Authenticated Dictionary-Based Attribute Sharing in Federated Identity Management

Authenticated dictionaries have been primarily studied and used in the context of certificate revocation in public key infrastructure (PKI). This paper presents a novel approach to enabling controlled access to and selective sharing of sensitive user attributes in federated identity management (FIM) by integrating an authenticated dictionary (ADT)-based credential into FIM, while attempting to achieve both better privacy control and usability. Our approach is motivated by the notion of user-centricity, which is essentially to give users a larger degree of control over their attributes. We discuss the design of a security system based on the usage of ADT-based credentials. Finally we discuss a proof-of-concept implementation.

[1]  Ralph C. Merkle,et al.  A Digital Signature Based on a Conventional Encryption Function , 1987, CRYPTO.

[2]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[3]  Abhilasha Bhargav-Spantzel,et al.  User centricity: a taxonomy and open issues , 2006, DIM '06.

[4]  Jan Camenisch,et al.  Design and implementation of the idemix anonymous credential system , 2002, CCS '02.

[5]  Jan Camenisch,et al.  Design and implementation of theidemixanonymous credential system , 2002, CCS 2002.

[6]  David Chaum,et al.  Achieving Electronic Privacy , 1992 .

[7]  K. Cameron,et al.  The Laws of Identity , 2005 .

[8]  Dongwan Shin,et al.  Controlled sharing of identity attributes for better privacy , 2007, 2007 International Conference on Collaborative Computing: Networking, Applications and Worksharing (CollaborateCom 2007).

[9]  Seng-Phil Hong,et al.  Information Assurance in Federated Identity Management: Experimentations and Issues , 2004, WISE.

[10]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .

[11]  Jan Camenisch,et al.  A Signature Scheme with Efficient Protocols , 2002, SCN.

[12]  Audun Jøsang,et al.  Trust Requirements in Identity Management , 2005, ACSW.

[13]  Michael T. Goodrich,et al.  Implementation of an authenticated dictionary with skip lists and commutative hashing , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[14]  Gail-Joon Ahn,et al.  Ensuring information assurance in federated identity management , 2004, IEEE International Conference on Performance, Computing, and Communications, 2004.

[15]  Dongwan Shin,et al.  Enabling Interoperable and Selective Data Sharing among Social Networking Sites , 2008, CollaborateCom.

[16]  Gail-Joon Ahn,et al.  Managing privacy preferences for federated identity management , 2005, DIM '05.

[17]  Michael T. Goodrich,et al.  Persistent Authenticated Dictionaries and Their Applications , 2001, ISC.