Enhancing privacy of users in eID schemes
نویسندگان
چکیده
In todays world transactions are increasingly being performed over the internet but require identification of users as in face-to-face transactions. In order to facilitate eGovernance as well as other eCommerce services Electronic Identification (eID) schemes, which intend to provide unique and reliable identification and authentication of the users, have been introduced. eID schemes commonly involve a Service Provider which provides a service, such as online shopping, to the user and an Identity Provider which verifies the users identity and facilitates the user to identify itself to the Service Provider. Every transaction made over the Internet reveals bits of information about the user which can be accumulated and abused, thus necessitating security and privacy in order to prevent misuse of data and invasion of personal privacy. In this work, five eID schemes which are in use or are proposed in EU countries is surveyed and the strengths and weaknesses of these schemes is investigated. All the schemes have given importance to security while only a few of them are designed with privacy in mind. Identity Providers in federated eID schemes are observed to be a privacy hotspot as they store user information and can uniquely identify the user. The use of homomorphic encryption and block chain in eID schemes is further explored in order to prevent the Identity Provider from becoming a privacy hotspot while fulfilling its role in the scheme.
منابع مشابه
Enhancing privacy of recent authentication schemes for low-cost RFID systems
Nowadays Radio Frequency Identification (RFID) systems have appeared in lots of identification and authentication applications. In some sensitive applications, providing secure and confidential communication is very important for end-users. To this aim, different RFID authentication protocols have been proposed, which have tried to provide security and privacy of RFID users. In this paper, we a...
متن کاملIncorporating Leveled Homomorphic Encryption-based Private Information Retrieval in Federated eID Schemes to Enhance User Privacy
Numerous services are being offered over the Internet and require identification of users as in face-to-face interactions. To simplify the authentication procedure and reduce the need to manage multiple credentials to access services, Electronic Identification (eID) schemes have been introduced. eID schemes commonly involve many service providers (SPs) which provide services, such as online sho...
متن کاملBrowse searchable encryption schemes: Classification, methods and recent developments
With the advent of cloud computing, data owners tend to submit their data to cloud servers and allow users to access data when needed. However, outsourcing sensitive data will lead to privacy issues. Encrypting data before outsourcing solves privacy issues, but in this case, we will lose the ability to search the data. Searchable encryption (SE) schemes have been proposed to achieve this featur...
متن کاملElectronic Identity Cards for User Authentication - Promise and Practice
Electronic identity (eID) cards promise to supply a universal, nation-wide mechanism for user authentication. Most European countries have started to deploy eID for government and private sector applications. Are government-issued electronic ID cards the proper way to authenticate users of online services? We use the German eID project as a showcase to discuss eID from an application perspectiv...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2016