• DocumentCode
    3366812
  • Title

    Addressing privacy issues in CardSpace

  • Author

    Alrodhan, Waleed A. ; Mitchell, Chris J.

  • Author_Institution
    Univ. of London, Egham
  • fYear
    2007
  • fDate
    29-31 Aug. 2007
  • Firstpage
    285
  • Lastpage
    291
  • Abstract
    CardSpace (formerly known as InfoCard) is a Digital Identity Management system that has recently been adopted by Microsoft. In this paper we identify two security flaws in CardSpace that may lead to a serious privacy violation. The first flaw is the reliance on Internet user judgements of the trustworthiness of service providers, and the second is the reliance of the system on a single layer of authentication. We also propose a solution designed to address both flaws. Our solution is compatible with the currently deployed CardSpace identity metasystem, and should enhance the privacy of the system with minor changes to the current CardSpace framework. We also provide a security and performance analysis of the proposed solution.
  • Keywords
    Internet; data privacy; message authentication; CardSpace identity metasystem; InfoCard; Internet user judgements; Microsoft; authentication; digital identity management system; privacy violation; service providers; Authentication; Credit cards; Cryptography; Identity management systems; Information security; Large-scale systems; Performance analysis; Privacy; Web and internet services;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Information Assurance and Security, 2007. IAS 2007. Third International Symposium on
  • Conference_Location
    Manchester
  • Print_ISBN
    0-7695-2876-7
  • Electronic_ISBN
    978-0-7695-2876-2
  • Type

    conf

  • DOI
    10.1109/IAS.2007.12
  • Filename
    4299788
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3366812