Biblio

Digital identity is the key to the evolving digital society and economy. Since the inception of digital identity, numerous Identity Management (IDM) systems have been developed to manage digital identity depending on the requirements of the individual and that of organisations. This evolution of IDM systems has provided an incremental process leading to the granting of control of identity ownership and personal data to its user, thus producing an IDM which is more user-centric with enhanced security and privacy. A recently promising IDM known as Self-Sovereign Identity (SSI) has the potential to provide this sovereignty to the identity owner. The Sovrin Network is an emerging SSI service utility enabling self-sovereign identity for all, therefore, its assessment has to be carefully considered with reference to its architecture, working, functionality, strengths and limitations. This paper presents an analysis of the Sovrin Network based on aforementioned features. Firstly, it presents the architecture and components of the Sovrin Network. Secondly, it illustrates the working of the Sovrin Network and performs a detailed analysis of its various functionalities and metrics. Finally, based on the detailed analysis, it presents the strengths and limitations of the Sovrin Network.

Today, Internet of Things (IoT) devices mostly operate in enclosed, proprietary environments. To unfold the full potential of IoT applications, a unifying and permissionless environment is crucial. All IoT devices, even unknown to each other, would be able to trade services and assets across various domains. In order to realize those applications, uniquely resolvable identities are essential. However, quantifiable trust in identities and their authentication are not trivially provided in such an environment due to the absence of a trusted authority. This research presents a new identity and trust framework for IoT devices, based on Distributed Ledger Technology (DLT). IoT devices assign identities to themselves, which are managed publicly and decentralized on the DLT's network as Self Sovereign Identities (SSI). In addition to the Identity Management System (IdMS), the framework provides a Web of Trust (WoT) approach to enable automatic trust rating of arbitrary identities. For the framework we used the IOTA Tangle to access and store data, achieving high scalability and low computational overhead. To demonstrate the feasibility of our framework, we provide a proof-of-concept implementation and evaluate the set objectives for real world applicability as well as the vulnerability against common threats in IdMSs and WoTs.

Digital identity is the key element of digital transformation in representing any real-world entity in the digital form. To ensure a successful digital future the requirement for an effective digital identity is paramount, especially as demand increases for digital services. Several Identity Management (IDM) systems are developed to cope with identity effectively, nonetheless, existing IDM systems have some limitations corresponding to identity and its management such as sovereignty, storage and access control, security, privacy and safeguarding, all of which require further improvement. Self-Sovereign Identity (SSI) is an emerging IDM system which incorporates several required features to ensure that identity is sovereign, secure, reliable and generic. It is an evolving IDM system, thus it is essential to analyse its various features to determine its effectiveness in coping with the dynamic requirements of identity and its current challenges. This paper proposes numerous governing principles of SSI to analyse any SSI ecosystem and its effectiveness. Later, based on the proposed governing principles of SSI, it performs a comparative analysis of the two most popular SSI ecosystems uPort and Sovrin to present their effectiveness and limitations.

Managing identity across an ever-growing digital services landscape has become one of the most challenging tasks for security experts. Over the years, several Identity Management (IDM) systems were introduced and adopted to tackle with the growing demand of an identity. In this series, a recently emerging IDM system is Self-Sovereign Identity (SSI) which offers greater control and access to users regarding their identity. This distinctive feature of the SSI IDM system represents a major development towards the availability of sovereign identity to users. uPort is an emerging open-source identity management system providing sovereign identity to users, organisations, and other entities. As an emerging identity management system, it requires meticulous analysis of its architecture, working, operational services, efficiency, advantages and limitations. Therefore, this paper contributes towards achieving all of these objectives. Firstly, it presents the architecture and working of the uPort identity management system. Secondly, it develops a Decentralized Application (DApp) to demonstrate and evaluate its operational services and efficiency. Finally, based on the developed DApp and experimental analysis, it presents the advantages and limitations of the uPort identity management system.

Cloud computing is an emerging paradigm shifting the shape of computing models from being a technology to a utility. However, security, privacy and trust are amongst the issues that can subvert the benefits and hence wide deployment of cloud computing. With the introduction of omnipresent mobile-based clients, the ubiquity of the model increases, suggesting a still higher integration in life. Nonetheless, the security issues rise to a higher degree as well. The constrained input methods for credentials and the vulnerable wireless communication links are among factors giving rise to serious security issues. To strengthen the access control of cloud resources, organizations now commonly acquire Identity Management Systems (IdM). This paper presents that the most popular IdM, namely OAuth, working in scope of Mobile Cloud Computing has many weaknesses in authorization architecture. In particular, authors find two major issues in current IdM. First, if the IdM System is compromised through malicious code, it allows a hacker to get authorization of all the protected resources hosted on a cloud. Second, all the communication links among client, cloud and IdM carries complete authorization token, that can allow hacker, through traffic interception at any communication link, an illegitimate access of protected resources. We also suggest a solution to the reported problems, and justify our arguments with experimentation and mathematical modeling.

Single sign-on (SSO) is an identity management technique that provides users the ability to use multiple Web services with one set of credentials. However, when the authentication server is down or unavailable, users cannot access Web services, even if the services are operating normally. Therefore, enabling continuous use is important in single sign on. In this paper, we present security framework to overcome credential problems of accessing multiple web application. We explain system functionality with authorization and Authentication. We consider these methods from the viewpoint of continuity, security and efficiency makes the framework highly secure.

Identity management system has gained significance for any organization today for not only storing details of its employees but securing its sensitive information and safely managing access to its resources. This system being an enterprise based application has time taking deployment process, involving many complex and error prone steps. Also being globally used, its continuous running on servers lead to large carbon emissions. This paper proposes a novel architecture that integrates the Identity management system together with virtual appliance technology to reduce the overall deployment time of the system. It provides an Identity management system as pre-installed, pre-configured and ready to go solution that can be easily deployed even by a common user. The proposed architecture is implemented and the results have shown that there is decrease in deployment time and decrease in number of steps required in previous architecture. The hardware required by the application is also reduced as its deployed on virtual machine monitor platform, which can be installed on already used servers. This contributes to the green computing practices and gives costs benefits for enterprises. Also there is ease of migration of system from one server to another and the enterprises which do not want to depend on third party cloud for security and cost reasons, can easily deploy their identity management system in their own premises.