HCI Bibliography Home | HCI Conferences | IDTRUST Archive | Detailed Records | RefWorks | EndNote | Hide Abstracts
IDTRUST Tables of Contents: 080910

Proceedings of the 2008 Symposium on Identity and Trust on the Internet

Fullname:Proceedings of the 7th symposium on Identity and trust on the Internet
Editors:Ken Klingenstein; Kent Seamons
Location:Gaithersburg, Maryland
Dates:2008-Mar-04 to 2008-Mar-06
Standard No:ISBN: 1-60558-066-X, 978-1-60558-066-1; ACM DL: Table of Contents hcibib: IDTRUST08
Links:Conference Home Page
  1. Identity management
  2. Access control in open systems
  3. Public key infrastructure
  4. Practice & experience: health care

Identity management

A client-side CardSpace-Liberty integration architecture BIBAKFull-Text 1-7
  Waleed A. Alrodhan; Chris J. Mitchell
Over the last few years, many identity management schemes, frameworks and system specifications have been proposed; however these various schemes and frameworks are typically not interoperable. In this paper we propose an approach to enable interoperation between two of the most prominent identity management schemes, namely the Liberty Alliance Project scheme (specifically the ID-FF LEC Profile) and the Microsoft CardSpace (formerly known as InfoCard) scheme. This integration should enhance interoperability by enabling users to make use of identity management systems even if the system participants are using different schemes. The main advantages and disadvantages of the proposed integration model are also investigated.
Keywords: CardSpace, Liberty, federation, identity management, integration
Identity protection factor (IPF) BIBAKFull-Text 8-18
  Arshad Noor
Since the dawn of computing, operating systems and applications have used many schemes to identify and authenticate entities accessing resources within computers. While the technologies and schemes have varied, there appears to have been little attempt to classify them based on their ability to resist attacks from unauthorized entities.
   With the proliferation of identity management technologies in the market today, it is becoming increasingly difficult to assess and compare them with each other. As the threat level continues to rise on the internet, and regulations governing information technology continue to grow, risk managers need more objective mechanisms to assign risk to their systems so they may apply appropriate mitigating controls.
   This paper attempts to describe a classification scheme that will permit the comparison of seemingly different identification and authentication (I&A) technologies on the basis of their vulnerability to attacks. With a better understanding of related authentication technologies, companies can determine the appropriate technology to use for mitigating authentication risks.
Keywords: access control, asymmetric key, authentication, identification & authentication, identity management, identity protection factor (IPF), shared-secret, symmetric key
OpenID identity discovery with XRI and XRDS BIBAKFull-Text 19-25
  Drummond Reed; Les Chasen; William Tan
The work examines the identity discovery problems that needed to be addressed by the OpenID 2.0 protocol in order to enable a user-centric Internet identity layer. The paper illustrates how the OASIS XRI and XRDS specifications were applied to help solve these identity discovery challenges. The work also considers interoperable identity discovery for other Internet identity frameworks such as SAML, Information Cards, and the Higgins Project, and recommends future work.
Keywords: Higgins project, OpenID, SAML, XRDS, XRI, Yadis, extensible resource descriptor sequence, extensible resource identifier, i-card, identifier, identity discovery, information card, resolution, user-centric identity

