Privacy-enhanced credential services

Dartmouth Technical Report TR2003-442

	Alex Iliev
	Sean Smith

Date: February 2003

URL (compressed postscript): <http://www.cs.dartmouth.edu/reports/TR2003-442.ps.Z> (140KB)

URL (PDF): <http://www.cs.dartmouth.edu/reports/TR2003-442.pdf> (296KB)

Abstract:
 The use of credential directories in PKI and authorization systems such as
 Shibboleth introduces a new privacy risk: an insider at the directory can learn
 much about otherwise protected interactions by observing who makes queries, and
 what they ask for.  Recent advances in Practical Private Information Retrieval
 provide promising countermeasures.  In this paper, we extend this technology to
 solve this new privacy problem, and present a design and preliminary prototype
 for a LDAP-based credential service that can prevent even an insider from
 learning anything more than the fact a query was made.  Our preliminary
 performance analysis suggests that the complete prototype may be sufficiently
 robust for academic enterprise settings.

Note:
 Submitted to the 2nd Annual PKI Research Workshop.