Privacy and identity management for everyone
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
4,552
On Slideshare
4,099
From Embeds
453
Number of Embeds
7

Actions

Shares
Downloads
9
Comments
0
Likes
1

Embeds 453

http://itsiguria.com 209
http://it-siguria.com 202
http://itsiguria.wordpress.com 26
http://www.itsiguria.com 8
http://www.it-siguria.com 4
http://it-siguria.microwebi.com 3
http://www.linkedin.com 1

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • 2/3/2011 | |
  • Frage an Zuhörer : Was kann alles mit Persönlichen Daten geschehen???? 2/3/2011 | |
  • Frage: Weiß jeder, dass jeder von euch das Recht hat, nach euren Daten zu fragen???? 2/3/2011 | |
  • 2/3/2011 | |
  • ein Benutzer kann zur Rechenschaft gezogen für den Missbrauch des Systems oder zu betrügen, auch obwohl Transaktionen "anonymen". 2/3/2011 | |
  • 2/3/2011 | |
  • Frage an Zuhörer: Wie erreichen wir Anonymous Communication???? Cryptographic pseudonyms such as Idemix pseudonyms 2/3/2011 | |
  • Traditional certificates have the drawback that different uses of the same certificate can be linked to each other 2/3/2011 | |
  • as the language for describing information about the resources in our system 2/3/2011 | |
  • More specifically, the IC component (a) delegates requests to the AC, (b) handles all credential-related protocols, (c) automatically computes optimal ways to fulfill a request, and (d) manages user input and notification via the graphical user interface. 2/3/2011 | |
  • Obligation=Verpfilichtung In the example given in Figure 4.2.4 an implementation of an EPAL policy condition is shown consisting of one predicate representing a Boolean function. Here, a container named 'DataUserInfo' and a string-type attribute named 'DataUserID' is given. Therefore, the condition of the value of the latter attribute must be equal to 'John Doe'. 2/3/2011 | |
  • The user requests information about a product from a service provider. 2. The request is received by the service provider and directed to the AC component. The AC component returns an offer which includes a description of the product, a list of requirements in order to buy the product along with corresponding reasons for each of the requirements. The list of requirements can include the price, a request for the user’s address, billing information, phone number, etc. The list of reasons can explain why certain information, such as a phone number, has been requested. The offer also specifies how the data related to this transaction will be treated. This is done by expressing the service provider’s privacy policy for the data categories being requested. In particular, the service provider presents obligations to the user that will be automatically enforced. The service provider’s AC may also reply with multiple offers for the same product. For example, there can be a standard offer with the retail price, and a special offer with a reduced price which requires that the user provide a loyalty program number. 2/3/2011 | |
  • The user’s IC component receives the offer and parses it. Each of the requirements are presented to the user’s AC in order to determine the counter-requirements for the release of the requested information. The IC may add obligations to the offer, for example, it may add the obligation that the company notify the user whenever the transaction data is transferred to a third party. The IC presents the possible choices about how the requirements are to be fulfilled to the user via the GUI. For example, a user might have to choose between multiple offers, or choose between various ways to fulfill a requirement (i.e, by using driver’s license versus passport). For convenience, the user can configure certain choices to be made automatically (e.g., if possible, use e-coins to fulfill a payment, and otherwise use a credit card). The agreed privacy policy and obligations are presented to the user in an easy-to-understand representation. The user finally has to give their informed consent to the data processing. 2/3/2011 | |
  • eXtensible Access Control Markup Language 2/3/2011 | |
  • 1. Company sends necessary credentials to the user. 2. User’s IC uses the received credentials to access user’s information via the AC. The AC responds with the requested data. (If the access policy has changed between the time at which the contract was accepted and the time of this access, the user must decide how to proceed.) The IC “packages” the requested data and sends it back to the company. This can involve interactive protocols in which credentials are shown or simple transmissions of uncertified declarations. 2/3/2011 | |
  • 3. The company’s IC processes the requested data and determines whether the requested information satisfies the contract. If so, the IC requests the AC to store specific parts of the user data under an access control policy that enforces the agreed privacy policy and to store the related obligations in the OM. The OM activates each obligation meaning that they can noe be triggered by appropriate events and conditions. The IC also triggers any business processes related to the transaction (e.g., to deposit the e-coins and to ship the good to the user). 4. The OM handles any obligations whose conditions have been triggered. For example, when the company relays the user’s address to the shipping company, the OM informs the user that such information has been transferred. Obligations can either be completely orthogonal to any services-side accesses to the user’s data (e.g., time-driven deletion) or can be related to such accesses as in the example. 2/3/2011 | |
  • Enterprise Authorization Language 2/3/2011 | |
  • 2/3/2011 | |
  • 2/3/2011 | |

