TY - GEN
T1 - Establishing and protecting digital identity in federation systems
AU - Bhargav-Spantzel, Abhilasha
AU - Squicciarini, Anna C.
AU - Bertino, Elisa
PY - 2005
Y1 - 2005
N2 - We develop solutions for the security and privacy of user identity information in a federation. By federation we mean a group of organizations or service providers which have built trust among each other and enable sharing of user identity information amongst themselves. We first propose a flexible approach to establish a single sign-on (SSO) ID in the federation. Then we show how a user can leverage this SSO ID to establish certified and un-certified user identity attributes without the dependence on PKI for user authentication.This makes the process more usable and privacy preserving. Our major contribution in this paper is a novel solution for protection against identity theft of these identity attributes. We provide protocols based on cryptographic techniques, namely zero knowledge proofs and distributed hash tables. We show how we can preserve privacy of the user identity without jeopardizing security. We formally prove correctness and provide complexity results for our protocols. The complexity results show that our approach is efficient. In the paper we also show that the protocol is robust enough even in case semi-trusted "honest-yet curious" service providers thus preventing against insider threat. In our analysis we give the desired properties of the cryptographic tools used and identify open problems. We believe that the approach represents a precursor to new and innovative cryptographic techniques which can provide solutions for the security and privacy problems in federated identity management.
AB - We develop solutions for the security and privacy of user identity information in a federation. By federation we mean a group of organizations or service providers which have built trust among each other and enable sharing of user identity information amongst themselves. We first propose a flexible approach to establish a single sign-on (SSO) ID in the federation. Then we show how a user can leverage this SSO ID to establish certified and un-certified user identity attributes without the dependence on PKI for user authentication.This makes the process more usable and privacy preserving. Our major contribution in this paper is a novel solution for protection against identity theft of these identity attributes. We provide protocols based on cryptographic techniques, namely zero knowledge proofs and distributed hash tables. We show how we can preserve privacy of the user identity without jeopardizing security. We formally prove correctness and provide complexity results for our protocols. The complexity results show that our approach is efficient. In the paper we also show that the protocol is robust enough even in case semi-trusted "honest-yet curious" service providers thus preventing against insider threat. In our analysis we give the desired properties of the cryptographic tools used and identify open problems. We believe that the approach represents a precursor to new and innovative cryptographic techniques which can provide solutions for the security and privacy problems in federated identity management.
UR - http://www.scopus.com/inward/record.url?scp=58349114203&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=58349114203&partnerID=8YFLogxK
U2 - 10.1145/1102486.1102489
DO - 10.1145/1102486.1102489
M3 - Conference contribution
AN - SCOPUS:58349114203
SN - 1595932321
SN - 9781595932327
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 11
EP - 19
BT - DIM'05 - Proceedings of the 2005 ACM Workshop on Digital Identity Management, Co-located with the 12th ACM Conference on Computer and Communications Security, CCS 2005
T2 - 1st ACM Workshop on Digital Identity Management, DIM 2005, Co-located with the 12th ACM Conference on Computer and Communications Security, CCS2005
Y2 - 11 November 2005 through 11 November 2005
ER -