Protocols and systems for privacy preserving protection of digital identity

To support emerging online activities within the digital information infrastructure, such as commerce, healthcare, entertainment and scientific collaboration, it is increasingly important to verify and protect the digital identity of the individuals involved. Identity management systems manage the digital identity life cycle of individuals which includes issuance, usage and revocation of digital identifiers. Identity management systems have improved the management of identity information and user convenience; however they do not provide specific solutions to address protection of identity from threats such as identity theft and privacy violation. One major shortcoming of current approaches is the lack of strong verification techniques for issuance and usage of digital identifiers. In the absence of verification mechanisms, digital identifiers can be misused to commit identity theft. Another shortcoming is the inability of individuals to disclose minimal data while satisfying strong identity verification requirements. The extraneous data collected can potentially be aggregated or used in a manner that would lead to violation of an individual\u27s privacy. Finally, current identity management systems do not consider biometric and history-based identifiers. Such identifiers are increasingly becoming an integral part of an individual\u27s identity. Such types of identity data also need to be used with other digital identifiers and protected against misuse. In this thesis we introduce a number of techniques that address the above problems. Our approach is based on the concept of privacy preserving multi-factor identity verification. The technique consists of verifying multiple identifier claims of an individual, without revealing extraneous identity information. A distinguishing feature of our approach is that we employ identity protection and verification techniques in all stages of the identity life cycle. We also enhance our approach with the use of biometric and history-based identifiers. In particular we provide the following key contributions: (1) A new cryptographic primitive referred to as aggregate proof of knowledge to achieve privacy preserving multi-factor verification. This primitive uses aggregate signatures on commitments that are then used for aggregate zero-knowledge proof of knowledge (ZKPK) protocols. Our cryptographic scheme is better in terms of the performance, flexibility and storage requirements than existing efficient ZKPK techniques that may be used to prove, under zero-knowledge, the knowledge of multiple secrets. (2) Algorithms to generate biometric keys reliably from an individual\u27s biometric images. These keys are used to create biometric commitments that are subsequently used to perform multi-factor identity verification using ZKPK. Several factors, including various traditional identity attributes, can thus be used in conjunction with one or more biometrics of the individual. We also ensure security and privacy of the biometric data and show how the biometric key is not revealed even if all the data, including cryptographic secrets, stored at the client machine are compromised. (3) A series of protocols for the establishment and management of an individual\u27s transaction history-based identifiers encoded as receipts from e-commerce transactions. These receipt protocols satisfy the security and privacy requirements related to the management of the electronic receipts. We also demonstrate how the users receipt protocols can be employed in the context of mobile phones. In particular we provide techniques to manage the portable identity information on such devices, and use them at physical locations of the service providers

Policy Languages for Digital Identity Management in Federation Systems

The goal of service provider federations is to support a controlled method by which distributed organizations can provide services to qualified individuals and manage their identity attributes at an inter-organizational level. In order to make access control decisions the history of activities should be accounted for, therefore it is necessary to record information on interactions among the federation entities. To achieve these goals we propose a comprehensive assertion language able to support description of static and dynamic properties of the federation system. The assertions are a powerful means to describe the behavior of the entities interacting in the federation, and to define policies controlling access to services and privacy policies. We also propose a log-based approach for capturing the history of activities within the federationimplemented as a set of tables stored at databases at the various organizations in the federation. We illustrate how, by using different types of queries on such tables, security properties of the federation can be verified

Trust Negotiation in Identity Management

Most organizations require the verification of personal information before providing services, and the privacy of such information is of growing concern. The authors show how federated identity management systems can better protect users\u27 information when integrated with trust negotiation. In today\u27s increasingly competitive business environment, more and more leading organizations are building Web-based infrastructures to gain the strategic advantages of collaborative networking. However, to facilitate collaboration and fully exploit such infrastructures, organizations must identify each user in the collaborative network as well as the resources each user is authorized to access. User identification and access control must be carried out so as to maximize user convenience and privacy without increasing organizations1 operational costs. A federation can serve as the basic context for determining suitable solutions to this issue. A federation is a set of organizations that establish trust relationships with respect to the identity information-the federated identity information-that is considered valid. A federated identity management system (idM) provides a group of organizations that collaborate with mechanisms for managing and gaining access to user identity information and other resources across organizational boundarie

Password policy simulation and analysis

Passwords are an ubiquitous and critical component of many security systems. As the information and access guarded by passwords become more necessary, we become ever more dependent upon the security passwords provide. The creation and management of passwords is crucial, and for this we must develop and deploy password policies. This paper focuses on defining and modeling password policies for the entire password policy lifecycle. The paper first discusses a language for specifying password policies. Then, a simulation model is presented with a comprehensive set of variables and the algorithm for simulating a password policy and its impact. Finally, the paper presents several simulation results using the password policy simulation tool

Receipt management- transaction history based trust establishment

In a history-based trust-management system, users and service providers use information about past transactions to make trust-based decisions concerningcurrent transactions. One category of such systems is represented by the reputation systems. However, despite the growing body of experience in building reputation systems, there are several limitations on how they are typically implemented. They often rely on scores that are evaluated by service providers and are often not reliable or well understood. We believe that reputation hasto be based on objective and reliable information. In such context, transaction histories play an important role. In this paper, we present the VeryIDX systemthat implements an electronic receipt infrastructure and supports protocols to build and manage online transaction history of users. The receipt protocols are shown to have several essential security and privacy properties. We present a basic yet reasonably expressive language which provides service providers with a new way to establish trust based on users\u27 transaction history. We alsodescribe the architecture and prototype implementation of VeryIDX, based on several important design considerations of a real-world e-commerce system infrastructure

Privacy preserving multi-factor authentication with biometrics

An emerging approach to the problem of reducing the identity theft is represented by the adoption of biometric authentication systems. Such systems however present however several challenges, related to privacy, reliability, security of the biometric data. Inter-operability is also required among the devices used for the authentication. Moreover, very often biometric authentication in itself is not sufficient as a conclusive proof of identity and has to be complemented with multiple other proofs of identity like passwords, SSN, or other user identifiers. Multi-factor authentication mechanisms are thus required to enforce strong authentication based on the biometric and identifiers of other nature.In this paper we provide a two-phase authentication mechanism for federated identity management systems. The first phase consists of a two-factor biometric authentication based on zero knowledge proofs. We employ techniques from vector-space model to generate cryptographic biometric keys. These keys are kept secret, thus preserving the confidentiality of the biometric data, and at the same time exploit the advantages of a biometric authentication. The second authentication combines several authentication factors in conjunction with the biometric to provide a strong authentication. A key advantage of our approach is that any unanticipated combination of factors can be used. Such authentication system leverages the information of the user that are available from the federated identity management system