Visible to the public Biblio

Filters: Keyword is identity  [Clear All Filters]
Conference Paper
Rana, Rima, Zaeem, Razieh Nokhbeh, Barber, K. Suzanne.  2019.  An Assessment of Blockchain Identity Solutions: Minimizing Risk and Liability of Authentication. 2019 IEEE/WIC/ACM International Conference on Web Intelligence (WI). :26–33.
Personally Identifiable Information (PII) is often used to perform authentication and acts as a gateway to personal and organizational information. One weak link in the architecture of identity management services is sufficient to cause exposure and risk identity. Recently, we have witnessed a shift in identity management solutions with the growth of blockchain. Blockchain-the decentralized ledger system-provides a unique answer addressing security and privacy with its embedded immutability. In a blockchain-based identity solution, the user is given the control of his/her identity by storing personal information on his/her device and having the choice of identity verification document used later to create blockchain attestations. Yet, the blockchain technology alone is not enough to produce a better identity solution. The user cannot make informed decisions as to which identity verification document to choose if he/she is not presented with tangible guidelines. In the absence of scientifically created practical guidelines, these solutions and the choices they offer may become overwhelming and even defeat the purpose of providing a more secure identity solution.We analyze different PII options given to users for authentication on current blockchain-based solutions. Based on our Identity Ecosystem model, we evaluate these options and their risk and liability of exposure. Powered by real world data of about 6,000 identity theft and fraud stories, our model recommends some authentication choices and discourages others. Our work paves the way for a truly effective identity solution based on blockchain by helping users make informed decisions and motivating blockchain identity solution providers to introduce better options to their users.
Friese, I., Heuer, J., Ning Kong.  2014.  Challenges from the Identities of Things: Introduction of the Identities of Things discussion group within Kantara initiative. Internet of Things (WF-IoT), 2014 IEEE World Forum on. :1-4.

The Internet of Things (IoT) becomes reality. But its restrictions become obvious as we try to connect solutions of different vendors and communities. Apart from communication protocols appropriate identity management mechanisms are crucial for a growing IoT. The recently founded Identities of Things Discussion Group within Kantara Initiative will work on open issues and solutions to manage “Identities of Things” as an enabler for a fast-growing ecosystem.

