Visible to the public Efficient Privacy-Preserving User Identity with Purpose-Based Encryption

TitleEfficient Privacy-Preserving User Identity with Purpose-Based Encryption
Publication TypeConference Paper
Year of Publication2019
AuthorsVo, Tri Hoang, Fuhrmann, Woldemar, Fischer-Hellmann, Klaus-Peter, Furnell, Steven
Conference Name2019 International Symposium on Networks, Computers and Communications (ISNCC)
Date Publishedjun
Keywordsattribute-based encryption, Authorization, cloud computing, cloud environment, cloud services, cryptography, data protection, Encryption, Facebook, federated identity management, General Data Protection Regulation, Human Behavior, Identity management, identity management systems, identity propagation, personal identifiable information, PII, privacy, Privacy Policies, Privacy-preserving, privacy-preserving user identity, Protocols, pubcrawl, purpose-based encryption, resilience, Scalability
AbstractIn recent years, users may store their Personal Identifiable Information (PII) in the Cloud environment so that Cloud services may access and use it on demand. When users do not store personal data in their local machines, but in the Cloud, they may be interested in questions such as where their data are, who access it except themselves. Even if Cloud services specify privacy policies, we cannot guarantee that they will follow their policies and will not transfer user data to another party. In the past 10 years, many efforts have been taken in protecting PII. They target certain issues but still have limitations. For instance, users require interacting with the services over the frontend, they do not protect identity propagation between intermediaries and against an untrusted host, or they require Cloud services to accept a new protocol. In this paper, we propose a broader approach that covers all the above issues. We prove that our solution is efficient: the implementation can be easily adapted to existing Identity Management systems and the performance is fast. Most importantly, our approach is compliant with the General Data Protection Regulation from the European Union.
Citation Keyvo_efficient_2019