Technical Report Number
The use of credential directories in PKI and authorization systems such as Shibboleth introduces a new privacy risk: an insider at the directory can learn much about otherwise protected interactions by observing who makes queries, and what they ask for. Recent advances in Practical Private Information Retrieval provide promising countermeasures. In this paper, we extend this technology to solve this new privacy problem, and present a design and preliminary prototype for a LDAP-based credential service that can prevent even an insider from learning anything more than the fact a query was made. Our preliminary performance analysis suggests that the complete prototype may be sufficiently robust for academic enterprise settings.
Dartmouth Digital Commons Citation
Iliev, Alex and Smith, Sean, "Privacy-enhanced credential services" (2003). Computer Science Technical Report TR2003-442. https://digitalcommons.dartmouth.edu/cs_tr/208