Show Abstract
Today, more than ever, everyday authentication processes involve combinations of Personally Identifiable Information (PII) to verify a person’s identity. Meanwhile the number of identity thefts is increasing dramatically compared to the past decades. As a response to the phenomenon, numerous of privacy protection regulations, management frameworks and companies thrives luxuriantly in the industry as well. In this paper, we leverage previous work in the Identity Ecosystem, a Bayesian network mathematical representation of a person’s identity, to create a framework to evaluate identity protection systems. After reviewing the Identity Ecosystem, we populate a dynamic version of it and propose a protection game for a person’s PII given that the owner and the attacker both gain some level of control over the status of other PIIs within the dynamic Identity Ecosystem. We first present the game concept as a single round game with complete information. Then we formulate a stochastic shortest path game between the owner and the attacker on the dynamic Identity Ecosystem. The attacker is trying to expose the target PII as soon as possible while the owner is trying to protect the target PII from being exposed. We present a policy iteration algorithm to solve the optimal policy for the game and discuss its convergence. Finally, an evaluation and comparison of identity protection strategies is provided given that an optimal policy is used against different protection policies. This study is aimed to understand the evolutionary process of identity theft and provide a framework for evaluating different identity protection strategies.
Access Publication: Download PDF