Establishing and protecting digital identity in federation systems

Abhilasha Bhargav-Spantzel, Anna Squicciarini, Elisa Bertino

Research output: Chapter in Book/Report/Conference proceedingConference contribution

19 Citations (Scopus)

Abstract

We develop solutions for the security and privacy of user identity information in a federation. By federation we mean a group of organizations or service providers which have built trust among each other and enable sharing of user identity information amongst themselves. We first propose a flexible approach to establish a single sign-on (SSO) ID in the federation. Then we show how a user can leverage this SSO ID to establish certified and un-certified user identity attributes without the dependence on PKI for user authentication.This makes the process more usable and privacy preserving. Our major contribution in this paper is a novel solution for protection against identity theft of these identity attributes. We provide protocols based on cryptographic techniques, namely zero knowledge proofs and distributed hash tables. We show how we can preserve privacy of the user identity without jeopardizing security. We formally prove correctness and provide complexity results for our protocols. The complexity results show that our approach is efficient. In the paper we also show that the protocol is robust enough even in case semi-trusted "honest-yet curious" service providers thus preventing against insider threat. In our analysis we give the desired properties of the cryptographic tools used and identify open problems. We believe that the approach represents a precursor to new and innovative cryptographic techniques which can provide solutions for the security and privacy problems in federated identity management.

Original languageEnglish (US)
Title of host publicationDIM'05 - Proceedings of the 2005 ACM Workshop on Digital Identity Management, Co-located with the 12th ACM Conference on Computer and Communications Security, CCS 2005
Pages11-19
Number of pages9
DOIs
StatePublished - Dec 1 2005
Event1st ACM Workshop on Digital Identity Management, DIM 2005, Co-located with the 12th ACM Conference on Computer and Communications Security, CCS2005 - Fairfax, VA, United States
Duration: Nov 11 2005Nov 11 2005

Publication series

NameProceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)1543-7221

Other

Other1st ACM Workshop on Digital Identity Management, DIM 2005, Co-located with the 12th ACM Conference on Computer and Communications Security, CCS2005
CountryUnited States
CityFairfax, VA
Period11/11/0511/11/05

Fingerprint

Authentication

All Science Journal Classification (ASJC) codes

  • Software
  • Computer Networks and Communications

Cite this

Bhargav-Spantzel, A., Squicciarini, A., & Bertino, E. (2005). Establishing and protecting digital identity in federation systems. In DIM'05 - Proceedings of the 2005 ACM Workshop on Digital Identity Management, Co-located with the 12th ACM Conference on Computer and Communications Security, CCS 2005 (pp. 11-19). (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/1102486.1102489
Bhargav-Spantzel, Abhilasha ; Squicciarini, Anna ; Bertino, Elisa. / Establishing and protecting digital identity in federation systems. DIM'05 - Proceedings of the 2005 ACM Workshop on Digital Identity Management, Co-located with the 12th ACM Conference on Computer and Communications Security, CCS 2005. 2005. pp. 11-19 (Proceedings of the ACM Conference on Computer and Communications Security).
@inproceedings{e03be0e31aaa46efb59674781c55053c,
title = "Establishing and protecting digital identity in federation systems",
abstract = "We develop solutions for the security and privacy of user identity information in a federation. By federation we mean a group of organizations or service providers which have built trust among each other and enable sharing of user identity information amongst themselves. We first propose a flexible approach to establish a single sign-on (SSO) ID in the federation. Then we show how a user can leverage this SSO ID to establish certified and un-certified user identity attributes without the dependence on PKI for user authentication.This makes the process more usable and privacy preserving. Our major contribution in this paper is a novel solution for protection against identity theft of these identity attributes. We provide protocols based on cryptographic techniques, namely zero knowledge proofs and distributed hash tables. We show how we can preserve privacy of the user identity without jeopardizing security. We formally prove correctness and provide complexity results for our protocols. The complexity results show that our approach is efficient. In the paper we also show that the protocol is robust enough even in case semi-trusted {"}honest-yet curious{"} service providers thus preventing against insider threat. In our analysis we give the desired properties of the cryptographic tools used and identify open problems. We believe that the approach represents a precursor to new and innovative cryptographic techniques which can provide solutions for the security and privacy problems in federated identity management.",
author = "Abhilasha Bhargav-Spantzel and Anna Squicciarini and Elisa Bertino",
year = "2005",
month = "12",
day = "1",
doi = "10.1145/1102486.1102489",
language = "English (US)",
isbn = "1595932321",
series = "Proceedings of the ACM Conference on Computer and Communications Security",
pages = "11--19",
booktitle = "DIM'05 - Proceedings of the 2005 ACM Workshop on Digital Identity Management, Co-located with the 12th ACM Conference on Computer and Communications Security, CCS 2005",

