Show simple item record

dc.contributor.authorRobles González, Antonio
dc.contributor.authorParra Arnau, Javier
dc.contributor.authorForné Muñoz, Jorge
dc.contributor.otherUniversitat Politècnica de Catalunya. Doctorat en Enginyeria Telemàtica
dc.contributor.otherUniversitat Politècnica de Catalunya. Departament d'Enginyeria Telemàtica
dc.date.accessioned2020-06-15T10:24:57Z
dc.date.issued2020
dc.identifier.citationRobles, A.; Parra-Arnau, J.; Forne, J. A LINDDUN-based framework for privacy threat analysis on identification and authentication processes. "Computers and security", 2020, vol. 94, núm. June 2020, p. 101755:1-101755:22.
dc.identifier.issn0167-4048
dc.identifier.urihttp://hdl.handle.net/2117/190711
dc.description© <2020>. This manuscript version is made available under the CC-BY-NC-ND 4.0 license http://creativecommons.org/licenses/by-nc-nd/4.0/
dc.description.abstractIdentification and authentication (IA) are security procedures that are ubiquitous in our online life, and that constantly require disclosing personal, sensitive information to non-fully trusted service providers, or to fully trusted providers that unintentionally may fail to protect such information. Although user IA processes are extensively supported by heterogeneous software and hardware, the simultaneous protection of user privacy is an open problem. From a legal point of view, the European Union legislation requires protecting the processing of personal data and evaluating its impact on privacy throughout the whole IA procedure. Privacy Threat Analysis (PTA) is one of the pillars for the required Privacy Impact Assessment (PIA). Among the few existing approaches for conducting a PTA, LINDDUN is a very promising framework, although generic, in the sense that it has not been specifically conceived for IA. In this work, we investigate an extension of LINDDUN that allows performing a reliable and systematically-reproducible PTA of user IA processes, thereby contributing to one of the cornerstones of PIA. Specifically, we propose a high-level description of the IA verification process, which we illustrate with an UML use case. Then, we design an identification and authentication modelling framework, propose an extension of two critical steps of the LINDDUN scheme, and adapt and tailor the trust boundary concept applied in the original framework. Finally, we propose a systematic methodology aimed to help auditors apply the proposed improvements to the LINDDUN framework.
dc.description.sponsorshipThe authors are thankful for the support through the research project “INRISCO”, ref. TEC2014-54335-C4-1-R, “MAGOS”, TEC2017-84197-C4-3-R, and the project “Sec-MCloud”, ref. TIN2016-80250-R. J. Parra-Arnau is the recipient of a Juan de la Cierva postdoctoral fellowship, IJCI-2016–28239, from the Spanish Ministry of Economy and Competitiveness. J. Parra-Arnau is with the UNESCO Chair in Data Privacy, but the views in this paper are his own and are not necessarily shared by UNESCO.
dc.language.isoeng
dc.rightsAttribution-NonCommercial-NoDerivs 3.0 Spain
dc.rights.urihttp://creativecommons.org/licenses/by-nc-nd/3.0/es/
dc.subjectÀrees temàtiques de la UPC::Informàtica::Seguretat informàtica
dc.subject.lcshComputer security
dc.subject.otherPrivacy threat analysis
dc.subject.otherPrivacy impact assessment
dc.subject.otherLINDDUN
dc.subject.otherTrust boundary
dc.subject.otherauthenticable attribute
dc.subject.otherTrust-based attribute
dc.titleA LINDDUN-based framework for privacy threat analysis on identification and authentication processes
dc.typeArticle
dc.subject.lemacSeguretat informàtica
dc.contributor.groupUniversitat Politècnica de Catalunya. SISCOM - Smart Services for Information Systems and Communication Networks
dc.identifier.doi10.1016/j.cose.2020.101755
dc.description.peerreviewedPeer Reviewed
dc.relation.publisherversionhttps://www.sciencedirect.com/science/article/pii/S0167404820300390
dc.rights.accessRestricted access - publisher's policy
local.identifier.drac26887838
dc.description.versionPostprint (author's final draft)
dc.relation.projectidinfo:eu-repo/grantAgreement/MINECO/1PE/TEC2014-54335-C4-1-R
dc.relation.projectidinfo:eu-repo/grantAgreement/AEI/2PE/TEC2017-84197-C4-3-R
dc.relation.projectidinfo:eu-repo/grantAgreement/MINECO/2PE/TIN2016-80250-R
dc.date.lift2022-02-19
local.citation.authorRobles, A.; Parra-Arnau, J.; Forne, J.
local.citation.publicationNameComputers and security
local.citation.volume94
local.citation.numberJune 2020
local.citation.startingPage101755:1
local.citation.endingPage101755:22


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record

Attribution-NonCommercial-NoDerivs 3.0 Spain
Except where otherwise noted, content on this work is licensed under a Creative Commons license : Attribution-NonCommercial-NoDerivs 3.0 Spain