This document summarizes a presentation on privacy in business processes through user-centric identity management. It discusses challenges with 1:n and 1:n:m relationships where personal data is disclosed to multiple services. Two approaches are described: single sign-on and anonymous credentials. Neither fully addresses issues like linkability, non-transferability of data, and misuse of credentials. The document then proposes an approach called DREISAM that uses anonymous credentials and proxy credentials to enable delegation of rights over personal data while preserving user privacy. It outlines the work of WP14 in studying privacy requirements for identity management and business processes.
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
Privacy in Business Processes with User-Centric Identity Management
1. FIDIS Research Event 2006, Budapest
Sven Wohlgemuth
Albert-Ludwig University Freiburg, Germany
Privacy in Business
Processes by User-centric
Identity Management
2. FIDIS - Future of Identity in the
Information Society (No. 507512)
11.09.2006 2
Agenda
I. Scenario: Personalized Services and
Business Processes
II. Example: Data Economy in Business
Processes
III. WP14: Areas of Work
3. FIDIS - Future of Identity in the
Information Society (No. 507512)
11.09.2006 3
I. Personalized Services and
Business Processes
Objectives of an attacker: • Tracing user
• Misusing user‘s attributes
I want a holiday trip,
here are my attributes
User
Holiday trip
Service 1
1:n
To known service
Challenge: Trust in Service 1?
U wants a car,
Here is what I know of U
Car
1:n:m
To unknown service(s)U
=
profile
Service 2
user
profiles
4. FIDIS - Future of Identity in the
Information Society (No. 507512)
16.05.16 4
Survey for Germany (ECE IV)
Most Important Barriers for Personalized Services
0 %
25 %
50 %
75 %
100 %
20,700 %20,700 %18,100 %15,800 %15,984 %
12,012 %
58,400 %56,700 %
47,700 %49,800 %46,753 %
44,344 %
20,900 %22,600 %
34,200 %34,400 %37,263 %
43,644 %
high
medium
no
Costly integration
in processes
Expected neg.
reaction since
privacy
violation
Doubts wrt.
data
protection
laws
Low customer
acceptance
Other legal
doubts
Pot. loss
of reputation
http://www.telematik.uni-freiburg.de/ece.php
5. FIDIS - Future of Identity in the
Information Society (No. 507512)
5
Car?
Driving licence?
Privacy Attacks
1:n Relationships
Privacy: User is able to to determine on the disclosure and
use of his own personal data.
I want a holiday trip,
here are my attributes
User
Holiday trip
Service 1Service 1
1:n
To known service U
=
profile
11.09.2006
6. FIDIS - Future of Identity in the
Information Society (No. 507512)
5
Car?
Driving licence?
Threat:
Misuse of personal
data by services
Driving
licence
Stella Freiburger
Classes: ABE
Friedrichstr. 50
D-79098 Freiburg
Germany
IP: 132.15.16.3
Motorbike
Claudia Freiburger
Harley Davidson
IP: 132.15.16.3
Car
Stella Freibuger
VW Beetle
IP: 132.15.16.3
Privacy Attacks
1:n Relationships
Privacy: User is able to to determine on the disclosure and
use of his own personal data.
I want a holiday trip,
here are my attributes
User
Holiday trip
Service 1Service 1
1:n
To known service U
=
profile
11.09.2006
7. Driving licence?
Car?
Car
Car
Stella Freiburger
VW Beetle
IP: 132.15.16.3
Driving
licence
Stella Freiburger
Classes: ABE
Friedrichstr. 50
D-79098 Freiburg
Germany
IP: 132.15.16.3
Vacation trip?
Privacy Attacks
1:n:m Relationships
I want a holiday trip,
here are my attributes
U wants a car,
Here is what I know of U
User
CarHoliday trip
Service 1Service 1
1:n
1:n:m
To known service To unknown service(s)U
=
profile
Service 2Service 2
user
profiles
8. Driving licence?
Informational self-determination?
Driving
Licence
Stella Freibuger
Classes: ABE
Friedrichstr. 50
D-79098 Freiburg
Germany
IP: 132.15.16.3
Holiday
Stella Freiburger
VW Beetle
...