}

Bhargav-Spantzel, A, Squicciarini, A & Bertino, E 2005, Establishing and protecting digital identity in federation systems. in DIM'05 - Proceedings of the 2005 ACM Workshop on Digital Identity Management, Co-located with the 12th ACM Conference on Computer and Communications Security, CCS 2005. Proceedings of the ACM Conference on Computer and Communications Security, pp. 11-19, 1st ACM Workshop on Digital Identity Management, DIM 2005, Co-located with the 12th ACM Conference on Computer and Communications Security, CCS2005, Fairfax, VA, United States, 11/11/05. https://doi.org/10.1145/1102486.1102489

Establishing and protecting digital identity in federation systems. / Bhargav-Spantzel, Abhilasha; Squicciarini, Anna; Bertino, Elisa.

DIM'05 - Proceedings of the 2005 ACM Workshop on Digital Identity Management, Co-located with the 12th ACM Conference on Computer and Communications Security, CCS 2005. 2005. p. 11-19 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Establishing and protecting digital identity in federation systems

AU - Bhargav-Spantzel, Abhilasha

AU - Squicciarini, Anna

AU - Bertino, Elisa

PY - 2005/12/1

Y1 - 2005/12/1

N2 - We develop solutions for the security and privacy of user identity information in a federation. By federation we mean a group of organizations or service providers which have built trust among each other and enable sharing of user identity information amongst themselves. We first propose a flexible approach to establish a single sign-on (SSO) ID in the federation. Then we show how a user can leverage this SSO ID to establish certified and un-certified user identity attributes without the dependence on PKI for user authentication.This makes the process more usable and privacy preserving. Our major contribution in this paper is a novel solution for protection against identity theft of these identity attributes. We provide protocols based on cryptographic techniques, namely zero knowledge proofs and distributed hash tables. We show how we can preserve privacy of the user identity without jeopardizing security. We formally prove correctness and provide complexity results for our protocols. The complexity results show that our approach is efficient. In the paper we also show that the protocol is robust enough even in case semi-trusted "honest-yet curious" service providers thus preventing against insider threat. In our analysis we give the desired properties of the cryptographic tools used and identify open problems. We believe that the approach represents a precursor to new and innovative cryptographic techniques which can provide solutions for the security and privacy problems in federated identity management.

AB - We develop solutions for the security and privacy of user identity information in a federation. By federation we mean a group of organizations or service providers which have built trust among each other and enable sharing of user identity information amongst themselves. We first propose a flexible approach to establish a single sign-on (SSO) ID in the federation. Then we show how a user can leverage this SSO ID to establish certified and un-certified user identity attributes without the dependence on PKI for user authentication.This makes the process more usable and privacy preserving. Our major contribution in this paper is a novel solution for protection against identity theft of these identity attributes. We provide protocols based on cryptographic techniques, namely zero knowledge proofs and distributed hash tables. We show how we can preserve privacy of the user identity without jeopardizing security. We formally prove correctness and provide complexity results for our protocols. The complexity results show that our approach is efficient. In the paper we also show that the protocol is robust enough even in case semi-trusted "honest-yet curious" service providers thus preventing against insider threat. In our analysis we give the desired properties of the cryptographic tools used and identify open problems. We believe that the approach represents a precursor to new and innovative cryptographic techniques which can provide solutions for the security and privacy problems in federated identity management.

UR - http://www.scopus.com/inward/record.url?scp=58349114203&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=58349114203&partnerID=8YFLogxK

U2 - 10.1145/1102486.1102489

DO - 10.1145/1102486.1102489

M3 - Conference contribution

AN - SCOPUS:58349114203

SN - 1595932321

SN - 9781595932327

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 11

EP - 19

BT - DIM'05 - Proceedings of the 2005 ACM Workshop on Digital Identity Management, Co-located with the 12th ACM Conference on Computer and Communications Security, CCS 2005

ER -

Bhargav-Spantzel A, Squicciarini A, Bertino E. Establishing and protecting digital identity in federation systems. In DIM'05 - Proceedings of the 2005 ACM Workshop on Digital Identity Management, Co-located with the 12th ACM Conference on Computer and Communications Security, CCS 2005. 2005. p. 11-19. (Proceedings of the ACM Conference on Computer and Communications Security). https://doi.org/10.1145/1102486.1102489