Your search keyword '"IDENTITY management systems"' showing total 715 results

1. Evaluation Factors for Blockchain Identity Management Systems

Author

Alamri, Bandar, Crowley, Katie, Richardson, Ita, Onwubiko, Cyril, editor, Rosati, Pierangelo, editor, Rege, Aunshul, editor, Erola, Arnau, editor, Bellekens, Xavier, editor, Hindy, Hanan, editor, and Jaatun, Martin Gilje, editor

Published

2024

2. Resilient Risk-Based Adaptive Authentication and Authorization (RAD-AA) Framework

Author

Singh, Jaimandeep, Patel, Chintan, Chaudhary, Naveen Kumar, Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Jiming, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Li, Yong, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Oneto, Luca, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zamboni, Walter, Series Editor, Zhang, Junjie James, Series Editor, Tan, Kay Chen, Series Editor, Patel, Sankita J., editor, Chaudhary, Naveen Kumar, editor, Gohil, Bhavesh N., editor, and Iyengar, S. S., editor

Published

2024

3. A blockchain‐based secure framework for data management.

Author

Zorlu, Ozan and Ozsoy, Adnan

Subjects

*DATA management, *BLOCKCHAINS, *IDENTITY management systems, *DRONE aircraft, *DATABASES, *ACCESS control

Abstract

Data management is a crucial requirement due to the autonomous and constrained nature of Unmanned Aerial Vehicles (UAVs), Internet of Things (IoTs), and the aviation domain. The autonomous and restricted nature of these sectors increases the need for a shared, distributed database, strong access control management, consensus in autonomous decision‐making, and effective communication across diverse protocols and devices. This research presents a comprehensive approach and offers a new viewpoint to the field of blockchain while establishing a fundamental baseline for future improvements in data management systems and addressing the shortcomings of previously proposed existing frameworks in order to fulfill the complex needs of secure data management. This study contributes to the advancement of secure and efficient data management systems by implementing robust data monitoring for error detection, ensuring data integrity, and enabling encrypted or anonymous data sharing based on sensitivity levels. Additionally, the integration of diverse devices, enforcement of immutable regulations compliance, and development of permissioned blockchain systems for identity management further enhance the system's capabilities, offering comprehensive solutions for modern data management challenges. In the tests, the proposed framework showed increased successful transactions in all rate controllers. Besides, effect of the validator number on throughput and latency is tested and analyzed thoroughly. [ABSTRACT FROM AUTHOR]

Published

2024

4. MetaSSI: A Framework for Personal Data Protection, Enhanced Cybersecurity and Privacy in Metaverse Virtual Reality Platforms.

Author

Fiaz, Faisal, Sajjad, Syed Muhammad, Iqbal, Zafar, Yousaf, Muhammad, and Muhammad, Zia

Subjects

DATA protection, SHARED virtual environments, IDENTITY management systems, VIRTUAL reality, DATA privacy, CYBERSPACE, ONLINE identities

Abstract

The Metaverse brings together components of parallel processing computing platforms, the digital development of physical systems, cutting-edge machine learning, and virtual identity to uncover a fully digitalized environment with equal properties to the real world. It possesses more rigorous requirements for connection, including safe access and data privacy, which are necessary with the advent of Metaverse technology. Traditional, centralized, and network-centered solutions fail to provide a resilient identity management solution. There are multifaceted security and privacy issues that hinder the secure adoption of this game-changing technology in contemporary cyberspace. Moreover, there is a need to dedicate efforts towards a secure-by-design Metaverse that protects the confidentiality, integrity, and privacy of the personally identifiable information (PII) of users. In this research paper, we propose a logical substitute for established centralized identity management systems in compliance with the complexity of the Metaverse. This research proposes a sustainable Self-Sovereign Identity (SSI), a fully decentralized identity management system to mitigate PII leaks and corresponding cyber threats on all multiverse platforms. The principle of the proposed framework ensures that the users are the only custodians and proprietors of their own identities. In addition, this article provides a comprehensive approach to the implementation of the SSI principles to increase interoperability and trustworthiness in the Metaverse. Finally, the proposed framework is validated using mathematical modeling and proved to be stringent and resilient against modern-day cyber attacks targeting Metaverse platforms. [ABSTRACT FROM AUTHOR]

