The information requested to users to create digital identities is based on ... of life of the digital pseudonym identity card and the issuer's digital signature. .... Identity certificate is the most popular way to authenticate an individual in internet.
IADIS International Conference e-Commerce 2006
DIGITAL PSEUDONYM IDENTITY CARD TO CREATE DIGITAL IDENTITIES Rafael Martínez-Peláez, Francisco J. Rico-Novella, Victor Morales-Rocha Technical University of Catalonia, Department of Telematics Engineering C/Jordi Girona 1 i 3, C3, D-214, 08034, Barcelona, Spain
Monica Huerta Simon Bolivar University Sartenejas, Baruta, Edo. Miranda, 89000, Caracas, Venezuela
ABSTRACT Today, individuals provide the same specific and sensible personal identifiable information to each company that they want to establish a relationship. This information is stored and used to create an identifier associated to each user call digital identity. The use of web template for companies to request the individuals’ information implies many security risks for both individual and company. On one hand, internet users can be victims of the identity theft attack. On the other hand, companies cannot prove the validity and legitimacy of the information received from the individual. We propose a digital pseudonym identity card to minimize the risks in the process to provide personal identifiable information. Our approach can be used as a secure and portable means to disclose sensitive information in internet. The information stored in the digital pseudonym identity card can be verifiable by the receptor. In addition, our proposal avoids binding a user from Internet to real world. KEYWORDS Digital Identity, Identity Theft, Network Smart Card
1. INTRODUCTION The means to identify a user on the web system is using a pseudonym called digital identity. The digital identity is the electronic representation of the user’s identity in a specific web system (Damiani et al., 2003; Goldberg, 2003). The digital identity establishes a relationship between the owner and the web system issuer. The information requested to users to create digital identities is based on specific and particular business interests of the companies known as user profile (Koch and Wörnd, 2001). The user profile can be used to improve internal administrative functions, to customize services, and to create trust domains. The current process to obtain a digital identity implies the deliberation of individuals’ personal identifiable information to the web system. This action represents tremendous risks to their privacy and anonymity. First, the information collected by the web system is stored for a long time and eventual can be disclosed for other processes. An attacker can obtain personal information of the victim; with this data, the attacker can make the following attacks: identity theft, identity supplanted, fraudulent transactions, and publications of identities (Martínez et al., 2006). Finally, the users’ online actions can be supervised for authorized or unauthorized parties collecting data without authorization. At the same time, the companies are vulnerable to receive attacks based on the identity theft problem. The impersonation is one of the most popular attacks achieved for any individual how know the necessary information about the victim. Thus, the attacker can send the information to one or more web systems. Due to the company does not have any proof about the legitimacy and validity of the information received, it cannot know if the individual how provided the information is who claim to be. This case is similar, when the web system received a payment by a credit card, the company does not have idea if the user is the real owner or an attacker.
313
ISBN: 972-8924-23-2 © 2006 IADIS
In order to increase the security on web systems, the individuals must to have more control over the information disclosed to web system, keep their name anonym, and their personal identifiable information privacy. The companies should be able to prove the validity and legitimacy of the information received from the individual, and can trace the user in the real world. We want to reduce the identity theft problem, to maintain anonymous the identity of the web system users, and to bring privacy in internet. We propose a secure scheme to disclose personal identifiable information to web system. The scheme is an electronic data structure that contains the most personal identifiable information used for different web systems today. The data structure is stored in a network smart card (Montgomery et al., 2004). The interoperability between different operating systems is guarantying for two reasons: first, the digital pseudonym identity card contains the less individual’s information required by the web systems; second, the use of network smart card minimize the installation of additional middleware, API’s or software modifications. In our scheme, the individual decides which personal identifiable information wants to contain the digital pseudonym identity card for sending to the web system. The name of the individual is keeping anonym. The web system can be sure that the information is valid. Additional, the web system can corroborate if the digital pseudonym identity card is valid or not. The organization of this paper is as follows. We present a description of our proposal in section 2. We present a security analysis in section 3. In section 4, we describe the related works. We conclude in section 4.
