User-Centric Identity Management Using Trusted Modules

Many service providers want to control access to their services and offer personalized services. This implies that the service provider requests and stores personal attributes. However, many service providers are not sure about the correctness of attributes that are disclosed by the user during registration. Federated identity management systems aim at increasing the user-friendliness of authentication procedures, while at the same time ensuring strong authentication to service providers. This paper presents a new flexible approach for user-centric identity management, using trusted modules. Our approach combines several privacy features available in current federated identity management systems and offers extra functionality. For instance, attribute aggregation is supported and the problem of user impersonization by identity providers is tacked.

[1]  Vittorio Bertocci,et al.  Understanding Windows CardSpace: An Introduction to the Concepts and Challenges of Digital Identities , 2007 .

[2]  Jan Camenisch,et al.  A Cryptographic Framework for the Controlled Release of Certified Data , 2004, Security Protocols Workshop.

[3]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[4]  Jonathan Katz,et al.  Universally Composable Multi-party Computation Using Tamper-Proof Hardware , 2007, EUROCRYPT.

[5]  A. Jøsang,et al.  User Centric Identity Management , 2005 .

[6]  Audun Jøsang,et al.  A User-centric Federated Single Sign-on System , 2007, 2007 IFIP International Conference on Network and Parallel Computing Workshops (NPC 2007).

[7]  Abhi Shelat,et al.  Privacy and identity management for everyone , 2005, DIM '05.

[8]  Paul F. Syverson,et al.  Anonymous connections and onion routing , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[9]  Marit Hansen,et al.  Privacy and Identity Management for Life: 6th IFIP WG 9.2, 9.6/11.7, 11.4, 11.6/PrimeLife International Summer School, Helsingborg, Sweden, August ... in Information and Communication Technology) , 2011 .

[10]  Audun Jøsang,et al.  Usability and Privacy in Identity Management Architectures , 2007, ACSW.

[11]  Giles Hogben,et al.  Privacy Features: Privacy features of European eID card specifications , 2008 .

[12]  Moni Naor,et al.  Basing cryptographic protocols on tamper-evident seals , 2010, Theor. Comput. Sci..

[13]  Siani Pearson,et al.  Persistent and Dynamic Trust: Analysis and the Related Impact of Trusted Platforms , 2005, iTrust.

[14]  XML parsing: a threat to database performance , 2003, CIKM '03.

[15]  Bart De Decker,et al.  A Smart Card Based Solution for User-Centric Identity Management , 2010, PrimeLife.

[16]  Gail-Joon Ahn,et al.  User-centric privacy management for federated identity management , 2007, 2007 International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2007).

[17]  Tasos Falas,et al.  Two-Dimensional Bar-Code Decoding with Camera-Equipped Mobile Phones , 2007, Fifth Annual IEEE International Conference on Pervasive Computing and Communications Workshops (PerComW'07).

[18]  David W. Chadwick,et al.  Federated Identity Management , 2009, FOSAD.

[19]  Siani Pearson,et al.  Trusted Computing: Strengths, Weaknesses and Further Opportunities for Enhancing Privacy , 2005, iTrust.

[20]  Reinhard Posch,et al.  Security architecture of the Austrian citizen card concept , 2002, 18th Annual Computer Security Applications Conference, 2002. Proceedings..

[21]  Ken Klingenstein,et al.  Federated Security: The Shibboleth Approach , 2004 .

[22]  Drummond Reed,et al.  OpenID 2.0: a platform for user-centric identity management , 2006, DIM '06.

[23]  Kai Rannenberg,et al.  Privacy and Identity Management for Life , 2011, Privacy and Identity Management for Life.

[24]  Bart De Decker,et al.  Analysis of Revocation Strategies for Anonymous Idemix Credentials , 2011, Communications and Multimedia Security.

[25]  David W. Chadwick,et al.  A conceptual model for attribute aggregation , 2010, Future Gener. Comput. Syst..