Published

2024

5. Decentralized Identity Authentication Mechanism: Integrating FIDO and Blockchain for Enhanced Security.

Author

Ou, Hsia-Hung, Pan, Chien-Hsiu, Tseng, Yang-Ming, and Lin, Iuon-Chang

Subjects

DATA protection, ACCESS control, BLOCKCHAINS, IDENTITY management systems, INFORMATION technology security, PUBLIC key cryptography, MULTI-factor authentication

Abstract

FIDO (Fast Identity Online) is a set of network identity standards established by the FIDO Alliance. It employs a framework based on public key cryptography to facilitate multi-factor authentication (MFA) and biometric login, ensuring the robust protection of personal data associated with cloud accounts and ensuring the security of server-to-terminal device protocols during the login process. The FIDO Alliance has established three standards: FIDO Universal Second Factor (FIDO U2F), FIDO Universal Authentication Framework (FIDO UAF), and the Client to Authenticator Protocols (CTAP). The newer CTAP, also known as FIDO2, integrates passwordless login and two-factor authentication. Importantly, FIDO2's support for major browsers enables users to authenticate their identities via FIDO2 across a broader range of platforms and devices, ushering in the era of passwordless authentication. In the FIDO2 framework, if a user's device is stolen or compromised, then the private key may be compromised, and the public key stored on the FIDO2 server may be tampered with by attackers attempting to impersonate the user for identity authentication, posing a high risk to information security. Recognizing this, this study aims to propose a solution based on the FIDO2 framework, combined with blockchain technology and access control, called the FIDO2 blockchain architecture, to address existing security vulnerabilities in FIDO2. By leveraging the decentralized nature of the blockchain, the study addresses potential single points of failure in FIDO2 server centralized identity management systems, thereby enhancing system security and availability. Furthermore, the immutability of the blockchain ensures the integrity of public keys once securely stored on the chain, effectively reducing the risk of attackers impersonating user identities. Additionally, the study implements an access control mechanism to manage user permissions effectively, ensuring that only authorized users can access corresponding permissions and preventing unauthorized modifications and abuse. In addition to proposing practical solutions and steps, the study explains and addresses security concerns and conducts performance evaluations. Overall, this study brings higher levels of security and trustworthiness to FIDO2, providing a robust identity authentication solution. [ABSTRACT FROM AUTHOR]

Published

2024

6. Meet The Enablers Of A Connected World.

Author

Martin, Dylan and Millward, Wade Tyler

Subjects

SIM cards, COMPUTER vision, IDENTITY management systems, GENERATIVE artificial intelligence, COMPOUND annual growth rate, SYSTEM downtime, COMPUTER passwords

Abstract

This article discusses the growing demand for the Internet of Things (IoT) and the expected increase in spending on IoT projects. It predicts that businesses and organizations worldwide will contribute to a compound annual growth rate of 10.4 percent in IoT spending from 2023 to 2027, with a projected total of over $1 trillion by 2026. The article highlights several areas where IoT is expected to grow, such as electric vehicle charging, loss prevention, agricultural field monitoring, and connected vending and lockers. It emphasizes the importance of solution providers and vendors in supporting and enabling IoT projects, particularly in software, hardware, networking, security, and industrial solutions. The article also addresses the need for cybersecurity and the role of security vendors in protecting IoT systems. Additionally, it provides a list of top networking and connectivity companies, hardware companies, and software companies in the IoT industry. The document aims to provide library patrons with a diverse range of perspectives from companies based in different countries, without adopting any specific judgments. [Extracted from the article]

Published

2024

7. The frontstage-backstage of organizational identity and management control system: the tale of British Petroleum's embarrassment in DWH.

