Irrespective of the type of information being stored in cloud systems, there is a growing demand to give user's control over their information. What typically used to involve assurance of confidentiality, integrity and availability of systems now has an added dimension of information flow among various systems, and ability of these systems to use 3rd party information for a range of services. When you view biometric information, which will eventually be used for identity and access management services, through this construct the need to provide user's control over their PII, or atleast be assured of how the data is being used, becomes evident. The biometric template protection standard (ISO/IEC 24745) has proposed a framework to provide information privacy to end users by creating a five stage information lifecycle as a basis for enforcement. The lifecycle comprises of the following stages: data collection, data storage, data usage, data archiving and data disposal. The application of this lifecycle to a state transition model provides a basis for a variety of complex privacy and security discussions. This idea is discussed in depth in this paper, and given below is a simple example of how to use the state transition model for analyzing biometric information privacy and security.
Consider an OpenID solution based on biometrics where the relying party, or the consuming service, is a financial institution and the identity provider is a separate service. Also assume there exists a policy which does not allow the identity service provider to store the data collected for verification purposes, but allows it store data collected during enrolment. The normal use case for such a solution would require the user to first enrol with identity service provider where the biometric information is collected and then stored for future use. When the user wants to access his financial institution, he is redirected to the identity service provider to verify his credentials. The identity service provider compares the biometric samples and provides a pass/fail answer to the financial institution, which then decides if the user can access its services. The state transition models for this use case is shown in Figure 1.
No doubt this is an extremely simple example, and more complex solutions can use the model for analyzing effectiveness of security controls and identifying vulnerabilities by mapping the flow of biometric information using a state transition model. This model could be useful when the technical architecture is being designed for a solution, or also as a real time detection and prevention control based on the state transition rules that are allowed for the biometric information. How to implement this framework in an automated manner that is efficient and practical is an open challenge, and it would be great to hear thoughts about a practical way of implementing it.
As always, thoughts and comments are much appreciated!
No comments:
Post a Comment