Enhancing User Privacy in Information Card-Based Identity Management Systems
نویسنده
چکیده
Information Card-based Identity Management (ICIM) is one of the most prominent user-centric schemes. In this paper we identify two security flaws in ICIM systems that may lead to a serious privacy violation. The first is the reliance on Internet user judgements of the authenticity of service providers, and the second is the reliance of the system on a single layer of authentication. We also propose a solution designed to address both flaws. The proposed solution enhances the privacy of ICIM systems by mitigating the risk of users being deceived by fake service providers. It also reduces the risk of an attacker impersonating a legitimate user to access services offered by one or more service providers, after having broken the only means employed to authenticate the user to identity provider. We also provide a security and performance analysis of the proposed solution. In this paper, CardSpace is used as an example of an ICIM system, and the modification is described in the context of this system.
منابع مشابه
Exploring the Feasibility of a Spatial User Interface Paradigm for Privacy-Enhancing Technology
Electronic devices get more and more involved in many of our communication processes for personal and professional activities. Each communication process may implicitly affect our privacy. An example may be the location trace of mobile phones. Experts present identity management systems to preserve the user’s privacy [2]. In digital correspondence users should decide about disclosure of persona...
متن کاملMobile Devices to the Identity Rescue
Identity management is defined as the set of processes related to identity and access information for the whole identity life cycle in a system. In the open internet users need new methods for identity management that supply reliable authentication and sufficient user control. Currently applied methods often lack a proper level of security (e.g., passwords) and privacy (e.g., diverse processing...
متن کاملNegotiating Trust in Identity Metasystem
Many federated identity management systems have been proposed to solve the problem of authorizing users across security domains. Although these solutions attempt to follow the user-centric design approach to empower users by letting them make important decisions on whether to release sensitive information, they do not provide much help to users in making good decisions. More importantly, privac...
متن کاملCollaborative Privacy - A Community-Based Privacy Infrastructure
The landscape of the World Wide Web with all its versatile services heavily relies on the disclosure of private user information. Service providers collecting more and more of these personal user data pose a growing privacy threat for users. Addressing user concerns privacy-enhancing technologies emerged. One goal of these technologies is to enable users to improve the control over their person...
متن کاملCredential Design in Attribute-Based Identity Management
Attribute-based credentials are cryptographically secured carriers of properties that hold for a particular individual. They are the basic building blocks of many upcoming privacy-enhancing technologies and user-centric identity management systems. There are a number of limitations and requirements besides security and privacy, such as usability and efficiency, that have to be taken into accoun...
متن کامل