Author

Farhat Ammar, Sameh

Subjects

IDENTITY management systems, CRISIS communication, IDENTITY (Psychology), ORGANIZATIONAL change, EMBARRASSMENT, ORGANIZATIONAL response, SOCIAL impact

Abstract

Purpose: This study aims to investigate the dynamic interplay between the management control system (MCS) and organizational identity (OI) in the Deepwater Horizon incident involving British Petroleum (BP). It examines how the MCS manages challenges, particularly those addressing the embarrassment stemming from identity disparities between external portrayal (frontstage) and internal operations (backstage), with a focus on the often-underestimated influence of the media. Design/methodology/approach: This study builds upon the frameworks developed by Ravasi and Schultz (2006) and Malmi and Brown (2008) to construct a theoretical framework that profoundly investigates the relationship between MCS and OI. The framework developed guided the research design and incorporated a qualitative approach complemented by an illustrative case study. The research data was rigorously gathered from diverse sources, including official BP documents and influential media outlets, with a particular focus on well-established American and British newspapers. Findings: BP's MCS plays a dual role: it exposes discrepancies in safety, leadership and values, causing embarrassment and identity damage, yet catalyses a sense-making process leading to organizational transformation and shifts in the OI. This transformation influences sense-giving and prompts changes in MCS. The study reveals an intricate interplay in identity management between frontstage audiences (e.g. influential media) and backstage actors (e.g. BP's senior management). It highlights interdependencies both within and between MCS and OI, emphasizing their roles in interacting within identity management. The longitudinal recovery is intricately tied to mutual political interests between BP and the USA, which are significantly facilitated by the media's role. Research limitations/implications: This study acknowledges limitations that point future research opportunities. Interviews could provide a more dynamic understanding of MCS changes and organizational transformations. Investigating the role of leadership, particularly the new chief executive office, and the influence of political versus organizational factors in shaping identity claims is essential. Additionally, the effectiveness and historical context of interdependencies should be quantitatively assessed. Theoretical limitations in the OI and MCS frameworks suggest the need for context-specific categorisations. This research serves as a foundation for further exploration of the intricate dynamics between MCS, OI and organizational responses to crises. Practical implications: This study offers valuable insights with practical implications for organizations facing identity challenges in the wake of significant incidents. Organizations can better navigate crises by recognizing the multifaceted role of MCS in identity damage and restoration. It underscores the importance of addressing both frontstage and backstage aspects of OI while managing identity discrepancies, thereby enhancing transparency and credibility. Additionally, understanding the intricate interdependencies within OI and MCS can guide organizations in implementing more effective identity restoration strategies. Furthermore, the study highlights the significance of media influence and the need to engage with it strategically during crisis management. Social implications: This study's findings have significant social implications for organizations and the broader public. By recognizing the multifaceted role of MCS in shaping identity, organizations can enhance transparency and credibility, rebuilding trust with the public. Additionally, the study highlights the critical role of media in influencing perceptions and decision-making during crises, emphasizing the importance of responsible and ethical reporting. Understanding the intricate interplay between MCS and OI can inform better crisis management strategies and improve how organizations respond to and recover from incidents, ultimately benefiting society by promoting more accountable and responsible corporate behaviour. Originality/value: This study's distinctness lies in its innovative exploration of MCS, which transcends traditional methodologies that focus narrowly on front or backstage aspects of OI and often adhere to predetermined MCS practices. It underscores the importance of concurrently addressing both the front- and backstage audiences in managing the embarrassment caused by identity discrepancies and restoration. The research uncovers multifaceted interdependencies within MCS and OI, and these extend beyond simplistic relationships and emphasize the complex nature of identity restoration management. [ABSTRACT FROM AUTHOR]

Published

2024

8. Getting Started with Corda.

Author

Balakrishnan, S.

Subjects

DATABASES, BLOCKCHAINS, IDENTITY management systems, COMPUTER science

Abstract

The article focuses on Corda, a blockchain platform designed for enterprise solutions, emphasizing its user-friendly interface, privacy features, and suitability for businesses integrating blockchain. Topics include installation, project setup, understanding architecture and network models, and developing CorDapps using Java and IntelliJ IDEA.

Published

2024

9. Theorizing Omission: State Strategies for Withholding Official Recognition of Personhood.

Author

Cheong, Amanda R.

