research-article

Enhancing and Evaluating Identity Privacy and Authentication Strength by Utilizing the Identity Ecosystem

Authors:

Kai Chih Chang,

Razieh Nokhbeh Zaeem,

K. Suzanne BarberAuthors Info & Claims

WPES'18: Proceedings of the 2018 Workshop on Privacy in the Electronic Society

Pages 114 - 120

https://doi.org/10.1145/3267323.3268964

Published: 15 January 2018 Publication History

Get Access

Abstract

This paper presents a novel research model of identity and the use of this model to answer some interesting research questions. Information travels in the cyber world, not only bringing us convenience and prosperity but also jeopardy. Protecting this information has been a commonly discussed issue in recent years. One type of this information is Personally Identifiable Information (PII), often used to perform personal authentication. People often give PIIs to organizations, e.g., when applying for a new job or filling out a new application on a website. While the use of such PII might be necessary for authentication, giving PII increases the risk of its exposure to criminals. We introduce two innovative approaches based on our model of identity to help evaluate and find an optimal set of PIIs that satisfy authentication purposes but minimize risk of exposure. Our model paves the way for more informed selection of PIIs by organizations that collect them as well as by users who offer PIIs to these organizations.

References

[1]

L. Atzori, A. Iera, and G. Morabito. The internet of things: A survey. Computer Networks, 54(15):2787 -- 2805, 2010.

Digital Library

Google Scholar

[2]

E. Bertino, F. Paci, and N. Shang. Keynote 2: Digital identity protection - concepts and issues. In 2009 International Conference on Availability, Reliability and Security, pages 69--78, March 2009.

Google Scholar

[3]

Y. Cao and L. Yang. A survey of identity management technology. In 2010 IEEE International Conference on Information Theory and Information Security, pages 287--293, Dec 2010.

Google Scholar

[4]

K. C. Chang, R. N. Zaeem, and K. S. Barber. Internet of things: Securing the identity by analyzing ecosystem models of devices and organizations. In 2018 Association for the Advancement of Artificial Intelligence Spring Symposium, March 2018. To Appear.

Google Scholar

[5]

M. A. Jan, P. Nanda, X. He, Z. Tan, and R. P. Liu. A robust authentication scheme for observing resources in the internet of things environment. In 2014 IEEE 13th International Conference on Trust, Security and Privacy in Computing and Communications, pages 205--211, Sept 2014.

Digital Library

Google Scholar

[6]

P. N. Mahalle, B. Anggorojati, N. R. Prasad, and R. Prasad. Identity establishment and capability based access control (iecac) scheme for internet of things. In The 15th International Symposium on Wireless Personal Multimedia Communications, pages 187--191, Sept 2012.

Google Scholar

[7]

H. Ning, H. Liu, and L. T. Yang. Aggregated-proof based hierarchical authentication scheme for the internet of things. IEEE Transactions on Parallel and Distributed Systems, 26(3):657--667, March 2015.

Digital Library

Google Scholar

[8]

A. Pascual, K. Marchini, and S. Miller. 2018 identity fraud: Fraud enters a new era of complexity. Technical report, Retrieved from Javelin Strategy & Research: https://www.javelinstrategy.com/coverage-area/2018-identity-fraud-fraud-enters-new-era-complexity, 2018.

Google Scholar

[9]

Center for Identity. Itap data, 2017. Unpublished raw data.

Google Scholar

[10]

S. Sicari, A. Rizzardi, L. Grieco, and A. Coen-Porisini. Security, privacy and trust in internet of things: The road ahead. Computer Networks, 76:146 -- 164, 2015.

Digital Library

Google Scholar

[11]

R. H.Weber. Internet of things: Privacy issues revisited. Computer Law & Security Review, 31(5):618 -- 627, 2015.

Crossref

Google Scholar

[12]

B. D. Weinberg, G. R. Milne, Y. G. Andonova, and F. M. Hajjat. Internet of things: Convenience vs. privacy and secrecy. Business Horizons, 58(6):615 -- 624, 2015. Special Issue: The Magic of Secrets.

Crossref

Google Scholar

[13]

R. N. Zaeem, S. Budalakoti, K. S. Barber, M. Rasheed, and C. Bajaj. Predicting and explaining identity risk, exposure and cost using the ecosystem of identity attributes. In Security Technology (ICCST), 2016 IEEE International Carnahan Conference on, pages 1--8. IEEE, 2016.

