What is Identity-as-a-Service?
Personal Identifiable Information (PII) is information about a person such as name, addresses, health records, tax number, etc. In recent years, users may store their PII in the cloud environment so that cloud services may access and use it on demand. In Figure 1, users store their PII in Salesforce so that cloud services on Salesforce can work on it.
Figure 1: Users store their PII in Salesforce
Why Identity-as-a-Service?
Gartner predicts, by 2020, 70% of all businesses will use user identities to control access to their services. For example, a user Bob can buy a DVD if he can prove that he is over 18 years old. In this case, Bob uses his "age" to access the DVD online service.
Identity-as-a-Service (IDaaS) is a trusted service provider that provides user identity to a cloud service on demand.
What is the main issue of Identity-as-a-Service?
The main issue is user privacy. Facebook is an example of a public Identity Provider that collects PII about users. According to the Facebook data scandal in early 2018 [1], an application was allowed to collect PII of 50 million users for “academic” use but gave the collected data further to a company, Cambridge Analytica, for “analysis” purpose. This example shows that users typically disclose their identities with a frontend service. However, the frontend service may consume other backend services in a business-to-business relationship. In general, even if cloud services specify their privacy policies, we cannot guarantee that they follow their policies and will not (accidentally) transfer PII to another party.
What is the solution?
In the following video, we show our implementation result at the University of Plymouth, how Identity-as-a-Service can protect user privacy.
In the first one minute:
We show a use case, whereby PII is fully disclosed to a frontend service (e.g., a shopping service). In the backend, the shopping service calls a delivery service (to ship a product) and fully disclose PII to the delivery service.
We show a use case, whereby PII is fully disclosed to a frontend service (e.g., a shopping service). In the backend, the shopping service calls a delivery service (to ship a product) and fully disclose PII to the delivery service.
From minute 1 - 3:
- Users encrypt their data with specific "purposes" (e.g., purchase, delivery) and "time" (e.g., 14 days).
- IDaaS distributes the resulting ciphertext to all services that need it.
- The shopping service can decrypt the user "birthday" to proceed a "purchase" order. The delivery service can decrypt the user "address" for the "delivery" purpose but nothing more. It means, a service can decrypt PII if it has the correct "purpose" and access it in a given "time".
- After the authentication token is expired (i.e., the current business transaction completed), the shopping service cannot decrypt the ciphertext anymore (even it was authorised to decrypt it before).
- After 14 days, the delivery service also cannot decrypt the user "address" anymore (i.e., the ciphertext is expired).
Advantages
In comparison to existing work in the past 10 years. our solution is compliant with the General Data Protection Regulation and involves the least user interaction to prevent identity theft via the human link. We protect the confidentiality of PII over both frontend and backend services, and against untrusted hosts. The implementation can be easily adapted to existing Identity Management systems, and the performance is fast.
Future work
In Internet Of Things and Machine Learning, the machines talk to each other and process user data without user interaction. We think our solution is also useful in these areas.
Implementation details
Reference
[1] Cadwalladr, C.; Graham-Harrison, E. Revealed: 50 million Facebook Profiles Harvested for Cambridge Analytica in Major Data Breach. Available online: https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election (accessed on 17 Mar 2018).