Sommer, Dieter M.
Privacy-enhanced Identity Management – From Cryptography to Practice.
Technische Universität, Darmstadt
[Ph.D. Thesis], (2014)
Available under Only rights of use according to UrhG.
Download (1MB) | Preview
|Item Type:||Ph.D. Thesis|
|Title:||Privacy-enhanced Identity Management – From Cryptography to Practice|
People perform an ever increasing number of their interactions over electronic communication networks, which has induced a complex space of issues related to data privacy. The transition from manual record keeping to electronic data processing has greatly amplified privacy problems related to personal data processing due to powerful automated processing and knowledge induction capabilities. Users frequently need to reveal excessive amounts of personal data for obtaining access to services, typically being identified, while service providers and third parties extensively profile the users to commercially exploit their data as part of the so-called personal data economy.
The personal data required to be released in online interactions often exceeds the minimum that would be required for the service to be provided, and, worse, it typically identifies the user. This, together with the absence of widely deployed strong authentication systems, creates the risk of identity theft, e.g, based on user data leaked through privacy breaches, with severe consequences for both affected users and service providers. The personal data economy creates, due to the increasingly powerful automated induction of knowledge from (unstructured) data, further privacy problems, which are expected to worsen with the widespread adoption of Big Data analytics. The frequent mergers and acquisitions of service providers or data aggregators and related creation of large-scale databases further worsen the privacy issues.
In this thesis, we address user-centric privacy-enhanced identity management, with a focus on data-minimizing authentication of attribute statements about users, vouched for by third-party identity providers. Authenticated attributes allow for reducing the amount of data to be requested because they make background checks, e.g., for minimum age or creditworthiness verification based on identifying user attributes, obsolete. Data minimization benefits both users through stronger privacy and service providers through the reduction of data-breach-related risks and increased data quality and fraud prevention through the certification of attributes.
Main challenges for an open privacy-enhanced authentication system are realizing data minimization, trust delegation, user accountability, and attribute delegation——all in a single system. That is, revealing exactly the data required for a transaction, deciding on which parties to trust for certifying attributes or for providing other relevant knowledge, being able to hold non-identified users accountable for actions in case they violate agreed terms or for law enforcement, and allowing users to delegate authority over certified attributes to parties they trust. Today's available systems or competing research proposals fail in addressing those challenges in an integrated manner. A system addressing those challenges needs to build upon complex composed cryptographic protocols to achieve the properties we require in a strong trust model, where each such protocol is a function of the data to be released. The cryptographic data release semantics needs to be expressed in a formal language which abstracts from the details of the cryptographic protocols and exposes semantics at the level of identity management concepts, the authentication messaging between parties needs to be integrated with standards, and the human user must be involved in transactions through simple yet effective user interfaces.
The presented work has started, as a foundation, with available cryptographic protocols capable of the data-minimizing release of certified attribute data while reducing the trust assumptions in third parties. Our goal of this work has been bringing those cryptographic protocols towards practice. We address the abovementioned challenges through proposing a comprehensive system, designed around those cryptographic protocols, to make them applicable as part of an open real-world identity management system.
As one main contribution, we propose logic-based languages for representing data requests (policies), statements, protocol interface elements, and knowledge in the form of ontologies. The languages allow for automated processing, e.g., computing a response statement to a data request, in a logic calculus. The languages are used to govern system behavior, while allowing for hiding the underlying cryptographic protocol semantics.
We propose an abstract authentication model for privacy-enhanced authentication which expresses preconditions to authentication transactions and formalizes transformation rules for obtaining authenticated communication channels. The model formally specifies under which preconditions which authenticated communication channels between parties can be established using our authentication protocols. Authenticated attribute statements are expressed through the logic-based statement language.
We discuss how the cryptographic protocols to be executed for authenticating data-minimizing attribute statements are specified through formulae expressed in our logic-based languages and how multiple instances of the protocols relate to each other. We show how the cryptographic protocols realize the transformation rules of our authentication model.
A cryptographic protocol for releasing certified attribute statements is a protocol from a family of protocols and is a function of the statement to be authenticated. Because all protocols for all valid to-be-authenticated statements cannot be exhaustively specified, we propose a subsystem for compiling a protocol at runtime from the logic-based statement to be authenticated. This runtime generation results in cryptographic programs to be executed by a protocol interpreter. This has the advantages of handling the powerful semantics of our statement language through a multi-layer processing approach and allowing for aggressive performance improvements, among other things, through exploiting the instruction-level parallelism inherent to the derived programs at the cryptographic layer.
Those contributions give rise to an integrated system for data-minimizing authentication of certified attribute statements using cryptographic protocols, thereby solving the main challenges of data-minimizing authentication in an open system.
A major contribution of our work is the strong integration, on the one hand on the dimension of data minimization, trust delegation, accountability, and the further functionality crucial for an open privacy-enhanced authentication system, and on the other hand on the dimension of integration of the functionality into a single coherent system. Parts of our results have been validated with implementations and a use case prototype for an end-to-end authentication flow for a simplified system.
In addition to the abovementioned core contributions related to the authentication system, we have obtained complementary contributions in the areas of user interfaces for identity selection as part of the authentication process, a formal-model-based verification of a fragment of the cryptographic protocols, a taxonomy of user centricity in identity management, and a discussion of the various notions of trust in an open identity management system.
Orthogonal to the authentication system, we have, among other issues, addressed the problem of access control in electronic social networks. The results can substantially contribute to user privacy by enforcing user preferences and thereby solve a main problem in the social network space. We also discuss how social networks can be leveraged to bootstrap a public key infrastructure, and how to automate profile management in social networks. We put forth an approach for integrating privacy-enhanced authentication with a virtual world system and for giving presentations in public areas therein while ensuring confidentiality of the content.
With our core contributions related to the privacy-enhanced authentication system and the additional contributions around and orthogonal to it, we address an important fraction of the overall space of privacy issues.
|Place of Publication:||Darmstadt|
|Uncontrolled Keywords:||privacy, security, digital identity management, privacy-enhanced identity management, authentication, authorization, privacy-enhanced authentication, privacy-enhancing authentication, credential systems, private certificates, private credentials, first-order logic, formal languages, access control policies, trust negotiation, trust management, secure channel model, Maurer-Schmid model, accountability, zero-knowledge proofs, cryptographic protocols|
|Classification DDC:||000 Allgemeines, Informatik, Informationswissenschaft > 000 Allgemeines, Wissenschaft
000 Allgemeines, Informatik, Informationswissenschaft > 004 Informatik
600 Technik, Medizin, angewandte Wissenschaften > 600 Technik
600 Technik, Medizin, angewandte Wissenschaften > 620 Ingenieurwissenschaften
|Divisions:||20 Department of Computer Science > Security Engineering|
|Date Deposited:||30 Jun 2014 09:03|
|Last Modified:||30 Jun 2014 09:03|
|Referees:||Waidner, Prof. Dr. Michael and Katzenbeisser, Prof. Dr. Stefan and Camenisch, Dr. Jan|
|Refereed:||11 July 2013|