Privacy-enhanced credential services

Authors

Alex Iliev, Dartmouth College
Sean Smith, Dartmouth College

Document Type

Technical Report

Publication Date

2-11-2003

Technical Report Number

TR2003-442

Abstract

The use of credential directories in PKI and authorization systems such as Shibboleth introduces a new privacy risk: an insider at the directory can learn much about otherwise protected interactions by observing who makes queries, and what they ask for. Recent advances in Practical Private Information Retrieval provide promising countermeasures. In this paper, we extend this technology to solve this new privacy problem, and present a design and preliminary prototype for a LDAP-based credential service that can prevent even an insider from learning anything more than the fact a query was made. Our preliminary performance analysis suggests that the complete prototype may be sufficiently robust for academic enterprise settings.

Comments

Submitted to the 2nd Annual PKI Research Workshop.

Dartmouth Digital Commons Citation

Iliev, Alex and Smith, Sean, "Privacy-enhanced credential services" (2003). Computer Science Technical Report TR2003-442. https://digitalcommons.dartmouth.edu/cs_tr/208