Towards Privacy-Preserving and User-Centric Identity Management as a Service

Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

Abstract

Identification, authentication and the exchange of users’ identity information are key factors
in protecting access to online services. Especially cost-effectiveness is a considerable incentive to
move identity management models into the public cloud. As cloud environments are not fully trusted,
the users’ sensitive attributes must not be stored or transmitted in plain, while it still has to be possible
to share them. One approach is to employ proxy re-encryption, which enables the identity provider to
transform a user’s encrypted attributes into ciphertext for an authorized service provider. However,
for adoption, the user’s perspective must not be neglected. In this paper, we propose a user-friendly
and user-centric identity management solution that employs cryptographic mechanisms to protect the
users’ privacy and keep them in control of the data sharing process. We integrate proxy re-encryption
into the widely-adopted OpenID Connect protocol to achieve end-to-end confidentiality. To make this
concept user-friendly, we introduce a mobile app that handles the involved cryptographic operations
which rely on keys securely stored in a trusted execution environment.
Originalspracheenglisch
TitelOpen Identity Summit 2017
Herausgeber (Verlag)Gesellschaft für Informatik e.V.
ISBN (Print)978-3-88579-671-8
PublikationsstatusVeröffentlicht - 2017

Fingerprint

Cost effectiveness
Application programs
Authentication
Cryptography
Network protocols

Schlagwörter

    Dies zitieren

    Dash, P., Rabensteiner, C., Hörandner, F., & Roth, S. (2017). Towards Privacy-Preserving and User-Centric Identity Management as a Service. in Open Identity Summit 2017 Gesellschaft für Informatik e.V..

    Towards Privacy-Preserving and User-Centric Identity Management as a Service. / Dash, Pritam; Rabensteiner, Christof; Hörandner, Felix; Roth, Simon.

    Open Identity Summit 2017. Gesellschaft für Informatik e.V., 2017.

    Publikation: Beitrag in Buch/Bericht/KonferenzbandBeitrag in einem KonferenzbandForschungBegutachtung

    Dash, P, Rabensteiner, C, Hörandner, F & Roth, S 2017, Towards Privacy-Preserving and User-Centric Identity Management as a Service. in Open Identity Summit 2017. Gesellschaft für Informatik e.V.
    Dash P, Rabensteiner C, Hörandner F, Roth S. Towards Privacy-Preserving and User-Centric Identity Management as a Service. in Open Identity Summit 2017. Gesellschaft für Informatik e.V. 2017
    @inproceedings{660754943cf941efab970decdf55dc84,
    title = "Towards Privacy-Preserving and User-Centric Identity Management as a Service",
    abstract = "Identification, authentication and the exchange of users’ identity information are key factorsin protecting access to online services. Especially cost-effectiveness is a considerable incentive tomove identity management models into the public cloud. As cloud environments are not fully trusted,the users’ sensitive attributes must not be stored or transmitted in plain, while it still has to be possibleto share them. One approach is to employ proxy re-encryption, which enables the identity provider totransform a user’s encrypted attributes into ciphertext for an authorized service provider. However,for adoption, the user’s perspective must not be neglected. In this paper, we propose a user-friendlyand user-centric identity management solution that employs cryptographic mechanisms to protect theusers’ privacy and keep them in control of the data sharing process. We integrate proxy re-encryptioninto the widely-adopted OpenID Connect protocol to achieve end-to-end confidentiality. To make thisconcept user-friendly, we introduce a mobile app that handles the involved cryptographic operationswhich rely on keys securely stored in a trusted execution environment.",
    keywords = "Identity Management, OpenID Connect, Trusted Execution Environment, Cloud computing, Mobile application, proxy re-encryption",
    author = "Pritam Dash and Christof Rabensteiner and Felix H{\"o}randner and Simon Roth",
    year = "2017",
    language = "English",
    isbn = "978-3-88579-671-8",
    booktitle = "Open Identity Summit 2017",
    publisher = "Gesellschaft f{\"u}r Informatik e.V.",
    address = "Germany",

    }

    TY - GEN

    T1 - Towards Privacy-Preserving and User-Centric Identity Management as a Service

    AU - Dash, Pritam

    AU - Rabensteiner, Christof

    AU - Hörandner, Felix

    AU - Roth, Simon

    PY - 2017

    Y1 - 2017

    N2 - Identification, authentication and the exchange of users’ identity information are key factorsin protecting access to online services. Especially cost-effectiveness is a considerable incentive tomove identity management models into the public cloud. As cloud environments are not fully trusted,the users’ sensitive attributes must not be stored or transmitted in plain, while it still has to be possibleto share them. One approach is to employ proxy re-encryption, which enables the identity provider totransform a user’s encrypted attributes into ciphertext for an authorized service provider. However,for adoption, the user’s perspective must not be neglected. In this paper, we propose a user-friendlyand user-centric identity management solution that employs cryptographic mechanisms to protect theusers’ privacy and keep them in control of the data sharing process. We integrate proxy re-encryptioninto the widely-adopted OpenID Connect protocol to achieve end-to-end confidentiality. To make thisconcept user-friendly, we introduce a mobile app that handles the involved cryptographic operationswhich rely on keys securely stored in a trusted execution environment.

    AB - Identification, authentication and the exchange of users’ identity information are key factorsin protecting access to online services. Especially cost-effectiveness is a considerable incentive tomove identity management models into the public cloud. As cloud environments are not fully trusted,the users’ sensitive attributes must not be stored or transmitted in plain, while it still has to be possibleto share them. One approach is to employ proxy re-encryption, which enables the identity provider totransform a user’s encrypted attributes into ciphertext for an authorized service provider. However,for adoption, the user’s perspective must not be neglected. In this paper, we propose a user-friendlyand user-centric identity management solution that employs cryptographic mechanisms to protect theusers’ privacy and keep them in control of the data sharing process. We integrate proxy re-encryptioninto the widely-adopted OpenID Connect protocol to achieve end-to-end confidentiality. To make thisconcept user-friendly, we introduce a mobile app that handles the involved cryptographic operationswhich rely on keys securely stored in a trusted execution environment.

    KW - Identity Management

    KW - OpenID Connect

    KW - Trusted Execution Environment

    KW - Cloud computing

    KW - Mobile application

    KW - proxy re-encryption

    M3 - Conference contribution

    SN - 978-3-88579-671-8

    BT - Open Identity Summit 2017

    PB - Gesellschaft für Informatik e.V.

    ER -