The OLYMPUS Architecture—Oblivious Identity Management for Private User-Friendly Services

Privacy enhancing technologies (PETs) allow to achieve user’s transactions unlinkability across different online Service Providers. However, current PETs fail to guarantee unlinkability against the Identity Provider (IdP), which becomes a single point of failure in terms of privacy and security, and...

Descripción completa

Detalles Bibliográficos
Autores principales: Torres Moreno, Rafael, Bernal Bernabe, Jorge, García Rodríguez, Jesús, Kasper Frederiksen, Tore, Stausholm, Michael, Martínez, Noelia, Sakkopoulos, Evangelos, Ponte, Nuno, Skarmeta, Antonio
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2020
Materias:
Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7038966/
https://www.ncbi.nlm.nih.gov/pubmed/32050726
http://dx.doi.org/10.3390/s20030945
_version_ 1783500739383918592
author Torres Moreno, Rafael
Bernal Bernabe, Jorge
García Rodríguez, Jesús
Kasper Frederiksen, Tore
Stausholm, Michael
Martínez, Noelia
Sakkopoulos, Evangelos
Ponte, Nuno
Skarmeta, Antonio
author_facet Torres Moreno, Rafael
Bernal Bernabe, Jorge
García Rodríguez, Jesús
Kasper Frederiksen, Tore
Stausholm, Michael
Martínez, Noelia
Sakkopoulos, Evangelos
Ponte, Nuno
Skarmeta, Antonio
author_sort Torres Moreno, Rafael
collection PubMed
description Privacy enhancing technologies (PETs) allow to achieve user’s transactions unlinkability across different online Service Providers. However, current PETs fail to guarantee unlinkability against the Identity Provider (IdP), which becomes a single point of failure in terms of privacy and security, and therefore, might impersonate its users. To address this issue, OLYMPUS EU project establishes an interoperable framework of technologies for a distributed privacy-preserving identity management based on cryptographic techniques that can be applied both to online and offline scenarios. Namely, distributed cryptographic techniques based on threshold cryptography are used to split up the role of the Identity Provider (IdP) into several authorities so that a single entity is not able to impersonate or track its users. The architecture leverages PET technologies, such as distributed threshold-based signatures and privacy attribute-based credentials (p-ABC), so that the signed tokens and the ABC credentials are managed in a distributed way by several IdPs. This paper describes the Olympus architecture, including its associated requirements, the main building blocks and processes, as well as the associated use cases. In addition, the paper shows how the Olympus oblivious architecture can be used to achieve privacy-preserving M2M offline transactions between IoT devices.
format Online
Article
Text
id pubmed-7038966
institution National Center for Biotechnology Information
language English
publishDate 2020
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-70389662020-03-09 The OLYMPUS Architecture—Oblivious Identity Management for Private User-Friendly Services Torres Moreno, Rafael Bernal Bernabe, Jorge García Rodríguez, Jesús Kasper Frederiksen, Tore Stausholm, Michael Martínez, Noelia Sakkopoulos, Evangelos Ponte, Nuno Skarmeta, Antonio Sensors (Basel) Article Privacy enhancing technologies (PETs) allow to achieve user’s transactions unlinkability across different online Service Providers. However, current PETs fail to guarantee unlinkability against the Identity Provider (IdP), which becomes a single point of failure in terms of privacy and security, and therefore, might impersonate its users. To address this issue, OLYMPUS EU project establishes an interoperable framework of technologies for a distributed privacy-preserving identity management based on cryptographic techniques that can be applied both to online and offline scenarios. Namely, distributed cryptographic techniques based on threshold cryptography are used to split up the role of the Identity Provider (IdP) into several authorities so that a single entity is not able to impersonate or track its users. The architecture leverages PET technologies, such as distributed threshold-based signatures and privacy attribute-based credentials (p-ABC), so that the signed tokens and the ABC credentials are managed in a distributed way by several IdPs. This paper describes the Olympus architecture, including its associated requirements, the main building blocks and processes, as well as the associated use cases. In addition, the paper shows how the Olympus oblivious architecture can be used to achieve privacy-preserving M2M offline transactions between IoT devices. MDPI 2020-02-10 /pmc/articles/PMC7038966/ /pubmed/32050726 http://dx.doi.org/10.3390/s20030945 Text en © 2020 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (http://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Torres Moreno, Rafael
Bernal Bernabe, Jorge
García Rodríguez, Jesús
Kasper Frederiksen, Tore
Stausholm, Michael
Martínez, Noelia
Sakkopoulos, Evangelos
Ponte, Nuno
Skarmeta, Antonio
The OLYMPUS Architecture—Oblivious Identity Management for Private User-Friendly Services
title The OLYMPUS Architecture—Oblivious Identity Management for Private User-Friendly Services
title_full The OLYMPUS Architecture—Oblivious Identity Management for Private User-Friendly Services
title_fullStr The OLYMPUS Architecture—Oblivious Identity Management for Private User-Friendly Services
title_full_unstemmed The OLYMPUS Architecture—Oblivious Identity Management for Private User-Friendly Services
title_short The OLYMPUS Architecture—Oblivious Identity Management for Private User-Friendly Services
title_sort olympus architecture—oblivious identity management for private user-friendly services
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC7038966/
https://www.ncbi.nlm.nih.gov/pubmed/32050726
http://dx.doi.org/10.3390/s20030945
work_keys_str_mv AT torresmorenorafael theolympusarchitectureobliviousidentitymanagementforprivateuserfriendlyservices
AT bernalbernabejorge theolympusarchitectureobliviousidentitymanagementforprivateuserfriendlyservices
AT garciarodriguezjesus theolympusarchitectureobliviousidentitymanagementforprivateuserfriendlyservices
AT kasperfrederiksentore theolympusarchitectureobliviousidentitymanagementforprivateuserfriendlyservices
AT stausholmmichael theolympusarchitectureobliviousidentitymanagementforprivateuserfriendlyservices
AT martineznoelia theolympusarchitectureobliviousidentitymanagementforprivateuserfriendlyservices
AT sakkopoulosevangelos theolympusarchitectureobliviousidentitymanagementforprivateuserfriendlyservices
AT pontenuno theolympusarchitectureobliviousidentitymanagementforprivateuserfriendlyservices
AT skarmetaantonio theolympusarchitectureobliviousidentitymanagementforprivateuserfriendlyservices
AT torresmorenorafael olympusarchitectureobliviousidentitymanagementforprivateuserfriendlyservices
AT bernalbernabejorge olympusarchitectureobliviousidentitymanagementforprivateuserfriendlyservices
AT garciarodriguezjesus olympusarchitectureobliviousidentitymanagementforprivateuserfriendlyservices
AT kasperfrederiksentore olympusarchitectureobliviousidentitymanagementforprivateuserfriendlyservices
AT stausholmmichael olympusarchitectureobliviousidentitymanagementforprivateuserfriendlyservices
AT martineznoelia olympusarchitectureobliviousidentitymanagementforprivateuserfriendlyservices
AT sakkopoulosevangelos olympusarchitectureobliviousidentitymanagementforprivateuserfriendlyservices
AT pontenuno olympusarchitectureobliviousidentitymanagementforprivateuserfriendlyservices
AT skarmetaantonio olympusarchitectureobliviousidentitymanagementforprivateuserfriendlyservices

Ejemplares similares