Privacy-Preserving Authentication: Theory vs. Practice

• URL: http://arxiv.org/abs/2501.07209v1
• Date: Mon, 13 Jan 2025 11:04:05 GMT
• Title: Privacy-Preserving Authentication: Theory vs. Practice
• Authors: Daniel Slamanig,
• Abstract summary: cryptography offers exciting primitives such as zero-knowledge proofs and advanced signature schemes. Such primitives allow to realize online authentication and authorization with a high level of built-in privacy protection. In this paper, we look at the problems, what cryptography can do, some deployment examples, and barriers to widespread adoption.
• Score: 5.774426685411171
• License:
• Abstract: With the increasing use of online services, the protection of the privacy of users becomes more and more important. This is particularly critical as authentication and authorization as realized on the Internet nowadays, typically relies on centralized identity management solutions. Although those are very convenient from a user's perspective, they are quite intrusive from a privacy perspective and are currently far from implementing the concept of data minimization. Fortunately, cryptography offers exciting primitives such as zero-knowledge proofs and advanced signature schemes to realize various forms of so-called anonymous credentials. Such primitives allow to realize online authentication and authorization with a high level of built-in privacy protection (what we call privacy-preserving authentication). Though these primitives have already been researched for various decades and are well understood in the research community, unfortunately, they lack widespread adoption. In this paper, we look at the problems, what cryptography can do, some deployment examples, and barriers to widespread adoption. Latter using the example of the EU Digital Identity Wallet (EUDIW) and the recent discussion and feedback from cryptography experts around this topic. We also briefly comment on the transition to post-quantum cryptography.

Related papers

• Fingerprinting and Tracing Shadows: The Development and Impact of Browser Fingerprinting on Digital Privacy [55.2480439325792]
  Browser fingerprinting is a growing technique for identifying and tracking users online without traditional methods like cookies. This paper gives an overview by examining the various fingerprinting techniques and analyzes the entropy and uniqueness of the collected data.
  arXiv  Detail & Related papers  (2024-11-18T20:32:31Z)
• Practical Privacy-Preserving Identity Verification using Third-Party Cloud Services and FHE (Role of Data Encoding in Circuit Depth Management) [0.0]
  Governments seek to outsource national digital identity verification systems to third-party cloud services. This leads to increased concerns regarding the privacy of users' personal data. We propose a privacy-preserving digital identity (ID) verification protocol where the third-party cloud services process the identity data encrypted.
  arXiv  Detail & Related papers  (2024-08-15T08:12:07Z)
• Identity Chain [0.0]
  IdentityChain is a novel framework that integrates privacy and accountability principles. The goal is to maintain privacy while ensuring compliance with existing regulations. Privacy and accountability together wouldn't be possible unless advancements in cryptography.
  arXiv  Detail & Related papers  (2024-07-14T13:14:16Z)
• Temporal fingerprints: Identity matching across fully encrypted domain [6.44378713940627]
  Cross domain identity matching is essential for practical applications and theoretical insights into the privacy implications of data disclosure. We demonstrate that individual temporal data, in the form of inter-event times distribution, constitutes an individual temporal fingerprint, allowing for matching profiles across different domains back to their associated real-world entity. Our findings indicate that simply knowing when an individual is active, even if information about who they talk to and what they discuss is lacking, poses risks to users' privacy.
  arXiv  Detail & Related papers  (2024-07-05T08:41:28Z)
• Privacy-preserving Optics for Enhancing Protection in Face De-identification [60.110274007388135]
  We propose a hardware-level face de-identification method to solve this vulnerability. We also propose an anonymization framework that generates a new face using the privacy-preserving image, face heatmap, and a reference face image from a public dataset as input.
  arXiv  Detail & Related papers  (2024-03-31T19:28:04Z)
• SeDe: Balancing Blockchain Privacy and Regulatory Compliance by Selective De-Anonymization [0.46040036610482665]
  We propose a framework that balances privacy-preserving features by establishing a regulatory and compliant framework called Selective De-Anonymization (SeDe) Our technique achieves this without leaving de-anonymization decisions or control in the hands of a single entity but distributing it among multiple entities while holding them accountable for their respective actions.
  arXiv  Detail & Related papers  (2023-11-14T13:49:13Z)
• RiDDLE: Reversible and Diversified De-identification with Latent Encryptor [57.66174700276893]
  This work presents RiDDLE, short for Reversible and Diversified De-identification with Latent Encryptor. Built upon a pre-learned StyleGAN2 generator, RiDDLE manages to encrypt and decrypt the facial identity within the latent space.
  arXiv  Detail & Related papers  (2023-03-09T11:03:52Z)
• Privacy-Preserving Face Recognition with Learnable Privacy Budgets in Frequency Domain [77.8858706250075]
  This paper proposes a privacy-preserving face recognition method using differential privacy in the frequency domain. Our method performs very well with several classical face recognition test sets.
  arXiv  Detail & Related papers  (2022-07-15T07:15:36Z)
• Locally Authenticated Privacy-preserving Voice Input [10.82818142802482]
  Service providers must authenticate their users, although individuals may wish to maintain privacy. Preserving privacy while performing authentication is challenging, particularly where adversaries can use biometric data to train transformation tools. We introduce a secure, flexible privacy-preserving system to capture and store an on-device fingerprint of the users' raw signals.
  arXiv  Detail & Related papers  (2022-05-27T14:56:01Z)
• Reinforcement Learning on Encrypted Data [58.39270571778521]
  We present a preliminary, experimental study of how a DQN agent trained on encrypted states performs in environments with discrete and continuous state spaces. Our results highlight that the agent is still capable of learning in small state spaces even in presence of non-deterministic encryption, but performance collapses in more complex environments.
  arXiv  Detail & Related papers  (2021-09-16T21:59:37Z)
• Towards Face Encryption by Generating Adversarial Identity Masks [53.82211571716117]
  We propose a targeted identity-protection iterative method (TIP-IM) to generate adversarial identity masks. TIP-IM provides 95%+ protection success rate against various state-of-the-art face recognition models.
  arXiv  Detail & Related papers  (2020-03-15T12:45:10Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.