Subjects

*IDENTITY management systems, *PERSONALITY (Theory of knowledge), *ETHNOLOGY research, *RECOGNITION (Philosophy)

Abstract

This article theorizes "omission," which I define as the condition of being left out of administrative apparatuses, such as civil registers, censuses, and identity management systems. According to this theory, omission is not necessarily accidental but can constitute a political strategy. When even excluded statuses can be powerful grounds for claiming rights, resources, or membership, state actors can subvert such claims-making potential by depriving unwanted populations of the practical, material capacity to establish their legal personhood through documents and records. To situate omission, I develop a typology of documentary strategies additionally comprising "recognition," "claims-making," and "evasion." Although my theorizing is informed by ethnographic research with unregistered families in Malaysia, scholars can apply this typology to multiperspectival, relational analyses of other empirical cases of documentary politics. Studying omissions has scholarly and ethical imperatives, not least to record the lives of populations denied, at times with existential consequences, the right to recognition. [ABSTRACT FROM AUTHOR]

Published

2023

10. Reflections on the PCC Wikidata Pilot at UCLA Library: Undertaking the PCC Learning Objectives.

Author

Zhang, Erica, Biswas, Paromita, and Dagher, Iman

Subjects

*ACADEMIC libraries, *IDENTITY management systems, *METADATA, *LIBRARY catalogs

Abstract

In 2020, the Program for Cooperative Cataloging (PCC) Task Group on Identity Management in NACO sponsored a 14-month PCC Wikidata Pilot, complete with learning objectives, for participants to experiment with Wikidata, an open linked data platform. UCLA Library joined the Pilot to create and edit Wikidata items related to UCLA Library's collections and UCLA Library entities. With the Pilot's conclusion, the UCLA Library Pilot team reflected on lessons learned. By assessing UCLA Library's experience against the Pilot's learning objectives, the authors hope to contribute on-the-ground insights that may be relevant to PCC's progress toward identity management, and the role Wikidata may play in this transition. [ABSTRACT FROM AUTHOR]

Published

2023

11. Handbuch IT in Bibliotheken. Unter einer CC-BY 3.0 DE-Lizenz im Internet unter https://it-in-bibliotheken.de (mit Datum der letzten Änderung: 17. Mai 2023).

Author

Bauknecht, Cornelius and Erndt, Michael

Subjects

*INTERNET, *IDENTITY management systems

Published

2023

12. Analyzing and comparing the security of self-sovereign identity management systems through threat modeling.

Author

Grüner, Andreas, Mühle, Alexander, Lockenvitz, Niko, and Meinel, Christoph

Subjects

*IDENTITY management systems, *FLOW charts

Abstract

The concept of Self-Sovereign Identity (SSI) promises to strengthen the security and user-centricity of identity management. Since any secure online service relies on secure identity management, we comparatively analyze the intrinsic security of SSI. Thus, we adopt a hybrid threat modeling approach comprising STRIDE, attack trees, and ratings towards this unique context. Data flow diagrams of the isolated, centralized and the SSI model serve as the foundation for the assessment. The evolution of the paradigms shows an increasing complexity in security zones and communication paths between the components. We identified 35 threats to all SSI components and 15 protection measures that reduce the threats' criticality. As a result, our research shows that the SSI paradigm's threat surface is significantly higher compared to the traditional models. Besides the threat assessment on model level, the adapted methodology can evaluate a specific implementation. We analyzed uPort with a restricted scope to its user agent. Thus, 2 out of 10 threats were not properly addressed, leading to potential spoofing, denial, or repudiation of identity actions. [ABSTRACT FROM AUTHOR]

Published

2023

13. USER CENTRIC APPROACH TO IDENTITY MANAGEMENT IN CLOUD COMPUTING ENVIRONMENT: AN EMPIRICALLY TESTED FRAMEWORK.

Author

Kumar, Vikas and Bhardwaj, Aashish

Subjects

IDENTITY management systems, LITERATURE reviews, PRINCIPAL components analysis, TRUST, CLOUD computing, SOFTWARE as a service

Abstract

Most of the commercial identity management models have focused on the perspective of service providers and given a preference to the challenges faced by the service providers. However, with the growing number of concerns, an identity management system with strong focus on the user's concerns is required. A User Centric Approach for Identity Management (UCAId) for Cloud Computing in SaaS Environment has been presented in this paper. The proposed UCAId model considers user at the central position to improve their experience and increase adaptability of the cloud. Comprehensive literature review has been carried out to identify the most important parameters of the User Centric Identity management. Provisioning, privacy, security, scalability and trust have been identified as the five most parameters and further the model presents these parameters built-up on the strength of eight components each, individually. The model has been empirically tested to see its user adoption on a set Indian users with varied demographics. Data has been collected using a structured questionnaire and Principal Component Analysis has been used to analyze this primary data. [ABSTRACT FROM AUTHOR]

