Projects per year
Abstract
In credential-based authentication systems (wallets), users transmit personally identifiable and potentially sensitive data to Service Providers (SPs). Here, users must often trust that they are communicating with a legitimate SP and that the SP has a lawful reason for requesting the information that it does. In the event of data misuse, identifying and holding the SP accountable can be difficult.
In this paper, we first enumerate the privacy requirements of electronic wallet systems. For this, we explore applicable legal frameworks and user expectations. Based on this, we argue that forcing each user to evaluate each SP individually is not a tractable solution. Instead, we outline technical measures in the form of an SP accreditation system. We delegate trust decisions to an authorized Accreditation Body (AB), which equips each SP with a machine-readable set of data permissions. These permissions are checked and enforced by the user's wallet software, preventing over-sharing sensitive data. The accreditation body we propose is publicly auditable. By enabling the detection of misconduct, our accreditation system increases user trust and thereby fosters the proliferation of the system.
In this paper, we first enumerate the privacy requirements of electronic wallet systems. For this, we explore applicable legal frameworks and user expectations. Based on this, we argue that forcing each user to evaluate each SP individually is not a tractable solution. Instead, we outline technical measures in the form of an SP accreditation system. We delegate trust decisions to an authorized Accreditation Body (AB), which equips each SP with a machine-readable set of data permissions. These permissions are checked and enforced by the user's wallet software, preventing over-sharing sensitive data. The accreditation body we propose is publicly auditable. By enabling the detection of misconduct, our accreditation system increases user trust and thereby fosters the proliferation of the system.
Original language | English |
---|---|
Title of host publication | ARES 2024 - 19th International Conference on Availability, Reliability and Security, Proceedings |
Subtitle of host publication | International Workshop on Emerging Digital Identities |
Place of Publication | New York, NY, USA |
Publisher | Association of Computing Machinery |
ISBN (Electronic) | 9798400717185 |
DOIs | |
Publication status | Published - 30 Jul 2024 |
Event | 19th International Conference on Availability, Reliability and Security: ARES 2024 - Vienna, Austria Duration: 30 Jul 2024 → 2 Aug 2024 Conference number: 2024 https://www.ares-conference.eu |
Publication series
Name | ACM International Conference Proceeding Series |
---|
Conference
Conference | 19th International Conference on Availability, Reliability and Security |
---|---|
Abbreviated title | ARES 2024 |
Country/Territory | Austria |
City | Vienna |
Period | 30/07/24 → 2/08/24 |
Internet address |
Keywords
- E-ID
- eIDAS
- Privacy
- Self-sovereign Identity
- Trust
- Wallet
ASJC Scopus subject areas
- Software
- Human-Computer Interaction
- Computer Vision and Pattern Recognition
- Computer Networks and Communications
Projects
- 1 Active
-
EU - ERATOSTHENES - Secure management of IoT devices lifecycle through identities, trust and distributed ledgers
Tauber, A. (Co-Investigator (CoI))
1/10/21 → 31/03/25
Project: Research project
Activities
- 1 Talk at conference or symposium
-
Service Provider Accreditation: Enabling and Enforcing Privacy-by-Design in Credential-based Authentication Systems
More, S. J. (Speaker) & Fasllija, E. (Contributor)
30 Jul 2024 → 2 Aug 2024Activity: Talk or presentation › Talk at conference or symposium › Science to science