Sebastian Clauβ
ABSTRACT
User centric identity management will be necessary to protect user's privacy in an electronic society. However, designing such systems is a complex task, as the expectations of the different parties involved in electronic transactions have to be met. In this work we give an overview on the actual situation in user centric identity management and point out problems encountered there. Especially we present the current state of research and mechanisms useful to protect the user's privacy. Additionally we show security problems that have to be borne in mind while designing such a system and point out possible solutions. Thereby, we concentrate on attacks on linkability and identifiability, and possible protection methods.
- O. Berthold, H. Federrath, and S Köpsell. Web mixes: A system for anonymous and unobservable internet access. Designing Privacy Enhancing Technologies. Proc. Workshop on Design Issues in Anonymity and Unobservability, LNCS 2009, Springer-Verlag, Heidelberg 2001, pp. 115--129.]] Google Scholar
Digital Library
- S. A. Brands. Rethinking Public Key Infrastructures and Digital Certificates - Building in Privacy. PhD thesis, Netherlands, 1999. 2nd Edition: The MIT Press; August 2000.]]Google Scholar
- J. Camenisch and E. V. Herreweghen. Design and implementation of the idemix anonymous credential system. In Proceedings of the 9th ACM conference on Computer and Communications Security, Washington D.C., November 2002. ACM Press.]] Google ScholarDigital Library
- J. Camenisch and A. Lysyanskaya. Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. Research Report RZ 3295 (#93341), IBM Research, November 2000.]]Google Scholar
- D. Chaum. Untraceable electronic mail, return addresses and digital pseudonyms. Communications of the ACM, 24(2), pp. 84--88, 1981.]] Google ScholarDigital Library
- D. Chaum. Showing credentials without identification: Signatures transferred between unconditionally unlinkable pseudonyms. In F. Pichler, editor, Advances in Cryptology - EUROCRYPT '85, Workshop on the Theory and Application of of Cryptographic Techniques, Linz, Austria, April 1985, Proceedings, volume 219 of LNCS, pages 241--244, Heidelberg, 1986. Springer Verlag.]] Google ScholarDigital Library
- S. Clauβ and M. Köhntopp. Identity management and its support of multilateral security. Computer Networks, 2001.]] Google ScholarDigital Library
- S. Clauβ, A. Pfitzmann, M. Hansen, and E. V. Herreweghen. Privacy-enhancing identity management. The IPTS Report, Special Issue: Identity and Privacy:8--16, 2002.]]Google Scholar
- R. Clayton, G. Danezis, and M. G. Kuhn. Real world patterns of failure in anonymity systems. Information Hiding 2001, LNCS 2137, pp. 230--245, Springer-Verlag Berlin 2001.]] Google ScholarDigital Library
- G. Danezis and A. Serjantov. Statistical Disclosure or Intersection Attacks on Anonymity Systems. Proceedings of the 6th Information Hiding Workshop (IH2004), LNCS, Toronto, 2004.]]Google ScholarDigital Library
- D. E. Denning. A security model for the statistical database problem. In SSDBM, pages 368--390, 1983.]] Google ScholarDigital Library
- R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. In Proceedings of the 13th USENIX Security Symposium, August 2004.]] Google ScholarDigital Library
- L. P. Dogan Kesdogan. The Hitting Set Attack on Anonymity Protocols. In Proceedings of Information Hiding, 7th International Workshop. Springer Verlag, 2004.]]Google Scholar
- G. Duncan, S. Keller-McNulty, and L. Stokes. Database security and confidentiality: Examining disclosure risk vs. data utility through the R-U confidetiality map. Technical Report 142, U.S. National Institute of Statistical Sciences, March 2004.]]Google Scholar
- U. W. Gerhard Paass. Datenzugang, Datenschutz und Anonymität. Oldenbourg, München, 1985. (in german).]]Google Scholar
- J. Höhne. Methoden zur Anonymisierung wirtschaftsstatistischer Einzeldaten. Forum der Bundesstatistik, 42:69--94, 2003.]]Google Scholar
- D. Kesdogan, D. Agrawal, and S. Penz. Limits of Anonymity in Open Environments. In Information Hiding, 5th International Workshop. Springer Verlag, 2002.]] Google ScholarDigital Library
- M. Köhntopp and A. Pfitzmann. Anonymity, unobservability, and pseudonymity - a proposal for terminology. Draft v0.12., June 2001.]]Google Scholar
- M. Bauer and M. Meints (Editors). Structured overview on prototypes and concepts of identity management systems; fidis del. 3.1. available from http://www.fidis.net/fileadmin/fidis/deliverables/fidis-wp3-del3.1.over%view_on_IMS.pdf.]]Google Scholar
