Data minimisation in communication protocols: a formal analysis framework and application to identity management

With the growing amount of personal information exchanged over the Internet, privacy is becoming more and more a concern for users. One of the key principles in protecting privacy is data minimisation. This principle requires that only the minimum amount of information necessary to accomplish a certain goal is collected and processed. “Privacy-enhancing” communication protocols have been proposed to guarantee data minimisation in a wide range of applications. However, currently, there is no satisfactory way to assess and compare the privacy they offer in a precise way: existing analyses are either too informal and high level or specific for one particular system. In this work, we propose a general formal framework to analyse and compare communication protocols with respect to privacy by data minimisation. Privacy requirements are formalised independent of a particular protocol in terms of the knowledge of (coalitions of) actors in a three-layer model of personal information. These requirements are then verified automatically for particular protocols by computing this knowledge from a description of their communication. We validate our framework in an identity management (IdM) case study. As IdM systems are used more and more to satisfy the increasing need for reliable online identification and authentication, privacy is becoming an increasingly critical issue. We use our framework to analyse and compare four identity management systems. Finally, we discuss the completeness and (re)usability of the proposed framework.

[1]  K. Cameron,et al.  The Laws of Identity , 2005 .

[2]  Pascal Lafourcade,et al.  A formal taxonomy of privacy in voting protocols , 2012, 2012 IEEE International Conference on Communications (ICC).

[3]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[4]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[5]  Tyler Moore,et al.  Economic Tussles in Federated Identity Management , 2012, WEIS.

[6]  Ross J. Anderson Can We Fix the Security Economics of Federated Authentication? , 2011, Security Protocols Workshop.

[7]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[8]  Rajeev Motwani,et al.  Robust identification of fuzzy duplicates , 2005, 21st International Conference on Data Engineering (ICDE'05).

[9]  Fabio Massacci,et al.  How to integrate legal requirements into a requirements engineering methodology for the development of security and privacy patterns , 2009, Artificial Intelligence and Law.

[10]  Alessandro Armando,et al.  Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps , 2008, FMSE '08.

[11]  Michael Backes,et al.  Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[12]  Robin Milner,et al.  Communicating and mobile systems - the Pi-calculus , 1999 .

[13]  Salvatore J. Stolfo,et al.  Addressing the Insider Threat , 2009, IEEE Security & Privacy Magazine.

[14]  A. Jøsang,et al.  User Centric Identity Management , 2005 .

[15]  Alfred Menezes,et al.  An Efficient Protocol for Authenticated Key Agreement , 2003, Des. Codes Cryptogr..

[16]  L. Jean Camp Identity Management's Misaligned Incentives , 2010, IEEE Security & Privacy.

[17]  Elisa Bertino,et al.  Privacy Requirements in Identity Management Solutions , 2007, HCI.

[18]  Martín Abadi,et al.  Automated verification of selected equivalences for security protocols , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).

[19]  Michaël Rusinowitch,et al.  Relating two standard notions of secrecy , 2006, Log. Methods Comput. Sci..

[20]  Identity Management Systems (IMS): Identification and Comparison Study Independent Centre for Privacy Protection (ICPP) / Unabhängiges Landeszentrum für Datenschutz (ULD) , 2004 .

[21]  Lawrence C. Paulson,et al.  Kerberos Version 4: Inductive Analysis of the Secrecy Goals , 1998, ESORICS.

[22]  Pedro M. Domingos Multi-Relational Record Linkage , 2003 .

[23]  Graham Steel,et al.  Formal Analysis of Privacy for Anonymous Location Based Services , 2011, TOSCA.

[24]  Ronald Cramer,et al.  Modular Design of Secure yet Practical Cryptographic Protocols , 1997 .

[25]  Jaap-Henk Hoepman,et al.  Comparing Identity Management Frameworks in a Business Context , 2008, FIDIS.

[26]  David Cooper,et al.  Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile , 2008, RFC.

[27]  Nicola Zannone,et al.  Formal Modelling of (De)Pseudonymisation: A Case Study in Health Care Privacy , 2012, STM.

