Articles

Identity & Privacy

Identity & Privacy

Identity and privacy research are intertwined.

The former aims at protocols and systems for managing, exchanging and authenticating identity attributes, the latter governs the protection of a user's identity in the widest sense.

Other Interests: [Information Security]   [Applied Rigorous Methods]

Identity

Identity refers to the attributes associated with a user who interacts with a system's service interface.

It may be a (unique) identifier (e.g., a username) or personal identifiable information (PII) or other attributes (e.g., pseudo-identifiers).

Taken as basis for authentication, the identity serves authorization and thereby determine the user's access control rights on the system and security thereof.

The user's claim on her identity is certified by credentials. Electronic Identity (EID) proposals establish credentials on an electronic token, such as an electronic ID card.

Identity Management refers to systems and protocol to handle identity. User-centric identity management places the user in the center of transactions and has user-consent as guiding principle. Federated identity management (FIM) refers to identity management access trust domains, e.g., for single sign-on authentication.

See Federated Identity Management and the User-centricity Taxonomy.

Privacy

In first approximation, privacy is the protection of the user's identity.

Privacy can take many forms, the privacy terminology [PfiHan2010] provides a good overview.

Anonymous Credential Systems and attribute-based credentials allow privacy-preserving authentication based on selective disclosure of attributes (or statements about attributes).

Research Foci: Privacy for eID and Social Networks

  • Privacy of eID systems
  • Privacy in social networks

Relevant Projects

Selected Papers

Jan Camenisch and Thomas Groß. Efficient attributes for anonymous credentials. In ACM Transactions on Information and System Security (TISSEC), 2011.

Jan Camenisch, Nathalie Casati, Thomas Groß and Victor Shoup. Credential Authenticated Identification and Key Exchange. In Advances in Cryptology - CRYPTO 2010, pages 255-276. LNCS 6223. Springer, August 2010.

Patrik Bichsel, Jan Camenisch, Thomas Groß and Victor Shoup. Anonymous Credentials on a Standard Java Card. In ACM Computer and Communications Security (CCS), 2009, pages 600-610. ACM Press, November 2009.

Abhilasha Bhargav-Spantzel, Jan Camenisch, Thomas Groß and Dieter Sommer. User centricity: A taxonomy and open issues. In Journal of Computer Security 15(5): pages 493-527, IOS Press, 2007.

References

[PfiHan2010] Andreas Pfitzmann and Marit Hansen. Terminology for talking about privacy by data minimization: Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management, v0.34. Aug. 2010. TU Dresden.