Enhancing user privacy in federated eID schemes

Kris Shrishak; Zekeriya Erkin; Remco Schaar

doi:10.1109/NTMS.2016.7792448

Enhancing user privacy in federated eID schemes

Kris Shrishak, Zekeriya Erkin, Remco Schaar

Cyber Security

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

3 Citations (Scopus)

Abstract

Numerous services are being offered over the Internet and require identification of users as in face-to-face interactions. To simplify the authentication procedure and reduce the need to manage multiple credentials to access services, electronic identification (eID) schemes have been introduced that involve many service providers (SPs) and identity providers (IDPs) which verify the identity of users and facilitate the user to authenticate him/herself to SPs. In federated eID schemes, IDPs store identifiable user information (attributes), often with a unique ID, and attest on these attributes to SPs. In this work, we address the privacy concerns of storing user attributes at the IDP which allows the IDP to profile the user's behaviour and activities. We propose to store the attributes in a privacy friendly manner so that they cannot be directly linked to a particular user even if the data is leaked. Then we incorporate private information retrieval (PIR) in the usual authentication flow of federated eID scheme so that the IDP can perform its role of authenticating and managing the user's identity without turning into a privacy hotspot. Finally, through a proof-of-concept implementation we show a practical variant of our scheme in which the IDP, with millions of users, partitions its database.

Original language	English
Title of host publication	2016 8th IFIP International Conference on New Technologies, Mobility and Security ( NTMS)
Editors	M. Badra, G. Pau, V. Vassiliou
Place of Publication	Piscataway
Publisher	IEEE
Pages	1-5
Number of pages	5
ISBN (Electronic)	978-1-5090-2914-3
ISBN (Print)	978-1-5090-2915-0
DOIs	https://doi.org/10.1109/NTMS.2016.7792448
Publication status	Published - 22 Dec 2016
Event	8th IFIP International Conference on New Technologies. Mobility and Security, NTMS - Larnaca, Cyprus Duration: 21 Nov 2016 → 23 Nov 2016

Conference

Conference	8th IFIP International Conference on New Technologies. Mobility and Security, NTMS
Abbreviated title	IFIP NTMS 2016
Country/Territory	Cyprus
City	Larnaca
Period	21/11/16 → 23/11/16

Keywords

Electronic identification
Homomorphic encryption
Privacy
Private information retrieval

Access to Document

10.1109/NTMS.2016.7792448

Cite this

@inproceedings{074a75fad3cb45e6ac353b258fcd43d8,

title = "Enhancing user privacy in federated eID schemes",

abstract = "Numerous services are being offered over the Internet and require identification of users as in face-to-face interactions. To simplify the authentication procedure and reduce the need to manage multiple credentials to access services, electronic identification (eID) schemes have been introduced that involve many service providers (SPs) and identity providers (IDPs) which verify the identity of users and facilitate the user to authenticate him/herself to SPs. In federated eID schemes, IDPs store identifiable user information (attributes), often with a unique ID, and attest on these attributes to SPs. In this work, we address the privacy concerns of storing user attributes at the IDP which allows the IDP to profile the user's behaviour and activities. We propose to store the attributes in a privacy friendly manner so that they cannot be directly linked to a particular user even if the data is leaked. Then we incorporate private information retrieval (PIR) in the usual authentication flow of federated eID scheme so that the IDP can perform its role of authenticating and managing the user's identity without turning into a privacy hotspot. Finally, through a proof-of-concept implementation we show a practical variant of our scheme in which the IDP, with millions of users, partitions its database.",

keywords = "Electronic identification, Homomorphic encryption, Privacy, Private information retrieval",

author = "Kris Shrishak and Zekeriya Erkin and Remco Schaar",

year = "2016",

month = dec,

day = "22",

doi = "10.1109/NTMS.2016.7792448",

language = "English",

isbn = "978-1-5090-2915-0",

pages = "1--5",

editor = "M. Badra and G. Pau and V. Vassiliou",

booktitle = "2016 8th IFIP International Conference on New Technologies, Mobility and Security ( NTMS)",

publisher = "IEEE",

address = "United States",

note = "8th IFIP International Conference on New Technologies. Mobility and Security, NTMS, IFIP NTMS 2016 ; Conference date: 21-11-2016 Through 23-11-2016",

