Brandão, LTAN;
Christin, N;
Danezis, G;
(2015)
Toward Mending Two Nation-Scale Brokered Identification Systems.
Proceedings on Privacy Enhancing Technologies
, 2015
(2)
pp. 135-155.
10.1515/popets-2015-0022.
![[thumbnail of popets-2015-0022.pdf]](https://discovery.ucl.ac.uk/style/images/fileicons/text.png) Preview |
Text
popets-2015-0022.pdf Available under License : See the attached licence file. Download (680kB) |
Abstract
Available online public/governmental services requiring authentication by citizens have considerably expanded in recent years. This has hindered the usability and security associated with credential management by users and service providers. To address the problem, some countries have proposed nation-scale identification/authentication systems that intend to greatly reduce the burden of credential management, while seemingly offering desirable privacy benefits. In this paper we analyze two such systems: the Federal Cloud Credential Exchange (FCCX) in the United States and GOV.UK Verify in the United Kingdom, which altogether aim at serving more than a hundred million citizens. Both systems propose a brokered identification architecture, where an online central hub mediates user authentications between identity providers and service providers. We show that both FCCX and GOV.UK Verify suffer from serious privacy and security shortcomings, fail to comply with privacy-preserving guidelines they are meant to follow, and may actually degrade user privacy. Notably, the hub can link interactions of the same user across different service providers and has visibility over private identifiable information of citizens. In case of malicious compromise it is also able to undetectably impersonate users. Within the structural design constraints placed on these nation-scale brokered identification systems, we propose feasible technical solutions to the privacy and security issues we identified. We conclude with a strong recommendation that FCCX and GOV.UK Verify be subject to a more in-depth technical and public review, based on a defined and comprehensive threat model, and adopt adequate structural adjustments.
| Type: | Article |
|---|---|
| Title: | Toward Mending Two Nation-Scale Brokered Identification Systems. |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1515/popets-2015-0022 |
| Publisher version: | http://dx.doi.org/10.1515/popets-2015-0022 |
| Language: | English |
| Additional information: | © Luís T. A. N. Brandão et al.. This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 3.0 License. (CC BY-NC-ND 3.0) |
| Keywords: | NSTIC, IDAP, identification, authentication, surveillance, privacy enhancing technologies, secure two-party computation |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/1469541 |
Archive Staff Only
 |
View Item |
