Establishing and protecting digital identity in federation systems

Abhilasha Bhargav-Spantzel, Anna C. Squicciarini, Elisa Bertino

Research output: Chapter in Book/Report/Conference proceedingConference contribution

20 Scopus citations

Abstract

We develop solutions for the security and privacy of user identity information in a federation. By federation we mean a group of organizations or service providers which have built trust among each other and enable sharing of user identity information amongst themselves. We first propose a flexible approach to establish a single sign-on (SSO) ID in the federation. Then we show how a user can leverage this SSO ID to establish certified and un-certified user identity attributes without the dependence on PKI for user authentication.This makes the process more usable and privacy preserving. Our major contribution in this paper is a novel solution for protection against identity theft of these identity attributes. We provide protocols based on cryptographic techniques, namely zero knowledge proofs and distributed hash tables. We show how we can preserve privacy of the user identity without jeopardizing security. We formally prove correctness and provide complexity results for our protocols. The complexity results show that our approach is efficient. In the paper we also show that the protocol is robust enough even in case semi-trusted "honest-yet curious" service providers thus preventing against insider threat. In our analysis we give the desired properties of the cryptographic tools used and identify open problems. We believe that the approach represents a precursor to new and innovative cryptographic techniques which can provide solutions for the security and privacy problems in federated identity management.

Original languageEnglish (US)
Title of host publicationDIM'05 - Proceedings of the 2005 ACM Workshop on Digital Identity Management, Co-located with the 12th ACM Conference on Computer and Communications Security, CCS 2005
Pages11-19
Number of pages9
DOIs
StatePublished - Dec 1 2005
Event1st ACM Workshop on Digital Identity Management, DIM 2005, Co-located with the 12th ACM Conference on Computer and Communications Security, CCS2005 - Fairfax, VA, United States
Duration: Nov 11 2005Nov 11 2005

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other1st ACM Workshop on Digital Identity Management, DIM 2005, Co-located with the 12th ACM Conference on Computer and Communications Security, CCS2005
CountryUnited States
CityFairfax, VA
Period11/11/0511/11/05

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Fingerprint Dive into the research topics of 'Establishing and protecting digital identity in federation systems'. Together they form a unique fingerprint.

  • Cite this

    Bhargav-Spantzel, A., Squicciarini, A. C., & Bertino, E. (2005). Establishing and protecting digital identity in federation systems. In DIM'05 - Proceedings of the 2005 ACM Workshop on Digital Identity Management, Co-located with the 12th ACM Conference on Computer and Communications Security, CCS 2005 (pp. 11-19). (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/1102486.1102489