IP: 132.15.16.3
Car?
Car
Car
Stella Freiburger
VW Beetle
IP: 132.15.16.3
Driving
licence
Stella Freiburger
Classes: ABE
Friedrichstr. 50
D-79098 Freiburg
Germany
IP: 132.15.16.3
Vacation trip?
Privacy Attacks
1:n:m Relationships
I want a holiday trip,
here are my attributes
U wants a car,
Here is what I know of U
User
CarHoliday trip
Service 1Service 1
1:n
1:n:m
To known service To unknown service(s)U
=
profile
Service 2Service 2
user
profiles
9. FIDIS - Future of Identity in the
Information Society (No. 507512)
7
II. Problem: Data Economy
Identity management and multi-staged business processes
□ Single Sign On: central or several CA
(Microsoft .NET Passport or Liberty Alliance)
□ Partial identities
(Freiburg iManager)
□ Anonymous credentials
(IBM idemix)
11.09.2006
10. FIDIS - Future of Identity in the
Information Society (No. 507512)
16.05.16 8
Case 1: Single Sign-On
1:n:m Relationships
3: Authentification
1: Request for booking 1: Request for car
2: Redirection
4: Connect
5: Request for pers. data: driving licence
7: Allow / deny access
8: Booking confirmation
6: Pers. data: driving licence
11. FIDIS - Future of Identity in the
Information Society (No. 507512)
16.05.16 8
Case 1: Single Sign-On
1:n:m Relationships
• Proxy needs secret token of user for authentication ➔ Linkability + Misuse
• CA is in every authentication involved ➔ Linkability
3: Authentification
1: Request for booking 1: Request for car
2: Redirection
4: Connect
5: Request for pers. data: driving licence
7: Allow / deny access
8: Booking confirmation
6: Pers. data: driving licence
12. FIDIS - Future of Identity in the
Information Society (No. 507512)
16.05.16 9
Stella
543ag
I am Stella
Dig. driving licence
I am 543ag
Booking
confirmation
• Non-Transferability Mechanismen:
All credentials and pseudonyms are based on one secret key kMax
Car for
543ag
Car
CA certifies personal data and issues anonymous credentials
skStella
Case 2: Anonymous Credentials
1:n:m Relationships
13. FIDIS - Future of Identity in the
Information Society (No. 507512)
16.05.16 9
Stella
543ag
I am Stella
Dig. driving licence
I am 543ag
Booking
confirmation
• Non-Transferability Mechanismen:
All credentials and pseudonyms are based on one secret key kMax
Car for
543ag
Car
• Proxy requires secret key kStella for showing credential
! Delegation of all credentials: misuse is possible
! Fraud: Revealing anonymity of the user
kStella
CA certifies personal data and issues anonymous credentials
skStella
Case 2: Anonymous Credentials
1:n:m Relationships
14. Additional criteria for 1:n:m relationships: Delegation of rights
on personal data
• Integrity of an authorization
• Delegation of „least privilege”
• Preventing misuse of delegated authorizations
• Restricting re-delegation of delegated authorizations
• Revoking delegated authorizations
• Distinguishing user and proxy
Criteria for 1:n relationships:
• Showing personal data depending on service
• Non-linkability of transactions
• Authentication without revealing identifying data
• Non-repudiation of user‘s transactions
• Revealing identity of cheating users
Criteria for 1:n and 1:n:m
Relationships
15. FIDIS - Future of Identity in the
Information Society (No. 507512)
16.05.16 11
Idea: Authorization for purpose-based transfer of personal data as a credential
(Proxy Credential)
Unobservability by:
– Anonymous credentials
– Pseudonyms
– CA signs Proxy Credential
Purpose-based:
– Logging of delegation and use by
CA and end service
Limit:
– User cannot enforce restrictions
of a delegated authorization
– Observability if servíce needs
identifying data of the user
Wohlgemuth, S., Müller, G.: Privacy with Delegation of Rights by Identity Management, ETRICS 2006.
