HCI Bibliography Home | HCI Conferences | IDTRUST Archive | Detailed Records | RefWorks | EndNote | Hide Abstracts
IDTRUST Tables of Contents: 080910

Proceedings of the 2009 Symposium on Identity and Trust on the Internet

Fullname:Proceedings of the 8th symposium on Identity and trust on the Internet
Editors:Kent Seamons; Neal McBurnett; Tim Polk
Location:Gaithersburg, Maryland
Dates:2009-Apr-14 to 2009-Apr-16
Standard No:ISBN: 1-60558-474-6, 978-1-60558-474-4; ACM DL: Table of Contents hcibib: IDTRUST09
Links:Conference Home Page
  1. Identity management
  2. Federations and virtual organizations
  3. Applied cryptography
  4. Information cards
  5. Usability

Identity management

Identity, credential, and access management at NASA, from Zachman to attributes BIBAKFull-Text 1-14
  Corinne S. Irwin; Dennis C. Taylor
To achieve the ultimate goal of attribute-based access control (ABAC), a robust architecture for Identity, Credential, and Access Management must first be established. The National Aeronautics and Space Administration (NASA) began formal development of its Identity, Credential, and Access Management Architecture using the Zachman Framework for Enterprise Architecture in June 2006. The Architecture provided the necessary structure to meet aggressive deadlines for issuance and use of the PIV smartcard. It also led to the development of NASA's Logical Access Control infrastructure to support not only PIV smartcards, but all authentication credentials in use at NASA.
   Use of the Zachman Framework has transformed the way that NASA looks at Logical Access Control, and has positioned NASA to provide robust attributed-based access control in the future. In this paper, we will discuss the Logical Access Control System (LACS) we are implementing at NASA, changes in the way NASA views Identity Trust and Level of Assurance, technical challenges to implementation, and our future vision for Identity, Credential, and Access Management.
Keywords: attribute-based access control (ABAC), level of assurance (LoA), logical access control system (LACS)
Personal identity verification (PIV) cards as federated identities: challenges and opportunities BIBAKFull-Text 15-22
  Sarbari Gupta
In this paper, we describe the challenges in using Personal Identity Verification (PIV) cards and PIV-like cards as federated identities to authenticate to US Federal government facilities and systems. The current set of specifications and policies related to the implementation and use of PIV cards leave a number of gaps in terms of trust and assurance. This paper identifies these gaps and proposes approaches to address them towards making the PIV card the standardized, interoperable, federated identity credential envisioned within Homeland Security Presidential Directive 12 (HSPD-12).
Keywords: PKI, assurance, authentication, authorization, federal bridge certification authority, smart cards
A calculus of trust and its application to PKI and identity management BIBAKFull-Text 23-37
  Jingwei Huang; David Nicol
We introduce a formal semantics based calculus of trust that explicitly represents trust and quantifies the risk associated with trust in public key infrastructure (PKI) and identity management (IdM). We then show by example how to formally represent trust relationships and quantitatively evaluate the risk associated with trust in public key certificate chains. In the context of choosing a certificate chain, our research shows that the shortest chain need not be the most trustworthy, and that it may make sense to compare the trustworthiness of a potential chain against a threshold to govern acceptance, changing the problem to finding a chain with sufficiently high trustworthiness. Our calculus also shows how quantified trust relationships among CAs can be combined to achieve an overall trust assessment of an offered certificate.
Keywords: PKI, identity management, risk assessment, semantics of trust, social networks, trust modeling, uncertainty

Federations and virtual organizations

Palantir: a framework for collaborative incident response and investigation BIBAKFull-Text 38-51
  Himanshu Khurana; Jim Basney; Mehedi Bakht; Mike Freemon; Von Welch; Randy Butler
Organizations owning cyber-infrastructure assets face large scale distributed attacks on a regular basis. In the face of increasing complexity and frequency of such attacks, we argue that it is insufficient to rely on organizational incident response teams or even trusted coordinating response teams. Instead, there is need to develop a framework that enables responders to establish trust and achieve an effective collaborative response and investigation process across multiple organizations and legal entities to track the adversary, eliminate the threat and pursue prosecution of the perpetrators. In this work we develop such a framework for effective collaboration. Our approach is motivated by our experiences in dealing with a large-scale distributed attack that took place in 2004 known as Incident 216. Based on our approach we present the Palantir system that comprises conceptual and technological capabilities to adequately respond to such attacks. To the best of our knowledge this is the first work proposing a system model and implementation for a collaborative multi-site incident response and investigation effort.
Keywords: digital investigation, incident response, multi-site collaboration
Safeguarding digital identity: the SPICI (Sharing Policy, Identity, and Control Information) approach to negotiating identity federation and sharing agreements BIBAKFull-Text 52-60
  Deborah Bodeau
To perform key business functions, organizations in critical infrastructure sectors such as healthcare or finance increasingly need to share identifying and authorization-related information. Such information sharing requires negotiation about identity safeguarding policies and capabilities, as provided by processes, technologies, tools, and models. That negotiation must address the concerns not only of the organizations sharing the information, but also of the individuals whose identity-related information is shared. SPICI (Sharing Policy, Identity, and Control Information) provides a descriptive and analytic framework to structure and support such negotiations, with an emphasis on assurance.
Keywords: credentials, identity federation, identity management, information sharing
Usable trust anchor management BIBAKFull-Text 61-72
  Massimiliano Pala; Scott A. Rea
Security in browsers is based upon users trusting a set of root Certificate Authorities (called Trust Anchors) which they may know little or nothing about. Browser vendors face a difficult challenge to provide an appropriate interface for users. Providing usable Trust Anchor Management (TAM) for users, applications and PKI deployers is a complex task. The PKIX working group at Internet Engineering Task Force (IETF) is working on a new protocol, the Trust Anchor Management Protocol (TAMP), which will provide a standardized method to automatically manage trust anchors in applications and devices. Although promising, this protocol does not go far enough to allow users to gather information about previously unknown trust anchors in an automatic fashion. We have proposed the PKI Resource Query Protocol (PRQP) -- which is currently an Internet Draft on Experimental Track with IETF -- to provide applications with an automatic discovery system for PKI management. In this paper we describe the basic architecture and capabilities of PRQP that allow Browsers to provide a more complete set of trust anchor management services. We also provide the design of a PRQP enabled infrastructure that uses a trust association mechanism to provide an easy solution for managing Trust Anchors for Virtual Organizations.
Keywords: PKI, PRQP, digital certificate, discovery system, trust anchor

