首页    期刊浏览 2024年11月25日 星期一
登录注册

文章基本信息

  • 标题:Improving the Security of CardSpace
  • 本地全文:下载
  • 作者:Waleed A. Alrodhan ; Chris J. Mitchell
  • 期刊名称:EURASIP Journal on Information Security
  • 印刷版ISSN:1687-4161
  • 电子版ISSN:1687-417X
  • 出版年度:2009
  • 卷号:2009
  • DOI:10.1155/2009/167216
  • 出版社:Hindawi Publishing Corporation
  • 摘要:

    CardSpace (formerly known as InfoCard) is a digital identity management system that has recently been adopted by Microsoft. In this paper we identify two security shortcomings in CardSpace that could lead to a serious privacy violation. The first is its reliance on user judgements of the trustworthiness of service providers, and the second is its reliance on a single layer of authentication. We also propose a modification designed to address both flaws. The proposed approach is compatible with the currently deployed CardSpace identity metasystem and should enhance the privacy of the system whilst involving only minor changes to the current CardSpace framework. We also provide a security and performance analysis of the proposal.

国家哲学社会科学文献中心版权所有