Enhancing privacy of users in eID schemes

Kris Shrishak; Zekeriya Erkin; Remco Schaar

Enhancing privacy of users in eID schemes

Kris Shrishak, Zekeriya Erkin, Remco Schaar

Cyber Security

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

61 Downloads (Pure)

Abstract

In todays world transactions are increasingly being performed over the internetbut require identication of users as in face-to-face transactions. In order to facilitate eGovernance as well as other eCommerce services Electronic Identiation(eID) schemes, which intend to provide unique and reliable identication andauthentication of the users, have been introduced. eID schemes commonly involve a Service Provider which provides a service, such as online shopping, to the user and an Identity Provider which veries the users identity and facilitates the user to identify itself to the Service Provider. Every transaction made over the Internet reveals bits of information about the user which can be accumulated and abused, thus necessitating security and privacy in order to prevent misuse of data and invasion of personal privacy. In this work, ve eID schemes which are in use or re proposed in EU countries is surveyed and the strengths and weaknesses of these schemes is investigated. All the schemes have given importance to security while only a few of them are designed with privacy in mind. Identity Providers in federated eID schemes are observed to be a privacy hotspot as they store user information and can uniquely identify the user. The use of homomorphic encryption and block chain in eID schemes is further explored in order to prevent the Identity Provider from becoming a privacy hotspot while fullling its role in the scheme.

Original language	English
Title of host publication	37th WIC Symposium on Information Theory in the Benelux / 6th WIC/IEEE SP Symposium on Information Theory and Signal Processing in the Benelux
Pages	158-165
Number of pages	8
Publication status	Published - 2016
Event	37th WIC Symposium on Information Theory in the Benelux / 6th WIC/IEEE SP Symposium on Information Theory and Signal Processing in the Benelux - Université Catholique de Louvain, Louvain, Belgium Duration: 19 May 2016 → 20 May 2016 http://sites.uclouvain.be/sitb2016/

Conference

Conference	37th WIC Symposium on Information Theory in the Benelux / 6th WIC/IEEE SP Symposium on Information Theory and Signal Processing in the Benelux
Country/Territory	Belgium
City	Louvain
Period	19/05/16 → 20/05/16
Internet address	http://sites.uclouvain.be/sitb2016/

Access to Document

11312527Final published version, 151 KB

Cite this

@inproceedings{e278daa5a03549cb896cee36621861c0,

title = "Enhancing privacy of users in eID schemes",

abstract = "In todays world transactions are increasingly being performed over the internetbut require identication of users as in face-to-face transactions. In order to facilitate eGovernance as well as other eCommerce services Electronic Identiation(eID) schemes, which intend to provide unique and reliable identication andauthentication of the users, have been introduced. eID schemes commonly involve a Service Provider which provides a service, such as online shopping, to the user and an Identity Provider which veries the users identity and facilitates the user to identify itself to the Service Provider. Every transaction made over the Internet reveals bits of information about the user which can be accumulated and abused, thus necessitating security and privacy in order to prevent misuse of data and invasion of personal privacy. In this work, ve eID schemes which are in use or re proposed in EU countries is surveyed and the strengths and weaknesses of these schemes is investigated. All the schemes have given importance to security while only a few of them are designed with privacy in mind. Identity Providers in federated eID schemes are observed to be a privacy hotspot as they store user information and can uniquely identify the user. The use of homomorphic encryption and block chain in eID schemes is further explored in order to prevent the Identity Provider from becoming a privacy hotspot while fullling its role in the scheme.",

author = "Kris Shrishak and Zekeriya Erkin and Remco Schaar",

year = "2016",

language = "English",

pages = "158--165",

booktitle = "37th WIC Symposium on Information Theory in the Benelux / 6th WIC/IEEE SP Symposium on Information Theory and Signal Processing in the Benelux",

note = "37th WIC Symposium on Information Theory in the Benelux / 6th WIC/IEEE SP Symposium on Information Theory and Signal Processing in the Benelux ; Conference date: 19-05-2016 Through 20-05-2016",