[28]  A. Pfitzmann,et al.  A terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management , 2010 .

[29]  Joon S. Park,et al.  Smart Certi cates: Extending X.509 for Secure Attribute Services on the Web , 1999 .

[30]  Suriadi Suriadi Strengthening and formally verifying privacy in identity management systems , 2010 .

[31]  David W. Chadwick,et al.  Attribute Aggregation in Federated Identity Management , 2009, Computer.

[32]  Jan Camenisch,et al.  Signature Schemes and Anonymous Credentials from Bilinear Maps , 2004, CRYPTO.

[33]  Jan Camenisch,et al.  A Cryptographic Framework for the Controlled Release of Certified Data , 2004, Security Protocols Workshop.

[34]  Jaap-Henk Hoepman,et al.  The Identity Crisis. Security, Privacy and Usability Issues in Identity Management , 2011, ArXiv.

[35]  Jerry den Hartog,et al.  Formal Verification of Privacy for RFID Systems , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[36]  J. Bergstra,et al.  Measuring and predicting anonymity , 2012 .

[37]  Ninghui Li,et al.  t-Closeness: Privacy Beyond k-Anonymity and l-Diversity , 2007, 2007 IEEE 23rd International Conference on Data Engineering.

[38]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[39]  Johannes B Reitsma,et al.  Probabilistic record linkage is a valid and transparent tool to combine databases without a patient identification number. , 2007, Journal of clinical epidemiology.

[40]  Eyal Kushilevitz,et al.  Private information retrieval , 1998, JACM.

[41]  Susan Landau,et al.  Achieving Privacy in a Federated Identity Management System , 2009, Financial Cryptography.

[42]  Atsushi Fujioka,et al.  A Practical Secret Voting Scheme for Large Scale Elections , 1992, AUSCRYPT.

[43]  Catherine A. Meadows,et al.  Formal methods for cryptographic protocol analysis: emerging issues and trends , 2003, IEEE J. Sel. Areas Commun..

[44]  Erhard Rahm,et al.  Frameworks for entity matching: A comparison , 2010, Data Knowl. Eng..

[45]  ASHWIN MACHANAVAJJHALA,et al.  L-diversity: privacy beyond k-anonymity , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[46]  Nicola Zannone,et al.  Modeling Identity-Related Properties and Their Privacy Strength , 2010, Formal Aspects in Security and Trust.

[47]  Nicola Zannone,et al.  Formal Privacy Analysis of Communication Protocols for Identity Management , 2011, ICISS.

[48]  Martín Abadi,et al.  Computing symbolic models for verifying cryptographic protocols , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[49]  Sugato Basu,et al.  Adaptive product normalization: using online learning for record linkage in comparison shopping , 2005, Fifth IEEE International Conference on Data Mining (ICDM'05).

[50]  Dan Boneh,et al.  TWENTY YEARS OF ATTACKS ON THE RSA CRYPTOSYSTEM , 1999 .

[51]  Michele Boreale,et al.  Symbolic Trace Analysis of Cryptographic Protocols , 2001, ICALP.

[52]  T. Cullen,et al.  Global existence of solutions for the relativistic Boltzmann equation on the flat Robertson-Walker space-time for arbitrarily large intial data , 2005, gr-qc/0507035.

[53]  C. P. Schnorr,et al.  Efficient Identification and Signatures for Smart Cards (Abstract) , 1989, EUROCRYPT.

[54]  Martín Abadi,et al.  Guessing attacks and the computational soundness of static equivalence , 2006, J. Comput. Secur..

[55]  Lorrie Faith Cranor,et al.  Engineering Privacy , 2009, IEEE Transactions on Software Engineering.

[56]  Davide Sangiorgi,et al.  Communicating and Mobile Systems: the π-calculus, , 2000 .

[57]  Sandro Etalle,et al.  Analysing Password Protocol Security Against Off-line Dictionary Attacks , 2003, WISP@ICATPN.

[58]  Mark Ryan,et al.  Analysing Unlinkability and Anonymity Using the Applied Pi Calculus , 2010, 2010 23rd IEEE Computer Security Foundations Symposium.

