Privacy-preserving attribute aggregation in eID federations

Abstract Personalized electronic services, e.g. from the e-government domain, need to reliably identify and authenticate users. During user-authentication processes, the electronic identity of the respective user is determined and required additional attributes, e.g. name and date of birth, linked to this identity are collected. This attribute-collection process can become complex, especially if required attributes are distributed over various attribute providers that are organized in a federated identity-management system. In many cases, these identity management systems rely on different ontologies and make use of different languages. Hence, identity federations, such as the one currently established across the European Union, require effective solutions to collect user attributes from different heterogeneous sources and aggregate them to a holistic user facet. At the same time, these solutions need to comply with minimum disclosure rules to preserve users’ privacy. In this article, we propose and introduce a solution for privacy-preserving attribute aggregation. Our solution combines attributes from different domains using ontology alignment and makes use of locality sensitive hashing functions to preserve users’ privacy. Evaluation results obtained from conducted experiments demonstrate our solution’s advantages for both, service providers and users. While service providers can be provided with a larger set of attributes, users remain in full control of their data and can decide on which of their attributes shall be revealed.

[1]  Elisa Bertino,et al.  Efficient and privacy-preserving enforcement of attribute-based access control , 2010, IDTRUST '10.

[2]  Lu Hongbo,et al.  PeerNil: An approach to publish and lookup Nilsimsa digest in chord , 2008, 2008 Third International Conference on Communications and Networking in China.

[3]  Herbert Leitold,et al.  Challenges of eID Interoperability: The STORK Project , 2010, PrimeLife.

[4]  Carlos Ribeiro,et al.  Obtaining Strong Identifiers Through Attribute Aggregation , 2014 .

[5]  R. Doyle The American terrorist. , 2001, Scientific American.

[6]  Konstantin Todorov,et al.  Combining Structural and Instance-Based Ontology Similarities for Mapping Web Directories , 2008, 2008 Third International Conference on Internet and Web Applications and Services.

[7]  Jérôme Euzenat,et al.  Ontology Matching: State of the Art and Future Challenges , 2013, IEEE Transactions on Knowledge and Data Engineering.

[8]  Herbert Leitold,et al.  STORK: Architecture, Implementation and Pilots , 2010, ISSE.

[10]  Jin H. Im,et al.  Privacy , 2002, Encyclopedia of Information Systems.

[11]  Erhard Rahm,et al.  Enriching ontology mappings with semantic relations , 2014, Data Knowl. Eng..

[12]  Laila Benhlima,et al.  How semantic technologies transform e-government domain , 2014 .

[13]  Yann Pollet,et al.  An Ontology-Based Architecture for Federated Identity Management , 2009, 2009 International Conference on Advanced Information Networking and Applications.

[14]  Piotr Indyk,et al.  Approximate nearest neighbors: towards removing the curse of dimensionality , 1998, STOC '98.

[15]  Zhe Wang,et al.  Multi-Probe LSH: Efficient Indexing for High-Dimensional Similarity Search , 2007, VLDB.

[16]  Christian Esposito,et al.  Interoperable, dynamic and privacy-preserving access control for cloud data storage when integrating heterogeneous organizations , 2018, J. Netw. Comput. Appl..

[17]  Christophe Gravier,et al.  Complex federation architectures: stakes, tricks & issues , 2008, CSTST.

[18]  Mark A. Musen,et al.  PROMPT: Algorithm and Tool for Automated Ontology Merging and Alignment , 2000, AAAI/IAAI.

[19]  Sai Peck Lee,et al.  A review on E-business Interoperability Frameworks , 2014, J. Syst. Softw..

[20]  Thomas R. Gruber,et al.  A translation approach to portable ontology specifications , 1993, Knowl. Acquis..

[21]  Agusti Solanas,et al.  E-Government Interoperability: Linking Open and Smart Government , 2014, Computer.

[22]  Rik Van de Walle,et al.  Converging on Semantics to Ensure Local Government Data Reuse , 2014, S4SC@ISWC.

[23]  Elisa Bertino,et al.  An Interoperable Approach to Multifactor Identity Verification , 2009, Computer.

[24]  Jonathan Oliver,et al.  TLSH -- A Locality Sensitive Hash , 2013, 2013 Fourth Cybercrime and Trustworthy Computing Workshop.

[25]  Jianzhong Zhang,et al.  DHTnil: An Approach to Publish and Lookup Nilsimsa Digests in DHT , 2008, 2008 10th IEEE International Conference on High Performance Computing and Communications.

[26]  Sadok Ben Yahia,et al.  XMap results for OAEI 2017 , 2014, OM@ISWC.

[27]  Huajun Chen,et al.  The Semantic Web , 2011, Lecture Notes in Computer Science.

[28]  Danna Zhou,et al.  d. , 1934, Microbial pathogenesis.

[29]  J. Weijer,et al.  Word length, sentence length and frequency: Zipf revisited , 2004 .

[30]  P. Kulkarni Semantic Web Services and Web Services Standards , 2004 .

[31]  Erwin Laure,et al.  BIG DATA SECURITY AND PRIVACY ISSUES IN THE CLOUD , 2016 .

[32]  Mohamed Dâfir Ech-Cherif El Kettani,et al.  Towards an Interoperable Identity Management Framework: a Comparative Study , 2019, ArXiv.

[33]  Jonathan Oliver,et al.  Mining Malware to Detect Variants , 2014, 2014 Fifth Cybercrime and Trustworthy Computing Conference.

[34]  Jérôme Euzenat,et al.  An API for Ontology Alignment , 2004, SEMWEB.

[35]  Herbert Leitold,et al.  STORK e-privacy and security , 2011, 2011 5th International Conference on Network and System Security.

[36]  Thomas Zefferer,et al.  An Ontology-Based Interoperability Solution for Electronic-Identity Systems , 2016, 2016 IEEE International Conference on Services Computing (SCC).

[37]  Petros Boufounos,et al.  Secure binary embeddings for privacy preserving nearest neighbors , 2011, 2011 IEEE International Workshop on Information Forensics and Security.

[38]  Thomas Zefferer,et al.  Towards Privacy-preserving Attribute Aggregation in Federated eID Systems , 2016, CAiSE Forum.

[39]  Nicole Immorlica,et al.  Locality-sensitive hashing scheme based on p-stable distributions , 2004, SCG '04.

[40]  Nupur Prakash,et al.  Ontology Merging Using Prompt Plug-In of Protégé in Semantic Web , 2010, 2010 International Conference on Computational Intelligence and Communication Networks.

[41]  Emiliano De Cristofaro,et al.  EsPRESSo: Efficient Privacy-Preserving Evaluation of Sample Set Similarity , 2012, DPM/SETOP.

[42]  Jérôme David,et al.  The Alignment API 4.0 , 2011, Semantic Web.

[43]  Djamil Aïssani,et al.  Semantic web services: Standards, applications, challenges and solutions , 2014, J. Netw. Comput. Appl..

[44]  Siani Pearson,et al.  Privacy, Security and Trust in Cloud Computing , 2013 .

[45]  Politika tudományok National Strategy for Trusted Identities in Cyberspace , 2011 .