url = "http://sites.uclouvain.be/sitb2016/",

}

Shrishak, K, Erkin, Z & Schaar, R 2016, Enhancing privacy of users in eID schemes. in 37th WIC Symposium on Information Theory in the Benelux / 6th WIC/IEEE SP Symposium on Information Theory and Signal Processing in the Benelux. pp. 158-165, 37th WIC Symposium on Information Theory in the Benelux / 6th WIC/IEEE SP Symposium on Information Theory and Signal Processing in the Benelux, Louvain, Belgium, 19/05/16.

Enhancing privacy of users in eID schemes. / Shrishak, Kris; Erkin, Zekeriya; Schaar, Remco.
37th WIC Symposium on Information Theory in the Benelux / 6th WIC/IEEE SP Symposium on Information Theory and Signal Processing in the Benelux. 2016. p. 158-165.

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Enhancing privacy of users in eID schemes

AU - Shrishak, Kris

AU - Erkin, Zekeriya

AU - Schaar, Remco

PY - 2016

Y1 - 2016

N2 - In todays world transactions are increasingly being performed over the internetbut require identication of users as in face-to-face transactions. In order to facilitate eGovernance as well as other eCommerce services Electronic Identiation(eID) schemes, which intend to provide unique and reliable identication andauthentication of the users, have been introduced. eID schemes commonly involve a Service Provider which provides a service, such as online shopping, to the user and an Identity Provider which veries the users identity and facilitates the user to identify itself to the Service Provider. Every transaction made over the Internet reveals bits of information about the user which can be accumulated and abused, thus necessitating security and privacy in order to prevent misuse of data and invasion of personal privacy. In this work, ve eID schemes which are in use or re proposed in EU countries is surveyed and the strengths and weaknesses of these schemes is investigated. All the schemes have given importance to security while only a few of them are designed with privacy in mind. Identity Providers in federated eID schemes are observed to be a privacy hotspot as they store user information and can uniquely identify the user. The use of homomorphic encryption and block chain in eID schemes is further explored in order to prevent the Identity Provider from becoming a privacy hotspot while fullling its role in the scheme.

AB - In todays world transactions are increasingly being performed over the internetbut require identication of users as in face-to-face transactions. In order to facilitate eGovernance as well as other eCommerce services Electronic Identiation(eID) schemes, which intend to provide unique and reliable identication andauthentication of the users, have been introduced. eID schemes commonly involve a Service Provider which provides a service, such as online shopping, to the user and an Identity Provider which veries the users identity and facilitates the user to identify itself to the Service Provider. Every transaction made over the Internet reveals bits of information about the user which can be accumulated and abused, thus necessitating security and privacy in order to prevent misuse of data and invasion of personal privacy. In this work, ve eID schemes which are in use or re proposed in EU countries is surveyed and the strengths and weaknesses of these schemes is investigated. All the schemes have given importance to security while only a few of them are designed with privacy in mind. Identity Providers in federated eID schemes are observed to be a privacy hotspot as they store user information and can uniquely identify the user. The use of homomorphic encryption and block chain in eID schemes is further explored in order to prevent the Identity Provider from becoming a privacy hotspot while fullling its role in the scheme.

UR - http://resolver.tudelft.nl/uuid:8daa5-a035-49cb-896c-ee36621861c0

M3 - Conference contribution

SP - 158

EP - 165

BT - 37th WIC Symposium on Information Theory in the Benelux / 6th WIC/IEEE SP Symposium on Information Theory and Signal Processing in the Benelux

T2 - 37th WIC Symposium on Information Theory in the Benelux / 6th WIC/IEEE SP Symposium on Information Theory and Signal Processing in the Benelux

Y2 - 19 May 2016 through 20 May 2016

ER -

Enhancing privacy of users in eID schemes

Abstract

Conference

Access to Document

Other files and links

Fingerprint

Cite this