The Experts below are selected from a list of 2034 Experts worldwide ranked by ideXlab platform
Elisa Bertino - One of the best experts on this subject based on the ideXlab platform.
-
rahasnym pseudonymous Identity Management System for protecting against linkability
Color Imaging Conference, 2016Co-Authors: Hasini Gunasinghe, Elisa BertinoAbstract:Unlinkability and accountability are conflicting yet critical requirements that need to be addressed in order to preserve users' privacy as well as to protect service providers in today Identity ecoSystems. In this paper we present a pseudonymous Identity Management System in which users can carry out unlinkable on-line transactions without having to disclose their actual Identity information in plain text to the service providers. At the same time, the service providers have strong assurance about the authenticity of the transactions. In our approach, users' Identity is cryptographically encoded in pseudonymous Identity tokens. % issued by trusted Identity providers. Our System includes a lightweight policy language which enables users and service providers to express their requirements pertaining to pseudonymous Identity verification and a suite of protocols based on zero-knowledge-proofs which enables the fulfillment of these requirements. We have implemented a prototype of the proposed System and carried out a security and performance analysis.
-
CIC - RahasNym: Pseudonymous Identity Management System for Protecting against Linkability
2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), 2016Co-Authors: Hasini Gunasinghe, Elisa BertinoAbstract:Unlinkability and accountability are conflicting yet critical requirements that need to be addressed in order to preserve users' privacy as well as to protect service providers in today Identity ecoSystems. In this paper we present a pseudonymous Identity Management System in which users can carry out unlinkable on-line transactions without having to disclose their actual Identity information in plain text to the service providers. At the same time, the service providers have strong assurance about the authenticity of the transactions. In our approach, users' Identity is cryptographically encoded in pseudonymous Identity tokens. % issued by trusted Identity providers. Our System includes a lightweight policy language which enables users and service providers to express their requirements pertaining to pseudonymous Identity verification and a suite of protocols based on zero-knowledge-proofs which enables the fulfillment of these requirements. We have implemented a prototype of the proposed System and carried out a security and performance analysis.
-
RahasNym: Pseudonymous Identity Management System for Protecting against Linkability
2016 IEEE 2nd International Conference on Collaboration and Internet Computing (CIC), 2016Co-Authors: Hasini Gunasinghe, Elisa BertinoAbstract:Unlinkability and accountability are conflicting yet critical requirements that need to be addressed in order to preserve users' privacy as well as to protect service providers in today Identity ecoSystems. In this paper we present a pseudonymous Identity Management System in which users can carry out unlinkable on-line transactions without having to disclose their actual Identity information in plain text to the service providers. At the same time, the service providers have strong assurance about the authenticity of the transactions. In our approach, users' Identity is cryptographically encoded in pseudonymous Identity tokens. Our System includes a lightweight policy language which enables users and service providers to express their requirements pertaining to pseudonymous Identity verification and a suite of protocols based on zero-knowledge-proofs which enables the fulfillment of these requirements. We have implemented a prototype of the proposed System and carried out a security and performance analysis.
-
RahasNym: Protecting against Linkability in the Digital Identity EcoSystem
2015 IEEE 35th International Conference on Distributed Computing Systems, 2015Co-Authors: Hasini Gunasinghe, Elisa BertinoAbstract:Unlink ability and accountability are conflicting yet critical requirements for on-line transactions that need to be addressed in order to preserve users' privacy as well as to protect service providers in today Identity ecoSystems. In this poster paper we introduce a pseudonymous Identity Management System in which users can carry out unlink able on-line transactions without having to disclose their actual Identity to the service providers. At the same time, the service providers have strong assurance about the authenticity of the Identity and credentials. In our approach, users' Identity is cryptographically encoded in pseudonymous Identity tokens issued by trusted Identity providers. Our System includes a lightweight policy language which enables users and service providers to express their requirements pertaining to pseudonymous Identity verification and a suite of protocols based on zero-knowledge-proofs which enables the fulfillment of these requirements.
-
VeryIDX - A Privacy Preserving Digital Identity Management System for Mobile Devices
2009 Tenth International Conference on Mobile Data Management: Systems Services and Middleware, 2009Co-Authors: Federica Paci, Ning Shang, Ruchith Fernando, Kevin Steuer, Elisa BertinoAbstract:The combined use of the Internet and mobile technologies is leading to major changes in how individuals communicate, conduct business transactions and access resources and services. In such a scenario, digital Identity Management (DIM) technology is fundamental for enabling transactions and interactions across the Internet. In this demo, we demonstrate VeryIDX, a System for the privacy-preserving Management of users' Identity attributes on mobile devices.
