IDENTITY AND PRIVACY MANAGEMENT
Identity management is an almost indispensable component of today’s organizations and companies, as it plays a key role in authentication and access control. However, it is widely recognized as a costly and time-consuming task. The advent of cloud computing technologies, together with the promise of flexible, cheap and efficient provision of services, has provided the opportunity to externalize such a common process, shaping what has been called Identity Management as a Service (IDaaS). Nevertheless, as in the case of other cloud-based services, IDaaS brings with it great concerns regarding security and privacy, such as the loss of control over the outsourced data. One of our research lines tackles this problem by using cryptographic means instead of just relying in access control policies and models. In [1], we apply proxy re-encryption techniques for creating a special OpenID provider that is not capable of reading the user’s information but still provides an identity service. This research has been further refined in [2]. In this work, we propose a general model for privacy-preserving Identity Management as a Service, and describe a particular instantiation of this model using SAML 2.0.
Identity management does not only involve users in the system. Within the PASSIVE project, we have worked towards an authentication and authorization scheme for applications, users and resources that is suitable for its use in large and highly dynamic deployments such as the Cloud [3]. Other work in this area identifies the challenges that arise in the intersection of interconnected clouds and identity management [4].
Privilege management infraestructures (PMI) arise as an evolution of PKI where not only identity is considered but the privileges or access rights asociates to the diferent roles or individuals in the organizations. This reserach topics is one of the oldest within NICS and was consolidated in the project PRIVILEGE. In this project we worked mainly with X.509 Attribute Certificates. We developed a practical implementation of a Privilege Management Infrastructure (PMI) and a mechanism to perform controlled delegation, making use of the extension fields of the attribute certificates [5] [6]. Our proposal is based on graphs, including in each certificate a real number ( in the interval [0,1]) that measures the level of confidence of the issuer on the issued certificate. This enables us to compute trust on the granted privileges over the delegation graph. Another relevant area within PMI is supporting dynamic access control policies based on context information [7] and include in the decision making process not only roles and identities but also user attributes [8].
PMI can also be used for identity verification. Within the OSAMI project we have implemented solution for the distribution of secure code using OpenID and signatures with public key certificates of short duration (created from the OpenID information) [9]. In this way, developers can distribute signed code without the need for a long term digital certificate. This solution can be applied to those scenarios in which there is a dynamism in the programming team of these components such as in the open source community.
Privacy and Anonymity
Individual privacy has been recognised as a fundamental human right and it is protected by numerous laws, directives and regulations, such as the European General Data Protection Regulation. Privacy can be regarded as the desire of individuals to retain control over personal data, that is, to keep their ability to decide how much information about themselves and in which circumstances their personal data are shared with others. Simply put, privacy is about preventing third parties from learning personally-sensitive information or keeping these data unlinkable from individuals. Therefore, privacy and identity are two closely intertwined concepts.
One of the first use cases combined privacy and identity management in which NICS has worked is the implementation of a solution for Anonymous Age Verification using the national electronic identity document (DNIe). We developed a prototype using Information Cards for anonymous age verification application that allows a user to demonstrate his age without providing additional data [10]. In the process of generating the i-card (Information Card), the DNIe is used. They can later be used when purchasing products online, where they can prove they were old enough to perform the operation without providing additional data strictly necessary to the service provider. In this process, the user must use the DNIe only once (for registration) from his computer. In [11] we proposed a solution to enhance the X.509 attribute certificate in such a way that it becomes a conditionally anonymous attribute certificate. After that, we designed a protocol to obtain such certificates in a way that respects users’ anonymity by using a fair blind signature scheme. We also show how to use such certificates and describe a few cases where problems could arise, identifying some open problems.
Obfuscation is also relevant in the protection of the metadata associated with the data itself. Most of the work of NICS Lab in this area is related to network traffic obfuscation in order to prevent leaking relevant information about the network itself or the entities participating in the communication. Although this topic had been extensively studied in computer networks, the development of future internet networks, with resource-constrained devices, demanded new approaches [12]. This especially relevant in the context of wireless sensor networks [13], where traffic analysis can lead to the identification of relevant assets, such as the entities or elements being monitored by the network [14] or the base station [15][16]. Later, we also analysed these problems in the context of the Internet of Things [17] and provided a solution for controlling the access of personal data from IoT devices [18] by taking advantage of edge computing technologies. Furthermore, proxy re-encryption has inspired the definition of a novel mechanism for query privacy in sensing as a service platforms [19]. The idea is that a user can query for data to a service provider without revealing the query contents or the location where the data is stored.
Privacy can also be protected by enforcing the controlled release of data. A privacy-by-design solution has been devised in [20] by extending a requirements engineering framework. This solution allows software developers to integrate trust and privacy decisions into the software development process and reason about suitable privacy settings for limiting data exposure. Also, in the context of controlled data release NICS Lab has proposed a methodology that integrates privacy into a digital forensics framework [21][22] thus promoting user cooperation with digital investigations.
