privacy and identity management for everyone
DESCRIPTION
TRANSCRIPT
Privacy Enhancing Technologies
Privacy and Identity Management for Everyone
B. Sc. Amir NeziriTechnische Universität Darmstadt
Advisor: Prof. Dr. Katzenbeisser
Motivation – Privacy Problems
Identity thefts: credit card data, social security numbers, and student numbers e.g. stolen credit card numbers (CardSystems Solutions, Sony…)
Amount of personal data is requested for online services e.g. buying train ticket
A recent survey by Turow: two-thirds of surveyed Americans do not know that US supermarkets are allowed to sell information about individual purchase decisions to other companies
Personal data can be used for targeted advertisements
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 2
Motivation – Current Solutions
Common misconception: people voluntarily give away their personal data
No alternatives: people have little choice but to fill out the mandatory fields of web forms
EU Data Protection Directive 95/46/EC and the E-Communications Privacy Directive 2002/58/EC which protects personal data in Europe In Practice: the complexity of the regulation, incomplete enforcement,
the unawareness of people…
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 3
Content
Prime‘s Vision
The Prime Solution The Parties Cryptographic Tools System Architecture
A Sample Transaction
Conclusion
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 4
A Need for Change
Businesses and governments know a lot more about individuals and their behavior …because personal data have been disclosed
Personal information is negligently stored and therefore vulnerable to theft and misuse
SOLUTION: PRIME PRIME - Privacy and Identity Management for Europe European research and development project, funded by the EU Consists of more than 20 partners (universities, public companies…) There are different prototypes: LBS, eHealth, Anonymous
Communication…
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 5
Prime‘s Vision
User Informed Consent and Control User controls the personal data
Privacy Negoation Privacy policies for personal data
Data Minimization Collection of needed personal data for business transaction e.g. prove of the age => …with ID Card, Passport, driver license
…but we need only the birthday and not other personal information
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 6
Prime‘s Vision
Identity Management Server-side and user-side Anonymous and identified for both side
Spectrum of Anonymity PRIME does not impose full anonymity, but it supports a range of
possible transactions e.g.: Browsing a web page while using an anonymous communication
channel
Accountability A user can be made accountable for misuse of the system or
cheating, even though transactions are „anonymous“
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 7
The Prime Solution – The Parties
Users have certificates, data and policies regarding their data Access control policies restrict the access to the data
Service Provider offers services and resources for users May have certificates and private data, and also access control
policies over their services and resources
Certification Authority is a certifying authority that issues digital certificates
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 8
The Prime Solution – Cryptographic Tools
Secure Communication Communication is performed over an encrypted semi-anyonymous
channel
Anonymous Communication e.g. onion routing networks, mixnets or crowds
Pseudonyms …is the name under which a user is known to one or multiple service
providers Indemix pseudonmys, random strings (generated by the user)
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 9
The Prime Solution – Cryptographic Tools
Credentials and Proofs of Ownership of Credentials Credential is piece of data such as birthday, postal code
are called Certificate/attribute Certificates
private credentials Drawback (linkability) of traditional certificates is solved allow the user to verifiably encrypt an attribute under a third-party
public key
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 10
The Prime Solution- Architecture
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 11
Software Architecture of a party [primeAr]
The Prime Solution- Architecture
Resource Referencing Scheme Uniform Resource Identifier (URI) is used to name resources in system URIs are general enough to name data types, services, process
workflows, or obligations such as “Delete this data after two weeks.”
