ABSTRACT
This paper presents a privacy-enhancing identity management platform designed to address the challenges associated with online identity verification and privacy protection. INCOGNITO offers a comprehensive solution by leveraging concepts such as Qualified Anonymity and cryptographic credentials, along with technologies including blockchain, Tor Network, and software stacks like Idemix. By employing these mechanisms, INCOGNITO aims to enable users to securely acquire and manage their identity attributes, while preserving their privacy and ensuring compliance with both regulatory bodies and Service Providers’ requirements. The platform facilitates the issuance and verification of cryptographic credentials, granting users access to online services based on fine-grained subsets of their identity attributes. Furthermore, the effectiveness and feasibility of the platform are demonstrated through two pilot projects focused on online multimedia content sharing and identifying bots or fake users in online social networks. These pilots showcase the practical applicability of INCOGNITO in solving identity-related challenges while safeguarding user privacy and security.
- [1] X. Zhang, M. M. Yadollahi, S. Dadkhah, H. Isah, D.-P. Le, A. A. Ghorbani, Data breach: analysis, countermeasures and challenges, International Journal of Information and Computer Security 19 (3-4) (2022) 402–442.Google Scholar
- [2] D. Chen, M. M. Chowdhury, S. Latif, Data breaches in corporate setting, in: 2021 International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME), IEEE, 2021, pp. 01–06.Google Scholar
- [3] L. I. Labrecque, E. Markos, K. Swani, P. Peña, When data security goes wrong: Examining the impact of stress, social contract violation, and data type on consumer coping responses following a data breach, Journal of Business Research 135 (2021) 559–571.Google ScholarCross Ref
- [4] Z. Alkhalil, C. Hewage, L. Nawaf, I. Khan, Phishing attacks: A recent comprehensive study and a new anatomy, Frontiers in Computer Science 3 (2021) 563060.Google ScholarCross Ref
- [5] A. Karale, The challenges of iot addressing security, ethics, privacy, and laws, Internet of Things 15 (2021) 100420.Google ScholarCross Ref
- [6] Z. Wu, G. Li, S. Shen, X. Lian, E. Chen, G. Xu, Constructing dummy query sequences to protect location privacy and query privacy in location-based services, World Wide Web 24 (2021) 25–49.Google ScholarCross Ref
- [7] L. Hanzlik, D. Slamanig, With a little help from my friends: Constructing practical anonymous credentials, in: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security, 2021, pp. 2004–2023.Google ScholarDigital Library
- [8] M. P. Machulak, E. L. Maler, D. Catalano, A. Van Moorsel, User-managed access to web resources, in: Proceedings of the 6th ACM workshop on Digital identity management, 2010, pp. 35–44.Google ScholarDigital Library
- [9] M. Pilkington, Blockchain technology: principles and applications, in: Research handbook on digital transformations, Edward Elgar Publishing, 2016, pp. 225–253.Google ScholarCross Ref
- [10] H. Li, L. Yu, W. He, The impact of gdpr on global technology development (2019).Google ScholarCross Ref
- [11] V. C. Hu, D. R. Kuhn, D. F. Ferraiolo, J. Voas, Attribute-based access control, Computer 48 (2) (2015) 85–88.Google Scholar
Index Terms
- Enabling Qualified Anonymity for Enhanced User Privacy in the Digital Era
Recommendations
A user-centric federated single sign-on system
Current identity management systems are not concerned with user privacy. Users must assume that identity providers and service providers will ensure their privacy, which is not always the case. This paper proposes an extension of the existing federated ...
Role-and relationship-based identity management for privacy-enhanced E-Iearning
An e-learning discussion forum, an essential component of today's e-learning systems, offers a platform for social learning activities. However, as learners participate in the discussion forum, privacy emerges as a major concern. Privacy concerns in ...
k-anonymity: a model for protecting privacy
Consider a data holder, such as a hospital or a bank, that has a privately held collection of person-specific, field structured data. Suppose the data holder wants to share a version of the data with researchers. How can a data holder release a version ...
Comments