Research Article
Addressing privacy issues in CardSpace
@INPROCEEDINGS{10.1109/IAS.2007.12, author={ Waleed A. Alrodha and Chris J. Mitchell}, title={Addressing privacy issues in CardSpace}, proceedings={3rd International ICST Symposium on Information Assurance and Security}, publisher={IEEE}, proceedings_a={IAS}, year={2007}, month={9}, keywords={Authentication Credit cards Cryptography Identity management systems Information security Large-scale systems Performance analysis Privacy Web and internet services}, doi={10.1109/IAS.2007.12} }- Waleed A. Alrodha
Chris J. Mitchell
Year: 2007
Addressing privacy issues in CardSpace
IAS
IEEE
DOI: 10.1109/IAS.2007.12
Abstract
CardSpace (formerly known as InfoCard) is a Digital Identity Management system that has recently been adopted by Microsoft. In this paper we identify two security flaws in CardSpace that may lead to a serious privacy violation. The first flaw is the reliance on Internet user judgements of the trustworthiness of service providers, and the second is the reliance of the system on a single layer of authentication. We also propose a solution designed to address both flaws. Our solution is compatible with the currently deployed CardSpace identity metasystem, and should enhance the privacy of the system with minor changes to the current CardSpace framework. We also provide a security and performance analysis of the proposed solution.