Establishing and protecting digital identity in federation systems

We develop solutions for the security and privacy of user iden-tity information in a federation. By federation we mean a group of organizations or service providers which have built trust among each other and enable sharing of user identity information amongst themselves. We first propose a flexible approach to establish a sin-gle sign-on (SSO) ID in the federation. Then we show how a user can leverage this SSO ID to establish certified and un-certified user identity attributes without the dependence on PKI for user authenti-cation. This makes the process more usable and privacy preserving. Our major contribution in this paper is a novel solution for protec-tion against identity theft of these identity attributes. We provide protocols based on cryptographic techniques, namely zero knowl-edge proofs and distributed hash tables. We show how we can pre-serve privacy of the user identity without jeopardizing security. We formally prove correctness and provide complexity results for our protocols. The complexity results show that our approach is effi-cient. In the paper we also show that the protocol is robust enough even in case semi-trusted “honest-yet curious ” service providers thus preventing against insider threat. In our analysis we give the desired properties of the cryptographic tools used and identify open problems. We believe that the approach represents a precursor to new and innovative cryptographic techniques which can provide solutions for the security and privacy problems in federated iden-tity management