Whenever the service provider needs the identity of the user as well as some personal data to provide the service, the typical approach to privacy protection is data obfuscation. This is the case of Location-based services, where the user attaches location information to the queries issued to the service provider in order to get a personalised service. In this respect, NICS Lab has contributed with the definition of novel properties for location privacy and the definition of a location obfuscation function that satisfies these properties [23]. In this context, we have also studied how user mobility impacts the success of the attacker [24][25] as a means to determine for how long it is safe for the user to keep using the system as well as a devise new ways of limiting attacks to location privacy. In line with this idea, we also proposed a mechanisms for crowd counting that respect user location privacy [26]. Our proposal is based on the DP3T contact tracing approach, already adopted by several countries during the COVID-19 pandemic.
Even though data confidentiality is a mechanism for protecting privacy, data confidentiality alone does not necessarily ensure privacy preservation. Anonymity is another way of protecting privacy by keeping the identity of the individual undisclosed and/or making them indistinguishable from a set of other participants. This is particularly relevant in scenarios where user’s devices interact with one another, potentially leaking their identity and ultimately the identity of the users behind them. Under the umbrella of the OSAMI project we implemented a secure, non-intrusive continuous authentication scheme supported by the use of Wearable Wireless Devices (WWD)[27], which allow users to gain access to proximity-based services while preserving their privacy using an RF channel. We propose the use of pseudonyms to hide user’s identity while allowing trusted parties to re-identify and authenticate them. This solution can serve as a supporting technology for continuous authentication or even as a complete alternative to biometrics when accessing proximity-based services.
References
- David Nuñez and Isaac Agudo and Javier Lopez (2012): Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services. In: IEEE CloudCom 2012, pp. 241 – 248, IEEE Computer Society IEEE Computer Society, Taipei, Taiwan, 2012, ISSN: 978-1-4673-4509-5.
- David Nuñez and Isaac Agudo (2014): BlindIdM: A Privacy-Preserving Approach for Identity Management as a Service. In: International Journal of Information Security, vol. 13, pp. 199-215, 2014, ISSN: 1615-5262.
- Neumann Libor and Tomas Halman and Rotek Pavel and Alexander Boettcher and Julian Stecklina and Michal Sojka and David Nuñez and Isaac Agudo (2012): Strong Authentication of Humans and Machines in Policy Controlled Cloud Computing Environment Using Automatic Cyber Identity. In: Pohlmann, Norbert; Reimer, Helmut; Schneider, Wolfgang (Ed.): Information Security Solutions Europe 2012, pp. 195-206, Springer Vieweg Springer Vieweg, Brussels, Belgium, 2012, ISBN: 978-3-658-00332-6.
- David Nuñez and Isaac Agudo and Prokopios Drogkaris and Stefanos Gritzalis (2011): Identity Management Challenges for Intercloud Applications. In: 1st International Workshop on Security and Trust for Applications in Virtualised Environments (STAVE 2011), pp. 198-204, Crete (Greece), 2011.
- Isaac Agudo and Javier Lopez and Jose A. Montenegro (2005): A Representation Model of Trust Relationships with Delegation Extensions. In: 3th International Conference on Trust Management (iTRUST’05), pp. 9-22, Springer Springer, Versailles, France, 2005, ISSN: 0302-9743 (Print) 1611-3349 (Online).
- Isaac Agudo and Javier Lopez and Jose A. Montenegro (2005): A Graphical Delegation Solution for X.509 Attribute Certificates. In: ERCIM News, no. 63, pp. 33-34, 2005, ISSN: 0926-4981.
- Isaac Agudo and Javier Lopez and Jose A. Montenegro (2006): Attributes Delegation Based on Ontologies and Context Information. In: 10th IFIP TC-6 TC-11 International Conference on Communications and Multimedia on Security (CMS’06), pp. 54-66, Springer Springer, Heraklion, Crete, 2006, ISSN: 0302-9743 (Print) 1611-3349 (Online).
- Isaac Agudo and Javier Lopez and Jose A. Montenegro (2007): Attribute delegation in ubiquitous environments. In: 3rd international conference on Mobile multimedia communications (MobiMedia ’07), pp. 43:1–43:6, ICST ICST, Nafpaktos, Greece, 2007, ISBN: 978-963-06-2670-5.
- Isaac Agudo and Jose A. Onieva and Daniel Merida (2010): Distribución segura de componentes software basada en OpenID. In: XI Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2010), Tarragona, Spain, 2010, ISBN: 978-84-693-3304-4.
- Jose A. Onieva and Isaac Agudo and Javier Lopez and Gerard Draper-Gil and M. Francisca Hinarejos (2012): Como proteger la privacidad de los usuarios en Internet. Verificación anónima de la mayoría de edad. In: XII Reunión Española sobre Criptología y Seguridad de la Información – RECSI 2012, pp. 297-302, Mondragon Mondragon, San Sebastian (Spain), 2012, ISBN: 978-84-615-9933-2.
