Privacy enhancing identity management: protection against re-identification and profiling

User centric identity management will be necessary to protect user's privacy in an electronic society. However, designing such systems is a complex task, as the expectations of the different parties involved in electronic transactions have to be met. In this work we give an overview on the actual situation in user centric identity management and point out problems encountered there. Especially we present the current state of research and mechanisms useful to protect the user's privacy. Additionally we show security problems that have to be borne in mind while designing such a system and point out possible solutions. Thereby, we concentrate on attacks on linkability and identifiability, and possible protection methods.

[1]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[2]  J. Camenisch,et al.  Title: First Annual Research Report the Prime Project Receives Research Funding from the Community's Sixth Framework Programme and the Swiss Federal Office for Education and Science. Privacy and Identity Management for Europe Prime Privacy and Identity Management for Europe , 2005 .

[3]  Jean-François Raymond,et al.  Traffic Analysis: Protocols, Attacks, Design Issues, and Open Problems , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[4]  Dorothy E. Denning,et al.  A Security Model for the Statistical Database Problem , 1983, SSDBM.

[5]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[6]  Markus G. Kuhn,et al.  Real World Patterns of Failure in Anonymity Systems , 2001, Information Hiding.

[7]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[8]  Markus Zwick,et al.  The research data centres of the Federal Statistical Office and the statistical offices of the Länder , 2004, Journal of Contextual Economics – Schmollers Jahrbuch.

[9]  Sebastian Clauß,et al.  Identity management and its support of multilateral security , 2001, Comput. Networks.

[10]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[11]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[12]  David Chaum,et al.  Showing Credentials Without Identification: SIgnatures Transferred Between Unconditionally Unlinkable Pseudonyms , 1985, EUROCRYPT.

[13]  Birgit Pfitzmann,et al.  Rechtssicherheit trotz Anonymität in offenen digitalen Systemen , 1990 .

[14]  George Danezis,et al.  Statistical Disclosure or Intersection Attacks on Anonymity Systems , 2004, Information Hiding.

[15]  Dakshi Agrawal,et al.  Limits of Anonymity in Open Environments , 2002, Information Hiding.

[16]  Marit Hansen,et al.  Privacy-enhancing identity management , 2004, Inf. Secur. Tech. Rep..

[17]  William E. Winkler,et al.  Masking and Re-identification Methods for Public-Use Microdata: Overview and Research Problems , 2004, Privacy in Statistical Databases.

[18]  Hannes Federrath,et al.  Web MIXes: A System for Anonymous and Unobservable Internet Access , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[19]  Dogan Kesdogan,et al.  The Hitting Set Attack on Anonymity Protocols , 2004, Information Hiding.