Authors:
Bernd Zwattendorfer
and
Daniel Slamanig
Affiliation:
Graz University of Technology (TUG), Austria
Keyword(s):
STORK, PEPS, Public Cloud, eID, eID Federation, Privacy-preservation, Proxy Re-encryption.
Related
Ontology
Subjects/Areas/Topics:
Data and Application Security and Privacy
;
Identification, Authentication and Non-Repudiation
;
Identity Management
;
Information and Systems Security
;
Privacy
;
Security and Privacy in the Cloud
Abstract:
The STORK framework – enabling secure eID federation across European countries – will be the dominant identification and authentication framework across Europe in the future. While still in its start up phase, adoption of the STORK framework is continuously increasing and high loads can be expected, since, theoretically, the entire population of the European Union will be able to run authentications through this framework. This can easily lead to scalability issues, especially for the proxy-based (PEPS) approach in STORK, which relies on a central gateway being responsible for managing and handling citizen authentications. In order to mitigate
the associated scalability issues, the PEPS approach could be moved into the public cloud. However, a move of a trusted service into the public cloud brings up new obstacles, especially with respect to citizens’ privacy. In this paper we propose an approach how this move could be successfully realized by still preserving citizens’ privacy and
keeping existing national eID infrastructures untouched. We present the approach in detail and evaluate its capability with respect to citizens’ privacy protection as well as its practicability. We conclude, that
the proposed approach is a viable way of realizing an efficient and scalable Pan-European citizen identification and authentication framework.
(More)