DREISAM
Unlinkable Delegation of Rights
16. (Mechanisms of PKI + anonymous credentials)
• Integrity of an authorization
• Delegation of „least privilege“
• Preventing misuse of delegated authorizations
• Restricting re-delegation of delegated authorizations
• Revoking delegated authorizations
• Distinguishing user and proxy
DREISAM: Evaluation
Criteria for a self-determined disclosure of personal data:
• Showing personal data depending on service
• Non-linkabiltiy of transactions
• Authentication without revealing identifying data
• Non-repudiation of user‘s transactions
• Revealing identity of cheating users
(Partial identity)
(Pseudonyms and anonymity service)
(Zero-Knowledge Proof)
(Protocol run of showing a credential)
(De-anonymization party)
(Anonymous credential + CA)
(One-show anony. credential + Audit)
(Audit)
(Proxy Credential)
(Protocol of showing a credential + CA)
17. Verifying Use of Personal Data:
Certified Service
□ Information flow: Verified sandbox at service provider
□ Peer: Attestated service access points of sandbox
□ Presumption: TPM and CA infrastructure
service
OS
hardware
service
OS
hardware
Service ProviderUser
service
OS
hardware
service
OS
hardware
Privacy CA
SoftwareCA
Hohl, A., Lowis, L., Zugenmaier, A.: Look who's talking - Authenticated Service Access Points.
travel agency
untrusted area
trusted end device
18. FIDIS - Future of Identity in the
Information Society (No. 507512)
16.05.16 14
III. WP 14: Areas of Work
I want a holiday trip,
here are my attributes
U wants a car,
Here is what I know of U
User
CarHoliday trip
Service 1
1:n
1:n:m
To known service To unknown service(s)U
=
profile
Service 2
user
profiles
Identity management
Identity management extended by protocols, TC, …
D14.2: Study on privacy in business processes by identity management
D14.3: Study on the suitability of trusted computing to support
privacy policies in business processes
Identification of privacy requirements for identity
management relating to the use of disclosed personal data
Objective:
19. FIDIS - Future of Identity in the
Information Society (No. 507512)
15
• Non-Programmed Norms
Safe harbor, regulations
EU, self-determination
politeness, respect
• Programmed Norms
P3P, EPAL, …
• Privacy Tools
- Distrust in partner
- Control service‘s system
behavior or knowledge about it
- User-controlled only
Approach of WP14
Privacy
Principles
Privacy Policy
Privacy Tools
Prevent
misuse
(Access
Control)
Identify
misuse
(Audit)
Prevent
profiling
(Anonymity
services)
Minimize
profiling
(IMS)
11.09.2006
20. FIDIS - Future of Identity in the
Information Society (No. 507512)
16
Workshop Agenda – Monday
Session 1 14:15-16:15
14:15-14:45 Sven Wohlgemuth (ALU-FR): Privacy in Business
Processes by User-centric Identity Management
14:45-15:15 Mireille Hildebrandt (VUB): The user-centric narrative of
AmI: smart marketing or citizen empowerment?
15:15-15:45 Günter Karjoth (IBM): Achieving Transparency by Applying
an Enterprise Privacy Architecture
15:45-16:15 Simone Fischer-Hübner (KU): The "Data Track" for
increasing transparency for end users
16:15-16:30 Coffee Break
Session 2 16:30-18:30
16:30-17:00 Ammar Alkassar (SIRRIX): Employing Trusted Computing
for User-Friendly Business-Processes
17:00-17:30 Stefan Köpsell (TUD): Overview of Trusted Computing and
possible Applications for Business Processes with Delegates
17:30-18:00 Richard Cissée (TUB): Privacy-preserving Information
Filtering
18:00-18:30 Sven Wohlgemuth (ALU-FR): Further steps to D14.2,
D14.3 and to 4th
work plan
11.09.2006
21. FIDIS - Future of Identity in the
Information Society (No. 507512)
17
Workshop Agenda – Tuesday
Session 3 13:45-15:15
13:45-14:15 Martin Meints (ICPP): Compliance in Enterprises -
how can Trends in IT-Security successfully be
transfered to Data Protection?
14:15-14:45 Laurent Bussard (Microsoft): TBA
14:45-15:15 Pieter Ribbers (Tilburg University): Privacy and
Business Processes: the approach in PRIME
11.09.2006