Data Model and Ontology Resource Description Framework (RDF) is selected for describing
information about resources RDF consists of triples (subject, predicate, object) Web Ontology Language (OWL) for describing all of the meta-
information about subjects, predicates and objects
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 12
RDF Example
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 13
RDF/XML Notation of the same RDF Example [tudres]
The Prime Solution- Architecture
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 14
High-level Component Architecture [primeAr]
The Prime Solution- Architecture
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 15
High-level Component Architecture [primeAr]
The Prime Solution- Architecture
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 16
High-level Component Architecture [primeAr]
The Prime Solution-Architecture
Components Access Control (AC)
limits access a party’s resources and enforces the party’s access control policies
attribute based access control (e.g. request the age)
Identity Control (IC) manages all interactive protocols with other parties Delegates requests to the AC Handles all credential-related protocols Automatically computes optimal ways to fulfill a request Manages user input and notification via the GUI
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 17
The Prime Solution-Architecture
Obligation Manager (OM) maintains all obligations An obligation is an event-condition-action (ECA) rule and is generally
activated any time that data is stored to the database
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 18
Example <condition> in XML-format (based on [EPAL])
A Sample Transaction
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 19
Negotiation– Phase I
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 20
Negotiation– Phase I
1. The user requests information about a product from service provider
2. The request is received by the service provider and directed to the AC component.
The AC component returns an offer which includes a description of the product, a list of requirements in order to buy the product.
The service provider presents obligations to th user that will be automatically enforced.
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 21
Negotiation– Phase I
3. The user‘s IC component receives the offer and parses it. Each of the requriements are presented to the user‘s AC in order to determine the counter-requirements for the release of the requested information
The IC may add obligations to the offer, for example, it may add the obligation that the company notify the user whenever the transaction data is transfarred to a third party.
The IC presents the possible choices about how the requirements are to be fulfilled to the user via the GUI.
4. The service provider either accepts or rejects the offer
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 22
Example: XACML Request Model
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 23
Structure of an XACML request (based on [Oas05])
Example: XACML Response Model
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 24
Structure of an XACML response (based on [Oas05])
Contract Execution– Phase II
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 25
Contract Execution– Phase II
1. Company sends necessary credentials to the user
2. User‘s IC uses the received credentials to access user‘s information via the AC.
The AC responds with requested data.
The IC „packages“ the requested data and sends it back to the company. This can involve interactive protocols in which credentials are shown or simple transmissions of uncertified declarations.
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 26
Contract Execution– Phase II
3. The company‘s IC processes the requested data and determines whether the requested information satisfies the contract.
If so, the IC requests the AC to store specific parts of the user data under an access control policy that enforces the agreed privacy policy and store the related obligations in the OM. The OM activates each obligation.
4. The OM handles any obligations whose conditions have been triggered. For example, when company relays the user‘s address to the shipping company, the OM informs the user that such information has been transferred.
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 27
Example: XACML Policy Element
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 28
Structure of a Policy (based on [Oas05])
Example: XACML Rule Element
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 29
Structure of a Rule (based on [Oas05])
Example: EPAL Authorization Request
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 30
Example authorization request in XML-format (based on [EPAL])
Example: EPAL Authorization Response
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 31
Example authorization result in XML-format (based on [EPAL])
Conclusion
System serves both user’s and service provider’s needs in order to implement the EU Directives 95/46/EC and 2002/58/EC.
The system includes an anonymous credential system an attribute-based access control system a policy compliance checking functionality a negotiation functionality
Server-side and user-side identity management
System allows a user to act anonymously
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 32
Questions???
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 33
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 34
References
[Cam05] Camenisch et al.: Privacy and Identity Management for Everyone, Proceedings of the 2005 Workshop on Digital identity management
[Oas05] Oasis, “An Introduction to WSDM.” Committee Draft 1, Sep. 2005, http://www.oasisopen. org/committees/download.php/14351/cd-wsdmintroduction_v3.doc
[EPAL] The Enterprise Privacy Authorization Language (EPAL 1.1) http://www.zurich.ibm.com/security/enterprise-privacy/epal/
[tudres] http://blues.inf.tu-dresden.de/prime/Tutorial_V2/Content/Ontologies/PRIME/rdf.html
[primeAr] https://www.prime-project.eu/prime_products/reports/arch/pub_del_D14.2.d_ec_WP14.2_v3_Final.pdf
06/15/2011 | Department 20 | Prof. Dr. Katzenbeisser | Privacy Enhancing Technologies | Amir Neziri 35