Ir al contenido (pulsa Retorno)

Universitat Politècnica de Catalunya

    • Català
    • Castellano
    • English
    • LoginRegisterLog in (no UPC users)
  • mailContact Us
  • world English 
    • Català
    • Castellano
    • English
  • userLogin   
      LoginRegisterLog in (no UPC users)

UPCommons. Global access to UPC knowledge

58.916 UPC E-Prints
You are here:
View Item 
  •   DSpace Home
  • E-prints
  • Grups de recerca
  • SISCOM - Smart Services for Information Systems and Communication Networks
  • Articles de revista
  • View Item
  •   DSpace Home
  • E-prints
  • Grups de recerca
  • SISCOM - Smart Services for Information Systems and Communication Networks
  • Articles de revista
  • View Item
JavaScript is disabled for your browser. Some features of this site may not work without it.

A LINDDUN-based framework for privacy threat analysis on identification and authentication processes

Thumbnail
View/Open
LINDDUN COSE.pdf (1,355Mb)
Share:
 
 
10.1016/j.cose.2020.101755
 
  View Usage Statistics
Cita com:
hdl:2117/190711

Show full item record
Robles González, AntonioMés informació
Parra Arnau, JavierMés informacióMés informacióMés informació
Forné Muñoz, JorgeMés informacióMés informacióMés informació
Document typeArticle
Defense date2020
Rights accessOpen Access
Attribution-NonCommercial-NoDerivs 3.0 Spain
Except where otherwise noted, content on this work is licensed under a Creative Commons license : Attribution-NonCommercial-NoDerivs 3.0 Spain
ProjectMONITORIZACION DE INCIDENTES EN COMUNIDADES INTELIGENTES (MINECO-TEC2014-54335-C4-1-R)
Abstract
Identification and authentication (IA) are security procedures that are ubiquitous in our online life, and that constantly require disclosing personal, sensitive information to non-fully trusted service providers, or to fully trusted providers that unintentionally may fail to protect such information. Although user IA processes are extensively supported by heterogeneous software and hardware, the simultaneous protection of user privacy is an open problem. From a legal point of view, the European Union legislation requires protecting the processing of personal data and evaluating its impact on privacy throughout the whole IA procedure. Privacy Threat Analysis (PTA) is one of the pillars for the required Privacy Impact Assessment (PIA). Among the few existing approaches for conducting a PTA, LINDDUN is a very promising framework, although generic, in the sense that it has not been specifically conceived for IA. In this work, we investigate an extension of LINDDUN that allows performing a reliable and systematically-reproducible PTA of user IA processes, thereby contributing to one of the cornerstones of PIA. Specifically, we propose a high-level description of the IA verification process, which we illustrate with an UML use case. Then, we design an identification and authentication modelling framework, propose an extension of two critical steps of the LINDDUN scheme, and adapt and tailor the trust boundary concept applied in the original framework. Finally, we propose a systematic methodology aimed to help auditors apply the proposed improvements to the LINDDUN framework.
Description
© <2020>. This manuscript version is made available under the CC-BY-NC-ND 4.0 license http://creativecommons.org/licenses/by-nc-nd/4.0/
CitationRobles, A.; Parra-Arnau, J.; Forne, J. A LINDDUN-based framework for privacy threat analysis on identification and authentication processes. "Computers and security", 2020, vol. 94, núm. June 2020, p. 101755:1-101755:22. 
URIhttp://hdl.handle.net/2117/190711
DOI10.1016/j.cose.2020.101755
ISSN0167-4048
Publisher versionhttps://www.sciencedirect.com/science/article/pii/S0167404820300390
Collections
  • SISCOM - Smart Services for Information Systems and Communication Networks - Articles de revista [31]
  • Departament d'Enginyeria Telemàtica - Articles de revista [429]
  • Doctorat en Enginyeria Telemàtica - Articles de revista [87]
Share:
 
  View Usage Statistics

Show full item record

FilesDescriptionSizeFormatView
LINDDUN COSE.pdf1,355MbPDFView/Open

Browse

This CollectionBy Issue DateAuthorsOther contributionsTitlesSubjectsThis repositoryCommunities & CollectionsBy Issue DateAuthorsOther contributionsTitlesSubjects

© UPC Obrir en finestra nova . Servei de Biblioteques, Publicacions i Arxius

info.biblioteques@upc.edu

  • About This Repository
  • Contact Us
  • Send Feedback
  • Inici de la pàgina