Sebastian Claus - One of the best experts on this subject based on the ideXlab platform.
-
a framework for quantification of linkability within a privacy enhancing Identity Management System
Lecture Notes in Computer Science, 2006Co-Authors: Sebastian ClausAbstract:Within a privacy-enhancing Identity Management System, among other sources of information, knowledge about current anonymity and about linkability of user's actions should be available, so that each user is enabled to make educated decisions about performing actions and disclosing PII (personal identifiable information). In this paper I describe a framework for quantification of anonymity and linkability of a user's actions for use within a privacy-enhancing Identity Management System. Therefore, I define a model of user's PII and actions as well as an attacker model. Based thereon, I describe an approach to quantify anonymity and linkability of actions. Regarding practical applicability, a third party service for linkability quantification is discussed.
Audun Jøsang - One of the best experts on this subject based on the ideXlab platform.
-
Future Standardization Areas for Identity Management Systems
2020Co-Authors: Suriadi Suriadi, Paul Ashley, Audun JøsangAbstract:There are several areas of Identity Management that require standardization in order for them to work effectively. This paper proposes three standardization areas: the development of fine-grained privacy standards, the negotiation standards, and the backward privacy standards. Backward privacy refers to the problems that arise due to the massive amount of the already revealed personal information in the past which might reduce, or render useless, the effectiveness of the use of the privacy enhancing Identity Management System in the future. The main characteristics that each standard should have are also laid out in this paper.
-
A user-centric federated single sign-on System
Journal of Network and Computer Applications, 2009Co-Authors: Suriadi Suriadi, Audun JøsangAbstract:Current Identity Management Systems are not concerned with user privacy. Users must assume that Identity providers and service providers will ensure their privacy, which is not always the case. This paper proposes an extension of the existing federated single sign-on (FSSO) Systems that adopts the beneficial properties of the user-centric Identity Management (UCIM) model. This new Identity Management System allows the users to control and enforce their privacy requirements while still retaining the convenience of single sign-on over a federation of service providers. Colored Petri Nets are used to formally model the new Identity Management System to provide assurance that the privacy goals are achieved. To our knowledge, Colored Petri Nets have not been used to model privacy in Identity Management Systems before.
-
A User-centric Federated Single Sign-on System
2009Co-Authors: Suriadi Suriadi, Audun JøsangAbstract:Current Identity Management Systems are not concerned with user privacy. Users must assume that Identity providers and service providers will ensure their privacy, which is not always the case. This paper proposes an extension of existing Federated Single Sign-On (FSSO) Systems that adopts the beneficial properties of the User- Centric Identity Management (UCIM) model. This new Identity Management System allows the users to control and enforce their privacy requirements while still retaining the convenience of single sign on over a federation of service providers. Coloured Petri Nets are used to formally model the new Identity Management System to provide assurance that the privacy goals are achieved. To our knowledge, Coloured Petri Nets have not been used to model privacy in Identity Management Systems before.
-
Future standardization areas in Identity Management Systems
2007Co-Authors: Suriadi Suriadi, Paul Ashley, Audun JøsangAbstract:There are several areas of Identity Management that require standardization in order for them to work effectively. This paper proposes three standardization areas: the development of fine-grained privacy standards, the negotiation standards, and the backward privacy standards. Backward privacy refers to the problems that arise due to the massive amount of the already revealed personal information in the past which might reduce, or render useless, the effectiveness of the use of the privacy enhancing Identity Management System in the future. The main characteristics that each standard should have are also laid out in this paper.
-
A User-centric Federated Single Sign-on System
2007 IFIP International Conference on Network and Parallel Computing Workshops (NPC 2007), 2007Co-Authors: Suriadi Suriadi, Audun JøsangAbstract:There is a lack of built-in privacy mechanisms within the current Identity Management Systems. The guarantee a user has about their privacy is merely the 'trust' that the service providers will enforce their privacy requirements. The contribution of this paper is a proposal for the extension of existing Federated Single Sign-On (FSSO) Systems to adopt the beneficial properties of the User-Centric Identity Management (UCIM) model to provide an Identity Management System that allows the users to control and enforce their privacy requirements while still retaining the convenient features of FSSO. By having an Identity Management System that respects user's privacy in a concrete manner as opposed to a simple 'trust', users will trust the current electronic communication medium more and hence allows more services to grow in this field.
Robin Wilton - One of the best experts on this subject based on the ideXlab platform.
