Tuyển tập báo cáo các nghiên cứu khoa học quốc tế ngành hóa học dành cho các bạn yêu hóa học tham khảo đề tài: Research Article Improving the Security of CardSpace Waleed A. Alrodhan and Chris J. Mitchell | Hindawi Publishing Corporation EURASIP Journal on Information Security Volume 2009 Article ID 167216 8 pages doi 2009 167216 Research Article Improving the Security of Cardspace Waleed A. Alrodhan and Chris J. Mitchell Information Security Group Royal Holloway University of London Egham Surrey TW20 0EX UK Correspondence should be addressed to Waleed A. Alrodhan Received 1 October 2008 Accepted 17 February 2009 Recommended by Claus Vielhauer CardSpace formerly known as InfoCard is a digital identity management system that has recently been adopted by Microsoft. In this paper we identify two security shortcomings in CardSpace that could lead to a serious privacy violation. The first is its reliance on user judgements of the trustworthiness of service providers and the second is its reliance on a single layer of authentication. We also propose a modification designed to address both flaws. The proposed approach is compatible with the currently deployed CardSpace identity metasystem and should enhance the privacy of the system whilst involving only minor changes to the current CardSpace framework. We also provide a security and performance analysis of the proposal. Copyright 2009 W. A. Alrodhan and C. J. Mitchell. This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use distribution and reproduction in any medium provided the original work is properly cited. 1. Introduction The growing use of Internet web applications gives rise to the problem of managing the necessary digital identities and preserving their privacy. In an open large-scale domain such as the Internet preserving user privacy is not a straightforward task. Identity theft which occurs when an impostor uses a legitimate user s identifying information without his her consent is becoming one of the biggest security concerns both for users and for organisations offering services on the Internet. Many solutions to .