Abstract
The more real business and interaction with public authorities is performed in digital form, the more important the handling of identities over open networks becomes. The rise in identity theft as a result of the misuse of global but unprotected identifiers like credit card numbers is one strong indicator of this. Setting up individual passwords between a person and every organization he or she interacts with also offers very limited security in practice. Federated identity management addresses this critical issue. Classic proposals like Kerberos and PKIs never gained wide acceptance because of two problems: actual deployment to end users and privacy. We describe modern approaches that solve these problems. The first approach is browser-based protocols, where the user only needs a standard browser without special settings. We discuss the specific protocol types and security challenges of this protocol class, as well as what level of privacy can and cannot be achieved within this class. The second approach, private credentials, solves the problems that none of the prior solutions could solve, but requires the user to install some local software. Private credentials allow the user to reveal only the minimum information necessary to conduct transactions. In particular, it enables unlinkable transactions even for certified attributes. We sketch the cryptographic solutions and describe how optional properties such as revocability can be achieved, in particular in the idemix system.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In First ACM Conference on Computer and Communication Security, pages 62–73. Association for Computing Machinery, 1993.
D. Boneh, X. Boyen, and H. Shacham. Short group signatures. In Matthew K. Franklin, editor, Advances in Cryptology — CRYPTO 2004, volume 3152 of LNCS, pages 41–55. Springer Verlag, 2004.
D. Boneh, B. Lynn, and H. Shacham. Short signatures from the Weil pairing. In J. of Cryptology, vol. 17, no. 4, pp. 297–319, 2004.
S. Brands. Untraceable off-line cash in wallets with observers. In Douglas R. Stinson, editor, Advances in Cryptology — CRYPTO’ 93, volume 773 of LNCS, pages 302–318, 1993.
S. Brands. Rethinking Public Key Infrastructure and Digital Certificates-Building in Privacy. PhD thesis, Eindhoven Institute of Technology, Eindhoven, The Netherlands, 1999.
E. Brickell, J. Camenisch, and L. Chen. Direct anonymous attestation. In Proc. 11th ACM Conference on Computer and Communications Security, pages 225–234. ACM press, 2004.
J. Camenisch. Cryptographic Protocols, chapter Direct Anonymous Attestation Explained. Wenbo Mao and Markus Jakobsson (Editors). Addison-Wesley, 2006. to appear.
J. Camenisch and E. van Herreweghen. Design and implementation of the idemix anonymous credential system. In Proc. 9th ACM Conference on Computer and Communications Security. acm press, 2002.
J. Camenisch and A. Lysyanskaya. Efficient non-transferable anonymous multi-show credential system with optional anonymity revocation. In Birgit Pfitzmann, editor, Advances in Cryptology — EUROCRYPT 2001, volume 2045 of LNCS, pages 93–118. Springer Verlag, 2001.
J. Camenisch and A. Lysyanskaya. A signature scheme with efficient protocols. In Stelvio Cimato, Clemente Galdi, and Giuseppe Persiano, editors, Security in Communication Networks, Third International Conference, SCN 2002, volume 2576 of LNCS, pages 268–289. Springer Verlag, 2003.
J. Camenisch and A. Lysyanskaya. Signature schemes and anonymous credentials from bilinear maps. In Matthew K. Franklin, editor, Advances in Cryptology — CRYPTO 2004, volume 3152 of LNCS, pages 56–72. Springer Verlag, 2004.
J. Camenisch and V. Shoup. Practical verifiable encryption and decryption of discrete logarithms. In Dan Boneh, editor, Advances in Cryptology — CRYPTO 2003, volume 2729 of LNCS, pages 126–144, 2003.
J. Camenisch and M. Stadler. Efficient group signature schemes for large groups. In Burt Kaliski, editor, Advances in Cryptology — CRYPTO’ 97, volume 1296 of LNCS, pages 410–424. Springer Verlag, 1997.
S. Cantor and M. Erdos. Shibboleth-architecture draft v05, May 2002. http: //shibboleth.internet2.edu/docs/draft-internet2-shibboleth-arch-v0%5.pdf.
D. Chaum. Untraceable electronic mail, return addresses, and digital pseudonyms. Communications of the ACM, 24(2):84–88, February 1981.
D. Chaum. Security without identification: Transaction systems to make big brother obsolete. Communications of the ACM, 28(10):1030–1044, October 1985.
D. Chaum and J.H. Evertse. A secure and privacy-protecting protocol for transmitting personal information between organizations. In M. Odlyzko, editor, Advances in Cryptology — CRYPTO’ 86, volume 263 of LNCS, pages 118–167. Springer-Verlag, 1987.
I.B. Damgård. Efficient concurrent zero-knowledge in the auxiliary string model. In Bart Preneel, editor, Advances in Cryptology — EUROCRYPT 2000, volume 1807 of LNCS, pages 431–444. Springer Verlag, 2000.
I.B. Damgård. Payment systems and credential mechanism with provable security against abuse by individuals. In Shafi Goldwasser, editor, Advances in Cryptology — CRYPTO’ 88, volume 403 of LNCS, pages 328–335. Springer Verlag, 1990.
