Privacy enhancing technologies for identity and access management

The exponential growth of digital technologies has significantly impacted various aspects of modern life. This progress has particularly sparked concerns regarding the erosion of individual privacy. Notably, over recent years, there has been a substantial increase in collective awareness concerning privacy-related issues. The proliferation of social media platforms, instances of data breaches, and the commercialization of personal information have collectively fueled a heightened interest in safeguarding privacy rights. This upsurge in privacy consciousness has catalyzed a fundamental shift in the attitudes and behaviors of individuals, institutions, and governments alike. An essential underpinning of contemporary information technology that plays a pivotal role in shaping privacy considerations is Identity and Access Management (IAM). IAM systems have emerged as indispensable tools for ensuring the security and integrity of digital identities and resources. As these systems accumulate data and facilitate the seamless access and administration of sensitive information, they inherently give rise to profound concerns regarding individual privacy and data protection. These concerns stem from the increase of data breaches and their repercussions, such as the rampant issue of identity theft, which poses substantial challenges for both organizations and governments. In this thesis, our objective is to present a novel solution for modern IAM (Identity and Access Management) systems that enhance end-users’ privacy through advanced privacy-enhancing technologies. At the same time, we aim for our solution to deliver usability for both end-users and integrators while staying aligned with the latest advancements in the IAM industry. Therefore, as the foundation of our system, we have selected the FIDO2 protocol, an industry-recognized and widely supported solution for privacy-preserving passwordless authentication. Throughout our study, we evaluate the guarantees provided by FIDO2 to ensure its suitability for our proposed system and demonstrate how it can be used to enhance the privacy features of existing IAM systems. We begin our study with a comprehensive exploration of usability considerations in the integration of FIDO2. While authentication is often assessed within the scope of a single application (e.g., a web application), our research delves into the challenges of FIDO2 integration across various use cases typically encountered in large organizations. We have identified both technical challenges (e.g., remote access) and non-technical challenges (e.g., lack of guidelines), taking into account a range of technologies, personas, and requirements mandated by cybersecurity and legal frameworks. Furthermore, we conducted a user study involving professionals engaged in FIDO2 integration. Drawing from over 100 responses, we organized and categorized the challenges, uncovering preferences and obstacles frequently encountered when planning or integrating FIDO2 into the existing IAM infrastructure. We contribute these findings to the FIDO2 community while also integrating them into our privacy-preserving IAM system. Our investigation into the suitability of FIDO2 for our design progresses as we delve into an in-depth examination of FIDO2’s privacy mechanisms. While the theoretical privacy assurances (such as unlinkability) align seamlessly with our requirements, we found a significant issue across major FIDO2 client implementations, which could potentially undermine the use of FIDO2 as a foundational protocol for our system. We investigated and reported a novel side-channel attack that capitalizes on a vulnerability present in major web browsers, thereby permitting remote execution of our attack. Our research identified potential adversaries and substantiated that the unlinkability property could be compromised for vulnerable FIDO2 authenticators. To address these concerns, we proposed and advocated for mitigation strategies, collaborating closely with vendors to strengthen FIDO2 implementations. This collaborative effort ensures that publicly accessible FIDO2 clients, namely web browsers, conform to our desired requirements. In recognition of our contributions to safeguarding the privacy of users who work with Chromium-based browsers (e.g., Chrome, Edge, Opera), the Chromium security team honored us with a Chromium bounty award. The culmination of our usability and privacy investigations has resulted in the design and development of an industry-ready and privacy-preserving system called FIDO-AC. This system facilitates the evaluation of authorization policies minimizing the exposure of private data acquired from trusted sources (e.g., ePassports). Notably, our proposed solution binds advanced privacy-enhancing technologies with FIDO2. This fusion enhances privacy-preserving authorization in tandem with robust authentication, forging a cohesive link between these processes. Our design effectively tackles usability challenges through its seamless and adaptable integration with existing FIDO2 deployments. We regard FIDO-AC as a comprehensive solution tailored to both industry and academia. Therefore, our contribution encompasses a theoretical definition of the framework, a formal analysis of security and privacy, a detailed design of an exemplary instantiation of the system, a proof-of-concept implementation demonstrating integration with Android OS and ICAO ePassports, and an assessment of the implementation’s viability. Through the contributions presented in this thesis, we aim to promote the adoption of privacy-enhancing technologies within IAM systems. By identifying practical challenges and vulnerabilities and subsequently introducing an innovative solution to address them, we provide a well-founded approach toward privacy-conscious IAM systems. Notably, we anticipate that our FIDO-AC system will considerably enhance the privacy attributes of the existing authentication and authorization methods.