There is an enormous amount of sensitive information that is exchanged and stored among internet services for a variety of purposes - ecommerce, internet banking, social networking etc. It has become extremely easy to share this sensitive information indirectly withother services. In monolithic systems users would have to establish a new identity credential for each service, but digital identities can be shared among services, sometimes without the consent or knowledge of the owner of the digital identity. Federated identity management frameworks serve to increase trusted portability of identity information across multiple domains, and this notion has been embraced by various initiatives such as The National Strategy for Trusted Identities in Cyberspace (NSTIC), Kantara Initiative, and OpenID among others.
Biometric systems use information like fingerprints and face images, which is considered to be personally identifiable information (PII), and this raises some very important questions in the context of federated identity management.
- Where is the biometric data going to be stored?
- Who is the eventual owner of this information?
- With whom will this information be shared?
- How will this information be used?
Reducing the risk of unwitting exposure of PII in a federated framework requires alignment of security controls and privacy policies. Security analysis in the biometrics domain is quite a well researched area focused mainly on: sub-components of the biometric system (acquisition, feature extraction, feature storage, feature matching and decision making), transmission of data between the different sub-components and biometric processes (enrollment and recognition). This analysis is sufficient for self-contained monolithic systems, but not for biometric systems which are part of an identity ecosystem. Such analysis is excellent for creating security controls which protects “data at rest” and “data in use”, but it does not lend context to data. Questions such as if a matching operation on biometric data is authorized, or if processed biometric data can be stored in multiple locations, including mobile devices cannot be answered efficiently and in scalable manner using existing security analysis techniques. In the light of such questions biometric system security analysis is necessary, but is no longer sufficient.
Information Lifecycle Management (ILM) provides a means of enforcing security controls on each phase of the information lifecycle. ILM has been used effectively to manage enterprise information assets in distributed systems. Security analysis of all stages of the information lifecycle can provide insight into vulnerabilities at each stage of the lifecycle and appropriate control objectives that should be applied. The information flow model can be extended to map transitions from one stage to the next as well as transfer from one system to another. There are several benefits of creating a security analysis framework based on such a model:
- Discovery: Mapping out possible information flow routes as information transitions between stages of the information lifecycle and between different systems
- Compliance: Translating policy statements into enforceable security controls thereby ensuring compliance
- Monitoring: Identifying current state of various information assets
Privacy is another key element which has to be addressed in a federated framework. The goal should be to allow users to determine what information is revealed to whom and for what purposes, and prevent function creep on a user’s PII. Dr. Ann Cavoukian, Information and Privacy Commissioner of Ontario, Canada, has proposed Privacy By Design which seeks to give user’s greater control over their personal information while allowing businesses to achieve their objectives.
To fully realize the potential of distributed identity services, specially ones that use PII to establish a digital identity, these services will need to earn their user’s complete confidence and trust. Over the next few weeks I will expand on the various themes that were brought up in this posting. Please feel free to leave a comment here or on Twitter.
No comments:
Post a Comment