Doubtless Identification and Privacy Pre-serving of User in Cloud Systems - Prof. Dr. Norbert Pohlmann
Doubtless Identification and Privacy Pre-serving of User in Cloud Systems | |
C. Engling, E. Ernst, H. Jäger, A. González Robles, N. Pohlmann:, Present paper addresses the common challenge of compliant verification of electronic identities (eID) with legal certainty. The latter is of particular importance for banks, financial institutions, and public authorities. To ensure confidentiality, provider-proof cloud systems are a technical solution. However, they must also ensure privacy for communication from system to system. With this document, we shall highlight, based on said challenge, our motives and pinpoint the objective of the Verifi-eID research project and its implementation. We shall then address legal considerations, followed by commonly applied provider-proof cloud security and identification measures. Lastly, we shall illuminate a possible solution, followed by a summary When information is exchanged or business is done online, being able to identify all users un-equivocally and securely is imperative [Kros14]. Certified security allows bank customers, for example, to be able to verify whether they are actually accessing the proper website when con-ducting financial transactions. In turn, banks verify clients’ actual IDs up front via prior face-to-face identification by demanding their user IDs and passwords, followed by re-mote access user confirmation for transaction. In doing so, banks inevitably recognize the mandatory user infor-mation and transaction content. Yet today’s customary cloud computing authentication methods have multiple serious drawbacks: Large-scale cloud providers can all access a user’s confidential data, not to mention metadata. The latter even includes file names and types. Providers are also able to distinguish who accesses which files. Normally, providers cannot exclude that internal staff, e.g. a system administrator, accesses data without authorization. Storing or processing con-fidential or personally identifiable third-party data, in particular, does not comply with strict German data privacy legislation Weitere Informationen zum Thema “Identifikation”:Artikel: Vorlesung: „Identifikation und Authentifikation“ Informationen über das Lehrbuch: „Cyber-Sicherheit“ kostenlos downloaden | |