2. DIGITAL PSEUDONYM IDENTITY CARD In (Chaum, 1984) explain the use of individual’s identification in each online transaction and its relevance on different scenarios like electronic payments. We want to bring a new means to provide personal identifiable information to internet users. The main idea of the scheme is that the individuals can disclose their information to each web system where them want to establish a business relationship. The aims in our proposal can be summarized as follows: • Allow creating digital identities • Allow disclosing authenticity and legitimacy identifiable information • Allow limiting the quantity of information disclosed • Allow maintaining the individual’s anonymity • Avoid the identity theft attack • Prevent the transfer of pseudonym
Digital pseudonym identity card scheme Our scheme enables individuals to create many digital identities in different web systems with a minimal effort. The authenticity of the information stored in the digital pseudonym identity card is guarantee by the issuer’s digital signature. With the issuer’s digital signature, the owner of the digital pseudonym identity card can prove the authenticity of his/her information. For the other hand, the company can be sure about the legitimacy of a new user. In fig. 1 is shown the digital pseudonym identity card structure. The digital pseudonym identity card is divided in the following sections: • The general information section contains the owner’s pseudonym name, the name of the issuer, the cycle of life of the digital pseudonym identity card and the issuer’s digital signature. • The personal information section of the scheme contains the owner’s personal identifiable information such as delivery address, city, state, ZIP code, contact telephone and e-mail address. • The payment information section stores the necessary information (credit card number, CVV2 number, expiration date and brand) to make payments by internet using credit cards. • The interest information section stores additional information as favorite sports and activities in internet.
Properties of pseudonym identity card • Integrity: modification of information is detected. • Linkable: a company can link a user in the real world for legal actions. • Mobility: the pseudonym identity card is interoperable with different operating systems.
314
IADIS International Conference e-Commerce 2006
• Monitoring: authorities and companies can audit the user’s actions without affect his/her privacy. • Revocation: the digital pseudonym identity card can be revoke by the issuer. • Renovation: the owner can renovate his/her pseudonym identity card and decide which information is adding or remove. • Time limit: is the cycle of life of the digital pseudonym identity card, indicates the expiration date.
Figure 1. Digital pseudonym identity card structure
Registration process The registration process is a subset of components in the real world. It is used to collect individuals’ information and give them the network smart card (Martínez et al., 2006). At the end of the process, the individuals should able to disclose their information to any web system with more security. We described the components and participants involved in this phase. The enrollment process is illustrated in fig. 2. • Network smart card: it is used to establish a secure channel with the web server, and store sensitive information. • Digital pseudonym identity card: it is used to bind the entire individual’s personal identifiable information in electronic data structure with the issuer digital signature. The main participants in the registration process are the following: • Network smart card issuer: responsible for providing the network smart card. • Network smart card administrator: its functions are configuring the security parameters that will be used by the network smart card. • Digital pseudonym identity card issuer: this entity provides all the digital pseudonym identity cards. It is responsible to validate the individual’s information. • Digital pseudonym identity card administrator: its function is defining the individual’s pseudonym and developing the individual’s digital pseudonym identity card. • User: is the beneficiary of the scheme.
Enrollment process A new individual submits his/her identity to digital pseudonym identity card issuer for registration. The individual perform the following steps: 1. Individual goes before network smart card issuer. 2. Individual proves his/her identity using some official personal identification, e.g. passport. 3. Individual provides personal identifiable information to digital pseudonym identity card. 4. Digital pseudonym identity card issuer verifies and validates the legitimacy of the information store. 5. Digital pseudonym identity card issues digital pseudonym identity card. 6. Digital pseudonym identity card is stored on individual’s network smart card. 7. Network smart card administrator configures the logical access control to network smart card such as PIN.
315
ISBN: 972-8924-23-2 © 2006 IADIS
Figure 2. Process to obtain the digital pseudonym identity card
As the individual decides which information will appear in the digital pseudonym identity card and which not; he can choose the address of this job as contact address instead of the address of his house. By this way the individual can maintain certain level of privacy. The digital pseudonym identity card issuer knows all the information about the individual, and in the case to make a fraud or illegal activities it must reveal the necessary information to the authorities.
General vision of the information work flow The general flow of information is shown in fig. 3. The diagram represents the flow of information between the involved entities user, network smart card, web system, and digital pseudonym identity card issuer. We assume that the connection between the network smart card and web system is secure using SSL protocol. 1. The user is authenticated before the network smart card. 2. The user decides to create a digital identity on a web system. 3. The user initializes the process to create a digital identity. 4. The web system requests the individual’s personal identifiable information. 5. The digital pseudonym identity card is send to web system from the network smart card. 6. The web system receives the digital pseudonym identity card signed by the issuer. 7. The web system verifies the issuer’s digital signature. If it is correct, the web system stores the digital pseudonym identity card and sends the digital identity to user’s network smart card. Otherwise, the transaction is finalized. 8. The digital identity is stored in the network smart card. 9. The web system can contact to digital pseudonym identity card issuer if it requires bind a user in the real. 10. The digital pseudonym identity card issuer must to reveal the user’s name and other information.
