User-Centric Identity Management Architecture Using Credential-Holding Identity Agents

The pervasive use of digital identities in today’s cyberspace has led to an increasing interest in the area of identity management. Recently proposed user-centric identity management systems have accomplished higher-level of user control over online identity credentials. However, while the lack of a central authority that governs the entire system requires users to be responsible for their own digital identity credentials, the existing user-centric identity management systems still have problems in terms of security, privacy, and system availability. In this chapter, we present an identity management architecture that addresses these problems. Our scheme relies on user-controlled identity agents. Identity agents realize fine-grained control over online identity disclosure by using a minimal-disclosure identity credential scheme and also improve users’ awareness over their credential usage via an identity-usage monitoring system that includes a real-time risk scoring mechanism. A proof-of-concept implementation is shown and evaluated in terms of security, user-centricity, and performance. DOI: 10.4018/978-1-61350-498-7.ch005

[1]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[2]  Daisuke Mashima,et al.  Using identity credential usage logs to detect anomalous service accesses , 2009, DIM '09.

[3]  Marit Hansen,et al.  Privacy-enhancing identity management , 2004, Inf. Secur. Tech. Rep..

[4]  Drummond Reed,et al.  OpenID 2.0: a platform for user-centric identity management , 2006, DIM '06.

[5]  Marek Hatala,et al.  Enabling User Control with Personal Identity Management , 2007, IEEE International Conference on Services Computing (SCC 2007).

[6]  Jörg Schwenk,et al.  Risks of the CardSpace Protocol , 2009, ISC.

[7]  Sébastien Canard,et al.  Identity federation and privacy: one step beyond , 2008, DIM '08.

[8]  Chris J. Mitchell,et al.  Improving the Security of CardSpace , 2009, EURASIP J. Inf. Secur..

[9]  Elisa Bertino,et al.  An Overview of VeryIDX - A Privacy-Preserving Digital Identity Management System for Mobile Devices , 2009, J. Softw..

[10]  Daisuke Mashima,et al.  User-Centric Handling of Identity Agent Compromise , 2009, ESORICS.

[11]  Abhi Shelat,et al.  Privacy and identity management for everyone , 2005, DIM '05.

[12]  M. Ahamad,et al.  Towards a User-Centric Identity-Usage Monitoring System , 2008, 2008 The Third International Conference on Internet Monitoring and Protection.

[13]  David Cash,et al.  Minimal information disclosure with efficiently verifiable credentials , 2008, DIM '08.

[14]  S. Cha Taxonomy of nominal type histogram distance measures , 2008 .

[15]  Marit Hansen,et al.  PRIME white paper v3, May 2008 , 2008 .

[16]  Martín Abadi,et al.  Authentication in distributed systems: theory and practice , 1991, SOSP '91.

[17]  Abhilasha Bhargav-Spantzel,et al.  User centricity: a taxonomy and open issues , 2006, DIM '06.