Identity-Based Privacy
(IBP)
Cloud Computing and Privacy Protection
07/2014
Privacy preserving
Encryption is one of the most effective
information protection techniques.
Information
Privacy preserving – Conceptual model
Security
Privacy
• Security – Data at Rest Encryption, Data in Transit E...
Privacy preserving – existing systems
• PKI – Public-Key Infrastructure
• PGP – Pretty Good Privacy
• IBE – Identity-Based...
Privacy preserving – existing systems
(cont.)
Drawbacks:
• PKI – very expensive, usability
• PGP – usability
• IBE – diffi...
Identity-Based Privacy (IBP)
The alternative to PKI/PGP/IBE systems
IBP – History
original idea came from January, 2011
• First public presentation in June, 2011
• http://www.amathnet.cz/akc...
IBP – Conceptual Architecture Model
User
(Client-Side App.)
Identity & Access Management
Data Resource Encryption Key Gene...
IBP – Modules
• Encryption Key Generator – a Personal Key
Ring separated from cloud application and
data storage
• Identit...
IBP – Modules (cont.)
IBEKG, OIDC/UMA, User Agent
• IBEKG – Identity-Based Encryption Key
Generator
• OIDC/UMA – Identity ...
IBP – Technical background
• Identity & Access Management Provider – email
address as the user’s identifier
• Authenticati...
IBP – Technical background (cont.)
• Identity-Based Encryption[1]
• Data encryption key encrypted by identity encryption
k...
IBP – Technical background (cont.)
Client-side zero-knowledge encryption:
• All users' data are encrypted on the client si...
IBP – Operating model
User Agent
(Browser)
Identity Provider +
Data/App Provider
Encryption Key Generator
mobile operators...
IBP – Pros
• usability (no passwords, no certificates)
• no key and certificate management (creation,
storage, distributio...
IBP – Cons
• online solution
• master key security
Main Business Opportunities
• Cloud Storage / Sharing
• Health Records / Medical Data Sharing
• Electronic Postal Services...
Featured links
• igi64.github.io
• openid.net/connect
• kantarainitiative.org/confluence/display/uma
• twitter.com/igi64
Upcoming SlideShare
Loading in …5
×

Identity-Based Privacy (IBP) - Cloud Computing and Privacy Protection

765 views

Published on

A new decentralized Identity-Based Privacy (IBP) trusted model built around OpenID Connect and User-Managed Access (UMA) standards. IBP model supports Privacy by Design (PbD) principles.

Why Identity and not Anonymity to preserve privacy? Easy, Anonymity does not overlap with Transparency, but Privacy does. Privacy hand in hand with Transparency, are the fundamental stones of the modern world.

Published in: Software
  • Be the first to comment

Identity-Based Privacy (IBP) - Cloud Computing and Privacy Protection

  1. 1. Identity-Based Privacy (IBP) Cloud Computing and Privacy Protection 07/2014
  2. 2. Privacy preserving Encryption is one of the most effective information protection techniques.
  3. 3. Information Privacy preserving – Conceptual model Security Privacy • Security – Data at Rest Encryption, Data in Transit Encryption • Privacy – Data in Use Encryption
  4. 4. Privacy preserving – existing systems • PKI – Public-Key Infrastructure • PGP – Pretty Good Privacy • IBE – Identity-Based Encryption • PKI, PGP – it’s more about key management then encryption • IBE – email address as the public key
  5. 5. Privacy preserving – existing systems (cont.) Drawbacks: • PKI – very expensive, usability • PGP – usability • IBE – difficult mathematics, strong patents
  6. 6. Identity-Based Privacy (IBP) The alternative to PKI/PGP/IBE systems
  7. 7. IBP – History original idea came from January, 2011 • First public presentation in June, 2011 • http://www.amathnet.cz/akce/historie-akci/vut/pavlov-2011/prubeh.aspx • http://www.amathnet.cz/Portals/0/QuickGallery/444/IMGP0056.JPG • Fully open sourced since September, 2013 • Matured in April, 2014
  8. 8. IBP – Conceptual Architecture Model User (Client-Side App.) Identity & Access Management Data Resource Encryption Key Generator
  9. 9. IBP – Modules • Encryption Key Generator – a Personal Key Ring separated from cloud application and data storage • Identity & Access Management – the gateway to your privacy • User Agent – only there meet your encryption key and data
  10. 10. IBP – Modules (cont.) IBEKG, OIDC/UMA, User Agent • IBEKG – Identity-Based Encryption Key Generator • OIDC/UMA – Identity & Access Management built around OpenID Connect (OIDC) and User Managed Access (UMA) specifications • User Agent – client side data encryption process
  11. 11. IBP – Technical background • Identity & Access Management Provider – email address as the user’s identifier • Authentication/Authorization/Access Control – OIDC, UMA • One-Time Identity-Based Key Generator • Identity encryption key generated from user’s identifier
  12. 12. IBP – Technical background (cont.) • Identity-Based Encryption[1] • Data encryption key encrypted by identity encryption key • NIST SHA-256, AES-256, CTR-DRBG-256 • OpenSSL FIPS 140-2 validated 1. a simple HMAC-SHA/AES(GCM) symmetric encryption, not the type of public-key encryption as mentioned on the ID-based encryption Wikipedia article
  13. 13. IBP – Technical background (cont.) Client-side zero-knowledge encryption: • All users' data are encrypted on the client side and never touch servers in a plain form • Data storage provider has zero knowledge of the encryption keys • Encryption key generator server has zero knowledge of users' data
  14. 14. IBP – Operating model User Agent (Browser) Identity Provider + Data/App Provider Encryption Key Generator mobile operators, banks, Gov. Google, Microsoft, Oracle, Amazon, clinics, large enterprises home or corp. computer, tablet, smartphone, Internet of Things Customer Commercial (Closed Source) Software/Services Transparent (Open Source) Software/Services
  15. 15. IBP – Pros • usability (no passwords, no certificates) • no key and certificate management (creation, storage, distribution, revocation) • lost key prevention • IBE like features, key escrow/fair encryption, no need for receiver’s public key before encryption • no IBE revocation problem (access control) • Encryption Key Generator Device (referred to as the Internet Of Things) • SIM Card/Java Applet
  16. 16. IBP – Cons • online solution • master key security
  17. 17. Main Business Opportunities • Cloud Storage / Sharing • Health Records / Medical Data Sharing • Electronic Postal Services • New Email-like Services
  18. 18. Featured links • igi64.github.io • openid.net/connect • kantarainitiative.org/confluence/display/uma • twitter.com/igi64

×