Using CardSpace as a Password Manager

International audienceIn this paper we propose a novel scheme that allows Windows CardSpace to be used as a password manager, thereby improving the usability and security of password use as well as potentially encouraging CardSpace adoption. Usernames and passwords are stored in personal cards, and these cards can be used to sign on transparently to corresponding websites. The scheme does not require any changes to login servers or to the CardSpace identity selector and, in particular, it does not require websites to support CardSpace. We describe how the scheme operates, and give details of a proof-of-concept prototype. Security and usability analyses are also provided

Implementing PassCard, a CardSpace-based Password Manager

The recently-proposed PassCard scheme enables CardSpace to be used as a password manager, thereby both improving the usability and security of passwords as well as encouraging CardSpace adoption. However, this scheme does not work with websites using HTTPS, seriously limiting its practicality. In this paper we extend PassCard to support sites using both HTTP and HTTPS. Usernames and passwords are stored in CardSpace personal cards, and these cards can be used to sign on transparently to corresponding websites. PassCard does not require any changes to login servers, default browser security settings or to the CardSpace identity selector and, in particular, it does not require websites to support CardSpace. We describe how this new version of PassCard operates, and present a proof-of-concept prototype. Security, usability and operational analyses are also provided

Summary

20090506_fidis_D3.12 final 1.0.od

Analysis of Windows Cardspace Identity Management System

The Internet, which was originally developed for academic purposes, has expanded and been applied to commercial and business enterprises. It is possible to purchase airline tickets, check bank balances and communicate through e-mail with each other through the Internet. These services can all be performed relatively easily with the proliferation of Internet Service Providers and the lower cost of Personal Computers. The development of the Internet has also had a huge impact on businesses with the growth of e-commerce, e-banking and the tremendous growth in email traffic. There is however a negative impact to this development of the Internet with the rise in on-line criminal activity. The increasing use of the Internet has resulted in the development of on-line identities for users. There can be a great deal of sensitive and personal information associated with an on-line identity and gaining access to these privileges can provide cyber criminals with access to personal resources such as bank account details, credit card information etc. This type of activity has given rise to the term identity theft . This project will present an introduction to Microsoft Cardspace and how it relates to dealing with identity theft, the theory behind the application and present practical demonstrations of how the technology can be implemented using Microsoft© .NET framework technology

Managing Identity Management Systems

Although many identity management systems have been proposed, in- tended to improve the security and usability of user authentication, major adoption problems remain. In this thesis we propose a range of novel schemes to address issues acting as barriers to adoption, namely the lack of interoper- ation between systems, simple adoption strategies, and user security within such systems. To enable interoperation, a client-based model is proposed supporting in- terworking between identity management systems. Information Card systems (e.g. CardSpace) are enhanced to enable a user to obtain a security token from an identity provider not supporting Information Cards; such a token, after en- capsulation at the client, can be processed by an Information Card-enabled relying party. The approach involves supporting interoperation at the client, while maximising transparency to identity providers, relying parties and iden- tity selectors. Four specific schemes conforming to the model are described, each of which has been prototyped. These schemes enable interoperation be- tween an Information Card-enabled relying party and an identity provider supporting one of Liberty, Shibboleth, OpenID, or OAuth. To facilitate adoption, novel schemes are proposed that enable Informa- tion Card systems to support password management and single sign on. The schemes do not require any changes to websites, and provide a simple, intu- itive user experience through use of the identity selector interface. They fa- miliarise users with Information Card systems, thereby potentially facilitating their future adoption. To improve user security, an enhancement to Information Card system user authentication is proposed. During user authentication, a one-time pass- word is sent to the user's mobile device which is then entered into the com- puter by the user. Finally, a universal identity management tool is proposed, designed to support a wide range of systems using a single user interface. It provides a consistent user experience, addresses a range of security issues (e.g. phishing), and provides greater user control during authentication.EThOS - Electronic Theses Online ServiceGBUnited Kingdo

Federated Identity Management Systems: A Privacy-based Characterization

Identity management systems store attributes associated with users and facilitate authorization on the basis of these attributes. A privacy-driven characterization of the principal design choices for identity management systems is given, and existing systems are fit into this framework. The taxonomy of design choices also can guide public policy relating to identity management, which is illustrated using the United States NSTIC initiative

Using CardSpace as a Password-based Single Sign-on System

In this paper we propose a simple scheme that allows Card-Space to be used as a password-based single sign-on system, thereby both improving the usability and security of passwords as well as encouraging CardSpace adoption. We describe three related approaches to achieving password-based single sign-on using CardSpace. In each case users are able to store their credentials for a set of websites in a personal card, and use it to seamlessly single sign on to all these websites. The approaches do not require any changes to login servers or to the CardSpace identity selector and, in particular, they do not require websites to support CardSpace. We also describe three proof-of-concept prototypes and give usability, security and performance analyses

Why Do People Adopt, or Reject, Smartphone Password Managers?

People use weak passwords for a variety of reasons, the most prescient of these being memory load and inconvenience. The motivation to choose weak passwords is even more compelling on Smartphones because entering complex passwords is particularly time consuming and arduous on small devices. Many of the memory- and inconvenience-related issues can be ameliorated by using a password manager app. Such an app can generate, remember and automatically supply passwords to websites and other apps on the phone. Given this potential, it is unfortunate that these applications have not enjoyed widespread adoption. We carried out a study to find out why this was so, to investigate factors that impeded or encouraged password manager adoption. We found that a number of factors mediated during all three phases of adoption: searching, deciding and trialling. The study’s findings will help us to market these tools more effectively in order to encourage future adoption of password managers

Tutorial: Identity Management Systems and Secured Access Control

Identity Management has been a serious problem since the establishment of the Internet. Yet little progress has been made toward an acceptable solution. Early Identity Management Systems (IdMS) were designed to control access to resources and match capabilities with people in well-defined situations, Today’s computing environment involves a variety of user and machine centric forms of digital identities and fuzzy organizational boundaries. With the advent of inter-organizational systems, social networks, e-commerce, m-commerce, service oriented computing, and automated agents, the characteristics of IdMS face a large number of technical and social challenges. The first part of the tutorial describes the history and conceptualization of IdMS, current trends and proposed paradigms, identity lifecycle, implementation challenges and social issues. The second part addresses standards, industry initia-tives, and vendor solutions. We conclude that there is disconnect between the need for a universal, seamless, trans-parent IdMS and current proposed standards and vendor solutions