[59]  Hassan M. Elkamchouchi,et al.  An efficient protocol for authenticated key agreement , 2011, 2011 28th National Radio Science Conference (NRSC).

[60]  Virgílio A. F. Almeida,et al.  Beware of What You Share: Inferring Home Location in Social Networks , 2012, 2012 IEEE 12th International Conference on Data Mining Workshops.

[61]  Abhilasha Bhargav-Spantzel,et al.  User centricity: a taxonomy and open issues , 2006, DIM '06.

[62]  Sushil Jajodia,et al.  Secure Data Management in Decentralized Systems , 2014, Secure Data Management in Decentralized Systems.

[63]  Tatsuaki Okamoto,et al.  Statistical Zero Knowledge Protocols to Prove Modular Polynomial Relations , 1997, CRYPTO.

[64]  Yu Zhang,et al.  Verifying Anonymous Credential Systems in Applied Pi Calculus , 2009, CANS.

[65]  George Fyffe,et al.  Insider Threats: Addressing the insider threat , 2008 .

[66]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[67]  Bart De Decker,et al.  User-Centric Identity Management Using Trusted Modules , 2010, EuroPKI.

[68]  Alessandro Acquisti,et al.  Misplaced Confidences , 2013, WEIS.

[70]  Somesh Jha,et al.  Using state space exploration and a natural deduction style message derivation engine to verify security protocols , 1998, PROCOMET.

[71]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[72]  George Danezis,et al.  Privacy-preserving smart metering , 2011, ISSE.

[73]  Claudio Soriente,et al.  An Accumulator Based on Bilinear Maps and Efficient Revocation for Anonymous Credentials , 2009, IACR Cryptol. ePrint Arch..

[74]  Sebastian Mödersheim,et al.  A Formal Model of Identity Mixer , 2010, FMICS.

[75]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[76]  Arenberg Doctoral,et al.  Design and analysis methods for privacy technologies , 2011 .

[77]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[78]  Bruno Blanchet,et al.  Automatic proof of strong secrecy for security protocols , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[79]  Marianne Winslett,et al.  Protecting Privacy during On-Line Trust Negotiation , 2002, Privacy Enhancing Technologies.

[80]  Ben Smyth,et al.  ProVerif 1.87beta6: Automatic Cryptographic Protocol Verifier, User Manual and Tutorial , 2012 .

[81]  Lise Getoor,et al.  Collective entity resolution in relational data , 2007, TKDD.

[82]  Stephen E. Fienberg,et al.  A Generalized Fellegi–Sunter Framework for Multiple Record Linkage With Application to Homicide Record Systems , 2012, 1205.3217.

[83]  Yannick Chevalier,et al.  Compiling and securing cryptographic protocols , 2010, Inf. Process. Lett..

[84]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[85]  Fredrick Mtenzi,et al.  Anonymisation vs. Pseudonymisation: Which one is most useful for both privacy protection and usefulness of e-healthcare data , 2009, 2009 International Conference for Internet Technology and Secured Transactions, (ICITST).

[86]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[87]  Jan Camenisch,et al.  A General Certification Framework with Applications to Privacy-Enhancing Certificate Infrastructures , 2006, SEC.

[88]  Mark Ryan,et al.  Formal Analysis of Anonymity in ECC-Based Direct Anonymous Attestation Schemes , 2011, Formal Aspects in Security and Trust.

[89]  Marit Hansen,et al.  Privacy-enhancing identity management , 2004, Inf. Secur. Tech. Rep..

[90]  Nicola Zannone,et al.  Symbolic Privacy Analysis through Linkability and Detectability , 2013, IFIPTM.

[91]  P. Ivax,et al.  A THEORY FOR RECORD LINKAGE , 2004 .

[92]  Lluís Padró,et al.  A Graph Partitioning Approach to Entity Disambiguation Using Uncertain Information , 2008, GoTAL.

[93]  Sebastiaan H. von Solms,et al.  Refereed paper: Electronic commerce with secure intelligent trade agents , 1998 .