privacy and identity management for everyone

Privacy Enhancing Technologies

Privacy and Identity Management for Everyone

B. Sc. Amir NeziriTechnische Universität Darmstadt

[email protected]

Advisor: Prof. Dr. Katzenbeisser

Motivation – Privacy Problems

Identity thefts: credit card data, social security numbers, and student numbers e.g. stolen credit card numbers (CardSystems Solutions, Sony…)

Amount of personal data is requested for online services e.g. buying train ticket

A recent survey by Turow: two-thirds of surveyed Americans do not know that US supermarkets are allowed to sell information about individual purchase decisions to other companies

Personal data can be used for targeted advertisements

06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 2

Motivation – Current Solutions

Common misconception: people voluntarily give away their personal data

No alternatives: people have little choice but to fill out the mandatory fields of web forms

EU Data Protection Directive 95/46/EC and the E-Communications Privacy Directive 2002/58/EC which protects personal data in Europe In Practice: the complexity of the regulation, incomplete enforcement,

the unawareness of people…


Content

Prime‘s Vision

The Prime Solution The Parties Cryptographic Tools System Architecture

A Sample Transaction

Conclusion


A Need for Change

Businesses and governments know a lot more about individuals and their behavior …because personal data have been disclosed

Personal information is negligently stored and therefore vulnerable to theft and misuse

SOLUTION: PRIME PRIME - Privacy and Identity Management for Europe European research and development project, funded by the EU Consists of more than 20 partners (universities, public companies…) There are different prototypes: LBS, eHealth, Anonymous

Communication…


Prime‘s Vision

User Informed Consent and Control User controls the personal data

Privacy Negoation Privacy policies for personal data

Data Minimization Collection of needed personal data for business transaction e.g. prove of the age => …with ID Card, Passport, driver license

…but we need only the birthday and not other personal information


Prime‘s Vision

Identity Management Server-side and user-side Anonymous and identified for both side

Spectrum of Anonymity PRIME does not impose full anonymity, but it supports a range of

possible transactions e.g.: Browsing a web page while using an anonymous communication

channel

Accountability A user can be made accountable for misuse of the system or

cheating, even though transactions are „anonymous“


The Prime Solution – The Parties

Users have certificates, data and policies regarding their data Access control policies restrict the access to the data

Service Provider offers services and resources for users May have certificates and private data, and also access control

policies over their services and resources

Certification Authority is a certifying authority that issues digital certificates


The Prime Solution – Cryptographic Tools

Secure Communication Communication is performed over an encrypted semi-anyonymous

channel

Anonymous Communication e.g. onion routing networks, mixnets or crowds

Pseudonyms …is the name under which a user is known to one or multiple service

providers Indemix pseudonmys, random strings (generated by the user)


The Prime Solution – Cryptographic Tools

Credentials and Proofs of Ownership of Credentials Credential is piece of data such as birthday, postal code

are called Certificate/attribute Certificates

private credentials Drawback (linkability) of traditional certificates is solved allow the user to verifiably encrypt an attribute under a third-party

public key


The Prime Solution- Architecture


Software Architecture of a party [primeAr]


Resource Referencing Scheme Uniform Resource Identifier (URI) is used to name resources in system URIs are general enough to name data types, services, process

workflows, or obligations such as “Delete this data after two weeks.”

Data Model and Ontology Resource Description Framework (RDF) is selected for describing

information about resources RDF consists of triples (subject, predicate, object) Web Ontology Language (OWL) for describing all of the meta-

information about subjects, predicates and objects


RDF Example


RDF/XML Notation of the same RDF Example [tudres]



High-level Component Architecture [primeAr]

The Prime Solution-Architecture

Components Access Control (AC)

limits access a party’s resources and enforces the party’s access control policies

attribute based access control (e.g. request the age)

Identity Control (IC) manages all interactive protocols with other parties Delegates requests to the AC Handles all credential-related protocols Automatically computes optimal ways to fulfill a request Manages user input and notification via the GUI


The Prime Solution-Architecture

Obligation Manager (OM) maintains all obligations An obligation is an event-condition-action (ECA) rule and is generally

activated any time that data is stored to the database


Example <condition> in XML-format (based on [EPAL])

A Sample Transaction


Negotiation– Phase I



1. The user requests information about a product from service provider

2. The request is received by the service provider and directed to the AC component.

The AC component returns an offer which includes a description of the product, a list of requirements in order to buy the product.

The service provider presents obligations to th user that will be automatically enforced.



3. The user‘s IC component receives the offer and parses it. Each of the requriements are presented to the user‘s AC in order to determine the counter-requirements for the release of the requested information

The IC may add obligations to the offer, for example, it may add the obligation that the company notify the user whenever the transaction data is transfarred to a third party.

The IC presents the possible choices about how the requirements are to be fulfilled to the user via the GUI.

4. The service provider either accepts or rejects the offer


Example: XACML Request Model


Structure of an XACML request (based on [Oas05])

Example: XACML Response Model


Structure of an XACML response (based on [Oas05])

Contract Execution– Phase II



1. Company sends necessary credentials to the user

2. User‘s IC uses the received credentials to access user‘s information via the AC.

The AC responds with requested data.

The IC „packages“ the requested data and sends it back to the company. This can involve interactive protocols in which credentials are shown or simple transmissions of uncertified declarations.



3. The company‘s IC processes the requested data and determines whether the requested information satisfies the contract.

If so, the IC requests the AC to store specific parts of the user data under an access control policy that enforces the agreed privacy policy and store the related obligations in the OM. The OM activates each obligation.

4. The OM handles any obligations whose conditions have been triggered. For example, when company relays the user‘s address to the shipping company, the OM informs the user that such information has been transferred.


Example: XACML Policy Element


Structure of a Policy (based on [Oas05])

Example: XACML Rule Element


Structure of a Rule (based on [Oas05])

Example: EPAL Authorization Request


Example authorization request in XML-format (based on [EPAL])

Example: EPAL Authorization Response


Example authorization result in XML-format (based on [EPAL])

Conclusion

System serves both user’s and service provider’s needs in order to implement the EU Directives 95/46/EC and 2002/58/EC.

The system includes an anonymous credential system an attribute-based access control system a policy compliance checking functionality a negotiation functionality

Server-side and user-side identity management

System allows a user to act anonymously


Questions???


References

[Cam05] Camenisch et al.: Privacy and Identity Management for Everyone, Proceedings of the 2005 Workshop on Digital identity management

[Oas05] Oasis, “An Introduction to WSDM.” Committee Draft 1, Sep. 2005, http://www.oasisopen. org/committees/download.php/14351/cd-wsdmintroduction_v3.doc

[EPAL] The Enterprise Privacy Authorization Language (EPAL 1.1) http://www.zurich.ibm.com/security/enterprise-privacy/epal/

[tudres] http://blues.inf.tu-dresden.de/prime/Tutorial_V2/Content/Ontologies/PRIME/rdf.html

[primeAr] https://www.prime-project.eu/prime_products/reports/arch/pub_del_D14.2.d_ec_WP14.2_v3_Final.pdf


privacy and identity management for everyone

Education