110 likes | 201 Views
Human identity - a security perspective. Thomas Kriegelstein. Security - Goals. Secrecy No disclosure of the document Integrity Discovery of changes to the document Accountability Knowledge/Proof of the document‘s origin require cryptographic mechanisms to achieve them. Availability
E N D
Human identity - a security perspective Thomas Kriegelstein
Security - Goals • Secrecy • No disclosure of the document • Integrity • Discovery of changes to the document • Accountability • Knowledge/Proof of the document‘s origin • require cryptographic mechanisms to achieve them. • Availability • requires organisational mechanisms to achieve it. TU Dresden
Security – Mechanisms • Encryption/Decryption • Integrity protection/testing • Signature generation/verification • They require a secret. • The secret lies in keys not algorithms. • They require cryptographic keys . TU Dresden
Implications of Anonymity Anonymity is the state of being not identifiable within a set of subjects, the anonymity set. • All elements are different. • All use different cryptographic keys. • Use of keys for accountability impossible. TU Dresden
Implications of Pseudonymity Pseudonymity is the use of pseudonyms as IDs. • User accounts, e-mail addresses are considered pseudonyms. • Ongoing usage of pseudonyms provides/increases linkability. • Pseudonyms within computer security utilize authentication to prevent usage by strangers. TU Dresden
Usage of Pseudonyms I • Type of the pseudonym is determined by pseudonym‘s reuse: role pseudonym role relationship pseudonym transaction pseudonym personal pseudonym relationship pseudonym linkability anonymity TU Dresden
Usage of Pseudonyms II • Linkability can not decrease. • Linkability should be small beforehand of pseudonym‘s reuse. • Anonymity is required. • Management should not increase linkability: • Of pseudonyms. • Of actions. TU Dresden
Implications on Identity • Mapping from pseudonym to human being is needed. • Can be achieved by: • What he knows. • What he possesses. • What he is. • What is known about him. • No use of such a mapping without trust to it, unless usage is enforced. TU Dresden
The Big Picture others ID2 User1 Me Trustee ID1 P1 P4 P3 P2 User2 System boundary Me others TU Dresden
Conclusions • Trustworthy use of different pseudonyms requires anonymity. • Linkability of pseudonyms can‘t be guaranteed. • Linkability of actions can‘t be reduced. • Management should not increase linkability. • Within computer security there are goals to achieve, pseudonyms to use and policies to enforce, but there is no identity apart from equality of bit strings or linkability of pseudonyms. TU Dresden
Conditional Anonymity Revocation User2 Trustee Judge User1 Action/P4 ensureDetectable P4/P2 Link P4/P3 P4 linked P4 linked/P4 Action performed/P2 detect P4/P1 detect P4/Judge P4 is ID1 TU Dresden