Projekte pro Jahr
Abstract
Identification, authentication and the exchange of users’ identity information are key factors
in protecting access to online services. Especially cost-effectiveness is a considerable incentive to
move identity management models into the public cloud. As cloud environments are not fully trusted,
the users’ sensitive attributes must not be stored or transmitted in plain, while it still has to be possible
to share them. One approach is to employ proxy re-encryption, which enables the identity provider to
transform a user’s encrypted attributes into ciphertext for an authorized service provider. However,
for adoption, the user’s perspective must not be neglected. In this paper, we propose a user-friendly
and user-centric identity management solution that employs cryptographic mechanisms to protect the
users’ privacy and keep them in control of the data sharing process. We integrate proxy re-encryption
into the widely-adopted OpenID Connect protocol to achieve end-to-end confidentiality. To make this
concept user-friendly, we introduce a mobile app that handles the involved cryptographic operations
which rely on keys securely stored in a trusted execution environment.
in protecting access to online services. Especially cost-effectiveness is a considerable incentive to
move identity management models into the public cloud. As cloud environments are not fully trusted,
the users’ sensitive attributes must not be stored or transmitted in plain, while it still has to be possible
to share them. One approach is to employ proxy re-encryption, which enables the identity provider to
transform a user’s encrypted attributes into ciphertext for an authorized service provider. However,
for adoption, the user’s perspective must not be neglected. In this paper, we propose a user-friendly
and user-centric identity management solution that employs cryptographic mechanisms to protect the
users’ privacy and keep them in control of the data sharing process. We integrate proxy re-encryption
into the widely-adopted OpenID Connect protocol to achieve end-to-end confidentiality. To make this
concept user-friendly, we introduce a mobile app that handles the involved cryptographic operations
which rely on keys securely stored in a trusted execution environment.
| Originalsprache | englisch |
|---|---|
| Titel | Open Identity Summit 2017 |
| Herausgeber (Verlag) | Gesellschaft für Informatik e.V. |
| ISBN (Print) | 978-3-88579-671-8 |
| Publikationsstatus | Veröffentlicht - 2017 |
Fingerprint
Untersuchen Sie die Forschungsthemen von „Towards Privacy-Preserving and User-Centric Identity Management as a Service“. Zusammen bilden sie einen einzigartigen Fingerprint.Projekte
- 1 Abgeschlossen
-
CREDENTIAL - Cloud-basierte Dienste von digitalen Identitäsinformationen - Secure Cloud Identity Wallet
1/10/15 → 30/09/18
Projekt: Forschungsprojekt