A. Fiat and A. Shamir. How to prove yourself: Practical solutions to identification and signature problems. In Andrew M. Odlyzko, editor, Advances in Cryptology — CRYPTO’ 86, volume 263 of LNCS, pages 186–194. Springer Verlag, 1987.
S. Galbraith. Advances in elliptic curve cryptography, chapter Pairings. Cambridge University Press, 2005.
T. Groß. Security analysis of the SAML Single Sign-on Browser/Artifact profile. In Proc. 19th Annual Computer Security Applications Conference. IEEE Computer Society, December 2003.
T. Groß and B. Pfitzmann. Proving a WS-Federation Passive Requestor profile. In ACM Workshop on Secure Web Services (SWS). ACM Press, to appear, 2004.
T. Groß, B. Pfitzmann, and A.R. Sadeghi. Browser model for security analysis of browser-based protocols. In Proc. 10th European Symposium on Research in Computer Security (ESORICS), volume 3679 of LNCS, pages 489–508. Springer, 2005.
T. Groß, B. Pfitzmann, and A.R. Sadeghi. Proving a WS-Federation Passive Requestor profile with a browser model. In ACM Workshop on Secure Web Services (SWS), pages 54–64. ACM Press, 2005.
M. Hur, R.D. Johnson, A. Medvinsky, Y. Rouskov, J. Spellman, S. Weeden, and A. Nadalin. Passive Requestor Federation Interop Scenario, Version 0.4, February 2004. ftp://www6.software.ibm.com/software/developer/library/ws-fpscenario2.d%oc.
Harris Interactive. First major post-9/11 privacy survey finds consumers demanding companies do more to protect privacy. Rochester, http://www.harrisinteractive.com/news/allnewsbydate.asp?NewsID=429, February 2002.
C. Kaler and A. Nadalin (ed.). Web Services Federation Language (WS-Federation), Version 1.0, July 2003. BEA and IBM and Microsoft and RSA Security and VeriSign, http://www-106.ibm.com/developerworks/webservices/library/ws-fed/.
C. Kaler and A. Nadalin (ed.). WS-Federation: Passive Requestor Profile, Version 1.0, July 2003. BEA and IBM and Microsoft and RSA Security and VeriSign, http://www-106.ibm.com/developerworks/library/ws-fedpass/.
D.P. Kormann and A.D. Rubin. Risks of the Passport single signon protocol. Computer Networks, 33:51–58, 1994.
Liberty Alliance Project. Liberty Phase 2 final specifications, November 2003. http://www.projectliberty.org/.
A. Lysyanskaya, R. Rivest, A. Sahai, and S. Wolf. Pseudonym systems. In Howard Heys and Carlisle Adams, editors, Selected Areas in Cryptography, volume 1758 of LNCS. Springer Verlag, 1999.
Microsoft Corporation..NET Passport documentation, in particular Technical Overview, and SDK 2.1 Documentation (started 1999), September 2001.
OASIS Standard. Security assertion markup language (SAML) V1.1, Nov 2002.
OASIS Standard. Security assertion markup language (SAML) V2.0, March 2005.
T.P. Pedersen. Non-interactive and information-theoretic secure verifiable secret sharing. In Joan Feigenbaum, editor, Advances in Cryptology — CRYPTO’ 91, volume 576 of LNCS, pages 129–140. Springer Verlag, 1992.
B. Pfitzmann. Privacy in enterprise identity federation — policies for Liberty single signon. In Proc. 3rd International Workshop on Privacy Enhancing Technologies (PET), volume 2760 of LNCS, pages 189–204. Springer, 2003.
B. Pfitzmann. Privacy in enterprise identity federation — policies for Liberty 2 single signon. Elsevier Information Security Technical Report (ISTR), 9(1):45–58, 2004. http://www.sciencedirect.com/science/journal/13634127.
B. Pfitzmann and M. Waidner. Privacy in browser-based attribute exchange. In Proc. 1st ACM Workshop on Privacy in the Electronic Society (WPES), pages 52–62, 2002.
B. Pfitzmann and M. Waidner. Analysis of Liberty single-signon with enabled clients. IEEE Internet Computing, 7(6):38–44, 2003.
D. Pointcheval and J. Stern. Security proofs for signature schemes. In Ueli Maurer, editor, Advances in Cryptology — EUROCRYPT’ 96, volume 1070 of LNCS, pages 387–398. Springer Verlag, 1996.
C.P. Schnorr. Efficient signature generation for smart cards. Journal of Cryptology, 4(3):239–252, 1991.
A. Westin. Consumer privacy attitudes and actions: What the surveys find 2005–2006. Privacy Year in Review, Projections and Trends for 2006, Privacy & American Business, January 2006.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Camenisch, J., Pfitzmann, B. (2007). Federated Identity Management. In: Petković, M., Jonker, W. (eds) Security, Privacy, and Trust in Modern Data Management. Data-Centric Systems and Applications. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-69861-6_15
Download citation
DOI: https://doi.org/10.1007/978-3-540-69861-6_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-69860-9
Online ISBN: 978-3-540-69861-6
eBook Packages: Computer ScienceComputer Science (R0)