-
achieving privacy in a federated Identity Management System
Financial Cryptography, 2009Co-Authors: Susan Landau, Hubert Gong, Robin WiltonAbstract:Federated Identity Management allows a user to efficiently authenticate and use Identity information from data distributed across multiple domains. The sharing of data across domains blurs security boundaries and potentially creates privacy risks. We examine privacy risks and fundamental privacy protections of federated Identity- Management Systems. The protections include minimal disclosure and providing PII only on a "need-to-know" basis. We then look at the Liberty Alliance System and analyze previous privacy critiques of that System. We show how law and policy provide privacy protections in federated Identity-Management Systems, and that privacy threats are best handled using a combination of technology and law/policy tools.
-
Financial Cryptography - Achieving Privacy in a Federated Identity Management System
Financial Cryptography and Data Security, 2009Co-Authors: Susan Landau, Hubert A. Le Van Gong, Robin WiltonAbstract:Federated Identity Management allows a user to efficiently authenticate and use Identity information from data distributed across multiple domains. The sharing of data across domains blurs security boundaries and potentially creates privacy risks. We examine privacy risks and fundamental privacy protections of federated Identity- Management Systems. The protections include minimal disclosure and providing PII only on a "need-to-know" basis. We then look at the Liberty Alliance System and analyze previous privacy critiques of that System. We show how law and policy provide privacy protections in federated Identity-Management Systems, and that privacy threats are best handled using a combination of technology and law/policy tools.
Suriadi Suriadi - One of the best experts on this subject based on the ideXlab platform.
-
Future Standardization Areas for Identity Management Systems
2020Co-Authors: Suriadi Suriadi, Paul Ashley, Audun JøsangAbstract:There are several areas of Identity Management that require standardization in order for them to work effectively. This paper proposes three standardization areas: the development of fine-grained privacy standards, the negotiation standards, and the backward privacy standards. Backward privacy refers to the problems that arise due to the massive amount of the already revealed personal information in the past which might reduce, or render useless, the effectiveness of the use of the privacy enhancing Identity Management System in the future. The main characteristics that each standard should have are also laid out in this paper.
-
A user-centric federated single sign-on System
Journal of Network and Computer Applications, 2009Co-Authors: Suriadi Suriadi, Audun JøsangAbstract:Current Identity Management Systems are not concerned with user privacy. Users must assume that Identity providers and service providers will ensure their privacy, which is not always the case. This paper proposes an extension of the existing federated single sign-on (FSSO) Systems that adopts the beneficial properties of the user-centric Identity Management (UCIM) model. This new Identity Management System allows the users to control and enforce their privacy requirements while still retaining the convenience of single sign-on over a federation of service providers. Colored Petri Nets are used to formally model the new Identity Management System to provide assurance that the privacy goals are achieved. To our knowledge, Colored Petri Nets have not been used to model privacy in Identity Management Systems before.
-
A User-centric Federated Single Sign-on System
2009Co-Authors: Suriadi Suriadi, Audun JøsangAbstract:Current Identity Management Systems are not concerned with user privacy. Users must assume that Identity providers and service providers will ensure their privacy, which is not always the case. This paper proposes an extension of existing Federated Single Sign-On (FSSO) Systems that adopts the beneficial properties of the User- Centric Identity Management (UCIM) model. This new Identity Management System allows the users to control and enforce their privacy requirements while still retaining the convenience of single sign on over a federation of service providers. Coloured Petri Nets are used to formally model the new Identity Management System to provide assurance that the privacy goals are achieved. To our knowledge, Coloured Petri Nets have not been used to model privacy in Identity Management Systems before.
-
A user-centric protocol for conditional anonymity revocation
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2008Co-Authors: Suriadi Suriadi, Ernest Foo, Jason SmithAbstract:This paper presents and evaluates an improved anonymity revocation protocol. This protocol can be used to strengthen anonymity revocation capability in a privacy-enhancing Identity Management System. This protocol is user-centric, abuse-resistant, and it provides enforceable conditions fulfillment. We assume the existence of 1 honest referee out of t designated referees (t > 1) chosen by users, and no collusion between users and referees. The security and performance of this protocol are evaluated.
-
Future standardization areas in Identity Management Systems
2007Co-Authors: Suriadi Suriadi, Paul Ashley, Audun JøsangAbstract:There are several areas of Identity Management that require standardization in order for them to work effectively. This paper proposes three standardization areas: the development of fine-grained privacy standards, the negotiation standards, and the backward privacy standards. Backward privacy refers to the problems that arise due to the massive amount of the already revealed personal information in the past which might reduce, or render useless, the effectiveness of the use of the privacy enhancing Identity Management System in the future. The main characteristics that each standard should have are also laid out in this paper.
