{"title":"增强基于信息卡的身份管理系统中的用户隐私","authors":"Waleed A. Alrodhan","doi":"10.4156/IJEI.VOL2.ISSUE3.8","DOIUrl":null,"url":null,"abstract":"Information Card-based Identity Management (ICIM) is one of the most prominent user-centric schemes. In this paper we identify two security flaws in ICIM systems that may lead to a serious privacy violation. The first is the reliance on Internet user judgements of the authenticity of service providers, and the second is the reliance of the system on a single layer of authentication. We also propose a solution designed to address both flaws. The proposed solution enhances the privacy of ICIM systems by mitigating the risk of users being deceived by fake service providers. It also reduces the risk of an attacker impersonating a legitimate user to access services offered by one or more service providers, after having broken the only means employed to authenticate the user to identity provider. We also provide a security and performance analysis of the proposed solution. In this paper, CardSpace is used as an example of an ICIM system, and the modification is described in the context of this system.","PeriodicalId":223554,"journal":{"name":"International Journal of Engineering and Industries","volume":"20 4","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-09-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Enhancing User Privacy in Information Card-Based Identity Management Systems\",\"authors\":\"Waleed A. Alrodhan\",\"doi\":\"10.4156/IJEI.VOL2.ISSUE3.8\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Information Card-based Identity Management (ICIM) is one of the most prominent user-centric schemes. In this paper we identify two security flaws in ICIM systems that may lead to a serious privacy violation. The first is the reliance on Internet user judgements of the authenticity of service providers, and the second is the reliance of the system on a single layer of authentication. We also propose a solution designed to address both flaws. The proposed solution enhances the privacy of ICIM systems by mitigating the risk of users being deceived by fake service providers. It also reduces the risk of an attacker impersonating a legitimate user to access services offered by one or more service providers, after having broken the only means employed to authenticate the user to identity provider. We also provide a security and performance analysis of the proposed solution. In this paper, CardSpace is used as an example of an ICIM system, and the modification is described in the context of this system.\",\"PeriodicalId\":223554,\"journal\":{\"name\":\"International Journal of Engineering and Industries\",\"volume\":\"20 4\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-09-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Engineering and Industries\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4156/IJEI.VOL2.ISSUE3.8\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Engineering and Industries","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4156/IJEI.VOL2.ISSUE3.8","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Enhancing User Privacy in Information Card-Based Identity Management Systems
Information Card-based Identity Management (ICIM) is one of the most prominent user-centric schemes. In this paper we identify two security flaws in ICIM systems that may lead to a serious privacy violation. The first is the reliance on Internet user judgements of the authenticity of service providers, and the second is the reliance of the system on a single layer of authentication. We also propose a solution designed to address both flaws. The proposed solution enhances the privacy of ICIM systems by mitigating the risk of users being deceived by fake service providers. It also reduces the risk of an attacker impersonating a legitimate user to access services offered by one or more service providers, after having broken the only means employed to authenticate the user to identity provider. We also provide a security and performance analysis of the proposed solution. In this paper, CardSpace is used as an example of an ICIM system, and the modification is described in the context of this system.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
