Third Party Services Status of Identity Management Systems:  Types, Examples, Findings Conclusion

Privacy-Enhancing Identity Management – An Overview19 –For authentication: password and account management single sign-on digital signatures combined with authorisations / credentials –Additionally reachability management –Different pseudonyms –Different sets of personal data bound to pseudonyms, incl. form filling –Additionally reputation management Types of Today’s IMS Access Management Pseudonym Management

Example: Federated Identities in Liberty Alliance  Question of Trust Centralised vs. Federated Identity Centralised Identity: Single IMS provider +Easier to maintain +Less effort in user support +Cheaper –Concentrate personal data of people (content and data trails) –Put big responsibilities on the providers –Are attractive targets for attackers –May act as convenient data bases of other interested parties Federated Identity a) User-side identity administration b) Multiple IMS providers +User can be in control (a) +No concentration of personal data (b) +IM solution for SME (a,b) ±Put bigger responsibilities on the user (a) –More effort in user support (a) –Standardisation of protocols/interfaces necessary (b)

Privacy-Enhancing Identity Management – An Overview21 Findings of Study “Identity Management Systems (IMS): Identification and Comparison” (JRC Seville) Approx. 100 IMA identified Detailed evaluation for 7 IMA: –Single Sign-On: Microsoft Passport Liberty Alliance (in spec. process, > 150 companies involved) Yodlee –Form Filler: Mozilla Navigator DigitalMe CookieCooker – Client: Outlook Express Usage: Big user numbers only when integrated such as Microsoft Passport (200 million accounts, 3.5 billion authentications per month, 91 websites supported)

Privacy-Enhancing Identity Management – An Overview22 Findings of IMS Evaluation in IMS Study State-of-the-Art of IMS: –Main goal: usefulness –Deficiencies concerning privacy and security functionality, and if realised: usability problems –Digital evidence is not addressed (lack of liability / no non- repudiation), no support for law enforcement –Identity theft is not prevented –Little functionality, limited purposes –No general solutions, no standards –Trustworthy computer systems and infrastructure are still missing  no trustworthy and secure IMS possible –Business models: Service and software mostly free for users Today’s IMS: Playground for users & service providers

Privacy-Enhancing Identity Management – An Overview23 Overview Introduction:  Terminology Privacy-Enhancing Identity Management Systems:  Motivation, Principles, Methods – Core Concept: Pseudonyms – Third Party Services Status of Identity Management Systems:  Types, Examples, Findings Conclusion

Privacy-Enhancing Identity Management – An Overview24 Conclusion Privacy-Enhancing Identity Management: Providing linkage for authorised parties (esp. the user) while preventing unauthorised linkability Importance of user’s sovereignty Today’s approaches: not sufficient or even privacy invasive Building blocks for Privacy-Enhancing IMS are readily available  PRIME will demonstrate solutions for Privacy-Enhancing IMS with a focus on usability

Privacy-Enhancing Identity Management – An Overview25 Thank you for your attention! Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.