Security without identification: transaction systems to make big brother obsolete
Communications of the ACM
Identity-based cryptosystems and signature schemes
Proceedings of CRYPTO 84 on Advances in cryptology
Use of elliptic curves in cryptography
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
Zero knowledge proofs of identity
STOC '87 Proceedings of the nineteenth annual ACM symposium on Theory of computing
Value exchange systems enabling security and unobservability
Computers and Security
Efficient identification and signatures for smart cards
CRYPTO '89 Proceedings on Advances in cryptology
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
Prudent Engineering Practice for Cryptographic Protocols
IEEE Transactions on Software Engineering
Digital certificates: a survey of revocation methods
MULTIMEDIA '00 Proceedings of the 2000 ACM workshops on Multimedia
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Design and implementation of the idemix anonymous credential system
Proceedings of the 9th ACM conference on Computer and communications security
Identity-Based Encryption from the Weil Pairing
SIAM Journal on Computing
Single Sign-On Using Cookies for Web Applications
WETICE '99 Proceedings of the 8th Workshop on Enabling Technologies on Infrastructure for Collaborative Enterprises
Trust-X: A Peer-to-Peer Framework for Trust Establishment
IEEE Transactions on Knowledge and Data Engineering
Balanced binary trees for ID management and load balance in distributed hash tables
Proceedings of the twenty-third annual ACM symposium on Principles of distributed computing
Better Privacy and Security in E-Commerce: Using Elliptic Curve-Based Zero-Knowledge Proofs
CEC '04 Proceedings of the IEEE International Conference on E-Commerce Technology
Proceedings of the 11th ACM conference on Computer and communications security
Dipsea: a modular distributed hash table
Dipsea: a modular distributed hash table
Phishing Attacks Rising, But Dollar Losses Down
IEEE Security and Privacy
The battle against phishing: Dynamic Security Skins
SOUPS '05 Proceedings of the 2005 symposium on Usable privacy and security
Fighting Spam with Reputation Systems
Queue - Social Computing
Why Johnny can't encrypt: a usability evaluation of PGP 5.0
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
Lower bounds for discrete logarithms and related problems
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Privacy preserving multi-factor authentication with biometrics
Proceedings of the second ACM workshop on Digital identity management
Privacy preserving multi-factor authentication with biometrics
Journal of Computer Security - The Second ACM Workshop on Digital Identity Management - DIM 2006
Notarized federated ID management and authentication
Journal of Computer Security - 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)
Proceedings of the 8th Symposium on Identity and Trust on the Internet
Privacy-aware identity management for client-side mashup applications
Proceedings of the 5th ACM workshop on Digital identity management
Multifactor identity verification using aggregated proof of knowledge
IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews
Cost and benefit analysis of authentication systems
Decision Support Systems
A Game Theoretic Approach to Optimize Identity Exposure in Pervasive Computing Environments
International Journal of Information Security and Privacy
Hi-index | 0.00 |
We develop solutions for the security and privacy of user identity information in a federation. By federation we mean a group of organizations or service providers which have built trust among each other and enable sharing of user identity information amongst themselves. Our solution supports a step by step approach according to which an individual can first establish a digital identity followed by a secure and protected use of such identity. We first introduce a flexible approach to establish a single sign-on (SSO) ID in a federation. Then we show how a user can leverage this SSO ID to establish certified and uncertified user identity attributes without the dependence on PKI for user authentication. This makes the process more usable and enhances privacy. The major contribution of this paper is a novel solution for protection against identity theft of these identity attributes. Our approach is based on the use of zero-knowledge proof protocols and distributed hash tables. Revocation mechanisms of the identity attributes are also developed. We illustrate how current revocation techniques can benefit from the underlying federation framework and the use of distributed hash tables. Finally, we formally prove correctness and provide complexity results for our protocols. The complexity results show that our approach is efficient. In the paper we also show that the protocol is robust enough even in the case of semi-trusted “honest-yet curious” service providers, thus preventing against insider threat. We believe that the approach represents a precursor to new and innovative cryptographic techniques which can provide solutions for the security and privacy problems in federated identity management.