发布求助
文献互助 智能选刊 最新文献

Symposium on Identity and Trust on the Internet最新文献

筛选
英文 中文
Practical and secure trust anchor management and usage 实用安全的信任锚的管理和使用
Symposium on Identity and Trust on the Internet Pub Date : 2010-04-13 DOI: 10.1145/1750389.1750403
C. Wallace, G. Beier
{"title":"Practical and secure trust anchor management and usage","authors":"C. Wallace, G. Beier","doi":"10.1145/1750389.1750403","DOIUrl":"https://doi.org/10.1145/1750389.1750403","url":null,"abstract":"Public Key Infrastructure (PKI) security depends upon secure management and usage of trust anchors. Unfortunately, widely used mechanisms, management models and usage practices related to trust anchors undermine security and impede flexibility. In this paper, we identify problems with existing mechanisms, discuss emerging standards and describe a solution that integrates with some widely used applications.","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"8 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114351908","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 5
A proposal for collaborative internet-scale trust infrastructures deployment: the public key system (PKS) 协同互联网规模信任基础设施部署方案:公钥系统(public key system, PKS)
Symposium on Identity and Trust on the Internet Pub Date : 2010-04-13 DOI: 10.1145/1750389.1750404
Massimiliano Pala
{"title":"A proposal for collaborative internet-scale trust infrastructures deployment: the public key system (PKS)","authors":"Massimiliano Pala","doi":"10.1145/1750389.1750404","DOIUrl":"https://doi.org/10.1145/1750389.1750404","url":null,"abstract":"Public Key technology is about multiple parties across different domains making assertions that can be chained together to make trust judgments. Today, the need for more interoperable and usable trust infrastructures is urgent in order to fulfill the security needs of computer and mobile devices. Developing, deploying, and maintaining information technology that provides effective and usable solutions has yet to be achieved. In this paper, we propose a new framework for a distributed support system for trust infrastructure deployment: the Public Key System (PKS). We describe the general architecture based on Distributed Hash Tables (DHTs), how it simplifies the deployment and usability of federated identities, and how existing infrastructures can be integrated into our system. This paper lays down the basis for the deployment of collaborative Internet-scale trust infrastructures.","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115439843","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 7
Privacy-preserving DRM DRM保护隐私
Symposium on Identity and Trust on the Internet Pub Date : 2010-04-13 DOI: 10.1145/1750389.1750399
R. Perlman, C. Kaufman, Ray A. Perlner
{"title":"Privacy-preserving DRM","authors":"R. Perlman, C. Kaufman, Ray A. Perlner","doi":"10.1145/1750389.1750399","DOIUrl":"https://doi.org/10.1145/1750389.1750399","url":null,"abstract":"This paper describes and contrasts two families of schemes that enable a user to purchase digital content without revealing to anyone what item he has purchased. One of the basic schemes is based on anonymous cash, and the other on blind decryption. In addition to the basic schemes, we present and compare enhancements to the schemes for supporting additional features such as variable costs, enforcement of access restrictions (such as \"over age 21\"), and the ability of a user to monitor and prevent covert privacy-leaking between a content-provider-provided box and the content provider. As we will show, the different variants have different properties in terms of amount of privacy leaking, efficiency, and ability for the content provider to prevent sharing of encryption keys or authorization credentials.","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"20 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133662293","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 25
CardSpace-liberty integration for CardSpace users 为CardSpace用户集成CardSpace-liberty
Symposium on Identity and Trust on the Internet Pub Date : 2010-04-13 DOI: 10.1145/1750389.1750392
H. Al-Sinani, Waleed A. Alrodhan, C. Mitchell
{"title":"CardSpace-liberty integration for CardSpace users","authors":"H. Al-Sinani, Waleed A. Alrodhan, C. Mitchell","doi":"10.1145/1750389.1750392","DOIUrl":"https://doi.org/10.1145/1750389.1750392","url":null,"abstract":"Whilst the growing number of identity management systems have the potential to reduce the threat of identity attacks, major deployment problems remain because of the lack of interoperability between such systems. In this paper we propose a novel scheme to provide interoperability between two of the most widely discussed identity management systems, namely Microsoft CardSpace and Liberty. In this scheme, CardSpace users are able to obtain an assertion token from a Liberty-enabled identity provider that will satisfy the security requirements of a CardSpace-enabled relying party. We specify the operation of the integration scheme and also describe an implementation of a proof-of-concept prototype. Additionally, security and operational analyses are provided.","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"106 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124095652","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 18
