Papers     Last modified: 08/27/03 11:56:51 AM

A. Iliev, S.W. Smith.
"Privacy-Enhanced Credential Services."
2nd Annual PKI Resarch Workshop. NIST, Gaithersburg. April 2003.


The use of credential directories in PKI and authorization systems such as Shibboleth introduces a new privacy risk: an insider at the directory can learn much about otherwise protected interactions by observing who makes queries, and what they ask for. Recent advances in Practical Private Information Retrieval provide promising countermeasures. In this paper, we extend this technology to solve this new privacy problem, and present a design and preliminary prototype for a LDAP-based credential service that can prevent even an insider from learning anything more than the fact a query was made. Our preliminary performance analysis suggests that the complete prototype may be sufficiently robust for academic enterprise settings.




See Also

Smith Safford 2001

Back to home page Maintained by Sean Smith,