Crossref

Google Scholar

Cited By

View all

Chang KBarber S(2023)Personalized Privacy Assistant: Identity Construction and Privacy in the Internet of ThingsEntropy10.3390/e2505071725:5(717)Online publication date: 26-Apr-2023
https://doi.org/10.3390/e25050717
Kong LTan JHuang JChen GWang SJin XZeng PKhan MDas S(2022)Edge-computing-driven Internet of Things: A SurveyACM Computing Surveys10.1145/355530855:8(1-41)Online publication date: 23-Dec-2022
https://dl.acm.org/doi/10.1145/3555308
Wu CWu C(2021)IoT Security ArchitectureInternet of Things Security10.1007/978-981-16-1372-2_3(27-44)Online publication date: 26-Mar-2021
https://doi.org/10.1007/978-981-16-1372-2_3
Show More Cited By

Index Terms

Enhancing and Evaluating Identity Privacy and Authentication Strength by Utilizing the Identity Ecosystem

Recommendations

Enhancing User Identity Privacy in LTE
TRUSTCOM '12: Proceedings of the 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications

Identity privacy is a security issue that is crucial for the users of a cellular network. Knowledge of the permanent identity of a user may allow an adversary to track and amass comprehensive profiles about individuals. Such profiling may expose an ...
The Evolution of Online Identity

The author proposes that we must significantly improve how we authenticate ourselves on various computer systems to address growing security and privacy threats. As part of that process, we must adopt an identity metasystem that relies on in-person ...
An Assessment of Blockchain Identity Solutions: Minimizing Risk and Liability of Authentication
WI '19: IEEE/WIC/ACM International Conference on Web Intelligence

Personally Identifiable Information (PII) is often used to perform authentication and acts as a gateway to personal and organizational information. One weak link in the architecture of identity management services is sufficient to cause exposure and ...

Comments

Information & Contributors

Information

Published In

WPES'18: Proceedings of the 2018 Workshop on Privacy in the Electronic Society

October 2018

190 pages

ISBN:9781450359894

DOI:10.1145/3267323

General Chairs:
David Lie
University of Toronto, Canada
,
Mohammad Mannan
Concordia University, Canada
,
Program Chair:
Aaron Johnson
U.S. Naval Research Laboratory, USA

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 15 January 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

CCS '18

Sponsor:

SIGSAC

CCS '18: 2018 ACM SIGSAC Conference on Computer and Communications Security

October 15, 2018

Toronto, Canada

Acceptance Rates

WPES'18 Paper Acceptance Rate 11 of 25 submissions, 44%;

Overall Acceptance Rate 106 of 355 submissions, 30%

Upcoming Conference

CCS '24

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 14 - 18, 2024

Salt Lake City , UT , USA

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
207
Total Downloads

Downloads (Last 12 months)11
Downloads (Last 6 weeks)2

Reflects downloads up to 12 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Chang KBarber S(2023)Personalized Privacy Assistant: Identity Construction and Privacy in the Internet of ThingsEntropy10.3390/e2505071725:5(717)Online publication date: 26-Apr-2023
https://doi.org/10.3390/e25050717
Kong LTan JHuang JChen GWang SJin XZeng PKhan MDas S(2022)Edge-computing-driven Internet of Things: A SurveyACM Computing Surveys10.1145/355530855:8(1-41)Online publication date: 23-Dec-2022
https://dl.acm.org/doi/10.1145/3555308
Wu CWu C(2021)IoT Security ArchitectureInternet of Things Security10.1007/978-981-16-1372-2_3(27-44)Online publication date: 26-Mar-2021
https://doi.org/10.1007/978-981-16-1372-2_3
Chang KZaeem RBarber K(2020)A Framework for Estimating Privacy Risk Scores of Mobile AppsInformation Security10.1007/978-3-030-62974-8_13(217-233)Online publication date: 25-Nov-2020
https://doi.org/10.1007/978-3-030-62974-8_13
Nokhbeh Zaeem RBarber K(2020)How Much Identity Management with Blockchain Would Have Saved Us? A Longitudinal Study of Identity TheftBusiness Information Systems Workshops10.1007/978-3-030-61146-0_13(158-168)Online publication date: 12-Nov-2020
https://doi.org/10.1007/978-3-030-61146-0_13
Liau DZaeem RBarber K(2019)Evaluation Framework for Future Privacy Protection Systems: A Dynamic Identity Ecosystem Approach2019 17th International Conference on Privacy, Security and Trust (PST)10.1109/PST47121.2019.8949059(1-3)Online publication date: Aug-2019
https://doi.org/10.1109/PST47121.2019.8949059

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Enhancing User Identity Privacy in LTE

The Evolution of Online Identity

An Assessment of Blockchain Identity Solutions: Minimizing Risk and Liability of Authentication