Visible to the public Biblio

Filters: Keyword is identity  [Clear All Filters]
2023-08-17
Dąbrowski, Marcin, Pacyna, Piotr.  2022.  Blockchain-based identity dicovery between heterogenous identity management systems. 2022 6th International Conference on Cryptography, Security and Privacy (CSP). :131—137.
Identity Management Systems (IdMS) have seemingly evolved in recent years, both in terms of modelling approach and in terms of used technology. The early centralized, later federated and user-centric Identity Management (IdM) was finally replaced by Self-Sovereign Identity (SSI). Solutions based on Distributed Ledger Technology (DLT) appeared, with prominent examples of uPort, Sovrin or ShoCard. In effect, users got more freedom in creation and management of their identities. IdM systems became more distributed, too. However, in the area of interoperability, dynamic and ad-hoc identity management there has been almost no significant progress. Quest for the best IdM system which will be used by all entities and organizations is deemed to fail. The environment of IdM systems is, and in the near future will still be, heterogenous. Therefore a person will have to manage her or his identities in multiple IdM systems. In this article authors argument that future-proof IdM systems should be able to interoperate with each other dynamically, i.e. be able to discover existence of different identities of a person across multiple IdM systems, dynamically build trust relations and be able to translate identity assertions and claims across various IdM domains. Finally, authors introduce identity relationship model and corresponding identity discovery algorithm, propose IdMS-agnostic identity discovery service design and its implementation with use of Ethereum and Smart Contracts.
2021-10-12
Chang, Kai Chih, Nokhbeh Zaeem, Razieh, Barber, K. Suzanne.  2020.  Is Your Phone You? How Privacy Policies of Mobile Apps Allow the Use of Your Personally Identifiable Information 2020 Second IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA). :256–262.
People continue to store their sensitive information in their smart-phone applications. Users seldom read an app's privacy policy to see how their information is being collected, used, and shared. In this paper, using a reference list of over 600 Personally Identifiable Information (PII) attributes, we investigate the privacy policies of 100 popular health and fitness mobile applications in both Android and iOS app markets to find the set of personal information these apps collect, use and share. The reference list of PII was independently built from a longitudinal study at The University of Texas investigating thousands of identity theft and fraud cases where PII attributes and associated value and risks were empirically quantified. This research leverages the reference PII list to identify and analyze the value of personal information collected by the mobile apps and the risk of disclosing this information. We found that the set of PII collected by these mobile apps covers 35% of the entire reference set of PII and, due to dependencies between PII attributes, these mobile apps have a likelihood of indirectly impacting 70% of the reference PII if breached. For a specific app, we discovered the monetary loss could reach \$1M if the set of sensitive data it collects is breached. We finally utilize Bayesian inference to measure risks of a set of PII gathered by apps: the probability that fraudsters can discover, impersonate and cause harm to the user by misusing only the PII the mobile apps collected.
2021-09-30
KOSE, Busra OZDENIZCI, BUK, Onur, MANTAR, Haci Ali, COSKUN, Vedat.  2020.  TrustedID: An Identity Management System Based on OpenID Connect Protocol. 2020 4th International Symposium on Multidisciplinary Studies and Innovative Technologies (ISMSIT). :1–6.
Today, authentication and non-repudiation of actions are essential requirements for almost all mobile services. In this respect, various common identity systems (such as Facebook Login, Google Sign-In, Apple ID and many other) based on OpenID Connect protocol have been introduced that support easier password management for users, and reduce potential risks by securing the service provider and the user. With the widespread use of the Internet, smartphones can offer many services with rich content. The use of common identity systems on mobile devices with a high security level is becoming a more important requirement. At this point, MNOs (Mobile Network Operators) have a significant potential and capability for providing common identity services. The existing solutions based on Mobile Connect standard provide generally low level of assurance. Accordingly, there is an urgent need for a common identity system that provide higher level of assurance and security for service providers. This study presents a multi-factor authentication mechanism called TrustedID system that is based on Mobile Connect and OpenID Connect standards, and ensures higher level of assurance. The proposed system aims to use three identity factors of the user in order to access sensitive mobile services on the smartphone. The proposed authentication system will support improvement of new value-added services and also support the development of mobile ecosystem.
2021-09-16
Choi, Nakhoon, Kim, Heeyoul.  2020.  Hybrid Blockchain-Based Unification ID in Smart Environment. 2020 22nd International Conference on Advanced Communication Technology (ICACT). :166–170.
Recently, with the increase of smart factories, smart cities, and the 4th industrial revolution, internal user authentication is emerging as an important issue. The existing user authentication and Access Control architecture can use the centralized system to forge access history by the service manager, which can cause problems such as evasion of responsibility and internal corruption. In addition, the user must independently manage the ID or physical authentication medium for authentication of each service, it is difficult to manage the subscribed services. This paper proposes a Hybrid blockchain-based integrated ID model to solve the above problems. The user creates authentication information based on the electronic signature of the Ethereum Account, a public blockchain, and provides authentication to a service provider composed of a Hyperledger Fabric, a private blockchain. The service provider ensures the integrity of the information by recording the Access History and authentication information in the Internal-Ledger. Through the proposed architecture, we can integrate the physical pass or application for user authentication and authorization into one Unification ID. Service providers can prevent non-Repudiation of responsibility by recording their authority and access history in ledger.
2020-11-02
Mohsen, Y., Hamdy, M., Shaaban, E..  2019.  Key distribution protocol for Identity Hiding in MANETs. 2019 Ninth International Conference on Intelligent Computing and Information Systems (ICICIS). :245–252.
Mobile Ad-hoc Networks (MANETs) are formed when a group of mobile nodes, communicate through wireless links in the absence of central administration. These features make them more vulnerable to several attacks like identity spoofing which leads to identity disclosure. Providing anonymity and privacy for identity are critical issues, especially when the size of such networks scales up. to avoid the centralization problem for key distribution in MANETs. This paper proposes a key distribution scheme for clustered ad-hoc networks. The network is divided into groups of clusters, and each cluster head is responsible for distributing periodically updated security keys among cluster members, for protecting privacy through encryption. Also, an authentication scheme is proposed to ensure the confidentiality of new members to the cluster. The simulation study proves the effectiveness of the proposed scheme in terms of availability and overhead. It scales well for high dense networks and gives less packet drop rate compared to its centralized counterpart in the presence of malicious nodes.
2020-09-08
Yang, Bowen, Chen, Xiang, Xie, Jinsen, Li, Sugang, Zhang, Yanyong, Yang, Jian.  2019.  Multicast Design for the MobilityFirst Future Internet Architecture. 2019 International Conference on Computing, Networking and Communications (ICNC). :88–93.
With the advent of fifth generation (5G) network and increasingly powerful mobile devices, people can conveniently obtain network resources wherever they are and whenever they want. However, the problem of mobility support in current network has not been adequately solved yet, especially in inter-domain mobile scenario, which leads to poor experience for mobile consumers. MobilityFirst is a clean slate future Internet architecture which adopts a clean separation between identity and network location. It provides new mechanisms to address the challenge of wireless access and mobility at scale. However, MobilityFirst lacks effective ways to deal with multicast service over mobile networks. In this paper, we design an efficient multicast mechanism based on MobilityFirst architecture and present the deployment in current network at scale. Furthermore, we propose a hierarchical multicast packet header with additional destinations to achieve low-cost dynamic multicast routing and provide solutions for both the multicast source and the multicast group members moving in intra- or inter-domain. Finally, we deploy a multicast prototype system to evaluate the performance of the proposed multicast mechanism.
2020-01-21
Rana, Rima, Zaeem, Razieh Nokhbeh, Barber, K. Suzanne.  2019.  An Assessment of Blockchain Identity Solutions: Minimizing Risk and Liability of Authentication. 2019 IEEE/WIC/ACM International Conference on Web Intelligence (WI). :26–33.
Personally Identifiable Information (PII) is often used to perform authentication and acts as a gateway to personal and organizational information. One weak link in the architecture of identity management services is sufficient to cause exposure and risk identity. Recently, we have witnessed a shift in identity management solutions with the growth of blockchain. Blockchain-the decentralized ledger system-provides a unique answer addressing security and privacy with its embedded immutability. In a blockchain-based identity solution, the user is given the control of his/her identity by storing personal information on his/her device and having the choice of identity verification document used later to create blockchain attestations. Yet, the blockchain technology alone is not enough to produce a better identity solution. The user cannot make informed decisions as to which identity verification document to choose if he/she is not presented with tangible guidelines. In the absence of scientifically created practical guidelines, these solutions and the choices they offer may become overwhelming and even defeat the purpose of providing a more secure identity solution.We analyze different PII options given to users for authentication on current blockchain-based solutions. Based on our Identity Ecosystem model, we evaluate these options and their risk and liability of exposure. Powered by real world data of about 6,000 identity theft and fraud stories, our model recommends some authentication choices and discourages others. Our work paves the way for a truly effective identity solution based on blockchain by helping users make informed decisions and motivating blockchain identity solution providers to introduce better options to their users.
2019-12-16
Guija, Daniel, Siddiqui, Muhammad Shuaib.  2018.  Identity and Access Control for Micro-services Based 5G NFV Platforms. Proceedings of the 13th International Conference on Availability, Reliability and Security. :46:1–46:10.
The intrinsic use of SDN/NFV technologies in 5G infrastructures promise to enable the flexibility and programmability of networks to ensure lower cost of network and service provisioning and operation, however it brings new challenges and requirements due to new architectural changes. In terms of security, authentication and authorization functions need to evolve towards the new and emerging 5G virtualization platforms in order to meet the requirements of service providers and infrastructure operators. Over the years, a lot of authentication techniques have been used. Now, a wide range of options arise allowing to extend existing authentication and authorization mechanisms. This paper focuses on proposing and showcasing a 5G platform oriented solution among different approaches to integrate authentication and authorization functionalities, an adapted secure and stateless mechanism, providing identity and permissions management to handle not only users, but also system micro-services, in a network functions virtualization management and orchestration (NFV MANO) system, oriented to deploy virtualized services. The presented solution uses the NFV-based SONATA Service Platform which offers capabilities for a continuous integration and delivery DevOps methodology that allow high levels of programmability and flexibility to manage the entire life cycle of Virtual Network Functions, and enables the perfect scenario to showcase different approaches for authentication and authorization mechanisms for users and micro-services in a 5G platform.
2019-05-20
Chang, Kai Chih, Zaeem, Razieh Nokhbeh, Barber, K. Suzanne.  2018.  Enhancing and Evaluating Identity Privacy and Authentication Strength by Utilizing the Identity Ecosystem. Proceedings of the 2018 Workshop on Privacy in the Electronic Society. :114–120.
This paper presents a novel research model of identity and the use of this model to answer some interesting research questions. Information travels in the cyber world, not only bringing us convenience and prosperity but also jeopardy. Protecting this information has been a commonly discussed issue in recent years. One type of this information is Personally Identifiable Information (PII), often used to perform personal authentication. People often give PIIs to organizations, e.g., when applying for a new job or filling out a new application on a website. While the use of such PII might be necessary for authentication, giving PII increases the risk of its exposure to criminals. We introduce two innovative approaches based on our model of identity to help evaluate and find an optimal set of PIIs that satisfy authentication purposes but minimize risk of exposure. Our model paves the way for more informed selection of PIIs by organizations that collect them as well as by users who offer PIIs to these organizations.
2018-01-16
Ferretti, L., Marchetti, M., Colajanni, M..  2017.  Verifiable Delegated Authorization for User-Centric Architectures and an OAuth2 Implementation. 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC). 2:718–723.

Delegated authorization protocols have become wide-spread to implement Web applications and services, where some popular providers managing people identity information and personal data allow their users to delegate third party Web services to access their data. In this paper, we analyze the risks related to untrusted providers not behaving correctly, and we solve this problem by proposing the first verifiable delegated authorization protocol that allows third party services to verify the correctness of users data returned by the provider. The contribution of the paper is twofold: we show how delegated authorization can be cryptographically enforced through authenticated data structures protocols, we extend the standard OAuth2 protocol by supporting efficient and verifiable delegated authorization including database updates and privileges revocation.

2015-05-06
Friese, I., Heuer, J., Ning Kong.  2014.  Challenges from the Identities of Things: Introduction of the Identities of Things discussion group within Kantara initiative. Internet of Things (WF-IoT), 2014 IEEE World Forum on. :1-4.

The Internet of Things (IoT) becomes reality. But its restrictions become obvious as we try to connect solutions of different vendors and communities. Apart from communication protocols appropriate identity management mechanisms are crucial for a growing IoT. The recently founded Identities of Things Discussion Group within Kantara Initiative will work on open issues and solutions to manage “Identities of Things” as an enabler for a fast-growing ecosystem.

2014-09-17
Feigenbaum, Joan, Jaggard, Aaron D., Wright, Rebecca N..  2014.  Open vs. Closed Systems for Accountability. Proceedings of the 2014 Symposium and Bootcamp on the Science of Security. :4:1–4:11.

The relationship between accountability and identity in online life presents many interesting questions. Here, we first systematically survey the various (directed) relationships among principals, system identities (nyms) used by principals, and actions carried out by principals using those nyms. We also map these relationships to corresponding accountability-related properties from the literature. Because punishment is fundamental to accountability, we then focus on the relationship between punishment and the strength of the connection between principals and nyms. To study this particular relationship, we formulate a utility-theoretic framework that distinguishes between principals and the identities they may use to commit violations. In doing so, we argue that the analogue applicable to our setting of the well known concept of quasilinear utility is insufficiently rich to capture important properties such as reputation. We propose more general utilities with linear transfer that do seem suitable for this model. In our use of this framework, we define notions of "open" and "closed" systems. This distinction captures the degree to which system participants are required to be bound to their system identities as a condition of participating in the system. This allows us to study the relationship between the strength of identity binding and the accountability properties of a system.