Computational techniques for increasing PKI policy comprehension by human analysts 提高人类分析人员对PKI策略理解的计算技术
Symposium on Identity and Trust on the Internet Pub Date : 2010-04-13 DOI: 10.1145/1750389.1750396
G. Weaver, S. A. Rea, Sean W. Smith
{"title":"Computational techniques for increasing PKI policy comprehension by human analysts","authors":"G. Weaver, S. A. Rea, Sean W. Smith","doi":"10.1145/1750389.1750396","DOIUrl":"https://doi.org/10.1145/1750389.1750396","url":null,"abstract":"Natural-language policies found in X.509 PKI describe an organization's stated policy as a set of requirements for trust. The widespread use of X.509 underscores the importance of understanding these requirements. Although many review processes are defined in terms of the semantic structure of these policies, human analysts are confined to working with page-oriented PDF texts. Our research accelerates PKI operations by enabling machines to translate between policy page numbers and policy reference structure. Adapting technologies supporting the analysis of Classical texts, we introduce two new tools. Our Vertical Variance Reporter helps analysts efficiently compare the reference structure of two policies. Our Citation-Aware HTML enables machines to process human-readable displays of policies in terms of this reference structure. We evaluate these contributions in terms of real-world feedback and observations from organizations that audit or accredit policies.","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125467011","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
An attribute-based authorization policy framework with dynamic conflict resolution 具有动态冲突解决功能的基于属性的授权策略框架
Symposium on Identity and Trust on the Internet Pub Date : 2010-04-13 DOI: 10.1145/1750389.1750395
A. Mohan, D. Blough
{"title":"An attribute-based authorization policy framework with dynamic conflict resolution","authors":"A. Mohan, D. Blough","doi":"10.1145/1750389.1750395","DOIUrl":"https://doi.org/10.1145/1750389.1750395","url":null,"abstract":"Policy-based authorization systems are becoming more common as information systems become larger and more complex. In these systems, to authorize a requester to access a particular resource, the authorization system must verify that the policy authorizes the access. The overall authorization policy may consist of a number of policy groups, where each group consists of policies defined by different entities. Each policy contains a number of authorization rules. The access request is evaluated against these policies, which may produce conflicting authorization decisions. To resolve these conflicts and to reach a unique decision for the access request at the rule and policy level, rule and policy combination algorithms are used. In the current systems, these rule and policy combination algorithms are defined on a static basis during policy composition, which is not desirable in dynamic systems with fast changing environments.\u0000 In this paper, we motivate the need for changing the rule and policy combination algorithms dynamically based on contextual information. We propose a framework that supports this functionality and also eliminates the need to recompose policies if the owner decides to change the combination algorithm. It provides a novel method to dynamically add and remove specialized policies, while retaining the clarity and modularity in the policies. The proposed framework also provides a mechanism to reduce the set of potential target matches, thereby increasing the efficiency of the evaluation mechanism. We developed a prototype system to demonstrate the usefulness of this framework by extending some basic capabilities of the XACML policy language. We implemented these enhancements by adding two specialized modules and several new combination algorithms to the Sun XACML engine.","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"51 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127094988","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 50
Efficient and privacy-preserving enforcement of attribute-based access control 高效且保护隐私的基于属性的访问控制
Symposium on Identity and Trust on the Internet Pub Date : 2010-04-13 DOI: 10.1145/1750389.1750398
Ning Shang, F. Paci, E. Bertino
{"title":"Efficient and privacy-preserving enforcement of attribute-based access control","authors":"Ning Shang, F. Paci, E. Bertino","doi":"10.1145/1750389.1750398","DOIUrl":"https://doi.org/10.1145/1750389.1750398","url":null,"abstract":"Modern access control models, developed for protecting data from accesses across the Internet, require to verify the identity of users in order to make sure that users have the required permissions for accessing the data. User's identity consists of data, referred to as identity attributes, that encode relevant-security properties of the users. Because identity attributes often convey sensitive information about users, they have to be protected. The Oblivious Commitment-Based Envelope (OCBE) protocols address the protection requirements of both users and service providers. The OCBE protocols makes it possible for a party, referred as sender, to send an encrypted message to a receiver such that the receiver can open the message if and only if its committed value satisfies a predicate and that the sender does not learn anything about the receiver's committed value. The possible predicates are comparison predicates =, ≠, >, <, ≤, ≥. In this paper, we present an extension that improves the efficiency of EQ-OCBE protocol, that is, the OCBE protocol for equality predicates. Our extension allows a party to decrypt data sent by a service provider if and only if the party satisfies all the equality conditions in the access control policy.","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"11 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128137584","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 6
