Abstract
Many service providers want to control access to their services and offer personalized services. This implies that the service provider requests and stores personal attributes. However, many service providers are not sure about the correctness of attributes that are disclosed by the user during registration. Federated identity management systems aim at increasing the user-friendliness of authentication procedures, while at the same time ensuring strong authentication to service providers. This paper presents a new flexible approach for user-centric identity management, using trusted modules. Our approach combines several privacy features available in current federated identity management systems and offers extra functionality. For instance, attribute aggregation is supported and the problem of user impersonization by identity providers is tacked.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Chadwick, D.W.: Federated identity management. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD. LNCS, vol. 5705, pp. 96–120. Springer, Heidelberg (2008)
Ahn, G.J., Ko, M.: User-centric privacy management for federated identity management. In: COLCOM 2007: Proceedings of the 2007 International Conference on Collaborative Computing: Networking, Applications and Worksharing, pp. 187–195. IEEE Computer Society, Washington, DC, USA (2007)
Ingo Naumann, G.H.: Privacy Features of European eID Card Specifications. Technical report, ENISA (2009)
Chadwick, D.W., Inman, G., Klingenstein, N.: A conceptual model for attribute aggregation. Future Generation Computer Systems 26(7), 1043–1052 (2010)
Jøsang, A., Zomai, M.A., Suriadi, S.: Usability and privacy in identity management architectures. In: Brankovic, L., Coddington, P.D., Roddick, J.F., Steketee, C., Warren, J.R., Wendelborn, A.L. (eds.) ACSW Frontiers. CRPIT, vol. 68, pp. 143–152. Australian Computer Society (2007)
Jøsang, A., Pope, S.: User centric identity management. In: Asia Pacific Information Technology Security Conference, AusCERT 2005, Australia, pp. 77–89 (2005)
Recordon, D., Reed, D.: OpenID 2.0: a platform for user-centric identity management. In: DIM 2006: Proceedings of the Second ACM Workshop on Digital Identity Management, pp. 11–16. ACM, New York (2006)
Morgan, R.L., Cantor, S., Carmody, S., Hoehn, W., Klingenstein, K.: Federated security: The shibboleth approach. EDUCAUSE Quarterly 27(4) (2004)
Bertocci, V., Serack, G., Baker, C.: Understanding windows cardspace: an introduction to the concepts and challenges of digital identities. Addison-Wesley Professional, Reading (2007)
Leitold, H., Hollosi, A., Posch, R.: Security architecture of the austrian citizen card concept. In: ACSAC 2002: Proceedings of the 18th Annual Computer Security Applications Conference. IEEE Computer Society, Washington, DC, USA (2002)
Suriadi, S., Foo, E., Jøsang, A.: A user-centric federated single sign-on system. Journal of Network and Computer Applications 32(2), 388–401 (2009)
Bangerter, E., Camenisch, J., Lysyanskaya, A.: A cryptographic framework for the controlled release of certified data. In: Christianson, B., Crispo, B., Malcolm, J.A., Roe, M. (eds.) Security Protocols 2004. LNCS, vol. 3957, pp. 20–42. Springer, Heidelberg (2006)
Camenisch, J., Shelat, A., Sommer, D., Fischer-Hübner, S., Hansen, M., Krasemann, H., Lacoste, G., Leenes, R., Tseng, J.: Privacy and identity management for everyone. In: DIM 2005: Proceedings of the 2005 Workshop on Digital Identity Management, pp. 20–27. ACM, New York (2005)
Leenes, R., Schallaböck, J., Hansen, M.: Privacy and identity management for europe (May 2008), https://www.prime-project.eu/prime_products/whitepaper/PRIME-Whitepaper-V3.pdf
Pearson, S., Mont, M.C., Crane, S.: Persistent and dynamic trust: Analysis and the related impact of trusted platforms. In: Herrmann, P., Issarny, V., Shiu, S.C.K. (eds.) iTrust 2005. LNCS, vol. 3477, pp. 355–363. Springer, Heidelberg (2005)
Pearson, S.: Trusted computing: Strengths, weaknesses and further opportunities for enhancing privacy. In: Herrmann, P., Issarny, V., Shiu, S.C.K. (eds.) iTrust 2005. LNCS, vol. 3477, pp. 305–320. Springer, Heidelberg (2005)
Syverson, P.F., Goldschlag, D.M., Reed, M.G.: Anonymous connections and onion routing. In: IEEE Symposium on Security and Privacy, pp. 44–54. IEEE Computer Society, Los Alamitos (1997)
Vossaert, J., Verhaeghe, P., De Decker, B., Naessens, V.: A smart card based solution for user-centric identity management. In: Pre-Proceedings of the Sixth International PrimeLife/IFIP Summer School on Privacy and Identity Management for Life (August 2010)
Camenisch, J., Herreweghen, E.V.: Design and implementation of the idemix anonymous credential system. In: Atluri, V. (ed.) ACM Conference on Computer and Communications Security, pp. 21–30. ACM, New York (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Vossaert, J., Lapon, J., De Decker, B., Naessens, V. (2011). User-Centric Identity Management Using Trusted Modules. In: Camenisch, J., Lambrinoudakis, C. (eds) Public Key Infrastructures, Services and Applications. EuroPKI 2010. Lecture Notes in Computer Science, vol 6711. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22633-5_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-22633-5_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22632-8
Online ISBN: 978-3-642-22633-5
eBook Packages: Computer ScienceComputer Science (R0)