Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Issue title: The First ACM Workshop on Digital Identity Management – DIM 2005
Article type: Research Article
Authors: Bhargav-Spantzel, Abhilasha | Squicciarini, Anna C. | Bertino, Elisa
Affiliations: CERIAS and Department of Computer Science, Purdue University, USA. E-mail: bhargav@cs.purdue.edu, squiccia@cs.purdue.edu, bertino@cs.purdue.edu
Abstract: We develop solutions for the security and privacy of user identity information in a federation. By federation we mean a group of organizations or service providers which have built trust among each other and enable sharing of user identity information amongst themselves. Our solution supports a step by step approach according to which an individual can first establish a digital identity followed by a secure and protected use of such identity. We first introduce a flexible approach to establish a single sign-on (SSO) ID in a federation. Then we show how a user can leverage this SSO ID to establish certified and uncertified user identity attributes without the dependence on PKI for user authentication. This makes the process more usable and enhances privacy. The major contribution of this paper is a novel solution for protection against identity theft of these identity attributes. Our approach is based on the use of zero-knowledge proof protocols and distributed hash tables. Revocation mechanisms of the identity attributes are also developed. We illustrate how current revocation techniques can benefit from the underlying federation framework and the use of distributed hash tables. Finally, we formally prove correctness and provide complexity results for our protocols. The complexity results show that our approach is efficient. In the paper we also show that the protocol is robust enough even in the case of semi-trusted “honest-yet curious” service providers, thus preventing against insider threat. We believe that the approach represents a precursor to new and innovative cryptographic techniques which can provide solutions for the security and privacy problems in federated identity management.
Keywords: Identity management, single sign-on, federation, identity theft, zero knowledge proof, distributed hash tables, revocation
DOI: 10.3233/JCS-2006-14303
Journal: Journal of Computer Security, vol. 14, no. 3, pp. 269-300, 2006
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
sales@iospress.com
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
info@iospress.nl
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office info@iospress.nl
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
china@iospress.cn
For editorial issues, like the status of your submitted paper or proposals, write to editorial@iospress.nl
如果您在出版方面需要帮助或有任何建, 件至: editorial@iospress.nl