Access control in open systems

A content-driven access control system BIBAKFull-Text 26-35
  Jessica Staddon; Philippe Golle; Martin Gagné; Paul Rasmussen
Protecting identity in the Internet age requires the ability to go beyond the identification of explicitly identifying information like social security numbers, to also find the broadly-held attributes that, when taken together, are identifying. We present a system that can work in conjunction with natural language processing algorithms or user-generated tags, to protect identifying attributes in text. The system uses a new attribute-based encryption protocol to control access to such identifying attributes and thus protects identity. The system supports the definition of user access rights based on role or identity. We extend the existing model of attribute-based encryption to support threshold access rights and provide a heuristic instantiation of revocation.
Keywords: access control, attribute-based encryption, inference control, revocation, secret sharing
Secure roaming with identity metasystems BIBAKFull-Text 36-47
  Long Nguyen Hoang; Pekka Laitinen; N. Asokan
The notion of identity metasystem has been introduced as the means to ensure inter-operability among different identity systems while providing a consistent user experience. Current identity metasystems provide limited support for secure roaming: by "roaming" we refer to the ability of a user to use the same set of identities and credentials across different terminals. We argue that in order to support different types of roaming, the identity metasystem client should be structured as a set of distributable components. We describe such distributed client-side software architecture and how that architecture is implemented by adapting Novell's Bandit project. We use our implementation to demonstrate how credentials are stored in a trusted device in the form of a mobile phone but can be used on less trusted terminals in the form of PCs.
Keywords: identity metasystem, mobility, roaming
Secure communication for ad-hoc, federated groups BIBAKFull-Text 48-58
  Andreas Sjöholm; Ludwig Seitz; Babak Sadighi
Ad-hoc federated groups are getting increasingly popular as means of addressing collaborative tasks that require information sharing. However, in some application scenarios, the security of the shared information is vital. Managing the communication security of such groups in an efficient way is a difficult task.
   This paper presents an architecture that enables secure communication for ad-hoc, cross-organisational groups. Our architecture covers group admission control, group key management and secure group communication. The groups in question are expected to be ad-hoc groups where the potential participants have no prior knowledge of each other and thus federation mechanisms need to be used to establish group admission rights. In order to handle group admission we use the SAML and XACML standards, for group key management we use the TGDH protocol. Our approach thus supports decentralised management of the most important tasks in secure group communication using an integrated approach based on established security standards. We have also produced a demo implementation to show the feasibility of our architecture.
   This research was pursued as part of the TrustDis project funded by the Swedish Governmental Agency for Innovation Systems (Vinnova).
Keywords: Diffie-Hellman, XACML, access control, authorization, secure group communication, tree-based group

Public key infrastructure

User-centric PKI BIBAKFull-Text 59-71
  Radia Perlman; Charlie Kaufman
The goal of supporting Single Sign-On to the Web has proven elusive. A number of solutions have been proposed -- and some have even been deployed -- but the capability remains unavailable to most users and the solutions deployed raise concerns for both convenience and security. In this paper, we enumerate desirable attributes in a scheme for authenticating from an Internet browser to a web site and the authorization that follows. We categorize the currently deployed or advocated approaches, describing their benefits and issues, and we suggest incremental improvements to such schemes. We then outline a design for public-key based authentication particularly suited to what we believe to be the common case: users, acting on their own behalf (as opposed to as an employee of an organization), performing actions on the web such as making a purchase or maintaining an account at a service provider. We contrast the usability/privacy/security properties of our design with other identity management/authentication schemes deployed or being proposed today. Our design is truly user-centric, in the sense that the user acts as his own CA, and as a decision point for authorizing release of user information to web sites, rather than having an Identity Provider be the center of trust.
Keywords: PKI, authentication, single sign-on, web services
Public key superstructure "it's PKI Jim, but not as we know it!" BIBAKFull-Text 72-88
  Stephen Wilson
While PKI has had its difficulties (like most new technologies) the unique value of public key authentication in paperless transactions is now widely acknowledged. The naïve early vision of a single all-purpose identity system has given way to a more sophisticated landscape of multiple PKIs, used not for managing identity per se, but rather more subtle memberships, credentials and so on. It is well known that PKI's successes have mostly been in closed schemes. Until now, this fact was often regarded as a compromise; many held out hope that a bigger general purpose PKI would still eventuate. But I argue that the dominance of closed PKI over open is better understood as reflecting the reality of identity plurality, which independently is becoming the norm through the Laws of Identity and related frameworks.
   This paper introduces the term "Public Key Superstructure" to describe a new way to knit together existing mature PKI components to improve the utility and practicality of digital certificates. The "superstructure" draws on useful precedents in the security printing industry for manufacturing specialized security goods without complicated or un-natural liabilities, and inter-national accreditation arrangements for achieving cross-border recognition of certificates. The model rests on a crucial re-imagining of certificates as standing for relationships rather than identities. This elegant re-interpretation of otherwise standard elements could truly be a paradigm shift for PKI, for it grounds certificates in familiar, even mundane management processes. It will bring profound yet easily realized benefits for liability, cost, interoperability, scalability, accreditation, and governance.
Keywords: PKI, authentication, digital certificates, public key infrastructure
Audit and backup procedures for hardware security modules BIBAKFull-Text 89-97
  Túlio Cicero Salvaro de Souza; Jean Everson Martina; Ricardo Felipe Custódio
Hardware Security Modules (HSMs) are an useful tool to deploy public key infrastructure (PKI) and its applications. This paper presents necessary procedures and protocols to perform backup and audit in such devices when deployed in PKIs. These protocols were evaluated in an implementation of a real HSM, enabling it to perform secure backups and to provide an audit trail, two important considerations for a safe PKI operation. It also introduces a ceremony procedure to support the operation of such HSMs in a PKI environment.
Keywords: PKI ceremony, embedded cryptographic hardware, hardware security module, key life-cycle, key management, public key infrastructure
Securing the core with an Enterprise Key Management Infrastructure (EKMI) BIBAKFull-Text 98-111
  Arshad Noor
The last twenty-five years has witnessed an emphasis on protecting the network and computing host as a proxy for protecting data from unauthorized access. While this was a reasonable strategy at the dawn of network-based computing, given the state of the internet today with its security issues, this strategy is proving to be hopeless.
   This paper advances the notion that the time has finally come to begin what we should have done initially -- protect the core of our computing infrastructure: the data -- in addition to protecting the network and computing host.
   The paper describes an architecture -- and a specific implementation of that architecture -- to enable the encryption of data across the enterprise in a platform and application-independent manner. The architecture describes the use of a Public Key Infrastructure (PKI) and a Symmetric Key Management System (SKMS) within an Enterprise Key Management Infrastructure (EKMI), to securely -- and centrally -- manage the life-cycle of the symmetric encryption keys used for data encryption.
Keywords: XML encryption (XENC), XML signature (DSIG), enterprise key management infrastructure (EKMI), key-management (KM), public key infrastructure (PKI), symmetric key client library (SKCL), symmetric key management system (SKMS), symmetric key services (SKS), symmetric key services markup language (SKSML)

Practice & experience: health care

A federation of web services for Danish health care BIBAKFull-Text 112-121
  Esben Dalsgaard; Kåre Kjelstrøm; Jan Riis
Having relevant, up-to-date information about a patient's health care history is often crucial for providing the appropriate treatment. In Denmark, IT systems have been built to support different work flows in the health sector, but the systems are rarely connected and have become islands of data.
   To remedy this situation, a service-oriented architecture based on web services for online exchange of health care data between the vast array of heterogeneous IT systems in the sector is being built.
   The architecture forms a federation of web services and enables secure and reliable authentication of end-users and systems in the Danish health sector. The architecture is based on national and international standards and specifications. Yet it defines its own profile for secure interchange of data due to a lack of available international profiles that could handle the special needs of the health sector at the time of project inception.
   The architecture has evolved through a pilot project from mid 2005 to the end of 2007, and is being tested in a small scale 1st quarter 2008. This paper aims to convey experiences from the project, so rich in benefits that the architecture has been accepted and standardized as the foundation for the future of system integration in the health sector in Denmark.
Keywords: SAML, SOA, SOAP, WS-trust, X509 certificates, digital signatures, electronic patient records, federated identity management, health care, security token service, single sign on, web services
Security and privacy system architecture for an e-hospital environment BIBAKFull-Text 122-130
  Kathryn Garson; Carlisle Adams
Hospitals are now using electronic medical records and computer applications in order to provide more efficient and thorough care for their patients. The Mobile Emergency Triage system provides doctors with decision support for emergency care by pulling information from a patient's health record and a medical literature database. In order to achieve compliance with privacy legislations PIPEDA and PHIPA, security and privacy measures must be put in place. Encryption and access control are necessary for ensuring proper authorization and confidentiality for patient records. Strong authentication and audit logs are required to ensure access only by those allowed. We discuss differences in security technologies and detail the ones used in our MET system. A new encryption technology called policy-based encryption proves to be quite useful within a health care environment for providing both encryption and access control. We propose an extension to an existing scheme which allows for the use of this cryptography in a hospital setting.
Keywords: authentication, health care, policy-based encryption, privacy