Biblio

The growth in Internet usage has increased the use of electronic services requiring users to register their identity on each service they subscribe to. This has resulted in the prevalence of redundant users data on different services. To protect and regulate access by users to these services identity management systems (IdMs)are put in place. IdMs uses frameworks and standards e.g SAML, OAuth and Shibboleth to manage digital identities of users for identification and authentication process for a service provider. However, current IdMs have not been able to address privacy issues (unauthorised and fine-grained access)that relate to protecting users identity and private data on web services. Many implementations of these frameworks are only concerned with the identification and authentication process of users but not authorisation. They mostly give full control of users digital identities and data to identity and service providers with less or no users participation. This results in a less privacy enhanced solutions that manage users available data in the electronic space. This article proposes a user-centred mandate representation system that empowers resource owners to take full of their digital data; determine and delegate access rights using their mobile phone. Thereby giving users autonomous powers on their resources to grant access to authenticated entities at their will. Our solution is based on the OpenID Connect framework for authorisation service. To evaluate the proposal, we've compared it with some related works and the privacy requirements yardstick outlined in GDPR regulation [1] and [2]. Compared to other systems that use OAuth 2.0 or SAML our solution uses an additional layer of security, where data owner assumes full control over the disclosure of their identity data through an assertion issued from their mobile phones to authorisation server (AS), which in turn issues an access token. This would enable data owners to assert the authenticity of a request, while service providers and requestors also benefit from the correctness and freshness of identity data disclosed to them.

Given the centralized architecture of cloud computing, there is a genuine concern about its ability to adequately cope with the demands of connecting devices which are sharply increasing in number and capacity. This has led to the emergence of edge computing technologies, including but not limited to mobile edge-clouds. As a branch of Peer-to-Peer (P2P) networks, mobile edge-clouds inherits disturbing security concerns which have not been adequately addressed in previous methods. P2P security systems have featured many trust-based methods owing to their suitability and cost advantage, but these approaches still lack in a number of ways. They mostly focus on protecting client nodes from malicious service providers, but downplay the security of service provider nodes, thereby creating potential loopholes for bandwidth attack. Similarly, trust bootstrapping is often via default scores, or based on heuristics that does not reflect the identity of a newcomer. This work has patched these inherent loopholes and improved fairness among participating peers. The use cases of mobile edge-clouds have been particularly considered and a scalable reputation based security mechanism was derived to suit them. BitTorrent protocol was modified to form a suitable test bed, using Peersim simulator. The proposed method was compared to some related methods in the literature through detailed simulations. Results show that the new method can foster trust and significantly improve network security, in comparison to previous similar systems.