Last modified: 08/27/03 11:56:51 AM
A. Iliev, S.W. Smith.
"Privacy-Enhanced Credential Services."
2nd Annual PKI Resarch Workshop.
NIST, Gaithersburg. April 2003.
The use of credential directories in PKI and authorization systems
such as Shibboleth introduces a new privacy risk: an insider at the
directory can learn much about otherwise protected interactions by
observing who makes queries, and what they ask for. Recent advances in
Practical Private Information Retrieval provide promising
countermeasures. In this paper, we extend this technology to solve
this new privacy problem, and present a design and preliminary
prototype for a LDAP-based credential service that can prevent even
an insider from learning anything more than the fact a query was
made. Our preliminary performance analysis suggests that the complete
prototype may be sufficiently robust for academic enterprise settings.
Smith Safford 2001