A Public Comment on NCCoE's White Paper on Privacy-Enhancing Identity Brokers
Lu\'is T. A. N. Brand\~ao, Nicolas Christin, George Danezis
TL;DR
This paper provides critical feedback on NCCoE's white paper regarding privacy-enhancing identity brokers, emphasizing privacy, security, and auditability concerns based on recent research and proposing improvements.
Contribution
It offers a detailed critique and recommendations for designing privacy-preserving identity brokering solutions, highlighting key considerations for privacy, security, and forensic capabilities.
Findings
Identified privacy and security concerns in current identity broker designs
Recommended incorporating auditability and forensics into privacy solutions
Based suggestions on recent research on nation-scale identification systems
Abstract
The National Cybersecurity Center of Excellence (NCCoE) (in the United States) has published on October 19, 2015, a white paper on "privacy-enhanced identity brokers." We present here a reply to their request for public comments. We enumerate concerns whose consideration we find paramount for the design of a privacy-enhancing identity brokering solution, for identification and authentication of citizens into myriad online services, and we recommend how to incorporate them into a revised white paper. Our observations, focused on privacy, security, auditability and forensics, are mostly based on a recently published research paper (PETS 2015) about two nation-scale brokered identification systems.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsInternet Traffic Analysis and Secure E-voting · Privacy-Preserving Technologies in Data · Privacy, Security, and Data Protection