Top

Published in:

2020 | OriginalPaper | Chapter

Identity Management: State of the Art, Challenges and Perspectives

Authors : Tore Kasper Frederiksen, Julia Hesse, Anja Lehmann, Rafael Torres Moreno

Published in: Privacy and Identity Management. Data for Better Living: AI and Privacy

Publisher: Springer International Publishing

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Passwords are still the primary means for achieving user authentication online. However, using a username-password combination at every service provider someone wants to connect to introduces several possibilities for vulnerabilities. A combination of password reuse and a compromise of an iffy provider can quickly lead to financial and identity theft. Further, the username-password paradigm also makes it hard to distribute authorized and up-to-date attributes about users; like residency or age. Being able to share such authorized information is becoming increasingly more relevant as more real-world services become connected online. A number of alternative approaches such as individual user certificates, Single Sign-On (SSO), and Privacy-Enhancing Attribute-Based Credentials (P-ABCs) exist. We will discuss these different strategies and highlight their individual benefits and shortcomings. In short, their strengths are highly complementary: P-ABC based solutions are strongly secure and privacy-friendly but cumbersome to use; whereas SSO provides a convenient and user-friendly solution, but requires a fully trusted identity provider, as it learns all users’ online activities and could impersonate users towards other providers.

The vision of the Olympus project is to combine the advantages of these approaches into a secure and user-friendly identity management system using distributed and advanced cryptography. The distributed aspect will avoid the need of a single trusted party that is inherent in SSO, yet maintain its usability advantages for the end users. We will sketch our vision and outline the design of Olympus’ distributed identity management system.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

previous chapter Opportunities and Challenges of Dynamic Consent in Commercial Big Data Analytics

next chapter SoK: Cryptography for Neural Networks

Agrawal, S., Miao, P., Mohassel, P., Mukherjee, P.: PASTA: password-based threshold authentication. In: ACM CCS, pp. 2042–2059 (2018)

Algesheimer, J., Camenisch, J., Shoup, V.: Efficient computation modulo a shared secret with application to the generation of shared safe-prime products. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 417–432. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-45708-9_27CrossRef

Bichsel, P., et al.: An architecture for privacy-ABCs. In: Rannenberg, K., Camenisch, J., Sabouri, A. (eds.) Attribute-Based Credentials for Trust, pp. 11–78. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-14439-9_2CrossRef

Boneh, D., Franklin, M.K.: Efficient generation of shared RSA keys. J. ACM 48(4), 702–722 (2001)MathSciNetCrossRef

Cadwalladr, C., Graham-Harrison, E.: Revealed: 50 million Facebook profiles harvested for Cambridge analytica in major data breach. The Guardian. https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election

Camenisch, J., Herreweghen, E.V.: Design and implementation of the idemix anonymous credential system. In: ACM CCS, pp. 21–30 (2002)

Camenisch, J., Krenn, S., Lehmann, A., Mikkelsen, G.L., Neven, G., Pedersen, M.Ø.: Formal treatment of privacy-enhancing credential systems. IACR Cryptology ePrint Archive 2014/708 (2014)

Camenisch, J., Lehmann, A., Neven, G.: Optimal distributed password verification. In: ACM CCS, pp. 182–194 (2015)

Camenisch, J., Lysyanskaya, A.: An efficient system for non-transferable anonymous credentials with optional anonymity revocation. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 93–118. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44987-6_7CrossRef

10.

Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–88 (1981)CrossRef

11.

Doerner, J., Kondi, Y., Lee, E., Shelat, A.: Threshold ECDSA from ECDSA assumptions: the multiparty case. In: IEEE Symposium on Security and Privacy, SP, pp. 1051–1066 (2019)

12.

Everspaugh, A., Chatterjee, R., Scott, S., Juels, A., Ristenpart, T.: The Pythia PRF service. In: 24th USENIX Security Symposium pp. 547–562 (2015)

13.

Frankel, Y., MacKenzie, P.D., Yung, M.: Robust efficient distributed RSA-Key generation. In: Proceedings of the Thirtieth Annual ACM Symposium on the Theory of Computing, pp. 663–672 (1998)

14.

Frauenfelder, M.: ‘I forgot my PIN’: an epic tale of losing \$30,000 in bitcoin. Wired. https://www.wired.com/story/i-forgot-my-pin-an-epic-tale-of-losing-dollar30000-in-bitcoin/

15.

Frederiksen, T.K., Lindell, Y., Osheter, V., Pinkas, B.: Fast distributed RSA key generation for semi-honest and malicious adversaries. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 331–361. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_12CrossRef

16.

Freedman, M.J., Ishai, Y., Pinkas, B., Reingold, O.: Keyword search and oblivious pseudorandom functions. In: Kilian, J. (ed.) TCC 2005. LNCS, vol. 3378, pp. 303–324. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30576-7_17CrossRef

17.

Fuchsbauer, G.: Commuting signatures and verifiable encryption. In: Paterson, K.G. (ed.) EUROCRYPT 2011. LNCS, vol. 6632, pp. 224–245. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20465-4_14CrossRef

18.

Gennaro, R., Goldfeder, S., Ithurburn, B.: Fully distributed group signatures (2019). https://www.orbs.com/wp-content/uploads/2019/04/Crypto_Group_signatures-2.pdf

19.

Goel, V., Perlroth, N.: Yahoo says 1 billion user accounts were hacked. The New York Times. https://www.nytimes.com/2016/12/14/technology/yahoo-hack.html

20.

Hardt, D.: The OAuth 2.0 Authorization Framework. RFC 6749, October 2012. https://tools.ietf.org/html/rfc6749

21.

Honan, M.: How Apple and Amazon security flaws led to my epic hacking. Wired. https://www.wired.com/2012/08/apple-amazon-mat-honan-hacking/

22.

Hong, N., Hoffman, L., Andriotis, A.: Capital one reports data breach affecting 100 million customers, applicants. Wall Street J. https://www.wsj.com/articles/capital-one-reports-data-breach-11564443355

23.

Jarecki, S., Kiayias, A., Krawczyk, H.: Round-optimal password-protected secret sharing and T-PAKE in the password-only model. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 233–253. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-45608-8_13CrossRefMATH

24.

Kosinski, M., Matz, S., Gosling, S., Popov, V., Stillwell, D.: Facebook as a research tool for the social sciences. Am. Psychol. 70, 543–556 (2015). https://doi.org/10.1037/a0039210CrossRef

25.

Lindell, Y., Nof, A.: Fast secure multiparty ECDSA with practical distributed key generation and applications to cryptocurrency custody. In: ACM CCS, pp. 1837–1854 (2018)

26.

Newman, L.H.: Equifax officially has no excuse. Wired. https://www.wired.com/story/equifax-breach-no-excuse/

27.

O’Flaherty, K.: Collection 1 breach - how to find out if your password has been stolen. Forbes (2019). https://www.forbes.com/sites/kateoflahertyuk/2019/01/17/collection-1-breach-how-to-find-out-if-your-password-has-been-stolen/#37aa36382a2e

28.

Paquin, C., Zaverucha, G.: U-prove cryptographic specification v1. 1. Technical report, Microsoft Corporation (2011)

29.

Rekhter, Y., Li, T.: Security Assertion Markup Language (SAML) V2.0. OASIS, March 2015. http://saml.xml.org/saml-specifications

30.

Sonnino, A., Al-Bassam, M., Bano, S., Meiklejohn, S., Danezis, G.: Coconut: threshold issuance selective disclosure credentials with applications to distributed ledgers. In: Network and Distributed System Security Symposium, NDSS (2019)

31.

Wang, C., Jan, S.T.K., Hu, H., Bossart, D., Wang, G.: The next domino to fall: empirical analysis of user passwords across online services. In: Proceedings of CODASPY (2018)

Title: Identity Management: State of the Art, Challenges and Perspectives
Authors: Tore Kasper Frederiksen
Julia Hesse
Anja Lehmann
Rafael Torres Moreno
Publisher: Springer International Publishing
Book: Privacy and Identity Management. Data for Better Living: AI and Privacy
Print ISBN: 978-3-030-42503-6

Electronic ISBN: 978-3-030-42504-3

Copyright Year: 2020
DOI: https://doi.org/10.1007/978-3-030-42504-3_4

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner