Establishing and protecting digital identity in federation systems

Journal of Computer Security

Volumn 14, Issue 3, 2006, Pages 269-300

  Bhargav Spantzel, Abhilasha ^a   Squicciarini, Anna C ^a   Bertino, Elisa ^a  

^a PURDUE UNIVERSITY   (United States)

Author keywords

Distributed hash tables; Federation; Identity management; Identity theft; Revocation; Single sign on; Zero knowledge proof

Indexed keywords

DISTRIBUTED COMPUTER SYSTEMS; ELECTRONIC DOCUMENT IDENTIFICATION SYSTEMS; INFORMATION MANAGEMENT; INFORMATION SERVICES; NETWORK PROTOCOLS; PROBLEM SOLVING; PUBLIC KEY CRYPTOGRAPHY; SECURITY OF DATA;

DISTRIBUTED HASH TABLES; FEDERATION; IDENTITY MANAGEMENT; IDENTITY THEFT; REVOCATION; SINGLE SIGN-ON; ZERO KNOWLEDGE PROOF;

COMPUTER PRIVACY;

EID: 33745459183     PISSN: 0926227X     EISSN: None     Source Type: Journal    
DOI: 10.3233/JCS-2006-14303     Document Type: Article

References (46)

1. M. Abadi and R. Needham, Prudent engineering practice for cryptographic protocols, IEEE Trans. Softw. Eng. 22(1) (1996), 6-15.
2. H. Abelson and L. Lessig, Digital identity in Cyberspace, in: White Paper Submitted for 6.805/Law of Cyberspace: Social Protocols, 1998.
3. B. Adida, S. Hohenberger and R.L. Rivest, Separable identity-based ring signatures: Theoretical foundations for fighting phishing attacks, in: Proceedings of DIMACS Workshop on Theft in E-Commerce: Content, Identity, and Service, 2005.
4. AES. http://csrc.nist.gov/cryptotoolkit/aes/.
5. S. Almuhammadi, N.T. Sui and D. McLeod, Better privacy and security in e-commerce: Using elliptic curve-based zero-knowledge proofs, in: CEC'04: Proceedings of the IEEE International Conference on E-Commerce Technology (CEC'04), Washington, DC, USA, IEEE Computer Society, 2004, pp. 299-302.
6. M. Bellare and P. Rogaway, Random oracles are practical: a paradigm for designing efficient protocols, in: ACM Conference on Computer and Communications Security, 1993, pp. 62-73.
7. χ: A peer-to-peer framework for trust establishment, IEEE Transactions on Knowledge and Data Engineering (July) (2004), 827-842.
8. A. Bhargav-Spantzel, A.C. Squicciarini and E. Bertino, Integrating federated digital identity management and trust negotiation, Review IEEE Security and Privacy Magazine, 2005.
9. D. Boneh and M. Franklin, Identity-based encryption from the Weil pairing, in: Lecture Notes in Computer Science, Vol. 2139, 2001, pp. 213-240.
10. D. Boneh and M. Franklin, Identity-based encryption from the Weil pairing, SIAM J. Comput. 32(3) (2003), 586-615.
11. H. Buerk and A. Pfitzmann, Value exchange systems enabling security and unobservability, Computer and Security 9(9) (1990), 715-721.
12. J. Camenisch and E. van Herreweghen, Design and implementation of the idemix anonymous credential system, in: CCS'02: Proceedings of the 9th ACM conference on Computer and Communications Security, New York, NY, USA, ACM Press, 2002, pp. 21-30.
13. J. Camenisch and A. Lysyanskaya, An efficient system for non-transferable anonymous credentials with optional anonymity revocation, in: EUROCRYPT'OI: Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques, London, UK, Springer, 2001, pp. 93-118.
14. D. Chaum, Security without identification: transaction systems to make big brother obsolete, Commun. ACM 28(10) (1985), 1030-1044.
15. X. Chen, F. Zhang and K. Kim, A new id-based group signature scheme from bilinear pairings, in: Cryptology ePrint Archive, Report, 2003.
16. J.H. Choi, S.S. Lim and K. Zeilenga, A new on-line certificate validation method for improved security, scalability and interoperability, in: 6th IEEE Information Assurance Workshop, 2005.
17. R. Dhamija and J.D. Tygar, The battle against phishing: Dynamic security skins, in: SOUPS'05: Proceedings of the 2005 Symposium on Usable Privacy and Security, New York, NY, USA, ACM Press, 2005, pp. 77-88.
18. W. Duserick and F. Investments, Whitepaper on liberty protocol and identity theft, in: Liberty Alliance Project, 2004.
19. IBM Zurich Research Laboratory, Privacy enhancing, Cryptography and Pseudonym Management. http://www.zurich.ibm.com/security/privacy/.
20. U. Fiege, A. Fiat and A. Shamir, Zero knowledge proofs of identity, in: STOC'87: Proceedings of the nineteenth annual ACM conference on Theory of computing, New York, NY, USA, ACM Press, 1987, pp. 210-217.
21. G. Goth, Phishing attacks rising, but dollar losses down, IEEE Security and Privacy 3(1) (2005), 8.
22. R. Housley, W. Ford, W. Polk and D. Solo, Internet x.509 public key infrastructure certificate and crl profile, 1999.
23. R. Housley, W. Polk, W. Ford and D. Solo, Internet x.509 public key infrastructure certificate and certificate revocation list (crl) profile, 2002.
24. Identity-Management, Liberty alliance project, http://www.projectliberty. org.
25. Internet2, Shibboleth, http://shibboleth.internet2.edu.
26. Microsoft Windows 2000 Server Public Key Interoperability, http://www.alw.nih.gov/pkiy.
27. K. Klingestein, Emergence of identity service providers, in: EDUCAUSE Center for Applied Research, Research Bulletin, Volume 2002, 2002.
28. Identity Theft Management, http://www.identitytheftmanagement.com/.
29. G.S. Manku, Balanced binary trees for id management and load balance in distributed hash tables, in: PODC'04: Proceedings of the Twenty-Third Annual ACM Symposium on Principles of Distributed Computing, New York, NY, USA, ACM Press, 2004, pp. 197-205.
30. G.S. Manku, Dipsea: A modular distributed hash table, PhD thesis, Adviser-Rajeev Motwani, 2004.
31. A.J. Menezes, P.C. van Oorschot and S.A. Vanstone, Handbook of Applied Cryptography, 2001.
32. Victor S. Miller, Use of elliptic curves in cryptography, in: Lecture Notes in Computer Science; 218 on Advances in Cryptology - CRYPTO 85, Springer-Verlag New York, Inc., New York, NY, USA, 1986, pp. 417-426.
33. M. Myers, R. Ankney, A. Malpani, S. Galperin and C. Adams, X.509 Internet public key infrastructure online certificate status protocol - ocsp, 1999.
34. RSA Laboratories' Nightingale, http://www.rsasecurity.com/rsalabs/node. asp?id=2424.01
35. E. Norlin and A. Durand, Whitepaper on towards federated identity management, in: Ping Identity Corporation, 2002.
36. National Research Council of the National Academies, Who Goes There? Authentication Through the Lens of Privacy. The National Academies Press, Washington, DC, 2003.
37. K.G. Paterson, Id-based signatures from pairings on elliptic curves, Cryptology ePrint Arrhive, Report.
38. V.V. Prakash and A. O'Donnell, Fighting spam with reputation systems, Queue 3(9) (2005), 36-41.
39. Liberty Alliance Project, Liberty protocols and schemas specification, version 1.0, 11 July 2002.
40. V. Samar, Single sign-on using cookies for web applications, in: WETICE'99: Proceedings of the 8th Workshop o Enabling Technologies on Infrastructure for Collaborative Enterprises, Washington, DC, USA, IEEE Computer Society, 1999, pp. 158-163.
41. C.P. Schnorr, Efficient identification and signatures for smart cards, in: CRYPTO'89: Proceedings on Advances in cryptology, New York, NY, USA, Springer, New York, 1989, pp. 239-252.
42. A. Shamir, Identity-based cryptosystems and signature schemes, in: Proceedings of CRYPTO 84 on Advances in ciyptology, New York, NY, USA, Springer, New York, 1985, pp. 47-53.
43. V. Shoup, Lower bounds for discrete logarithms and related problems, in: Lecture Notes in Computer Science, Vol. 1233, 1997, pp. 256-268.
44. A. Whitten and J.D. Tygar, Why Johnny can't encrypt: A usability evaluation of PGP 5.0, in: 8th USENIX Security Symposium, 1999.
45. P. Wohlmacher, Digital certificates: a survey of revocation methods, in: MULTIMEDIA '00: Proceedings of the 2000 ACM workshops on Multimedia, New York, NY, USA, ACM Press, 2000, pp. 111-114.
46. D. Woodruff and J. Staddon, Private inference control, in: CCS'04: Proceedings of the 11th ACM Conference on Computer and Communications Security, New York, NY, USA, ACM Press, 2004, pp. 188-197.