Skip to main content
SpringerLink
Log in

Enhancing Public Digital Identity System (SPID) to Prevent Information Leakage

  • Conference paper
Book cover Electronic Government and the Information Systems Perspective (EGOVIS 2015)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 9265))

Abstract

Public Digital Identity System (SPID) is the Italian government framework compliant with the EU eIDAS regulatory environment, aimed at implementing electronic identification and trust services in e-government and business applications. According to this federated identity management framework, digital identities are issued, upon application of the interested party, by digital identity providers. This way, users authenticate to service providers, which are public or private organizations providing a service to authorized users, provided that they adhere to SPID. A drawback that could limit the real diffusion of this framework is that, despite the fact that identity and service providers might be competitor private companies, SPID authentication results in information leakage about customers of identity providers. To overcome this potential limitation, in this paper, we propose a modification of SPID to allow user authentication by preserving the anonymity of the identity provider that grants the authentication credentials. This way, information leakage about customers of identity providers is fully prevented.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Agency for Digital Italy (AGID) (2015). http://www.agid.gov.it/

  2. Art. 3 DPCM of 24 October 2014 (2015). http://www.agid.gov.it/sites/default/files/leggi_decreti_direttive/dpcm_24_ottobre_2014.pdf

  3. Electronic identification and trust services (eIDAS) (2015). http://ec.europa.eu/dgs/connect/en/content/electronic-identification-and-trust-services-eidas-regulatory-environment-and-beyond

  4. Security Assertion Markup Language (SAML) (2015). http://it.wikipedia.org/wiki/Security_Assertion_Markup_Language

  5. SPID-Agenzia per l’Italia Digitale (2015). http://www.agid.gov.it/sites/default/files/regole_tecniche/spid_regole_tecniche_v0_1.pdf

  6. Vila, J.A., Serna-Olvera, J., Fernandez, L., Medina, M., Sfakianakis, A.: A professional view on ebanking authentication: challenges and recommendations. In: 2013 9th International Conference on Information Assurance and Security (IAS), pp. 43–48. IEEE (2013)

    Google Scholar 

  7. Buccafurri, F., Fotia, L., Lax, G.: Allowing continuous evaluation of citizen opinions through social networks. In: Kő, A., Leitner, C., Leitold, H., Prosser, A. (eds.) EDEM 2012 and EGOVIS 2012. LNCS, vol. 7452, pp. 242–253. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  8. Buccafurri, F., Fotia, L., Lax, G.: Privacy-preserving resource evaluation in social networks. In: Proceedings of the 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST 2012), pp. 51–58. IEEE Computer Society (2012)

    Google Scholar 

  9. Buccafurri, F., Fotia, L., Lax, G.: Allowing non-identifying information disclosure in citizen opinion evaluation. In: Kő, A., Leitner, C., Leitold, H., Prosser, A. (eds.) EDEM 2013 and EGOVIS 2013. LNCS, vol. 8061, pp. 241–254. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  10. Buccafurri, F., Fotia, L., Lax, G.: Allowing privacy-preserving analysis of social network likes. In: Privacy, Security and Trust (PST), 2013 Eleventh Annual International Conference on, pp. 36–43. IEEE (2013)

    Google Scholar 

  11. Buccafurri, F., Fotia, L., Lax, G.: Social signature: signing by tweeting. In: Kő, A., Francesconi, E. (eds.) EGOVIS 2014. LNCS, vol. 8650, pp. 1–14. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  12. Buccafurri, F., Fotia, L., Lax, G.: A privacy-preserving e-participation framework allowing citizen opinion analysis. Electron. Gov. An Int. J. 11, 185–206 (2015)

    Article  Google Scholar 

  13. Buchmann, N., Rathgeb, C., Baier, H., Busch, C.: Towards electronic identification and trusted services for biometric authenticated transactions in the single euro payments area. In: Preneel, B., Ikonomou, D. (eds.) APF 2014. LNCS, vol. 8450, pp. 172–190. Springer, Heidelberg (2014)

    Google Scholar 

  14. Cuijpers, C., Schroers, J.: eIDAS as guideline for the development of a pan European eID framework in FutureID. Open Identity Summit 2014(237), 23–38 (2014)

    Google Scholar 

  15. Dumortier, J., Vandezande, N.: Critical Observations on the Proposed Regulation for Electronic Identification and Trust Services for Electronic Transactions in the Internal Market. ICRI Research Paper, 9 (2012)

    Google Scholar 

  16. Hühnlein, D.: Towards eIDAS as a Service. In: Reimer, H., Pohlmann, N., Schneider, W. (eds.) ISSE 2014 Securing Electronic Business Processes, pp. 241–248. Springer, Heidelberg (2014)

    Google Scholar 

  17. Jordan, F., Pujol, H., Ruana, D.: Achieving the eIDAS vision through the mobile, social and cloud triad. In: Reimer, H., Pohlmann, N., Schneider, W. (eds.) ISSE 2014 Securing Electronic Business Processes, pp. 81–93. Springer, Heidelberg (2014)

    Google Scholar 

  18. Lax, G., Buccafurri, F., Caminiti, G.: Digital document signing: Vulnerabilities and solutions. A Global Perspective, Information Security Journal (2015)

    Google Scholar 

  19. Massacci, F., Gadyatskaya, O.: How to get better EID and Trust Services by leveraging eIDAS legislation on EU funded research results (2013)

    Google Scholar 

  20. Navarro, V.A., Gumbau, J., Santapau, P., Marzal, A.: Stork project results: Pan-european eid interoperability demonstrated (2011)

    Google Scholar 

  21. Wessels, B.: Identification and the practices of identity and privacy in everyday digital communication. New Media Soc. 14, 1251–1268 (2012)

    Article  Google Scholar 

Download references

Acknowledgment

This work has been partially supported by the TENACE PRIN Project (n. 20103P34XC) funded by the Italian Ministry of Education, University and Research and by the Program “Programma Operativo Nazionale Ricerca e Competitività” 2007-2013, Distretto Tecnologico CyberSecurity funded by the Italian Ministry of Education, University and Research.

Author information

Authors and Affiliations

  1. DIIES, University Mediterranea of Reggio Calabria, Via Graziella, Località Feo di Vito, 89122, Reggio Calabria, Italy

    Francesco Buccafurri, Lidia Fotia & Gianluca Lax

  2. Security and Safety, Poste Italiane S.p.A, viale Europa 175, 00144, Roma, Italy

    Rocco Mammoliti

Authors
  1. Francesco Buccafurri
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lidia Fotia
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Gianluca Lax
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Rocco Mammoliti
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Francesco Buccafurri .

Editor information

Editors and Affiliations

  1. Corvinus University of Budapest, Budapest, Hungary

    Andrea Kő

  2. Institute of Legal Information Theory and Techniques, Florence, Italy

    Enrico Francesconi

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Buccafurri, F., Fotia, L., Lax, G., Mammoliti, R. (2015). Enhancing Public Digital Identity System (SPID) to Prevent Information Leakage. In: Kő, A., Francesconi, E. (eds) Electronic Government and the Information Systems Perspective. EGOVIS 2015. Lecture Notes in Computer Science, vol 9265. Springer, Cham. https://doi.org/10.1007/978-3-319-22389-6_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-22389-6_5

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-22388-9

  • Online ISBN: 978-3-319-22389-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation