Zero knowledge proofs of identity
STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Efficient identification and signatures for smart cards
CRYPTO '89 Proceedings on Advances in cryptology
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Prudent Engineering Practice for Cryptographic Protocols
IEEE Transactions on Software Engineering
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Trust-X: A Peer-to-Peer Framework for Trust Establishment
IEEE Transactions on Knowledge and Data Engineering
Balanced binary trees for ID management and load balance in distributed hash tables
Proceedings of the twenty-third annual ACM symposium on Principles of distributed computing
Proceedings of the 11th ACM conference on Computer and communications security
Dipsea: a modular distributed hash table
Dipsea: a modular distributed hash table
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
A taxonomy of single sign-on systems
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
Notarized federated ID management and authentication
Journal of Computer Security - 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)
Enhancing the Privacy of e-Learning Systems with Alias and Anonymity
Computer Supported Cooperative Work in Design IV
Physically restricted authentication with trusted hardware
Proceedings of the 2009 ACM workshop on Scalable trusted computing
Enforcing physically restricted access control for remote data
Proceedings of the first ACM conference on Data and application security and privacy
Improving the security of cardspace
EURASIP Journal on Information Security
Notarized federated identity management for web services
DBSEC'06 Proceedings of the 20th IFIP WG 11.3 working conference on Data and Applications Security
Enhancing consumer privacy in the liberty alliance identity federation and web services frameworks
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
Reference-based importance assessment model of identity information
Personal and Ubiquitous Computing
Hi-index | 0.00 |
We develop solutions for the security and privacy of user identity information in a federation. By federation we mean a group of organizations or service providers which have built trust among each other and enable sharing of user identity information amongst themselves. We first propose a flexible approach to establish a single sign-on (SSO) ID in the federation. Then we show how a user can leverage this SSO ID to establish certified and un-certified user identity attributes without the dependence on PKI for user authentication. This makes the process more usable and privacy preserving. Our major contribution in this paper is a novel solution for protection against identity theft of these identity attributes. We provide protocols based on cryptographic techniques, namely zero knowledge proofs and distributed hash tables. We show how we can preserve privacy of the user identity without jeopardizing security. We formally prove correctness and provide complexity results for our protocols. The complexity results show that our approach is efficient. In the paper we also show that the protocol is robust enough even in case semi-trusted "honest-yet curious" service providers thus preventing against insider threat. In our analysis we give the desired properties of the cryptographic tools used and identify open problems. We believe that the approach represents a precursor to new and innovative cryptographic techniques which can provide solutions for the security and privacy problems in federated identity management.