Formal Privacy Analysis of Communication Protocols for Identity Management
نویسندگان
چکیده
Over the years, formal methods have been developed for the analysis of security and privacy aspects of communication in IT systems. However, existing methods are insufficient to deal with privacy, especially in identity management (IdM), as they fail to take into account whether personal information can be linked to its data subject. In this paper, we propose a general formal method to analyze privacy of communication protocols for IdM. To express privacy, we represent knowledge of personal information in a three-layer model. We show how to deduce knowledge from observed messages and how to verify a range of privacy properties. We validate the approach by applying it to an IdM case study.
منابع مشابه
Enhancing privacy of recent authentication schemes for low-cost RFID systems
Nowadays Radio Frequency Identification (RFID) systems have appeared in lots of identification and authentication applications. In some sensitive applications, providing secure and confidential communication is very important for end-users. To this aim, different RFID authentication protocols have been proposed, which have tried to provide security and privacy of RFID users. In this paper, we a...
متن کاملA Lightweight Privacy-preserving Authenticated Key Exchange Scheme for Smart Grid Communications
Smart grid concept is introduced to modify the power grid by utilizing new information and communication technology. Smart grid needs live power consumption monitoring to provide required services and for this issue, bi-directional communication is essential. Security and privacy are the most important requirements that should be provided in the communication. Because of the complex design of s...
متن کاملSymbolic Privacy Analysis through Linkability and Detectability
More and more personal information is exchanged on-line using communication protocols. This makes it increasingly important that such protocols satisfy data minimisation. Formal methods have been used to verify privacy properties of protocols; but so far, mostly for ad-hoc applications. In previous work, we provided general definitions for the fundamental privacy concepts of linkability and det...
متن کاملProvably secure and efficient identity-based key agreement protocol for independent PKGs using ECC
Key agreement protocols are essential for secure communications in open and distributed environments. Recently, identity-based key agreement protocols have been increasingly researched because of the simplicity of public key management. The basic idea behind an identity-based cryptosystem is that a public key is the identity (an arbitrary string) of a user, and the corresponding private key is ...
متن کاملFormal Methods for Web 2.0 Security Protocols - Position Paper
2. The network model is too detailed. The traditional model of the network as an opponent in cryptographic protocols enables the opponent to forge, alter and remove messages. In contrast, the basic protocols underlying, say, identity management frameworks assume integrity of messages. This greater abstraction permits the users and architects of Web 2.0 components to focus on semantic issues, su...
متن کامل