Establishing and protecting digital identity in federation systems

TY - GEN

T1 - Establishing and protecting digital identity in federation systems

AU - Bhargav-Spantzel, Abhilasha

AU - Squicciarini, Anna

AU - Bertino, Elisa

PY - 2005/12/1

Y1 - 2005/12/1

N2 - We develop solutions for the security and privacy of user identity information in a federation. By federation we mean a group of organizations or service providers which have built trust among each other and enable sharing of user identity information amongst themselves. We first propose a flexible approach to establish a single sign-on (SSO) ID in the federation. Then we show how a user can leverage this SSO ID to establish certified and un-certified user identity attributes without the dependence on PKI for user authentication.This makes the process more usable and privacy preserving. Our major contribution in this paper is a novel solution for protection against identity theft of these identity attributes. We provide protocols based on cryptographic techniques, namely zero knowledge proofs and distributed hash tables. We show how we can preserve privacy of the user identity without jeopardizing security. We formally prove correctness and provide complexity results for our protocols. The complexity results show that our approach is efficient. In the paper we also show that the protocol is robust enough even in case semi-trusted "honest-yet curious" service providers thus preventing against insider threat. In our analysis we give the desired properties of the cryptographic tools used and identify open problems. We believe that the approach represents a precursor to new and innovative cryptographic techniques which can provide solutions for the security and privacy problems in federated identity management.

AB - We develop solutions for the security and privacy of user identity information in a federation. By federation we mean a group of organizations or service providers which have built trust among each other and enable sharing of user identity information amongst themselves. We first propose a flexible approach to establish a single sign-on (SSO) ID in the federation. Then we show how a user can leverage this SSO ID to establish certified and un-certified user identity attributes without the dependence on PKI for user authentication.This makes the process more usable and privacy preserving. Our major contribution in this paper is a novel solution for protection against identity theft of these identity attributes. We provide protocols based on cryptographic techniques, namely zero knowledge proofs and distributed hash tables. We show how we can preserve privacy of the user identity without jeopardizing security. We formally prove correctness and provide complexity results for our protocols. The complexity results show that our approach is efficient. In the paper we also show that the protocol is robust enough even in case semi-trusted "honest-yet curious" service providers thus preventing against insider threat. In our analysis we give the desired properties of the cryptographic tools used and identify open problems. We believe that the approach represents a precursor to new and innovative cryptographic techniques which can provide solutions for the security and privacy problems in federated identity management.

UR - http://www.scopus.com/inward/record.url?scp=58349114203&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=58349114203&partnerID=8YFLogxK

U2 - 10.1145/1102486.1102489

DO - 10.1145/1102486.1102489

M3 - Conference contribution

AN - SCOPUS:58349114203

SN - 1595932321

SN - 9781595932327

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 11

EP - 19

BT - DIM'05 - Proceedings of the 2005 ACM Workshop on Digital Identity Management, Co-located with the 12th ACM Conference on Computer and Communications Security, CCS 2005

ER -