User-Centric Handling of Identity Agent Compromise

  • Daisuke Mashima
  • Mustaque Ahamad
  • Swagath Kannan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5789)

Abstract

Digital identity credentials are a key enabler for important online services, but widespread theft and misuse of such credentials poses serious risks for users. We believe that an identity management system (IdMS) that empowers users to become aware of how and when their identity credentials are used is critical for the success of such online services. Furthermore, rapid revocation and recovery of potentially compromised credentials is desirable. By following a user-centric identity-usage monitoring concept, we propose a way to enhance a user-centric IdMS by introducing an online monitoring agent and an inexpensive storage token that allow users to flexibly choose transactions to be monitored and thereby to balance security, privacy and usability. In addition, by utilizing a threshold signature scheme, our system enables users to revoke and recover credentials without communicating with identity providers. Our contributions include a system architecture, associated protocols and an actual implementation of an IdMS that achieves these goals.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Daisuke Mashima
    • 1
  • Mustaque Ahamad
    • 1
  • Swagath Kannan
    • 1
  1. 1.Georgia Institute of TechnologyAtlantaUSA

Personalised recommendations