Paper 2013/329

Protocol Variants and Electronic Identification

Kristian Gjøsteen

Abstract

It is important to be able to evaluate information security systems involving humans. We propose an approach in which we consider the system as a cryptographic protocol, and users are modeled as ordinary players. To model the fact that users make mistakes that affect security, we introduce protocol variants that model mistakes or combinations of mistakes. By analysing the base protocol and its variants, and at the same time considering how likely each variant is, we get a reasonable estimate of the real security of the system. Our work takes the form of a case study of four Norwegian federated identity systems, as well as two proposals for improved systems. The four systems span a good mix of various types of federated identity systems.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. Unknown where it was published
Contact author(s)
kristian gjosteen @ math ntnu no
History
2013-06-02: received
Short URL
https://ia.cr/2013/329
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2013/329,
      author = {Kristian Gjøsteen},
      title = {Protocol Variants and Electronic Identification},
      howpublished = {Cryptology ePrint Archive, Paper 2013/329},
      year = {2013},
      note = {\url{https://eprint.iacr.org/2013/329}},
      url = {https://eprint.iacr.org/2013/329}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.