}

Shrishak, K, Erkin, Z & Schaar, R 2016, Enhancing user privacy in federated eID schemes. in M Badra, G Pau & V Vassiliou (eds), 2016 8th IFIP International Conference on New Technologies, Mobility and Security ( NTMS)., 7792448, IEEE, Piscataway, pp. 1-5, 8th IFIP International Conference on New Technologies. Mobility and Security, NTMS, Larnaca, Cyprus, 21/11/16. https://doi.org/10.1109/NTMS.2016.7792448

Enhancing user privacy in federated eID schemes. / Shrishak, Kris; Erkin, Zekeriya; Schaar, Remco.
2016 8th IFIP International Conference on New Technologies, Mobility and Security ( NTMS). ed. / M. Badra; G. Pau; V. Vassiliou. Piscataway: IEEE, 2016. p. 1-5 7792448.

Research output: Chapter in Book/Conference proceedings/Edited volume › Conference contribution › Scientific › peer-review

TY - GEN

T1 - Enhancing user privacy in federated eID schemes

AU - Shrishak, Kris

AU - Erkin, Zekeriya

AU - Schaar, Remco

PY - 2016/12/22

Y1 - 2016/12/22

N2 - Numerous services are being offered over the Internet and require identification of users as in face-to-face interactions. To simplify the authentication procedure and reduce the need to manage multiple credentials to access services, electronic identification (eID) schemes have been introduced that involve many service providers (SPs) and identity providers (IDPs) which verify the identity of users and facilitate the user to authenticate him/herself to SPs. In federated eID schemes, IDPs store identifiable user information (attributes), often with a unique ID, and attest on these attributes to SPs. In this work, we address the privacy concerns of storing user attributes at the IDP which allows the IDP to profile the user's behaviour and activities. We propose to store the attributes in a privacy friendly manner so that they cannot be directly linked to a particular user even if the data is leaked. Then we incorporate private information retrieval (PIR) in the usual authentication flow of federated eID scheme so that the IDP can perform its role of authenticating and managing the user's identity without turning into a privacy hotspot. Finally, through a proof-of-concept implementation we show a practical variant of our scheme in which the IDP, with millions of users, partitions its database.

AB - Numerous services are being offered over the Internet and require identification of users as in face-to-face interactions. To simplify the authentication procedure and reduce the need to manage multiple credentials to access services, electronic identification (eID) schemes have been introduced that involve many service providers (SPs) and identity providers (IDPs) which verify the identity of users and facilitate the user to authenticate him/herself to SPs. In federated eID schemes, IDPs store identifiable user information (attributes), often with a unique ID, and attest on these attributes to SPs. In this work, we address the privacy concerns of storing user attributes at the IDP which allows the IDP to profile the user's behaviour and activities. We propose to store the attributes in a privacy friendly manner so that they cannot be directly linked to a particular user even if the data is leaked. Then we incorporate private information retrieval (PIR) in the usual authentication flow of federated eID scheme so that the IDP can perform its role of authenticating and managing the user's identity without turning into a privacy hotspot. Finally, through a proof-of-concept implementation we show a practical variant of our scheme in which the IDP, with millions of users, partitions its database.

KW - Electronic identification

KW - Homomorphic encryption

KW - Privacy

KW - Private information retrieval

UR - http://www.scopus.com/inward/record.url?scp=85011252559&partnerID=8YFLogxK

U2 - 10.1109/NTMS.2016.7792448

DO - 10.1109/NTMS.2016.7792448

M3 - Conference contribution

AN - SCOPUS:85011252559

SN - 978-1-5090-2915-0

SP - 1

EP - 5

BT - 2016 8th IFIP International Conference on New Technologies, Mobility and Security ( NTMS)

A2 - Badra, M.

A2 - Pau, G.

A2 - Vassiliou, V.

PB - IEEE

CY - Piscataway

T2 - 8th IFIP International Conference on New Technologies. Mobility and Security, NTMS

Y2 - 21 November 2016 through 23 November 2016

ER -

Enhancing user privacy in federated eID schemes

Abstract

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this