A formal privacy analysis of identity management systems

With the growing amount of personal information exchanged over the Internet, privacy is becoming more and more a concern for users. In particular, personal information is increasingly being exchanged in Identity Management (IdM) systems to satisfy the increasing need for reliable on-line identification and authentication. One of the key principles in protecting privacy is data minimization. This principle states that only the minimum amount of information necessary to accomplish a certain goal should be collected. Several "privacy-enhancing" IdM systems have been proposed to guarantee data minimization. However, currently there is no satisfactory way to assess and compare the privacy they offer in a precise way: existing analyses are either too informal and high-level, or specific for one particular system. In this work, we propose a general formal method to analyse privacy in systems in which personal information is communicated and apply it to analyse existing IdM systems. We first elicit privacy requirements for IdM systems through a study of existing systems and taxonomies, and show how these requirements can be verified by expressing knowledge of personal information in a three-layer model. Then, we apply the formal method to study four IdM systems, representative of different research streams, analyse the results in a broad context, and suggest improvements. Finally, we discuss the completeness and (re)usability of the proposed method.

[1]  Martín Abadi,et al.  Automated verification of selected equivalences for security protocols , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).

[2]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[3]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[4]  Alessandro Armando,et al.  Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps , 2008, FMSE '08.

[5]  Lorrie Faith Cranor,et al.  Engineering Privacy , 2009, IEEE Transactions on Software Engineering.

[6]  Michael Backes,et al.  Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[7]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[8]  Jan Camenisch,et al.  A Cryptographic Framework for the Controlled Release of Certified Data , 2004, Security Protocols Workshop.

[9]  Jerry den Hartog,et al.  Formal Verification of Privacy for RFID Systems , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[10]  A. Jøsang,et al.  User Centric Identity Management , 2005 .

[11]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[12]  George Danezis,et al.  Privacy-preserving smart metering , 2011, WPES '11.

[13]  Charles Duhigg,et al.  How Companies Learn Your Secrets , 2012 .

[14]  Ravi Sandhu,et al.  Secure attribute services on the web , 1999 .

[15]  H. P Gassmann,et al.  OECD guidelines governing the protection of privacy and transborder flows of personal data , 1981 .

[16]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[17]  Jan Camenisch,et al.  A General Certification Framework with Applications to Privacy-Enhancing Certificate Infrastructures , 2006, SEC.

[18]  G. Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol using CSP and FDR , 1996 .

[19]  Mark Ryan,et al.  Formal Analysis of Anonymity in ECC-Based Direct Anonymous Attestation Schemes , 2011, Formal Aspects in Security and Trust.

[20]  Marit Hansen,et al.  Privacy-enhancing identity management , 2004, Inf. Secur. Tech. Rep..

[21]  Susan Landau,et al.  Achieving Privacy in a Federated Identity Management System , 2009, Financial Cryptography.

[22]  Catherine A. Meadows,et al.  Formal methods for cryptographic protocol analysis: emerging issues and trends , 2003, IEEE J. Sel. Areas Commun..

[23]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[24]  K. Cameron,et al.  The Laws of Identity , 2005 .

[25]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[26]  Michele Boreale,et al.  Symbolic Trace Analysis of Cryptographic Protocols , 2001, ICALP.

[27]  Marianne Winslett,et al.  Protecting Privacy during On-Line Trust Negotiation , 2002, Privacy Enhancing Technologies.

[28]  Lawrence C. Paulson,et al.  Kerberos Version 4: Inductive Analysis of the Secrecy Goals , 1998, ESORICS.

[29]  Ronald Cramer,et al.  Modular Design of Secure yet Practical Cryptographic Protocols , 1997 .

[30]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[31]  George Fyffe,et al.  Insider Threats: Addressing the insider threat , 2008 .

[32]  Nicola Zannone,et al.  Modeling Identity-Related Properties and Their Privacy Strength , 2010, Formal Aspects in Security and Trust.

[33]  Tyler Moore,et al.  Economic Tussles in Federated Identity Management , 2012, WEIS.

[34]  Bart De Decker,et al.  User-Centric Identity Management Using Trusted Modules , 2010, EuroPKI.

[35]  Ross J. Anderson Can We Fix the Security Economics of Federated Authentication? , 2011, Security Protocols Workshop.

[36]  Alessandro Acquisti,et al.  Misplaced Confidences , 2013, WEIS.

[37]  Robin Milner,et al.  Communicating and mobile systems - the Pi-calculus , 1999 .

[38]  Suriadi Suriadi Strengthening and formally verifying privacy in identity management systems , 2010 .

[39]  Abhilasha Bhargav-Spantzel,et al.  User centricity: a taxonomy and open issues , 2006, DIM '06.

[40]  Pascal Lafourcade,et al.  A formal taxonomy of privacy in voting protocols , 2012, 2012 IEEE International Conference on Communications (ICC).

[41]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[42]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[43]  Davide Sangiorgi,et al.  Communicating and Mobile Systems: the π-calculus, , 2000 .

[44]  Graham Steel,et al.  Formal Analysis of Privacy for Anonymous Location Based Services , 2011, TOSCA.

[45]  Jaap-Henk Hoepman,et al.  Comparing Identity Management Frameworks in a Business Context , 2008, FIDIS.

[46]  Nicola Zannone,et al.  Formal Privacy Analysis of Communication Protocols for Identity Management , 2011, ICISS.

[47]  Dan Boneh,et al.  TWENTY YEARS OF ATTACKS ON THE RSA CRYPTOSYSTEM , 1999 .

[48]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[49]  L. Jean Camp Identity Management's Misaligned Incentives , 2010, IEEE Security & Privacy.

[50]  David W. Chadwick,et al.  Attribute Aggregation in Federated Identity Management , 2009, Computer.

[51]  Ivan P. Fellegi,et al.  A Theory for Record Linkage , 1969 .

[52]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[53]  Jaap-Henk Hoepman,et al.  The Identity Crisis. Security, Privacy and Usability Issues in Identity Management , 2011, ArXiv.

[54]  Alfred Menezes,et al.  An Efficient Protocol for Authenticated Key Agreement , 2003, Des. Codes Cryptogr..

[55]  Elisa Bertino,et al.  Privacy Requirements in Identity Management Solutions , 2007, HCI.

[57]  Somesh Jha,et al.  Using state space exploration and a natural deduction style message derivation engine to verify security protocols , 1998, PROCOMET.

[58]  Martín Abadi,et al.  Computing symbolic models for verifying cryptographic protocols , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[59]  Tatsuaki Okamoto,et al.  Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations , 1997, CRYPTO.

[60]  Yu Zhang,et al.  Verifying Anonymous Credential Systems in Applied Pi Calculus , 2009, CANS.

[61]  Claudio Soriente,et al.  An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials , 2009, IACR Cryptol. ePrint Arch..

[62]  Sebastian Mödersheim,et al.  A Formal Model of Identity Mixer , 2010, FMICS.