A LINDDUN-Based Privacy Threat Modelling for National Identification Systems
Nweke, Livinus Obiora; Abomhara, Mohamed; Yildirim Yayilgan, Sule; Camparin, Debora; Heurtier, Olivier; Bunney, Calum
Chapter
Accepted version
Permanent lenke
https://hdl.handle.net/11250/3036665Utgivelsesdato
2022Metadata
Vis full innførselSamlinger
Originalversjon
10.1109/NIGERCON54645.2022.9803177Sammendrag
The international focus on attaining identity for all has fostered advances in technological developments that have given rise to changing demands on the architecture and deployment of national identification (NID) systems. In particular, national identity management solutions are now expected to respond to a fully modular architecture and to be flexible in the integration of the various building blocks, including the case where the building blocks are provided by different vendors. Another important demand is linked to the increasing concerns about privacy and the potential for unethical or harmful uses of personally identifiable information (PII). This has forced national identity management infrastructures to be compliant with relevant legislation, regulations as well as best practices. In this paper, we investigate how to integrate privacy principles and requirements into a fully modular national identity management architecture implementing a specific use case that deploys the OSIA standard for seamless integration of its building blocks. We employ the LINDDUN methodology to identify privacy threats to the selected use case, elicit mitigation strategies and suggest appropriate privacy enhancing solutions.