Applied cryptography

Privacy-preserving management of transactions' receipts for mobile environments BIBAKFull-Text 73-84
  Federica Paci; Ning Shang; Sam Kerr; Kevin, Jr. Steuer; Jungha Woo; Elisa Bertino
Users increasingly use their mobile devices for electronic transactions to store related information, such as digital receipts. However, such information can be target of several attacks. There are some security issues related to M-commerce: the loss or theft of mobile devices results in a exposure of transaction information; transaction receipts that are send over WI-FI or 3G networks can be easily intercepted; transaction receipts can also be captured via Bluetooth connections without the user's consent; and mobile viruses, worms and Trojan horses can access the transaction information stored on mobile devices if this information is not protected by passwords or PIN numbers. Therefore, assuring privacy and security of transactions' information, as well as of any sensitive information stored on mobile devices is crucial. In this paper, we propose a privacy-preserving approach to manage electronic transaction receipts on mobile devices. The approach is based on the notion of transaction receipts issued by service providers upon a successful transaction and combines Pedersen commitment and Zero Knowledge Proof of Knowledge (ZKPK) techniques and Oblivious Commitment-Based Envelope (OCBE) protocols. We have developed a version of such protocol for Near Field Communication (NFC) enabled cellular phones.
Keywords: privacy, registrar, transaction record
Quantum resistant public key cryptography: a survey BIBAKFull-Text 85-93
  Ray A. Perlner; David A. Cooper
Public key cryptography is widely used to secure transactions over the Internet. However, advances in quantum computers threaten to undermine the security assumptions upon which currently used public key cryptographic algorithms are based. In this paper, we provide a survey of some of the public key cryptographic algorithms that have been developed that, while not currently in widespread use, are believed to be resistant to quantum computing based attacks and discuss some of the issues that protocol designers may need to consider if there is a need to deploy these algorithms at some point in the future.
Keywords: public key cryptography, quantum computers

Information cards

FileSpace: an alternative to CardSpace that supports multiple token authorisation and portability between devices BIBAKFull-Text 94-102
  David Chadwick
This paper describes a federated identity management system based on long lived encrypted credential files rather than virtual cards and short lived assertions. Users obtain their authorisation credential files from their identity providers and have them bound to their public key certificates, which can hold any pseudonym the user wishes. Users can then use these credentials multiple times without the identity providers being able to track their movements and without having to authenticate to the IdP each time. The credentials are worthless to an attacker if lost or stolen, therefore they do not need any special protection mechanisms. They can be copied freely between multiple devices, and users can use multiple credentials in a single transaction. Users only need to authenticate to their private key store in order for it to produce a signed token necessary for the service provider to authenticate the user and decrypt the authorisation credentials. The signed token is bound to the service provider and is short lived to prevent man in the middle attacks.
Keywords: CardSpace, X.509 certificates, authorisation, federated identity management, information cards


Usable secure mailing lists with untrusted servers BIBAKFull-Text 103-116
  Rakesh Bobba; Joe Muggli; Meenal Pant; Jim Basney; Himanshu Khurana
Mailing lists are a natural technology for supporting messaging in multi-party, cross-domain collaborative tasks. However, whenever sensitive information is exchanged on such lists, security becomes crucial. We have earlier developed a prototype secure mailing list solution called SELS (Secure Email List Services) based on proxy encryption techniques [20], which enables the transformation of cipher-text from one key to another without revealing the plain-text. Emails exchanged using SELS are ensured confidentiality, integrity, and authentication. This includes ensuring their confidentiality while in transit at the list server; a functionality that is uniquely supported by SELS through proxy re-encryption. In this work we describe our efforts in studying and enhancing the usability of the software system and our experiences in supporting a production environment that currently is used by more than 50 users in 11 organizations. As evidence of its deployability, SELS is compatible with common email clients including Outlook, Thunderbird, Mac Mail, Emacs, and Mutt. As evidence of its usability, the software is being used by several national and international incident response teams.
Keywords: e-mail list security, proxy re-encryption, usability study