Chang, Kai Chih, Zaeem, Razieh Nokhbeh, Barber, K. Suzanne.  2018.  Enhancing and Evaluating Identity Privacy and Authentication Strength by Utilizing the Identity Ecosystem. Proceedings of the 2018 Workshop on Privacy in the Electronic Society. :114–120.
This paper presents a novel research model of identity and the use of this model to answer some interesting research questions. Information travels in the cyber world, not only bringing us convenience and prosperity but also jeopardy. Protecting this information has been a commonly discussed issue in recent years. One type of this information is Personally Identifiable Information (PII), often used to perform personal authentication. People often give PIIs to organizations, e.g., when applying for a new job or filling out a new application on a website. While the use of such PII might be necessary for authentication, giving PII increases the risk of its exposure to criminals. We introduce two innovative approaches based on our model of identity to help evaluate and find an optimal set of PIIs that satisfy authentication purposes but minimize risk of exposure. Our model paves the way for more informed selection of PIIs by organizations that collect them as well as by users who offer PIIs to these organizations.
Choi, Nakhoon, Kim, Heeyoul.  2020.  Hybrid Blockchain-Based Unification ID in Smart Environment. 2020 22nd International Conference on Advanced Communication Technology (ICACT). :166–170.
Recently, with the increase of smart factories, smart cities, and the 4th industrial revolution, internal user authentication is emerging as an important issue. The existing user authentication and Access Control architecture can use the centralized system to forge access history by the service manager, which can cause problems such as evasion of responsibility and internal corruption. In addition, the user must independently manage the ID or physical authentication medium for authentication of each service, it is difficult to manage the subscribed services. This paper proposes a Hybrid blockchain-based integrated ID model to solve the above problems. The user creates authentication information based on the electronic signature of the Ethereum Account, a public blockchain, and provides authentication to a service provider composed of a Hyperledger Fabric, a private blockchain. The service provider ensures the integrity of the information by recording the Access History and authentication information in the Internal-Ledger. Through the proposed architecture, we can integrate the physical pass or application for user authentication and authorization into one Unification ID. Service providers can prevent non-Repudiation of responsibility by recording their authority and access history in ledger.
Guija, Daniel, Siddiqui, Muhammad Shuaib.  2018.  Identity and Access Control for Micro-services Based 5G NFV Platforms. Proceedings of the 13th International Conference on Availability, Reliability and Security. :46:1–46:10.
The intrinsic use of SDN/NFV technologies in 5G infrastructures promise to enable the flexibility and programmability of networks to ensure lower cost of network and service provisioning and operation, however it brings new challenges and requirements due to new architectural changes. In terms of security, authentication and authorization functions need to evolve towards the new and emerging 5G virtualization platforms in order to meet the requirements of service providers and infrastructure operators. Over the years, a lot of authentication techniques have been used. Now, a wide range of options arise allowing to extend existing authentication and authorization mechanisms. This paper focuses on proposing and showcasing a 5G platform oriented solution among different approaches to integrate authentication and authorization functionalities, an adapted secure and stateless mechanism, providing identity and permissions management to handle not only users, but also system micro-services, in a network functions virtualization management and orchestration (NFV MANO) system, oriented to deploy virtualized services. The presented solution uses the NFV-based SONATA Service Platform which offers capabilities for a continuous integration and delivery DevOps methodology that allow high levels of programmability and flexibility to manage the entire life cycle of Virtual Network Functions, and enables the perfect scenario to showcase different approaches for authentication and authorization mechanisms for users and micro-services in a 5G platform.
Mohsen, Y., Hamdy, M., Shaaban, E..  2019.  Key distribution protocol for Identity Hiding in MANETs. 2019 Ninth International Conference on Intelligent Computing and Information Systems (ICICIS). :245–252.
Mobile Ad-hoc Networks (MANETs) are formed when a group of mobile nodes, communicate through wireless links in the absence of central administration. These features make them more vulnerable to several attacks like identity spoofing which leads to identity disclosure. Providing anonymity and privacy for identity are critical issues, especially when the size of such networks scales up. to avoid the centralization problem for key distribution in MANETs. This paper proposes a key distribution scheme for clustered ad-hoc networks. The network is divided into groups of clusters, and each cluster head is responsible for distributing periodically updated security keys among cluster members, for protecting privacy through encryption. Also, an authentication scheme is proposed to ensure the confidentiality of new members to the cluster. The simulation study proves the effectiveness of the proposed scheme in terms of availability and overhead. It scales well for high dense networks and gives less packet drop rate compared to its centralized counterpart in the presence of malicious nodes.
Yang, Bowen, Chen, Xiang, Xie, Jinsen, Li, Sugang, Zhang, Yanyong, Yang, Jian.  2019.  Multicast Design for the MobilityFirst Future Internet Architecture. 2019 International Conference on Computing, Networking and Communications (ICNC). :88–93.
With the advent of fifth generation (5G) network and increasingly powerful mobile devices, people can conveniently obtain network resources wherever they are and whenever they want. However, the problem of mobility support in current network has not been adequately solved yet, especially in inter-domain mobile scenario, which leads to poor experience for mobile consumers. MobilityFirst is a clean slate future Internet architecture which adopts a clean separation between identity and network location. It provides new mechanisms to address the challenge of wireless access and mobility at scale. However, MobilityFirst lacks effective ways to deal with multicast service over mobile networks. In this paper, we design an efficient multicast mechanism based on MobilityFirst architecture and present the deployment in current network at scale. Furthermore, we propose a hierarchical multicast packet header with additional destinations to achieve low-cost dynamic multicast routing and provide solutions for both the multicast source and the multicast group members moving in intra- or inter-domain. Finally, we deploy a multicast prototype system to evaluate the performance of the proposed multicast mechanism.
Feigenbaum, Joan, Jaggard, Aaron D., Wright, Rebecca N..  2014.  Open vs. Closed Systems for Accountability. Proceedings of the 2014 Symposium and Bootcamp on the Science of Security. :4:1–4:11.

The relationship between accountability and identity in online life presents many interesting questions. Here, we first systematically survey the various (directed) relationships among principals, system identities (nyms) used by principals, and actions carried out by principals using those nyms. We also map these relationships to corresponding accountability-related properties from the literature. Because punishment is fundamental to accountability, we then focus on the relationship between punishment and the strength of the connection between principals and nyms. To study this particular relationship, we formulate a utility-theoretic framework that distinguishes between principals and the identities they may use to commit violations. In doing so, we argue that the analogue applicable to our setting of the well known concept of quasilinear utility is insufficiently rich to capture important properties such as reputation. We propose more general utilities with linear transfer that do seem suitable for this model. In our use of this framework, we define notions of "open" and "closed" systems. This distinction captures the degree to which system participants are required to be bound to their system identities as a condition of participating in the system. This allows us to study the relationship between the strength of identity binding and the accountability properties of a system.

Ferretti, L., Marchetti, M., Colajanni, M..  2017.  Verifiable Delegated Authorization for User-Centric Architectures and an OAuth2 Implementation. 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC). 2:718–723.

Delegated authorization protocols have become wide-spread to implement Web applications and services, where some popular providers managing people identity information and personal data allow their users to delegate third party Web services to access their data. In this paper, we analyze the risks related to untrusted providers not behaving correctly, and we solve this problem by proposing the first verifiable delegated authorization protocol that allows third party services to verify the correctness of users data returned by the provider. The contribution of the paper is twofold: we show how delegated authorization can be cryptographically enforced through authenticated data structures protocols, we extend the standard OAuth2 protocol by supporting efficient and verifiable delegated authorization including database updates and privileges revocation.