- Vicente Benjumea and Javier Lopez and Jose A. Montenegro and Jose M. Troya (2004): A First Approach to Provide Anonymity in Attribute Certificates. In: 2004 International Workshop on Practice and Theory in Public Key Cryptography (PKC’04), pp. 402-415, Springer Springer, 2004.
- Ruben Rios and Javier Lopez (2013): (Un)Suitability of Anonymous Communication Systems to WSN. In: IEEE Systems Journal, vol. 7, no. 2, pp. 298 – 310, 2013, ISSN: 1932-8184.
- Ruben Rios and Javier Lopez and Jorge Cuellar (2016): Location Privacy in Wireless Sensor Networks. Taylor & Francis, 2016, ISBN: 9781498776332.
- Ruben Rios and Javier Lopez (2011): Exploiting Context-Awareness to Enhance Source-Location Privacy in Wireless Sensor Networks. In: The Computer Journal, vol. 54, pp. 1603-1615, 2011, ISSN: 0010-4620.
- Ruben Rios and Jorge Cuellar and Javier Lopez (2012): Robust Probabilistic Fake Packet Injection for Receiver-Location Privacy in WSN. In: Foresti, Sara; Yung, Moti; Martinelli, Fabio (Ed.): 17th European Symposium on Research in Computer Security (ESORICS 2012), pp. 163-180, Springer Springer, Pisa, Italy, 2012, ISSN: 0302-9743.
- Ruben Rios and Jorge Cuellar and Javier Lopez (2015): Probabilistic receiver-location privacy protection in wireless sensor networks. In: Information Sciences, vol. 321, pp. 205 – 223, 2015, ISSN: 0020-0255.
- Javier Lopez and Ruben Rios and Feng Bao and Guilin Wang (2017): Evolving privacy: From sensors to the Internet of Things. In: Future Generation Computer Systems, vol. 75, pp. 46–57, 2017, ISSN: 0167-739X.
- Ruben Rios and Jose A. Onieva and Rodrigo Roman and Javier Lopez (2022): Personal IoT Privacy Control at the Edge. In: IEEE Security & Privacy, vol. 20, pp. 23 – 32, 2022, ISSN: 1540-7993.
- Ruben Rios and David Nuñez and Javier Lopez (2017): Query Privacy in Sensing-as-a-Service Platforms. In: Vimercati, Sabrina De Capitani; Martinelli, Fabio (Ed.): 32nd International Conference on ICT Systems Security and Privacy Protection (IFIP SEC 2017), pp. 141–154, Springer Springer, Roma, Italy, 2017.
- Ruben Rios and Carmen Fernandez-Gago and Javier Lopez (2018): Modelling Privacy-Aware Trust Negotiations. In: Computers & Security, vol. 77, pp. 773-789, 2018, ISSN: 0167-4048.
- Ana Nieto and Ruben Rios and Javier Lopez (2017): A Methodology for Privacy-Aware IoT-Forensics. In: 16th IEEE International Conference On Trust, Security And Privacy In Computing And Communications (TrustCom 2017), pp. 626-633, IEEE IEEE, Sydney (Australia), 2017, ISSN: 2324-9013.
- Ana Nieto and Ruben Rios and Javier Lopez (2018): IoT-Forensics meets Privacy: Towards Cooperative Digital Investigations. In: Sensors, vol. 18, no. 492, 2018, ISSN: 1424-8220.
- Jorge Cuellar and Martin Ochoa and Ruben Rios (2012): Indistinguishable Regions in Geographic Privacy. In: Ossowski, Sascha; Lecca, Paola (Ed.): Proceedings of the 27th Annual ACM Symposium on Applied Computing (SAC 2012), pp. 1463-1469, ACM ACM, Riva del Garda (Trento), Italy, 2012, ISBN: 978-1-4503-0857-1.
- Xueou Wang and Xiaolu Hou and Ruben Rios and Per Hallgren and Nils Ole Tippenhauer and Martin Ochoa (2018): Location Proximity Attacks against Mobile Targets: Analytical Bounds and Attacker Strategies. In: 23rd European Symposium on Research in Computer Security (ESORICS 2018), pp. 373-392, Springer Springer, Barcelona, 2018, ISBN: 978-3-319-98988-4.
- Xueou Wang and Xiaolu Hou and Ruben Rios and Nils Ole Tippenhauer and Martin Ochoa (2022): Constrained Proximity Attacks on Mobile Targets. In: ACM Transactions on Privacy and Security (TOPS), vol. 25, no. 10, pp. 1 – 29, 2022, ISSN: 2471-2566.
- (): . .
- Isaac Agudo and Ruben Rios and Javier Lopez (2013): A Privacy-Aware Continuous Authentication Scheme for Proximity-Based Access Control. In: Computers & Security, vol. 39 (B), pp. 117-126, 2013, ISSN: 0167-4048.