Biometrics-based identifiers for digital identity management 用于数字身份管理的基于生物特征的标识符
Symposium on Identity and Trust on the Internet Pub Date : 2010-04-13 DOI: 10.1145/1750389.1750401
Abhilasha Bhargav-Spantzel, A. Squicciarini, E. Bertino, Xiangwei Kong, Weike Zhang
{"title":"Biometrics-based identifiers for digital identity management","authors":"Abhilasha Bhargav-Spantzel, A. Squicciarini, E. Bertino, Xiangwei Kong, Weike Zhang","doi":"10.1145/1750389.1750401","DOIUrl":"https://doi.org/10.1145/1750389.1750401","url":null,"abstract":"We present algorithms to reliably generate biometric identifiers from a user's biometric image which in turn is used for identity verification possibly in conjunction with cryptographic keys. The biometric identifier generation algorithms employ image hashing functions using singular value decomposition and support vector classification techniques. Our algorithms capture generic biometric features that ensure unique and repeatable biometric identifiers. We provide an empirical evaluation of our techniques using 2569 images of 488 different individuals for three types of biometric images; namely fingerprint, iris and face. Based on the biometric type and the classification models, as a result of the empirical evaluation we can generate biometric identifiers ranging from 64 bits up to 214 bits. We provide an example use of the biometric identifiers in privacy preserving multi-factor identity verification based on zero knowledge proofs. Therefore several identity verification factors, including various traditional identity attributes, can be used in conjunction with one or more biometrics of the individual to provide strong identity verification. We also ensure security and privacy of the biometric data. More specifically, we analyze several attack scenarios. We assure privacy of the biometric using the one-way hashing property, in that no information about the original biometric image is revealed from the biometric identifier.","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"6 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127636009","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Federated login to TeraGrid 联合登录到TeraGrid
Symposium on Identity and Trust on the Internet Pub Date : 2010-04-13 DOI: 10.1145/1750389.1750391
J. Basney, Terry Fleury, Von Welch
{"title":"Federated login to TeraGrid","authors":"J. Basney, Terry Fleury, Von Welch","doi":"10.1145/1750389.1750391","DOIUrl":"https://doi.org/10.1145/1750389.1750391","url":null,"abstract":"We present a new federated login capability for the TeraGrid, currently the world's largest and most comprehensive distributed cyberinfrastructure for open scientific research. Federated login enables TeraGrid users to authenticate using their home organization credentials for secure access to TeraGrid high performance computers, data resources, and high-end experimental facilities. Our novel system design links TeraGrid identities with campus identities and bridges from SAML to PKI credentials to meet the requirements of the TeraGrid environment.","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"33 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2010-04-13","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128139434","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 17
Quantum resistant public key cryptography: a survey 抗量子公钥密码学:综述
Symposium on Identity and Trust on the Internet Pub Date : 2009-04-14 DOI: 10.1145/1527017.1527028
Ray A. Perlner, D. Cooper
{"title":"Quantum resistant public key cryptography: a survey","authors":"Ray A. Perlner, D. Cooper","doi":"10.1145/1527017.1527028","DOIUrl":"https://doi.org/10.1145/1527017.1527028","url":null,"abstract":"Public key cryptography is widely used to secure transactions over the Internet. However, advances in quantum computers threaten to undermine the security assumptions upon which currently used public key cryptographic algorithms are based. In this paper, we provide a survey of some of the public key cryptographic algorithms that have been developed that, while not currently in widespread use, are believed to be resistant to quantum computing based attacks and discuss some of the issues that protocol designers may need to consider if there is a need to deploy these algorithms at some point in the future.","PeriodicalId":269454,"journal":{"name":"Symposium on Identity and Trust on the Internet","volume":"19 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2009-04-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125065791","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 108
下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信