Top

Published in:

2015 | OriginalPaper | Chapter

Enhancing Public Digital Identity System (SPID) to Prevent Information Leakage

Authors : Francesco Buccafurri, Lidia Fotia, Gianluca Lax, Rocco Mammoliti

Published in: Electronic Government and the Information Systems Perspective

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Public Digital Identity System (SPID) is the Italian government framework compliant with the EU eIDAS regulatory environment, aimed at implementing electronic identification and trust services in e-government and business applications. According to this federated identity management framework, digital identities are issued, upon application of the interested party, by digital identity providers. This way, users authenticate to service providers, which are public or private organizations providing a service to authorized users, provided that they adhere to SPID. A drawback that could limit the real diffusion of this framework is that, despite the fact that identity and service providers might be competitor private companies, SPID authentication results in information leakage about customers of identity providers. To overcome this potential limitation, in this paper, we propose a modification of SPID to allow user authentication by preserving the anonymity of the identity provider that grants the authentication credentials. This way, information leakage about customers of identity providers is fully prevented.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Engineering Semantic Web Services for Government Business Processes Automation

next chapter Encryption-Based Second Authentication Factor Solutions for Qualified Server-Side Signature Creation

Agency for Digital Italy (AGID) (2015). http://www.agid.gov.it/

Art. 3 DPCM of 24 October 2014 (2015). http://www.agid.gov.it/sites/default/files/leggi_decreti_direttive/dpcm_24_ottobre_2014.pdf

Electronic identification and trust services (eIDAS) (2015). http://ec.europa.eu/dgs/connect/en/content/electronic-identification-and-trust-services-eidas-regulatory-environment-and-beyond

Security Assertion Markup Language (SAML) (2015). http://it.wikipedia.org/wiki/Security_Assertion_Markup_Language

SPID-Agenzia per l’Italia Digitale (2015). http://www.agid.gov.it/sites/default/files/regole_tecniche/spid_regole_tecniche_v0_1.pdf

Vila, J.A., Serna-Olvera, J., Fernandez, L., Medina, M., Sfakianakis, A.: A professional view on ebanking authentication: challenges and recommendations. In: 2013 9th International Conference on Information Assurance and Security (IAS), pp. 43–48. IEEE (2013)

Buccafurri, F., Fotia, L., Lax, G.: Allowing continuous evaluation of citizen opinions through social networks. In: Kő, A., Leitner, C., Leitold, H., Prosser, A. (eds.) EDEM 2012 and EGOVIS 2012. LNCS, vol. 7452, pp. 242–253. Springer, Heidelberg (2012) CrossRef

Buccafurri, F., Fotia, L., Lax, G.: Privacy-preserving resource evaluation in social networks. In: Proceedings of the 2012 Tenth Annual International Conference on Privacy, Security and Trust (PST 2012), pp. 51–58. IEEE Computer Society (2012)

Buccafurri, F., Fotia, L., Lax, G.: Allowing non-identifying information disclosure in citizen opinion evaluation. In: Kő, A., Leitner, C., Leitold, H., Prosser, A. (eds.) EDEM 2013 and EGOVIS 2013. LNCS, vol. 8061, pp. 241–254. Springer, Heidelberg (2013) CrossRef

10.

Buccafurri, F., Fotia, L., Lax, G.: Allowing privacy-preserving analysis of social network likes. In: Privacy, Security and Trust (PST), 2013 Eleventh Annual International Conference on, pp. 36–43. IEEE (2013)

11.

Buccafurri, F., Fotia, L., Lax, G.: Social signature: signing by tweeting. In: Kő, A., Francesconi, E. (eds.) EGOVIS 2014. LNCS, vol. 8650, pp. 1–14. Springer, Heidelberg (2014) CrossRef

12.

Buccafurri, F., Fotia, L., Lax, G.: A privacy-preserving e-participation framework allowing citizen opinion analysis. Electron. Gov. An Int. J. 11, 185–206 (2015)CrossRef

13.

Buchmann, N., Rathgeb, C., Baier, H., Busch, C.: Towards electronic identification and trusted services for biometric authenticated transactions in the single euro payments area. In: Preneel, B., Ikonomou, D. (eds.) APF 2014. LNCS, vol. 8450, pp. 172–190. Springer, Heidelberg (2014)

14.

Cuijpers, C., Schroers, J.: eIDAS as guideline for the development of a pan European eID framework in FutureID. Open Identity Summit 2014(237), 23–38 (2014)

15.

Dumortier, J., Vandezande, N.: Critical Observations on the Proposed Regulation for Electronic Identification and Trust Services for Electronic Transactions in the Internal Market. ICRI Research Paper, 9 (2012)

16.

Hühnlein, D.: Towards eIDAS as a Service. In: Reimer, H., Pohlmann, N., Schneider, W. (eds.) ISSE 2014 Securing Electronic Business Processes, pp. 241–248. Springer, Heidelberg (2014)

17.

Jordan, F., Pujol, H., Ruana, D.: Achieving the eIDAS vision through the mobile, social and cloud triad. In: Reimer, H., Pohlmann, N., Schneider, W. (eds.) ISSE 2014 Securing Electronic Business Processes, pp. 81–93. Springer, Heidelberg (2014)

18.

Lax, G., Buccafurri, F., Caminiti, G.: Digital document signing: Vulnerabilities and solutions. A Global Perspective, Information Security Journal (2015)

19.

Massacci, F., Gadyatskaya, O.: How to get better EID and Trust Services by leveraging eIDAS legislation on EU funded research results (2013)

20.

Navarro, V.A., Gumbau, J., Santapau, P., Marzal, A.: Stork project results: Pan-european eid interoperability demonstrated (2011)

21.

Wessels, B.: Identification and the practices of identity and privacy in everyday digital communication. New Media Soc. 14, 1251–1268 (2012)CrossRef

Title: Enhancing Public Digital Identity System (SPID) to Prevent Information Leakage
Authors: Francesco Buccafurri
Lidia Fotia
Gianluca Lax
Rocco Mammoliti
Publisher: Springer International Publishing
Book: Electronic Government and the Information Systems Perspective
Print ISBN: 978-3-319-22388-9

Electronic ISBN: 978-3-319-22389-6

Copyright Year: 2015
DOI: https://doi.org/10.1007/978-3-319-22389-6_5

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner