Authors:
David Liau
;
Razieh Nokhbeh Zaeem
and
K. Suzanne Barber
Affiliation:
The Center For Identity, The University of Texas at Austin. U.S.A.
Keyword(s):
Privacy Protection, Personal Identity Information, Stochastic Game, Policy Evaluation, Identity Ecosystem.
Abstract:
Today, more than ever, everyday authentication processes involve combinations of Personally Identifiable Information (PII) to verify a person’s identity. Meanwhile the number of identity thefts is increasing dramatically compared to the past decades. As a response to this phenomenon, numerous privacy protection regulations, and identity management frameworks and companies thrive luxuriantly. In this paper, we leverage previous work in the Identity Ecosystem, a Bayesian network mathematical representation of a person’s identity, to create a framework to evaluate identity protection systems. After reviewing the Identity Ecosystem, we populate a dynamic version of it and propose a protection game for a person’s PII given that the owner and the attacker both gain some level of control over the status of other PII within the dynamic Identity Ecosystem. Next, We present a game concept on the Identity Ecosystem as a single round game with complete information. We then formulate a stochastic
shortest path game between the owner and the attacker on the dynamic Identity Ecosystem. The attacker is trying to expose the target PII as soon as possible while the owner is trying to protect the target PII from being exposed. We present a policy iteration algorithm to solve the optimal policy for the game and discuss its convergence. Finally, an evaluation and comparison of identity protection strategies is provided given that an optimal policy is used against different protection policies. This study is aimed to understand the evolutionary process of identity theft and provide a framework for evaluating different identity protection strategies and in future privacy protection system.
(More)