Be alert, be alarmed!

The fast growth in the number of online services leads to an increasing number of different digital identities each user needs to manage. As a result, many people feel overloaded with identities which negatively impact their ability to manage these identities securely. Users and organisations need a secure and convenient system capable of controlling digital identities.

Identity Management Systems are built to protect user's personal information against attacks. The typical scenario is that an attacker is trying to illegally get some confidential information about a user.

Privacy is a major concern in any identity management system. Users should have control over their identities and personal information, so they can decide who to communicate with and give their personal information.

A general privacy principle is that personal information should be disclosed as minimally as possible and not be shared with parties who have no direct involvement in the interaction between users and service providers.

In fact, privacy violation is considered to be a major threat to identity management systems. An example of privacy violation is using user's personal information for purposes other than those agreed. The correlation of user's personal information that could allow revealing his or her identity, impersonating users for malicious purposes and revealing user's personal information which the user would not be willing to disclose.

To ensure privacy, all involved parties should follow a well defined security policy. The Office of the Privacy Commissioner at the Australian government aims to protect privacy in Australia under the federal Privacy Act 1988. Two important privacy standards are used for that purpose: the Information Privacy Principles and the National Privacy Principles.

The Information Privacy Principles (available here) are intended to be followed by federal and ACT government agencies when handling personal information. On the other hand, private sector organisations, in relation to personal information, need to comply with the National Privacy Principles (available here).

The two main and most popular identity theft attacks that identity management systems try to protect from are the keyboard logging and the spoofing attacks. The two attacks aim to collect personal information about the victim, such as credentials, so the attacker can use those credentials to authenticate himself to the service provider as the legitimate user and then perform illegal operations.

The keyboard logger is a malicious program that runs on the victim's infected personal computer and it aims to collect user personal information by recording the keystrokes of the user without his/her knowledge. This information is then sent to the attacker and with some analysis the attacker will be able to gain the credentials necessary to access online services.

A spoofing attack is a situation in which the attacker successfully masquerades as another identity to illegally gain an advantage.

Whereas keyboard logging requires infection of victim's machines with a malicious program (keyboard logger), spoofing attack can work without this requirement. Phishing and pharming are the most known spoofing attacks.

Phishing attack is where an attacker sends a spam email containing an URL link which leads to the attacker server (the fake) masquerading as the legitimate URL of the service provider to fraudulently acquire sensitive information (like passwords) about the victim.

Phishing attacks, which are a combination of social engineering and man-in-the-middle attacks, are aimed at obtaining sensitive information like login identities and passwords from unsuspecting users. A phishing attack normally starts by sending email asking people to log on to a fake Web site masquerading as a genuine Web site that requires login and authentication.

There are always people who will fall victim to such emails, and they will not notice the fake Web site despite using TLS (Transport Layer Security). Technically, the fake Web site has been correctly authenticated. Semantically speaking, this is a case of false positive, i.e. the client has incorrectly authenticated the server. The problem is not due to weak cryptographic authentication mechanisms, but to poor usability of the overall authentication solution, of which TLS is only a small part.

Pharming attacks trick users into logging into the attacker's website by poisoning the DNS (Domain Name Server) cache on the client platform or local broadband router, so that the domain name of the genuine online bank corresponds to the IP address of the attacker's server in the poisoned DNS cache. With a poisoned DNS, the browser will connect to the attacker's server even though the customer manually types the correct domain name of the bank.

Usability in CHI (Human-Computer Interaction) is normally understood as the simplicity and clarity with which the interaction with a computer program or a web site is designed.

Despite technical aspects, identity management systems need to provide adequate usability and should have a simple and intuitive interface. The system should not only be designed to satisfy service provider requirements but also should consider user requirements, otherwise it will lead to inconvenience and poor usability for users when managing their identities. With poor usability and a poor user interface with regards to security, the system will have poor security.

For example, to avoid the tedious task of remembering difficult passwords, users usually behave less securely by using redundant and weak passwords. This bad password habit represents a threat to identity management systems. The traditional requirement that passwords should be difficult to guess and should be different for different services puts a considerable mental burden on users.

Various studies show that people use heuristic strategies to reduce the mental load. Unfortunately, these strategies also make passwords vulnerable to attack. A typical strategy consists of reusing a small number of passwords for all the services a user accesses. This means that the number of passwords is constant while the number of services increases. To protect the service with the highest risk, users often reserve a single password for that service. Users tend to reuse the same password, or variations of the same password for all low risk services.

This practice reflects that users will bypass or ignore good security practice when faced with frustrating tasks. This represents a serious threat to the security of user authentication, making systems vulnerable to all variants of password cracking attacks.

It is strongly argued that any identity management solution that is not user-centric by definition will have limited usability. In general, since poor usability leads to poor security, User Centric Identity Management systems will improve security by improving the usability and solving the scalability problem from the user perspective. These systems will not only provide adequate usability but will also enhance user privacy by giving the control back to the users to manage their identities.