An Overview of veryIDX - A privacy-preserving digital identity management system for mobile devices

Federica Paci, Elisa Bertino, Sam Kerr, Anna Squicciarini, Jungha Woo

Research output: Contribution to journalArticle

7 Citations (Scopus)

Abstract

Users increasingly use their mobile devices to communicate, to conduct business transaction and access resources and services. In such a scenario, digital identity management (DIM) technology is fundamental in customizing user experience, protecting privacy, underpinning accountability in business transactions, and in complying with regulatory controls. Users identity consists of data, referred to as identity attributes, that encode relevant-security properties of the clients. However, identity attributes can be target of several attacks: the loss or theft of mobile devices results in a exposure of identity attributes; identity attributes that are send over WI-FI or 3G networks can be easily intercepted; identity attributes can also be captured via Bluetooth connections without the user's consent; and mobile viruses, worms and Trojan horses can access the identity attributes stored on mobile devices if this information is not protected by passwords or PIN numbers. Therefore, assuring privacy and security of identity attributes, as well as of any sensitive information stored on mobile devices is crucial. In this paper we address such problems by proposing an approach to manage user identity attributes by assuring their privacy-preserving usage. The approach is based on the concept of privacy preserving multi-factor authentication achieved by a new cryptographic primitive which uses aggregate signatures on commitments that are then used for aggregate zero-knowledge proof of knowledge (ZKPK) protocols. We present the implementation of such approach on Nokia NFC cellular phones and report performance evaluation results.

Original languageEnglish (US)
Pages (from-to)696-706
Number of pages11
JournalJournal of Software
Volume4
Issue number7
DOIs
StatePublished - Sep 1 2009

Fingerprint

Mobile devices
Bluetooth
Viruses
Authentication
Industry
Network protocols

All Science Journal Classification (ASJC) codes

  • Software
  • Human-Computer Interaction
  • Artificial Intelligence

Cite this

Paci, Federica ; Bertino, Elisa ; Kerr, Sam ; Squicciarini, Anna ; Woo, Jungha. / An Overview of veryIDX - A privacy-preserving digital identity management system for mobile devices. In: Journal of Software. 2009 ; Vol. 4, No. 7. pp. 696-706.
@article{73af1c1b6e264530af19ee8186ca781f,
title = "An Overview of veryIDX - A privacy-preserving digital identity management system for mobile devices",
abstract = "Users increasingly use their mobile devices to communicate, to conduct business transaction and access resources and services. In such a scenario, digital identity management (DIM) technology is fundamental in customizing user experience, protecting privacy, underpinning accountability in business transactions, and in complying with regulatory controls. Users identity consists of data, referred to as identity attributes, that encode relevant-security properties of the clients. However, identity attributes can be target of several attacks: the loss or theft of mobile devices results in a exposure of identity attributes; identity attributes that are send over WI-FI or 3G networks can be easily intercepted; identity attributes can also be captured via Bluetooth connections without the user's consent; and mobile viruses, worms and Trojan horses can access the identity attributes stored on mobile devices if this information is not protected by passwords or PIN numbers. Therefore, assuring privacy and security of identity attributes, as well as of any sensitive information stored on mobile devices is crucial. In this paper we address such problems by proposing an approach to manage user identity attributes by assuring their privacy-preserving usage. The approach is based on the concept of privacy preserving multi-factor authentication achieved by a new cryptographic primitive which uses aggregate signatures on commitments that are then used for aggregate zero-knowledge proof of knowledge (ZKPK) protocols. We present the implementation of such approach on Nokia NFC cellular phones and report performance evaluation results.",
author = "Federica Paci and Elisa Bertino and Sam Kerr and Anna Squicciarini and Jungha Woo",
year = "2009",
month = "9",
day = "1",
doi = "10.4304/jsw.4.7.696-706",
language = "English (US)",
volume = "4",
pages = "696--706",
journal = "Journal of Software",
issn = "1796-217X",
publisher = "Academy Publisher",
number = "7",

}

An Overview of veryIDX - A privacy-preserving digital identity management system for mobile devices. / Paci, Federica; Bertino, Elisa; Kerr, Sam; Squicciarini, Anna; Woo, Jungha.

In: Journal of Software, Vol. 4, No. 7, 01.09.2009, p. 696-706.

Research output: Contribution to journalArticle

TY - JOUR

T1 - An Overview of veryIDX - A privacy-preserving digital identity management system for mobile devices

AU - Paci, Federica

AU - Bertino, Elisa

AU - Kerr, Sam

AU - Squicciarini, Anna

AU - Woo, Jungha

PY - 2009/9/1

Y1 - 2009/9/1

N2 - Users increasingly use their mobile devices to communicate, to conduct business transaction and access resources and services. In such a scenario, digital identity management (DIM) technology is fundamental in customizing user experience, protecting privacy, underpinning accountability in business transactions, and in complying with regulatory controls. Users identity consists of data, referred to as identity attributes, that encode relevant-security properties of the clients. However, identity attributes can be target of several attacks: the loss or theft of mobile devices results in a exposure of identity attributes; identity attributes that are send over WI-FI or 3G networks can be easily intercepted; identity attributes can also be captured via Bluetooth connections without the user's consent; and mobile viruses, worms and Trojan horses can access the identity attributes stored on mobile devices if this information is not protected by passwords or PIN numbers. Therefore, assuring privacy and security of identity attributes, as well as of any sensitive information stored on mobile devices is crucial. In this paper we address such problems by proposing an approach to manage user identity attributes by assuring their privacy-preserving usage. The approach is based on the concept of privacy preserving multi-factor authentication achieved by a new cryptographic primitive which uses aggregate signatures on commitments that are then used for aggregate zero-knowledge proof of knowledge (ZKPK) protocols. We present the implementation of such approach on Nokia NFC cellular phones and report performance evaluation results.

AB - Users increasingly use their mobile devices to communicate, to conduct business transaction and access resources and services. In such a scenario, digital identity management (DIM) technology is fundamental in customizing user experience, protecting privacy, underpinning accountability in business transactions, and in complying with regulatory controls. Users identity consists of data, referred to as identity attributes, that encode relevant-security properties of the clients. However, identity attributes can be target of several attacks: the loss or theft of mobile devices results in a exposure of identity attributes; identity attributes that are send over WI-FI or 3G networks can be easily intercepted; identity attributes can also be captured via Bluetooth connections without the user's consent; and mobile viruses, worms and Trojan horses can access the identity attributes stored on mobile devices if this information is not protected by passwords or PIN numbers. Therefore, assuring privacy and security of identity attributes, as well as of any sensitive information stored on mobile devices is crucial. In this paper we address such problems by proposing an approach to manage user identity attributes by assuring their privacy-preserving usage. The approach is based on the concept of privacy preserving multi-factor authentication achieved by a new cryptographic primitive which uses aggregate signatures on commitments that are then used for aggregate zero-knowledge proof of knowledge (ZKPK) protocols. We present the implementation of such approach on Nokia NFC cellular phones and report performance evaluation results.

UR - http://www.scopus.com/inward/record.url?scp=78651555609&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=78651555609&partnerID=8YFLogxK

U2 - 10.4304/jsw.4.7.696-706

DO - 10.4304/jsw.4.7.696-706

M3 - Article

AN - SCOPUS:78651555609

VL - 4

SP - 696

EP - 706

JO - Journal of Software

JF - Journal of Software

SN - 1796-217X

IS - 7

ER -