- B. Pfitzmann, M. Waidner, and A. Pfitzmann. Rechtssicherheit trotz anonymität in offenen digitalen systemen. Datenschutz und Datensicherung (DuD), 14(5-6):243--253, 305--315, 1990. Vieweg, Wiesbaden.]]Google Scholar
- K. Pommerening. Datenschutz und Datensicherheit. BI-Wissenschaftsverlag, Mannheim, Wien, Zürich, 1991. ISBN 3-411-15171-4 (in german).]]Google Scholar
- PRIME - Privacy and Identity Management for Europe. http://www.prime-project.eu.org.]]Google Scholar
- J.-F. Raymond. Traffic analysis: protocols, attacks, design issues, and open problems. In International workshop on Designing privacy enhancing technologies, pages 10--29, New York, NY, USA, 2001. Springer-Verlag New York, Inc.]] Google ScholarDigital Library
- W. Winkler. Masking and re-identification methods for public-use microdata: Overview and research problems. Research Report #2004-06, U.S. Bureau of the Census, October 2004.]]Google Scholar
- S. Zühlke, M. Zwick, S. Scharnhorst, and T. Wende. The research data centres of the federal statistical office and the statistical offices of the länder. FDZ-Arbeitspapier~3, Statistische "Amter des Bundes und der Länder, March 2005. http://www.forschungsdatenzentrum.de/publikationen/arbeitspapiere/03.asp.]]Google Scholar
Index Terms
- Privacy enhancing identity management: protection against re-identification and profiling
Recommendations
Managing privacy preferences for federated identity management
DIM '05: Proceedings of the 2005 workshop on Digital identity managementWe have witnessed that the Internet is now a prime vehicle for business, community, and personal interactions. The notion of identity is the important component of this vehicle. Identity management has been recently considered to be a viable solution ...
Privacy and identity management for everyone
DIM '05: Proceedings of the 2005 workshop on Digital identity managementThe shift from a paper-based to an electronic-based society has dramatically reduced the cost of collecting, storing and processing individuals' personal information. As a result, it is becoming more common for businesses to "profile" individuals in ...
Criteria for Evaluating the Privacy Protection Level of Identity Management Services
SECURWARE '09: Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and TechnologiesIdentity Management is the one of web services that manages the digital identity and the personally identifiable information of the user who subscribed for various web services in Internet. It was developed to provide user with an easy way to use and ...
Reviews
Andrew Robert Huber
How can systems be designed to identify users, and at the same time protect their identities__?__ The two sides in an electronic transaction have different needs, and balancing these viewpoints is a complex task. The authors provide an overview of how identity management systems can control and limit the data released to a service. Users are represented by sets of attributes, and can have partial identities based on subsets of these attributes. The identity management system manages these partial identities to provide servers with only the information required for authentication, while preventing the server from learning the full identity and full attributes of the user. This requires limiting the ability of servers and attackers to link partial identities. Two types of identity management systems are described: server centric and decentralized. Decentralized systems tend to be user oriented. Privacy-enhancing identity management systems permit user control of the kind and amount of personal information released. Attacks that allow third parties to discover or link several partial identities and find a user's complete identity are classified and described. These include active and passive attacks by insiders (service providers) and outsiders (external attackers). Some of these are well known, such as statistical attacks on databases. Others rely on timing or linking several databases. Methods of protecting against these attacks are also summarized, such as randomization of statistical databases. Some discussion of the practicality of various attacks and possible success rates would have been helpful. Overall, this summary of current work on identity management systems is useful. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.
Comments