ppt

Download Report

Transcript ppt 

Human identity - a security
perspective
Thomas Kriegelstein
Security - Goals
 Secrecy
 No disclosure of the document
 Integrity
 Discovery of changes to the document
 Accountability
 Knowledge/Proof of the document‘s origin
 require cryptographic mechanisms to achieve them.
 Availability
 requires organisational mechanisms to achieve it.
TU Dresden
Security – Mechanisms
 Encryption/Decryption
 Integrity protection/testing
 Signature generation/verification
 They require a secret.
 The secret lies in keys not algorithms.
 They require cryptographic keys .
TU Dresden
Implications of Anonymity
Anonymity is the state of being not identifiable within a set of
subjects, the anonymity set.
 All elements are different.
 All use different cryptographic keys.
 Use of keys for accountability impossible.
TU Dresden
Implications of Pseudonymity
Pseudonymity is the use of pseudonyms as IDs.
 User accounts, e-mail addresses are considered pseudonyms.
 Ongoing usage of pseudonyms provides/increases linkability.
 Pseudonyms within computer security utilize authentication to
prevent usage by strangers.
TU Dresden
Usage of Pseudonyms I
 Type of the pseudonym is determined by pseudonym‘s reuse:
transaction
pseudonym
role
relationship
pseudonym
role
pseudonym
relationship
pseudonym
personal
pseudonym
linkability
anonymity
TU Dresden
Usage of Pseudonyms II
 Linkability can not decrease.
 Linkability should be small beforehand of pseudonym‘s reuse.
 Anonymity is required.
 Management should not increase linkability:
 Of pseudonyms.
 Of actions.
TU Dresden
Implications on Identity
 Mapping from pseudonym to human being is needed.
 Can be achieved by:
 What he knows.
 What he possesses.
 What he is.
 What is known about him.
 No use of such a mapping without trust to it, unless usage is
enforced.
TU Dresden
The Big Picture
others
ID2
Me
ID1
P1
P4
P3
P2
User2
Me
others
System boundary
TU Dresden
Conclusions




Trustworthy use of different pseudonyms requires anonymity.
Linkability of pseudonyms can‘t be guaranteed.
Linkability of actions can‘t be reduced.
Management should not increase linkability.
 Within computer security there are goals to achieve,
pseudonyms to use and policies to enforce, but there is no
identity apart from equality of bit strings or linkability of
pseudonyms.
TU Dresden
Conditional Anonymity Revocation
User2
Trustee
Judge
User1
Action/P4
ensureDetectable P4/P2
Link P4/P3
P4 linked
P4 linked/P4
Action performed/P2
detect P4/P1
detect P4/Judge
P4 is ID1
TU Dresden