Authenticated Dictionary-Based Attribute Sharing in Federated Identity Management.
ABSTRACT Authenticated dictionaries have been primarily studied and used in the context of certificate revocation in public key infrastructure (PKI). This paper presents a novel approach to enabling controlled access to and selective sharing of sensitive user attributes in federated identity management (FIM) by integrating an authenticated dictionary (ADT)-based credential into FIM, while attempting to achieve both better privacy control and usability. Our approach is motivated by the notion of user-centricity, which is essentially to give users a larger degree of control over their attributes. We discuss the design of a security system based on the usage of ADT-based credentials. Finally we discuss a proof-of-concept implementation.
- SourceAvailable from: psu.edu[show abstract] [hide abstract]
ABSTRACT: We introduce the notion of persistent authenticated dictionaries, that is, dictionaries where the user can make queries of the type "was element e in set S at time t?" and get authenticated answers. Applications include credential and certificate validation checking in the past (as in digital signatures for electronic contracts), digital receipts, and electronic tickets. We present two data structures that can e#ciently support an infrastructure for persistent authenticated dictionaries, and we compare their performance.12/2001;
Conference Proceeding: Implementation of an authenticated dictionary with skip lists andcommutative hashing[show abstract] [hide abstract]
ABSTRACT: We present the software architecture and implementation of an efficient data structure for dynamically maintaining an authenticated dictionary. The building blocks of the data structure are skip lists and one-way commutative hash functions. We also present the results of a preliminary experiment on the performance of the data structure. Applications of our work include certificate revocation in a public key infrastructure and the publication of data collections on the InternetDARPA Information Survivability Conference & Exposition II, 2001. DISCEX '01. Proceedings; 02/2001
Article: Achieving Electronic PrivacyScientific American 01/1992; 267(2):96-101. · 1.48 Impact Factor