Transcript

  • 1. Privacy Enhancing Technologies Privacy and Identity Management for Everyone B. Sc. Amir Neziri Technische Universität Darmstadt [email_address] Advisor: Prof. Dr. Katzenbeisser
  • 2. Motivation – Privacy Problems
    • Identity thefts: credit card data, social security numbers, and student numbers
      • e.g. stolen credit card numbers (CardSystems Solutions, Sony…)
    • Amount of personal data is requested for online services
      • e.g. buying train ticket
    • A recent survey by Turow: two-thirds of surveyed Americans do not know that US supermarkets are allowed to sell information about individual purchase decisions to other companies
    • Personal data can be used for targeted advertisements
    06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri
  • 3. Motivation – Current Solutions
    • Common misconception: people voluntarily give away their personal data
    • No alternatives: people have little choice but to fill out the mandatory fields of web forms
    • EU Data Protection Directive 95/46/EC and the E-Communications Privacy Directive 2002/58/EC which protects personal data in Europe
      • In Practice: the complexity of the regulation, incomplete enforcement, the unawareness of people…
    06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri
  • 4. Content
    • Prime‘s Vision
    • The Prime Solution
      • The Parties
      • Cryptographic Tools
      • System Architecture
    • A Sample Transaction
    • Conclusion
    06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri
  • 5. A Need for Change
    • Businesses and governments know a lot more about individuals and their behavior
      • … because personal data have been disclosed
    • Personal information is negligently stored and therefore vulnerable to theft and misuse
    • SOLUTION: PRIME
      • PRIME - Privacy and Identity Management for Europe
      • European research and development project, funded by the EU
      • Consists of more than 20 partners (universities, public companies…)
      • There are different prototypes: LBS, eHealth, Anonymous Communication…
    06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri
  • 6. Prime‘s Vision
    • User Informed Consent and Control
      • User controls the personal data
    • Privacy Negoation
      • Privacy policies for personal data
    • Data Minimization
      • Collection of needed personal data for business transaction
      • e.g. prove of the age => …with ID Card, Passport, driver license
        • … but we need only the birthday and not other personal information
    06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri
  • 7. Prime‘s Vision
    • Identity Management
      • Server-side and user-side
      • Anonymous and identified for both side
    • Spectrum of Anonymity
      • PRIME does not impose full anonymity, but it supports a range of possible transactions
      • e.g.: Browsing a web page while using an anonymous communication channel
    • Accountability
      • A user can be made accountable for misuse of the system or cheating, even though transactions are „anonymous“
    06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri
  • 8. The Prime Solution – The Parties
    • Users have certificates, data and policies regarding their data
      • Access control policies restrict the access to the data
    • Service Provider offers services and resources for users
      • May have certificates and private data, and also access control policies over their services and resources
    • Certification Authority is a certifying authority that issues digital certificates
    06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri
  • 9. The Prime Solution – Cryptographic Tools
    • Secure Communication
      • Communication is performed over an encrypted semi-anyonymous channel
    • Anonymous Communication
      • e.g. onion routing networks, mixnets or crowds
    • Pseudonyms
      • … is the name under which a user is known to one or multiple service providers
      • Indemix pseudonmys, random strings (generated by the user)
    06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri
  • 10. The Prime Solution – Cryptographic Tools
    • Credentials and Proofs of Ownership of Credentials
      • Credential is piece of data such as birthday, postal code
        • are called Certificate/attribute Certificates
      • private credentials
        • Drawback (linkability) of traditional certificates is solved
        • allow the user to verifiably encrypt an attribute under a third-party public key
    06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri
  • 11. The Prime Solution- Architecture 06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri Software Architecture of a party [primeAr]
  • 12. The Prime Solution- Architecture
    • Resource Referencing Scheme
      • Uniform Resource Identifier (URI) is used to name resources in system
      • URIs are general enough to name data types, services, process workflows, or obligations such as “Delete this data after two weeks.”
    • Data Model and Ontology
      • Resource Description Framework (RDF) is selected for describing information about resources
      • RDF consists of triples (subject, predicate, object)
      • Web Ontology Language (OWL) for describing all of the meta-information about subjects, predicates and objects
    06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri
  • 13. RDF Example 06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri RDF/XML Notation of the same RDF Example [tudres]
  • 14. The Prime Solution- Architecture 06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri High-level Component Architecture [primeAr]
  • 15. The Prime Solution- Architecture 06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri High-level Component Architecture [primeAr]
  • 16. The Prime Solution- Architecture 06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri High-level Component Architecture [primeAr]
  • 17. The Prime Solution-Architecture
    • Components
      • Access Control (AC)
        • limits access a party’s resources and enforces the party’s access control policies
        • attribute based access control (e.g. request the age)
      • Identity Control (IC)
        • manages all interactive protocols with other parties
        • Delegates requests to the AC
        • Handles all credential-related protocols
        • Automatically computes optimal ways to fulfill a request
        • Manages user input and notification via the GUI
    06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri
  • 18. The Prime Solution-Architecture
      • Obligation Manager (OM)
        • maintains all obligations
        • An obligation is an event-condition-action (ECA) rule and is generally activated any time that data is stored to the database
    06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri Example <condition> in XML-format (based on [EPAL])
  • 19. A Sample Transaction 06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri
  • 20. Negotiation– Phase I 06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri
  • 21. Negotiation– Phase I
    • The user requests information about a product from service provider
    • The request is received by the service provider and directed to the AC component.
    • The AC component returns an offer which includes a description of the product, a list of requirements in order to buy the product.
    • The service provider presents obligations to th user that will be automatically enforced.
    06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri
  • 22. Negotiation– Phase I
    • The user‘s IC component receives the offer and parses it. Each of the requriements are presented to the user‘s AC in order to determine the counter-requirements for the release of the requested information
    • The IC may add obligations to the offer, for example, it may add the obligation that the company notify the user whenever the transaction data is transfarred to a third party.
    • The IC presents the possible choices about how the requirements are to be fulfilled to the user via the GUI.
    • The service provider either accepts or rejects the offer
    06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri
  • 23. Example: XACML Request Model 06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri Structure of an XACML request (based on [Oas05])
  • 24. Example: XACML Response Model 06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri Structure of an XACML response (based on [Oas05])
  • 25. Contract Execution– Phase II 06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri
  • 26. Contract Execution– Phase II
    • Company sends necessary credentials to the user
    • User‘s IC uses the received credentials to access user‘s information via the AC.
    • The AC responds with requested data.
    • The IC „packages“ the requested data and sends it back to the company. This can involve interactive protocols in which credentials are shown or simple transmissions of uncertified declarations.
    06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri
  • 27. Contract Execution– Phase II
    • The company‘s IC processes the requested data and determines whether the requested information satisfies the contract.
    • If so, the IC requests the AC to store specific parts of the user data under an access control policy that enforces the agreed privacy policy and store the related obligations in the OM. The OM activates each obligation.
    • The OM handles any obligations whose conditions have been triggered. For example, when company relays the user‘s address to the shipping company, the OM informs the user that such information has been transferred.
    06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri
  • 28. Example: XACML Policy Element 06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri Structure of a Policy (based on [Oas05])
  • 29. Example: XACML Rule Element 06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri Structure of a Rule (based on [Oas05])
  • 30. Example: EPAL Authorization Request 06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri Example authorization request in XML-format (based on [EPAL])
  • 31. Example: EPAL Authorization Response 06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri Example authorization result in XML-format (based on [EPAL])
  • 32. Conclusion
    • System serves both user’s and service provider’s needs in order to implement the EU Directives 95/46/EC and 2002/58/EC.
    • The system includes
      • an anonymous credential system
      • an attribute-based access control system
      • a policy compliance checking functionality
      • a negotiation functionality
    • Server-side and user-side identity management
    • System allows a user to act anonymously
    06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri
  • 33. Questions??? 06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri
  • 34. 06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri
  • 35. References
      • [Cam05] Camenisch et al.: Privacy and Identity Management for Everyone, Proceedings of the 2005 Workshop on Digital identity management
      • [Oas05] Oasis, “An Introduction to WSDM.” Committee Draft 1, Sep. 2005, http://www.oasisopen . org/committees/download.php/14351/cd-wsdmintroduction_v3.doc
      • [EPAL] The Enterprise Privacy Authorization Language (EPAL 1.1) http://www.zurich.ibm.com/security/enterprise-privacy/epal/
      • [tudres] http://blues.inf.tu-dresden.de/prime/Tutorial_V2/Content/Ontologies/PRIME/rdf.html
      • [primeAr] https://www.prime-project.eu/prime_products/reports/arch/pub_del_D14.2.d_ec_WP14.2_v3_Final.pdf
    06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri