Visible to the public Identity Management

SoS Newsletter- Advanced Book Block

Identity Management

The term identity management refers to the management of individual identities, their roles, authentication, authorizations and privileges within or across systems. Examples include passwords, active directories, digital identities, tokens, and workflows. One of the core competencies for cybersecurity, the increasingly complex IT world demands smarter identity management solutions. The research presented here was published in the first half of 2014.

  • Talamo, Maurizio; Barchiesi, Maria Laura; Merella, Daniela; Schunck, Christian H., "Global Convergence In Digital Identity And Attribute Management: Emerging Needs For Standardization," ITU Kaleidoscope Academic Conference: Living in a converged world - Impossible without standards?, Proceedings of the 2014 , vol., no., pp.15,21, 3-5 June 2014. doi: 10.1109 In a converging world, where borders between countries are surpassed in the digital environment, it is necessary to develop systems that effectively replace the recognition "vis-avis" with digital means of recognizing and identifying entities and people. In this work we summarize the current standardization efforts in the area of digital identity management. We identify a number of open challenges that need to be addressed in the near future to ensure the interoperability and usability of digital identity management services in an efficient and privacy maintaining international framework. These challenges for standardization include: the management of identifiers for digital identities at the global level; attribute management including attribute format, structure, and assurance; procedures and protocols to link attributes to digital identities. Attention is drawn to key elements that should be considered in addressing these issues through standardization.
    Keywords: Authentication; Context; Educational institutions; Privacy; Standards ;attribute management; authentication; authorization; digital identification ;identity management; privacy (ID#:14-2131)
  • Josang, A, "Identity Management And Trusted Interaction In Internet And Mobile Computing," Information Security, IET , vol.8, no.2, pp.67,79, March 2014. doi: 10.1049 The convergence of the Internet and mobile computing enables personalised access to online services anywhere and anytime. This potent access capability creates opportunities for new business models which stimulates vigorous investment and rapid innovation. Unfortunately, this innovation also produces new vulnerabilities and threats, and the new business models also create incentives for attacks, because criminals will always follow the money. Unless the new threats are balanced with appropriate countermeasures, growth in the Internet and mobile services will encounter painful setbacks. Security and trust are two fundamental factors for sustainable development of identity management in online markets and communities. The aim of this study is to present an overview of the central aspects of identity management in the Internet and mobile computing with respect to security and trust.
    Keywords: Internet; computer crime; investment; marketing data processing; mobile computing; security of data ;trusted computing; Internet; business models; identity management; investment; mobile computing; mobile services; online markets; online services; potent access capability; security; sustainable development; trusted interaction (ID#:14-2132)
  • Faraji, M.; Joon-Myung Kang; Bannazadeh, H.; Leon-Garcia, A, "Identity Access Management For Multi-Tier Cloud Infrastructures," Network Operations and Management Symposium (NOMS), 2014 IEEE , vol., no., pp.1,9, 5-9 May 2014. doi: 10.1109/NOMS.2014.6838229. This paper presents a novel architecture to manage identity and access (IAM) in a Multi-tier cloud infrastructure, in which most services are supported by massive-scale data centers over the Internet. Multi-tier cloud infrastructure uses tier-based model from Software Engineering to provide resources in different tires. In this paper we focus on design and implementation of a centralized identity and access management system for the multi-tier cloud infrastructure. First, we discuss identity and access management requirements in such an environment and propose our solution to address these requirements. Next, we discuss approaches to improve performance of the IAM system and make it scalable to billions of users. Finally, we present experimental results based on the current deployment in the SAVI Testbed. We show that our IAM system outperforms the previously proposed IAM systems for cloud infrastructure by factor 9 in throughput when the number of users is small, it handle about 50 times more requests in peak usage. Because our architecture is a combination of Green-thread and load balanced process, it uses less systems resources, and easily scales up to address high number of requests.
    Keywords: authorisation; cloud computing ;IAM system; centralized identity access management; green-thread process; load balanced process; multitier cloud infrastructures; Authentication; Authorization; Cloud computing; Computer architecture (ID#:14-2133)
  • Khatri, P., "Using Identity And Trust With Key Management For Achieving Security In Ad Hoc Networks," Advance Computing Conference (IACC), 2014 IEEE International , vol., no., pp.271,275, 21-22 Feb. 2014. doi: 10.1109/IAdCC.2014.6779333 Communication in Mobile Ad hoc network is done over a shared wireless channel with no Central Authority (CA) to monitor. Responsibility of maintaining the integrity and secrecy of data, nodes in the network are held responsible. To attain the goal of trusted communication in MANET (Mobile Ad hoc Network) lot of approaches using key management has been implemented. This work proposes a composite identity and trust based model (CIDT) which depends on public key, physical identity, and trust of a node which helps in secure data transfer over wireless channels. CIDT is a modified DSR routing protocol for achieving security. Trust Factor of a node along with its key pair and identity is used to authenticate a node in the network. Experience based trust factor (TF) of a node is used to decide the authenticity of a node. A valid certificate is generated for authentic node to carry out the communication in the network. Proposed method works well for self certification scheme of a node in the network.
    Keywords: data communication; mobile ad hoc networks; routing protocols; telecommunication security; wireless channels; MANET; ad hoc networks; central authority; data integrity; data secrecy; experience based trust factor; identity model; key management; mobile ad hoc network; modified DSR routing protocol; physical identity; public key; secure data transfer; security; self certification scheme; shared wireless channel; trust factor; trust model; trusted communication; wireless channels; Artificial neural networks; Mobile ad hoc networks; Protocols; Public key; Servers; Certificate; MANET; Public key; Secret key; Trust Model (ID#:14-2134)
  • Pura, Mihai Lica; Buchs, Didier, "A Self-Organized Key Management Scheme For Ad Hoc Networks Based On Identity-Based Cryptography," Communications (COMM), 2014 10th International Conference on , vol., no., pp.1,4, 29-31 May 2014. doi: 10.1109/ICComm.2014.6866683 Ad hoc networks represent a very modern technology for providing communication between devices without the need of any prior infrastructure set up, and thus in an "on the spot" manner. But there is a catch: so far there isn't any security scheme that would suit the ad hoc properties of this type of networks and that would also accomplish the needed security objectives. The most promising proposals are the self-organized schemes. This paper presents a work in progress aiming at developing a new self-organized key management scheme that uses identity based cryptography for making impossible some of the attacks that can be performed over the schemes proposed so far, while preserving their advantages. The paper starts with a survey of the most important self-organized key management schemes and a short analysis of the advantages and disadvantages they have. Then, it presents our new scheme, and by using informal analysis, it presents the advantages it has over the other proposals.
    Keywords: ad hoc networks; identity based cryptography; key management; security; self-organization (ID#:14-2135)
  • Kobayashi, F.; Talburt, J.R., "Decoupling Identity Resolution from the Maintenance of Identity Information," Information Technology: New Generations (ITNG), 2014 11th International Conference on, vol., no., pp.349, 354, 7-9 April 2014. doi: 10.1109/ITNG.2014.88 The EIIM model for ER allows for creation and maintenance of persistent entity identity structures. It accomplishes this through a collection of batch configurations that allow updates and asserted fixes to be made to the Identity knowledgebase (IKB). The model also provides a batch IR configuration that provides no maintenance activity but instead allows access to the identity information. This batch IR configuration is limited in a few ways. It is driven by the same rules used for maintaining the IKB, has no inherent method to identity "close" matches, and can only identify and return the positive matches. Through the decoupling of this configuration and its movements into an interactive role under the umbrella of an Identity Management Service, a more robust access method can be provided for the use of identity information. This more robust access to the information improved the quality of the information along multiple Information Quality dimensions.
    Keywords: information retrieval; knowledge based systems; quality management; EIIM model; ER; IKB; batch IR configuration; decoupling identity resolution; entity identity structures; identity information ;identity knowledge base; identity management service; information quality; robust information access; Context; Erbium; Maintenance engineering; Organizations; Robustness; Synchronization; Entity Resolution; identity Life Cycle Management; Identity Management Service; Information Quality; Interactive Identity Resolution (ID#:14-2136)
  • Ahmad, A; Hassan, M.M.; Aziz, A, "A Multi-token Authorization Strategy for Secure Mobile Cloud Computing," Mobile Cloud Computing, Services, and Engineering (MobileCloud), 2014 2nd IEEE International Conference on , vol., no., pp.136,141, 8-11 April 2014. doi: 10.1109/MobileCloud.2014.21 Cloud computing is an emerging paradigm shifting the shape of computing models from being a technology to a utility. However, security, privacy and trust are amongst the issues that can subvert the benefits and hence wide deployment of cloud computing. With the introduction of omnipresent mobile-based clients, the ubiquity of the model increases, suggesting a still higher integration in life. Nonetheless, the security issues rise to a higher degree as well. The constrained input methods for credentials and the vulnerable wireless communication links are among factors giving rise to serious security issues. To strengthen the access control of cloud resources, organizations now commonly acquire Identity Management Systems (IdM). This paper presents that the most popular IdM, namely OAuth, working in scope of Mobile Cloud Computing has many weaknesses in authorization architecture. In particular, authors find two major issues in current IdM. First, if the IdM System is compromised through malicious code, it allows a hacker to get authorization of all the protected resources hosted on a cloud. Second, all the communication links among client, cloud and IdM carries complete authorization token, that can allow hacker, through traffic interception at any communication link, an illegitimate access of protected resources. We also suggest a solution to the reported problems, and justify our arguments with experimentation and mathematical modeling.
    Keywords: authorization; cloud computing; data privacy; mathematical analysis; mobile computing; radio links; security of data; IdM; OAuth; access control; authorization architecture; cloud resources; computing models; credentials; hacker; identity management systems; malicious code; mathematical modeling; multitoken authorization strategy; omnipresent mobile-based clients; privacy; secure mobile cloud computing; security; traffic interception; trust; vulnerable wireless communication links; Authorization; Cloud computing; Computer hacking; Mobile communication; Organizations; Servers; Cloud Computing Security; Identity Management System; Mobile Cloud Computing; Modified Identity Management System; Secure Mobile Computing (ID#:14-2137)
  • Musgrove, J.; Cukic, B.; Cortellessa, V., "Proactive Model-Based Performance Analysis and Security Tradeoffs in a Complex System," High-Assurance Systems Engineering (HASE), 2014 IEEE 15th International Symposium on , vol., no., pp.211,215, 9-11 Jan. 2014. doi: 10.1109/HASE.2014.37 Application domains in which early performance evaluation is needed are becoming more complex. In addition to traditional measures of complexity due, for example, to the number of components, their interactions, complicated control coordination and schemes, emerging applications may require adaptive response and reconfiguration the impact of externally observable (security) parameters. In this paper we introduce an approach for effective modeling and analysis of performance and security tradeoffs. The approach identifies a suitable allocation of resources that meet performance requirements, while maximizing measurable security effects. We demonstrate this approach through the analysis of performance sensitivity of a Border Inspection Management System (BIMS) with changing security mechanisms (e.g. biometric system parameters for passenger identification). The final result is a model-based approach that allows us to take decisions about BIMS performance and security mechanisms on the basis of rates of traveler arrivals and traveler identification security guarantees. We describe the experience gained when applying this approach to daily flight arrival schedule of a real airport.
    Keywords: resource allocation; security of data; sensitivity analysis; BIMS; border inspection management system; complex system; complicated control coordination; early performance evaluation; externally observable security parameters; measurable security effect maximization; model-based approach; performance sensitivity analysis; proactive model-based performance analysis; resource allocation; security tradeoff mechanisms; traveler arrival rate; traveler identification security guarantees; Airports; Analytical models; Atmospheric modeling; Biological system modeling; Inspection; Magnetic resonance; Security; Border security; Identity management; Performance - security tradeoff; Performance modeling (ID#:14-2138)
  • Ching-Kun Chen; Chun-Liang Lin; Shyan-Lung Lin; Yen-Ming Chiu; Cheng-Tang Chiang, "A Chaotic Theoretical Approach to ECG-Based Identity Recognition [Application Notes]," Computational Intelligence Magazine, IEEE , vol.9, no.1, pp.53,63, Feb. 2014. doi: 10.1109/MCI.2013.2291691 Sophisticated technologies realized from applying the idea of biometric identification are increasingly applied in the entrance security management system, private document protection, and security access control. Common biometric identification involves voice, attitude, keystroke, signature, iris, face, palm or finger prints, etc. Still, there are novel identification technologies based on the individual's biometric features under development .
    Keywords: {biometrics (access control);chaos; electrocardiography; pattern recognition; ECG-based identity recognition; biometric features; biometric identification; chaotic theoretical approach; electrocardiography; entrance security management system; private document protection; security access control; Access control; Biomedical monitoring ;Biometrics; Electrocardiography; Fingerprint recognition; Identity management (ID#:14-2139)
  • Slomovic, A, "Privacy Issues in Identity Verification," Security & Privacy, IEEE , vol.12, no.3, pp.71,73, May-June 2014. doi: 10.1109/MSP.2014.52 Identity verification plays an important role in creating trust in the economic system. It can, and should, be done in a way that doesn't decrease individual privacy. This article explores privacy issues in identity verification for commercial applications. It does not explore questions about when and to what degree identity verification is needed or address broader issues related to national or other wide-scale identity systems.
    Keywords: business data processing; data privacy; commercial applications; economic system; identity verification; national identity systems; privacy issues; trust creation; wide-scale identity systems; Biometrics (access control);Computer security; Data privacy; Identification; Identity management; Knowledge management; Verification; KBA; biometrics; identity credential; identity document fraud; identity document security; identity fraud; identity proofing; identity scoring; identity verification; imposter fraud; knowledge-based authentication; privacy (ID#:14-2140)
  • Adjei, J.K., "Explaining the Role of Trust in Cloud Service Acquisition," Mobile Cloud Computing, Services, and Engineering (MobileCloud), 2014 2nd IEEE International Conference on , vol., no., pp.283,288, 8-11 April 2014. doi: 10.1109/MobileCloud.2014.48 Effective digital identity management system is a critical enabler of cloud computing, since it supports the provision of the required assurances to the transacting parties. Such assurances sometimes require the disclosure of sensitive personal information. Given the prevalence of various forms of identity abuses on the Internet, a re-examination of the factors underlying cloud services acquisition has become critical and imperative. In order to provide better assurances, parties to cloud transactions must have confidence in service providers' ability and integrity in protecting their interest and personal information. Thus a trusted cloud identity ecosystem could promote such user confidence and assurances. Using a qualitative research approach, this paper explains the role of trust in cloud service acquisition by organizations. The paper focuses on the processes of acquisition of cloud services by financial institutions in Ghana. The study forms part of comprehensive study on the monetization of personal Identity information.
    Keywords: cloud computing; data protection; trusted computing; Ghana; Internet; cloud computing; cloud services acquisition; cloud transactions; digital identity management system; financial institutions; identity abuses; interest protection; organizations; personal identity information; sensitive personal information; service provider ability; service provider integrity; transacting parties; trusted cloud identity ecosystem; user assurances; user confidence; Banking; Cloud computing; Context; Law; Organizations; Privacy; cloud computing; information privacy; mediating; trust (ID#:14-2141)
  • Albino Pereira, A; Bosco M.Sobral, J.; Merkle Westphall, C., "Towards Scalability for Federated Identity Systems for Cloud-Based Environments," New Technologies, Mobility and Security (NTMS), 2014 6th International Conference on , vol., no., pp.1,5, March 30 2014-April 2 2014. doi: 10.1109/NTMS.2014.6814055 As multi-tenant authorization and federated identity management systems for cloud computing matures, the provisioning of services using this paradigm allows maximum efficiency on business that requires access control. However, regarding scalability support, mainly horizontal, some characteristics of those approaches based on central authentication protocols are problematic. The objective of this work is to address these issues by providing an adapted sticky-session mechanism for a Shibboleth architecture using CAS. This alternative, compared with the recommended shared memory approach, shown improved efficiency and less overall infrastructure complexity.
    Keywords: authorization; cloud computing; cryptographic protocols; CAS; Shibboleth architecture; central authentication protocols; central authentication service; cloud based environments; cloud computing; federated identity management systems; federated identity system scalability; multitenant authorization; sticky session mechanism; Authentication; Cloud computing; Proposals; Scalability; Servers; Virtual machining (ID#:14-2142)
  • Friese, I; Heuer, J.; Ning Kong, "Challenges from the Identities of Things: Introduction of the Identities of Things discussion group within Kantara initiative," Internet of Things (WF-IoT), 2014 IEEE World Forum on , vol., no., pp.1,4, 6-8 March 2014. doi: 10.1109/WF-IoT.2014.6803106 The Internet of Things (IoT) becomes reality. But its restrictions become obvious as we try to connect solutions of different vendors and communities. Apart from communication protocols appropriate identity management mechanisms are crucial for a growing IoT. The recently founded Identities of Things Discussion Group within Kantara Initiative will work on open issues and solutions to manage "Identities of Things" as an enabler for a fast-growing ecosystem.
    Keywords: Internet of Things; authorisation; data privacy; Identities of Things discussion group; Internet of Things ;IoT; Kantara Initiative; authentication; authorization; communication protocols; data privacy; identity management mechanisms; Authentication; Authorization; Companies; Internet; Object recognition; Protocols; Sensors; Kantara Initiative; authentication; authorization; identifier; identity; name service; privacy (ID#:14-2143)
  • Ben Bouazza, N.; Lemoudden, M.; El Ouahidi, B., "Surveying the Challenges And Requirements For Identity In The Cloud," Security Days (JNS4), Proceedings of the 4th Edition of National , vol., no., pp.1,5, 12-13 May 2014. doi: 10.1109/JNS4.2014.6850127 Cloud technologies are increasingly important for IT department for allowing them to concentrate on strategy as opposed to maintaining data centers; the biggest advantages of the cloud is the ability to share computing resources between multiple providers, especially hybrid clouds, in overcoming infrastructure limitations. User identity federation is considered as the second major risk in the cloud, and since business organizations use multiple cloud service providers, IT department faces a range of constraints. Multiple attempts to solve this problem have been suggested like federated Identity, which has a number of advantages, despite it suffering from challenges that are common in new technologies. The following paper tackles federated identity, its components, advantages, disadvantages, and then proposes a number of useful scenarios to manage identity in hybrid clouds infrastructure.
    Keywords: cloud computing; security of data; business organizations; cloud service providers ;cloud technologies; computing resource sharing; data centers; federated identity management; hybrid clouds; user identity federation; Access control; Authentication; Cloud computing; Computational modeling; Computers; Organizations; Access control; Claim; Cloud; Federated identity; Federation provider; Identity provider; SaaS; Security; Token (ID#:14-2144)
  • Patricia Arias Cabarcos, Florina Almenarez, Felix Gomez Marmol, Andres Marin, "To Federate or Not To Federate: A Reputation-Based Mechanism to Dynamize Cooperation in Identity Management," Wireless Personal Communications: An International Journal, Volume 75 Issue 3, April 2014, Pages 1769-1786. doi>10.1007/s11277-013-1338-y Identity Management systems cannot be centralized anymore. Nowadays, users have multiple accounts, profiles and personal data distributed throughout the web and hosted by different providers. However, the online world is currently divided into identity silos forcing users to deal with repetitive authentication and registration processes and hindering a faster development of large scale e-business. Federation has been proposed as a technology to bridge different trust domains, allowing user identity information to be shared in order to improve usability. But further research is required to shift from the current static model, where manual bilateral agreements must be pre-configured to enable cooperation between unknown parties, to a more dynamic one, where trust relationships are established on demand in a fully automated fashion. This paper presents IdMRep, the first completely decentralized reputation-based mechanism which makes dynamic federation a reality. Initial experiments demonstrate its accuracy as well as an assumable overhead in scenarios with and without malicious nodes.
    Keywords: Cooperative systems, Identity federation, Identity management, Trust and reputation management (ID#:14-2145)
    URL: or
  • Zhiwei Wang, Guozi Sun, Danwei Chen, "A New Definition Of Homomorphic Signature For Identity Management In Mobile Cloud Computing," Journal of Computer and System Sciences, Volume 80 Issue 3, May, 2014, Pages 546-553. doi>10.1016/j.jcss.2013.06.010 In this paper, we define a new homomorphic signature for identity management in mobile cloud computing. A mobile user firstly computes a full signature on all his sensitive personal information (SPI), and stores it in a trusted third party (TTP). During the valid period of his full signature, if the user wants to call a cloud service, he should authenticate him to the cloud service provider (CSP) through TTP. In our scheme, the mobile user only needs to send a {0,1}^n vector to the access controlling server (TTP). The access controlling server who doesn@?t know the secret key can compute a partial signature on a small part of user@?s SPI, and then sends it to the CSP. We give a formal secure definition of this homomorphic signature, and construct a scheme from GHR signature. We prove that our scheme is secure under GHR signature.
    Keywords: GHR signature, Homomorphic signature, Identity management, Mobile cloud computing (ID#:14-2146)
    URL: or
  • Nathaniel J. Fuller / Maxine S. Cohen, "A Contextual Model For Identity Management (IDM) Interfaces," Doctoral Dissertation, Nova Southeastern University (c)2014, ISBN: 978-1-303-76101-0. The usability of Identity Management (IdM) systems is highly dependent upon design that simplifies the processes of identification, authentication, and authorization. Recent findings reveal two critical problems that degrade IdM usability: (1) unfeasible techniques for managing various digital identifiers, and (2) ambiguous security interfaces. The rapid growth of online services consisting of various identifier concepts and indistinct designs overwhelm users and disrupt desired computing activities. These complexities have led to an increase in work operations and additional effort for end users. This work focused on these challenges towards developing a contextual model that enhanced IdM usability. The context of this model provided users with preapproved identification and technical features for managing digital identifiers. A sample population of military and government participants were surveyed to capture their relative computing characteristics and end user requirements for IdM and identifiers. Characteristics, such as Ease of Access Management, Cognitive Overload, Identifier Selection, Confidentiality, and Trust were recorded and measured by means of their frequency of occurrence. A standard deviation was utilized for assessing the volatility of the results. Conclusive results were successfully integrated into an attribute-based architecture so that the contextual model's algorithm, which was the contribution of this work, could be utilized for interpreting requirement attributes for defining end user IdM parameters for business applications. Usability inspection results illustrated that the model's algorithm was able to reduce cognitive overloads and disruptions in workflow by limiting recognition, recall, and convenience values of end users.
    Keywords: (not provided) (ID#:14-2147)
  • V. Neelaya Dhatchayani, V.S. Shankar Sriram, "Trust Aware Identity Management for Cloud Computing," International Journal of Information and Communication Technology, Volume 6 Issue 3/4, July 2014, Pages 369-380. doi>10.1504/IJICT.2014.063220 Today, companies across the world are adopting cloud services for efficient and cost effective resource management. However, cloud computing is still in developing stage where there are lots of research problems yet to be solved. One such area is security which addresses issues like privacy, identity management, and trust management among other things. As of now, there exists no standard identity management system for a cloud environment. The aspect of trusted propagation still needs to be tackled. This research work proposes a trusted security architecture for cloud identity management that can dynamically federate user identities. The trust architecture proposed use Bayesian inference and roulette wheel selection technique to evaluate trust scores. Using the proposed trust model, dynamic trust relationships are formed across multiple cloud service providers and identity providers thereby eliminating fragmentation of user identities. The trust model was implemented and tested in Google App Engine. The performance of the trust measures was analysed.
    Keywords: (not provided) (ID#:14-2148)
    URL: or


Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.