User-Centric Identification Management for Cross Realm Cloud and Ubiquitous Computing

Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 164)

Abstract

User identification is undoubtedly important in cyber world. Traditionally, services use login name and password to verify a user. With the rising services of cloud and ubiquitous computing, it becomes a burden for users to memorize all their login name and password pairs for each service they need. Although the advance of new technologies brings us new authentication channels, the purpose of these technologies are for the service provider to be convinced the claimer is really who he or she claims. Few of them have ever concerned about user’s anonymity. In this paper, a novel credential based user-centric identification management based on the federated model is proposed. It satisfies the essential of user-centric and ubiquitous computing. Besides, the method keeps the user-centric consideration about anonymity. It supports all the anonymous, pseudonymous, and veronymous identity for user with single-sign-on.

Keywords

User-centric identification management Cloud computing 

Notes

Acknowledgment

This work was partially supported by the National Science Council in Taiwan through Grant NSC 100-2221-E-143-002-.

References

  1. 1.
    Olden, E.: Architecting a cloud-scale identity fabric. IEEE Comput. 44(3), 52–59 (2011)CrossRefGoogle Scholar
  2. 2.
    Pashalidis, A., Mitchell, C.J.: A taxonomy of single sign-on systems. LNCS 2727, 249–264 (2003)Google Scholar
  3. 3.
    Shim, S.S.Y., Bhalla, G., Pendyala, V.: Federated UID management. IEEE Comput. 38(12), 120–122 (2005)CrossRefGoogle Scholar
  4. 4.
    Perlman, R,. Kaufman, C.: User-centric PKI. In: Proceedings of the 7th Symposium on Identity and Trust on the Internet, pp. 59–71, March 2008Google Scholar
  5. 5.
    Bellovin, S., Merritt, M.: Encrypted Key exchange: password-based protocols secure against dictionary attacks. In: Proceedings of IEEE Symposium on Research in Security and Privacy, pp. 72–84, May 1992Google Scholar
  6. 6.
    Steiner, M., Tsudik, G., Waidner, M.: Refinement and extension of encrypted key exchange. Oper. Syst. Rev. 29(3), 22–30 (1995)CrossRefGoogle Scholar
  7. 7.
    Jablon, D.: Strong password-only authenticated key exchange. Comp. Comm. Rev. 26(5), 5–26 (1996)CrossRefGoogle Scholar
  8. 8.
    Lucks, S.: Open key exchange: how to defeat dictionary attacks without encrypting public keys. LNCS 1361, 79–90 (1997)Google Scholar
  9. 9.
    Wu, T.: The secure remote password protocol. In: Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, pp. 97–111, March 1998Google Scholar
  10. 10.
    Perlman, R., Kaufman, C.: PDM: A new strong password-based protocol. In: Proceedings of the 10th Conference on USENIX Security Symposium, pp. 23–23, Aug 2001Google Scholar
  11. 11.
    Chandra, R., Mehrotra, S., Venkasubramanian, N.: Pvault: a client server system providing mobile access to personal data. In: Proceedings of the 2005 ACM Workshop on Storage Security and Survivability, pp. 123–129, 2005Google Scholar
  12. 12.
    Yee, K., Sitaker, K.: Passpet: convenient password management and phishing protection. In: Proceedings of the Second Symposium on Usable Privacy and Security, pp. 32–43, 2006Google Scholar
  13. 13.
    Lava Software Pty. Ltd.: Password Vault User Manual, 2007, http://www.lavasoftware.com/pv/contents.html
  14. 14.
  15. 15.
  16. 16.
    Harding, P., Johansson, L., Klingenstein, N.: Dynamic security assertion markup language: simplifying single sign-on. IEEE Secur. Priv. 6(2), 83–85 (2008)Google Scholar
  17. 17.
  18. 18.
    Bertocci, V., Serack, G., Baker, C.: Understanding windows cardspace: an introduction to the concepts and challenges of digital identities. Addison-Wesley, Amsterdam (2007)Google Scholar
  19. 19.
  20. 20.
    Lopes, C.: Hypergrid: architecture and protocol for virtual world interoperability. IEEE Internet Comput. 15(5), 22–29 (2011)CrossRefGoogle Scholar
  21. 21.
    Wang, R.C., Chang, Y.C., Chang, R.S.: A semantic service approach for ubiquitous computing. J. Intell. Manuf. 20(3), 327–335 (2009)CrossRefGoogle Scholar
  22. 22.
    Chaum, D.: Security without identification: transaction systems to make big brother obsolete. Commun. ACM 28(10), 1035–1044 (1985)CrossRefGoogle Scholar
  23. 23.
    Bellare, M., Kilian, J., Rogaway, P.: The security of the cipher block chaining message authentication code. J. Comput. Syst. Sci. 61(3), 362–399 (2000)MathSciNetMATHCrossRefGoogle Scholar
  24. 24.
    Vecchio, D.D., Humphrey, M., Basney, J., Nagaratnam, N.: CredEx: user-centric credential management for grid and web services. In: Proceedings of the IEEE International Conference on Service, pp. 149–156, 2005Google Scholar
  25. 25.
    Burr, W.E., Dodson, D.F., Polk, W.T.: Electronic authentication guideline, NIST Special Publication 800-63, April 2006Google Scholar
  26. 26.
    Sandhu, R.S.: Relational Database Access Controls, Handbook of Information Security Management, pp. 145–160, Auerbach Publishers, Philadelphia, 1994Google Scholar

Copyright information

© Springer Science+Business Media Dortdrecht 2012

Authors and Affiliations

  1. 1.Department of Computer Science and Information EngineeringNational Taitung UniversityTaitungTaiwan

Personalised recommendations