Figure 3. General process to create a digital identity using our scheme
316
IADIS International Conference e-Commerce 2006
3. SECURITY ANALYSIS In the authentication process the trusted third party verifies and validates the legitimacy of the individual’s information. By this process, every time when the individual provides his/her information to any web system will be authentic. The integrity of the information is guaranteed by the issuer’s digital signature. Moreover, the identity theft attack is minimized because the information is stored in a secure tamper-resistant device (network smart card). If an attacker can obtain the network smart card he cannot knows the individual’s information without the knowledge of the correct PIN. The man in the middle attack is reduced by the establishment of a secure channel between the network smart card and web system using SSL protocol. A keystroke attack is reduced considerable because the user does not key sensitive information. Although, an attacker can obtain the PIN number of the network smart card, he must obtain the physical network smart card. If an individual lost his/her network smart card, he can report it to the trusted third party and the digital pseudonym identity card will be canceled. Other advantage of our proposal is the option to store new digital identities in the network smart card improving the security and reducing risks in internet. Additionally, the receiver can improve the identity management. The web system can know if a user tries to create a second digital identity. The users’ information store in the system is valid. The web system can bind a user in the real world through the digital pseudonym identity card issuer.
4. RELATED WORKS Identity certificate is the most popular way to authenticate an individual in internet. The identity certificate binds the name (can be pseudonym or real) of the owner with his/her public key. The identity certificate can be used to identify the owner as a member of a specific organization. Unfortunately, the identity certificate does not contain personal identifiable information that can be used to create digital identities in internet. Moreover, the purpose of the identity certificate is sharing cryptography parameters to establish a secure channel, and secure relationships between entities. Small set of papers emphasizing anonymity and privacy issues in provide individual’s personal information to other entity in internet. Recently, HongQian and Asad (2004) proposed a new secure scheme to provide confidential information in internet. The scheme avoids the identity theft attack. The scheme does not contemplate a credential or card to store personal information. In (Koch and Wörndl, 2001) propose identity management architecture where individuals can personalize their user profile. The user profile structure contains personal identifiable information without anonymity. The privacy of individual’s information is guaranteed by the trust center signature and the payment information is signed by bank. The portability of the profile is achieved by the ID-Repository.
5. CONCLUSIONS We have presented a digital pseudonym identity card to allow individuals provide their personal identifiable information to many web systems. The individuals maintain their real name anonym and personal identifiable information privacy. Moreover, the integrity of the information is guaranteed by the issuer’s signature. The companies can have a high level of trust about the authenticity of the user’s information stored. In addition, the scheme presented provides a new option to improve the security in identity management system. Additionally, the companies can bind an individual from Internet to the real world. Our future work will be center in two ways. First, we will design a new scheme to sign the digital pseudonym identity card to improve the anonymity. Second, we will work in developing of the electronic data structure.
ACKNOWLEDGMENT This work has been partially supported by the Spanish Research Council (CICYT) under the project SECONNET (TSI2005-07293-C02-01), and graduate scholarship from CONACyT (México).
317
ISBN: 972-8924-23-2 © 2006 IADIS
REFERENCES Chaum, D., 1981. Untraceable electronic mail, return addresses, and digital pseudonyms. In communications of the ACM, Vol. 24, pp. 84-88. Chaum, D., 1984. A New Paradigm for Individuals in the Information Age. In IEEE Symposium on Security and Privacy, pp. 99-106. Damiani, E., De Capitani di Vimercati, S., and Smarati, P., 2003. Managing Multiple and Dependable Identities. In IEEE Internet Computing, Vol. 7, No. 6, pp. 29-37. Goldberg, I., 2003. Privacy-Enhancing Technologies for the Internet, II: Five Years Later. In PET 2002 Workshop on Privacy-Enhancing Technologies, pp.1-12. HongQian, K. L., and Asad, A., 2004. Prevent Online Identity Theft –Using Network Smart Cards for Secure Online Transactions-. In Information Security Conference, LNCS 3225, pp. 342-353. Koch, M., and Wörndl, W., 2001. Community Support and Identity Management. In Proceedings of the Seventh European Conference on Computer Supported Cooperative Work. Bonn, Germany, pp. 319-338. Matínez-Peláez, R., Rico-Novella, F. J., and Zarza-López, L. A., 2006. Digital Pseudonym Identity for e-Commerce. In Proceedings of the International Conference on Security and Cryptography. Setúbal, Portugal, pp. 91-94. Martínez-Peláez, R., Rico-Novella, F. J., Cano, J. E., and Morales, V. M., 2006. Infrastructure based on Smart Cards to improve the Security in e-Commerce. In Proceedings of the e-Smart 2006. Nice, France. Montgomery, M., Ali, A. M., and Lu, H. K., 2004. Secure Network Card – Implementation of a Standard Network Stack in a Smart Card –. In IFIP Conf. on Six Smart Card Research and Advanced Application. Pfitzmann, A., and Waidner, M., 1985. Networks without user observability –design options. In Proceedings of EUROCRYPT, LNCS 219, pp. 245-253.
318
