identity-based privacy (ibp)

Identity-Based Privacy(IBP)

07/2013

Privacy

• associated with Western culture, English and North American in particular

• strong ties with freedom and liberty• unknown in some cultures• the word Privacy is missing in some languages

My attempt to define PrivacyAbility of an individual or group to govern level of information disclosure about themselves.

Types of Privacy

• Individual privacy: Individuals• Organizational privacy: Corp, Government, Family, …• Shared privacy: Among all of the above-mentioned

Cloud Computing, Data Security and Information Privacy

• Cloud Computing & Security – meet very well• Cloud Computing & Privacy – contradictory

Privacy is the issue!

• Business information• Personal information

Privacy preserving

Encryption is one of the most effective information protection techniques.

• Security - Data at Rest Encryption, Data in Transit Encryption

• Privacy - Data in Use Encryption

Privacy preserving - existing solutions

• PKI – Public-Key Infrastructure• PGP – Pretty Good Privacy• IBE – Identity-Based Encryption

• PKI, PGI – it’s more about key management then encryption

• IBE – heavy mathematics

Privacy preserving - existing solutions (cont.)

Drawbacks:

• PKI – very expensive, usability• PGP – usability• IBE – strong patents

Identity-Based Privacy (IBP)

A lightweight alternative to PKI/PGP/IBE systems

• Internet of Things – a Personal Key Ring separated from cloud application and data storage

• User Agent – only there meet your encryption key, application and data

• Identity Management – the gateway to your privacy

IBP - Technical background

• Identity Provider – email address as identifier• Authentication – OpenID Connect/OAuth2

• One-Time Identity-Based Key Generator• Identity encryption key generated from identity

• Identity-Based Encryption[1]

• Data encryption key encrypted by identity encryption key1. a simple HMAC-SHA/AES(GCM) symmetric encryption, not the type of public-key encryption as stated on Wikipedia

IBP - Technical background (cont.)

Client-side zero-knowledge encryption:

• All users' data are encrypted on the client side and never touch servers in a plain form.

• Cloud data storage provider has zero knowledge of the encryption keys.

• Key generator server has zero knowledge of users' data.

Business model

User Agent(Browser)

Data/App ProviderIdentity Provider +

Encryption Key Generator

Google, Microsoft, Oracle, AWS home or corp. computer, tablet, smartphone

Customer

IBP - Pros

• usability (no passwords, no certificates)• no certificates management (creation,

storage, distribution, revocation)• lost key prevention• IBE like features, key escrow/fair encryption,

no need for receiver’s public key before encryption

• no IBE revocation problem (online service)

IBP - Cons

• online solution• master key security

Business Opportunities

• Data Storage / Sharing• Health Records / Medical Data Sharing• Big Data• Data Boxes• Databases• Reporting / Business Intelligence• Management Information System• e-mail• eForms / Workflow• Document Management / Workflow• Internet of Things

Featured links

• www.leadict.com• igi64.github.io