Towards Hiding Federated Digital Identity: StopDissemination Mechanism in Content-Centric Networking Amine Elabidi
Ghazi Ben Ayed
CRISTAL Lab, ENSI School of Engineering, University of Manouba, Tunisia
[email protected]
Information Systems Institute, Faculty of Business and Economics, University of Lausanne, CH-1015, Switzerland
[email protected]
ABSTRACT Evolving from a document-centered into a service and datacentered World Wide Web, Web of data, requires a better user’s digital identity protection and management. The permanence nature of digital identity entails loss of user’s control over distributed identity attributes and privacy breaches. In this paper, we propose an innovative Stop-Dissemination mechanism that is built on the basis of data expiration date techniques coupled with the promising content centric networking (CCN) capabilities. Two use cases are detailed to explain the mechanism in order to have low permanence of federated digital identity documents.
Categories and Subject Descriptors C.2.6 [Computer-Communication Networks]: Internetworking – Routers, D.2.11 [Software Engineering]: Software Architectures – Information hiding, K.6.5 [Management of Computing and Information Systems]: Security and Protection, and K.4.1 [Computers and Society]: Public Policy Issues – Privacy.
General Terms Design, Security.
Keywords Federated digital identity, content-centric networking, user’s identity control, identity hiding mechanism.
1. INTRODUCTION Rich and famous people still remember the ancient proverb “to live happily, live discreetly”. Living hidden or in secret is used to be a common way to camouflage the belongings and to deter envious gold diggers. Today, Web users are increasingly leaving trails on the net and most online service providers memorize, access and exploit ‘Web of trails’ for their own commercial benefits. In the offline world, identity and privacy issues arise from the blurring boundaries between the public and private
Sonia Mettali Gammar CRISTAL Lab, ENSI School of Engineering, University of Manouba, Tunisia
[email protected]
Farouk Kamoun CRISTAL Lab, ENSI School of Engineering, University of Manouba, Tunisia
[email protected]
spheres of the individual existence. However, in the online world, data collection is crossing the boundaries of space and time, with data about humans starting from pre-natal diagnostics to retirement daily life. Additionally, ubiquity is creating new opportunities for crossing more borders: natural, social, spatial, and temporal borders. Therefore, information regarding individual identities is becoming an increasingly valuable commodity and protecting identities has become an urgent need [1-5]. Protection of personal data, privacy and security of identity information can be achieved through identity hiding, which means making personal information less visible and more discreet. Currently, online journeys contain digital trails that are memorized by the network, while users are browsing the Web. Users can disclose their identity either by own wish (e.g., to share information with their friends in social networks) or by force (e.g., in order to make online transactions). No matter if information was disclosed voluntary or by force, once published, the user loses control over it and does not have rights to change or delete them. In this paper, we address the issue of losing control over identity information once users publish it in electronic form. We aim to deal with the question: how personal information’s expiration date in the content-centric internetworking infrastructures could help to make users’ identities less visible? Having identity less visible would provide to a user more control over it and therefore increases its security level. The reminder of the paper is organized as follows. In section 2, we provide an overview of the digital identity-related basic concepts and issues. We highlight contextual and permanence nature of digital identity that leads to loss of user’s control over identity attributes. In section 3, we introduce data centric paradigm and we detail the description of the Content Centric Networking (CCN) approach by focusing on hierarchical names and name resolution process. In section 4, we propose and explain through two use cases expiration date-based stopdissemination mechanism. Finally, we conclude in section 5 and highlight future work that can be conducted to enhance the proposed solution.
2. DIGITAL IDENTITY & PERMANENCE Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. SIN’11, November 14–19, 2011, Sydney, Australia. Copyright 2011 ACM 978-1-4503-1020-8/11/11...$10.00.
The notion of identity is evolving over time. Several decades ago, the declaration of an individual’s name, sometimes accompanied by the name of the city or village, was sufficient to prove his identity. Today, the evolution of computing has promoted automating aspects of human interaction such as online business and communication through social networks and email. The new reality prompted the need of digital identity, which is a human