Privacy-preserving attribute aggregation in eID federations

Walter Priesnitz Filho, Carlos Ribeiro, Thomas Zefferer

Publikation: Beitrag in einer FachzeitschriftArtikelForschungBegutachtung

Abstract

Personalized electronic services, e.g. from the e-government domain, need to reliably identify and authenticate users. During user-authentication processes, the electronic identity of the respective user is determined and required additional attributes, e.g. name and date of birth, linked to this identity are collected. This attribute-collection process can become complex, especially if required attributes are distributed over various attribute providers that are organized in a federated identity-management system. In many cases, these identity management systems rely on different ontologies and make use of different languages. Hence, identity federations, such as the one currently established across the European Union, require effective solutions to collect user attributes from different heterogeneous sources and aggregate them to a holistic user facet. At the same time, these solutions need to comply with minimum disclosure rules to preserve users’ privacy. In this article, we propose and introduce a solution for privacy-preserving attribute aggregation. Our solution combines attributes from different domains using ontology alignment and makes use of locality sensitive hashing functions to preserve users’ privacy. Evaluation results obtained from conducted experiments demonstrate our solution's advantages for both, service providers and users. While service providers can be provided with a larger set of attributes, users remain in full control of their data and can decide on which of their attributes shall be revealed.

Originalspracheenglisch
Seiten (von - bis)1-16
Seitenumfang16
FachzeitschriftFuture Generation Computer Systems
Jahrgang92
AusgabenummerVolume 92
DOIs
PublikationsstatusVeröffentlicht - 1 Mär 2019

Fingerprint

Agglomeration
Ontology
Authentication
Experiments
European Union

Schlagwörter

    ASJC Scopus subject areas

    • Software
    • !!Hardware and Architecture
    • !!Computer Networks and Communications

    Dies zitieren

    Privacy-preserving attribute aggregation in eID federations. / Priesnitz Filho, Walter; Ribeiro, Carlos; Zefferer, Thomas.

    in: Future Generation Computer Systems, Jahrgang 92, Nr. Volume 92, 01.03.2019, S. 1-16.

    Publikation: Beitrag in einer FachzeitschriftArtikelForschungBegutachtung

    Priesnitz Filho, Walter ; Ribeiro, Carlos ; Zefferer, Thomas. / Privacy-preserving attribute aggregation in eID federations. in: Future Generation Computer Systems. 2019 ; Jahrgang 92, Nr. Volume 92. S. 1-16.
    @article{a90dcc190e9d42de9f8d7c8064f614c6,
    title = "Privacy-preserving attribute aggregation in eID federations",
    abstract = "Personalized electronic services, e.g. from the e-government domain, need to reliably identify and authenticate users. During user-authentication processes, the electronic identity of the respective user is determined and required additional attributes, e.g. name and date of birth, linked to this identity are collected. This attribute-collection process can become complex, especially if required attributes are distributed over various attribute providers that are organized in a federated identity-management system. In many cases, these identity management systems rely on different ontologies and make use of different languages. Hence, identity federations, such as the one currently established across the European Union, require effective solutions to collect user attributes from different heterogeneous sources and aggregate them to a holistic user facet. At the same time, these solutions need to comply with minimum disclosure rules to preserve users’ privacy. In this article, we propose and introduce a solution for privacy-preserving attribute aggregation. Our solution combines attributes from different domains using ontology alignment and makes use of locality sensitive hashing functions to preserve users’ privacy. Evaluation results obtained from conducted experiments demonstrate our solution's advantages for both, service providers and users. While service providers can be provided with a larger set of attributes, users remain in full control of their data and can decide on which of their attributes shall be revealed.",
    keywords = "Attribute aggregation, Electronic identity, Identity federation, Interoperability, Ontologies, Privacy",
    author = "{Priesnitz Filho}, Walter and Carlos Ribeiro and Thomas Zefferer",
    year = "2019",
    month = "3",
    day = "1",
    doi = "10.1016/j.future.2018.09.025",
    language = "English",
    volume = "92",
    pages = "1--16",
    journal = "Future Generation Computer Systems",
    issn = "0167-739X",
    publisher = "Elsevier B.V.",
    number = "Volume 92",

    }

    TY - JOUR

    T1 - Privacy-preserving attribute aggregation in eID federations

    AU - Priesnitz Filho, Walter

    AU - Ribeiro, Carlos

    AU - Zefferer, Thomas

    PY - 2019/3/1

    Y1 - 2019/3/1

    N2 - Personalized electronic services, e.g. from the e-government domain, need to reliably identify and authenticate users. During user-authentication processes, the electronic identity of the respective user is determined and required additional attributes, e.g. name and date of birth, linked to this identity are collected. This attribute-collection process can become complex, especially if required attributes are distributed over various attribute providers that are organized in a federated identity-management system. In many cases, these identity management systems rely on different ontologies and make use of different languages. Hence, identity federations, such as the one currently established across the European Union, require effective solutions to collect user attributes from different heterogeneous sources and aggregate them to a holistic user facet. At the same time, these solutions need to comply with minimum disclosure rules to preserve users’ privacy. In this article, we propose and introduce a solution for privacy-preserving attribute aggregation. Our solution combines attributes from different domains using ontology alignment and makes use of locality sensitive hashing functions to preserve users’ privacy. Evaluation results obtained from conducted experiments demonstrate our solution's advantages for both, service providers and users. While service providers can be provided with a larger set of attributes, users remain in full control of their data and can decide on which of their attributes shall be revealed.

    AB - Personalized electronic services, e.g. from the e-government domain, need to reliably identify and authenticate users. During user-authentication processes, the electronic identity of the respective user is determined and required additional attributes, e.g. name and date of birth, linked to this identity are collected. This attribute-collection process can become complex, especially if required attributes are distributed over various attribute providers that are organized in a federated identity-management system. In many cases, these identity management systems rely on different ontologies and make use of different languages. Hence, identity federations, such as the one currently established across the European Union, require effective solutions to collect user attributes from different heterogeneous sources and aggregate them to a holistic user facet. At the same time, these solutions need to comply with minimum disclosure rules to preserve users’ privacy. In this article, we propose and introduce a solution for privacy-preserving attribute aggregation. Our solution combines attributes from different domains using ontology alignment and makes use of locality sensitive hashing functions to preserve users’ privacy. Evaluation results obtained from conducted experiments demonstrate our solution's advantages for both, service providers and users. While service providers can be provided with a larger set of attributes, users remain in full control of their data and can decide on which of their attributes shall be revealed.

    KW - Attribute aggregation

    KW - Electronic identity

    KW - Identity federation

    KW - Interoperability

    KW - Ontologies

    KW - Privacy

    UR - http://www.scopus.com/inward/record.url?scp=85054390082&partnerID=8YFLogxK

    U2 - 10.1016/j.future.2018.09.025

    DO - 10.1016/j.future.2018.09.025

    M3 - Article

    VL - 92

    SP - 1

    EP - 16

    JO - Future Generation Computer Systems

    JF - Future Generation Computer Systems

    SN - 0167-739X

    IS - Volume 92

    ER -