A LINDDUN-Based Privacy Threat Modelling for National Identification Systems

• Published in: 2022 IEEE Nigeria 4th International Conference on Disruptive Technologies for Sustainable Development (NIGERCON) pp. 1 - 8
• Main Authors: Nweke, Livinus Obiora, Abomhara, Mohamed, Yayilgan, Sule Yildirim, Comparin, Debora, Heurtier, Olivier, Bunney, Calum
• Format: Conference Proceeding
• Language: English
• Published: IEEE 17.04.2022
• Subjects: Architecture; Conferences; Disruptive technologies; Legislation; LINDDUN methodology; National identification (NID) systems; OSIA initiative; Privacy; Privacy threat modelling; Regulation; Sustainable development
• ISSN: 2377-2697
• DOI: 10.1109/NIGERCON54645.2022.9803177

The international focus on attaining identity for all has fostered advances in technological developments that have given rise to changing demands on the architecture and deployment of national identification (NID) systems. In particular, national identity management solutions are now expected to respond to a fully modular architecture and to be flexible in the integration of the various building blocks, including the case where the building blocks are provided by different vendors. Another important demand is linked to the increasing concerns about privacy and the potential for unethical or harmful uses of personally identifiable information (PII). This has forced national identity management infrastructures to be compliant with relevant legislation, regulations as well as best practices. In this paper, we investigate how to integrate privacy principles and requirements into a fully modular national identity management architecture implementing a specific use case that deploys the OSIA standard for seamless integration of its building blocks. We employ the LINDDUN methodology to identify privacy threats to the selected use case, elicit mitigation strategies and suggest appropriate privacy enhancing solutions.