JSW 2009 Vol.4(7): 696-706 ISSN: 1796-217X
doi: 10.4304//jsw.4.7.696-706
doi: 10.4304//jsw.4.7.696-706
An Overview of VeryIDX - A Privacy-Preserving Digital Identity Management System for Mobile Devices
Federica Paci1, Elisa Bertino1, Sam Kerr1, Anna Squicciarini2, Jungha Woo1
1CERIAS and Computer Science Department, Purdue University
2Information Sciences and Technology, The Pennsylvania State University
Abstract—Users increasingly use their mobile devices to communicate, to conduct business transaction and access resources and services. In such a scenario, digital identity management (DIM) technology is fundamental in customizing user experience, protecting privacy, underpinning accountability in business transactions, and in complying with regulatory controls. Users identity consists of data, referred to as identity attributes, that encode relevant-security properties of the clients. However, identity attributes can be target of several attacks: the loss or theft of mobile devices results in a exposure of identity attributes; identity attributes that are send over WI-FI or 3G networks can be easily intercepted; identity attributes can also be captured via Bluetooth connections without the user’s consent; and mobile viruses, worms and Trojan horses can access the identity attributes stored on mobile devices if this information is not protected by passwords or PIN numbers. Therefore, assuring privacy and security of identity attributes, as well as of any sensitive information stored on mobile devices is crucial. In this paper we address such problems by proposing an approach to manage user identity attributes by assuring their privacypreserving usage. The approach is based on the concept of privacy preserving multi-factor authentication achieved by a new cryptographic primitive which uses aggregate signatures on commitments that are then used for aggregate zero-knowledge proof of knowledge (ZKPK) protocols. We present the implementation of such approach on Nokia NFC cellular phones and report performance evaluation results.
Index Terms—digital identity management, identity attributes, privacy, mobile devices
2Information Sciences and Technology, The Pennsylvania State University
Abstract—Users increasingly use their mobile devices to communicate, to conduct business transaction and access resources and services. In such a scenario, digital identity management (DIM) technology is fundamental in customizing user experience, protecting privacy, underpinning accountability in business transactions, and in complying with regulatory controls. Users identity consists of data, referred to as identity attributes, that encode relevant-security properties of the clients. However, identity attributes can be target of several attacks: the loss or theft of mobile devices results in a exposure of identity attributes; identity attributes that are send over WI-FI or 3G networks can be easily intercepted; identity attributes can also be captured via Bluetooth connections without the user’s consent; and mobile viruses, worms and Trojan horses can access the identity attributes stored on mobile devices if this information is not protected by passwords or PIN numbers. Therefore, assuring privacy and security of identity attributes, as well as of any sensitive information stored on mobile devices is crucial. In this paper we address such problems by proposing an approach to manage user identity attributes by assuring their privacypreserving usage. The approach is based on the concept of privacy preserving multi-factor authentication achieved by a new cryptographic primitive which uses aggregate signatures on commitments that are then used for aggregate zero-knowledge proof of knowledge (ZKPK) protocols. We present the implementation of such approach on Nokia NFC cellular phones and report performance evaluation results.
Index Terms—digital identity management, identity attributes, privacy, mobile devices
Cite: Federica Paci, Elisa Bertino, Sam Kerr, Anna Squicciarini, Jungha Woo, "An Overview of VeryIDX - A Privacy-Preserving Digital Identity Management System for Mobile Devices," Journal of Software vol. 4, no. 7, pp. 696-706, 2009.
General Information
ISSN: 1796-217X (Online)
Frequency: Quarterly
Editor-in-Chief: Prof. Antanas Verikas
Executive Editor: Ms. Yoyo Y. Zhou
Abstracting/ Indexing: DBLP, EBSCO, CNKI, Google Scholar, ProQuest, INSPEC(IET), ULRICH's Periodicals Directory, WorldCat, etc
E-mail: jsweditorialoffice@gmail.com
-
Mar 01, 2024 News!
Vol 19, No 1 has been published with online version [Click]
-
Jan 04, 2024 News!
JSW will adopt Article-by-Article Work Flow
-
Apr 01, 2024 News!
Vol 14, No 4- Vol 14, No 12 has been indexed by IET-(Inspec) [Click]
-
Apr 01, 2024 News!
Papers published in JSW Vol 18, No 1- Vol 18, No 6 have been indexed by DBLP [Click]
-
Nov 02, 2023 News!
Vol 18, No 4 has been published with online version [Click]