Published

2024

14. Necessity of reliable self-sovereign identity management framework for resource constrained IoT devices.

Author

Sarower, Afjal H. and Hassan, Md Maruf

Subjects

*IDENTITY management systems, *INTERNET of things, *DIGITAL technology, *RESOURCE management, *TRUST

Abstract

One of the main aspects of the digital revolution is the interconnectedness of people, processes and devices in which securely managing digital identity is one of the most important prerequisites. Security threats and proven drawbacks of existing identity management systems motivate searching for a new trustworthy solution for managing the identity of individuals and entities. Especially, a massive number of Internet of Things (IoT) devices pose some challenges to the centralized security solution and following the IoT ecosystem, distributed ledger-based decentralized Self-sovereign Identity (SSI) management techniques are seen by many as the future of this genre. Although this mechanism seems promising, there are some limitations and challenges concerning the capability of IoT devices. Low computing power, storage space, inability to perform the cryptographic operation is the main challenge that creates a barrier in the adoption of SSI using Distributed Ledger Technology (DLT). This paper describes the necessity and the required attribute of Self-sovereign Identity. It highlights the unresolved key challenges needed to bring a universal, usable, trustworthy, secure and privacy-preserving digital identity management framework for the Internet of Things. Finally, the conclusion has been made by setting focus on designing a novel SSI Management Framework for IoT devices. [ABSTRACT FROM AUTHOR]

Published

2023

15. Digitale Identitäten als Fundament des Web 3.0.

Author

Puhl, Pirmin, Roloff, Malte, Märkel, Christian, and Lundborg, Martin

Subjects

IDENTITY management systems, PROCESS optimization, DIGITAL technology, TRUST, SELF, CLOUD storage, BIOMETRIC identification

Abstract

Copyright of WIK-Diskussionsbeiträge is the property of WIK Wissenschaftliches Institut fur Infrastruktur und Kommunikationsdienste GmbH and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2023

16. A Distributed and Secure Self-Sovereign-Based Framework for Systems of Systems.

Author

Abou-Tair, Dhiah el Diehn I., Haddad, Raad, Khalifeh, Ala', Alouneh, Sahel, and Obermaisser, Roman

Subjects

*IDENTITY management systems, *BLOCKCHAINS, *SYSTEM of systems, *EMAIL security, *SECURITY systems

Abstract

Security and privacy are among the main challenges in the systems of systems. The distributed ledger technology and self-sovereign identity pave the way to empower systems and users' security and privacy. By utilizing both technologies, this paper proposes a distributed and self-sovereign-based framework for systems of systems to increase the security of such a system and maintain users' privacy. We conducted an extensive security analysis of the proposed framework using a threat model based on the STRIDE framework, highlighting the mitigation provided by the proposed framework compared to the traditional SoS security. The analysis shows the feasibility of the proposed framework, affirming its capability to establish a secure and privacy-preserving identity management system for systems of systems. [ABSTRACT FROM AUTHOR]

Published

2023

17. A Multi-Round Zero Knowledge Proof Algorithm for Secure IoT and Blockchain Environments.

Author

Rani, Deebakkarthi Chinnasame, Janakiraman, Sai Ganesh, Chandra, Kommula Serath, Thangavel, Elambharathi Padmavathi, Kothamasu, Ganga Abhirup, Bhaskaran, Krithika Latha, and Jayabalasamy, Guruprakash

Subjects

IDENTITY management systems, DATA security failures, SUCCESS, BLOCKCHAINS, ALGORITHMS, INTERNET of things, INTERNAL security

Abstract

Presented herein is a novel algorithm for multi-round, zero-knowledge proof (ZKP), devised specifically for authenticating factorisation proofs within a variety of cryptographic applications. This advanced algorithm, while maintaining computational complexity within acceptable bounds, offers a secure and proficient solution. The functionality of the algorithm is marked by multiple rounds of interaction between the Prover and Verifier. Initially, the Prover generates a random value and calculates a commitment. Subsequently, the Verifier issues a random challenge, eliciting a computed response from the Prover. To validate the proof, the Verifier verifies the equality of the commitment and the computed response. Efficaciousness of the proposed multi-round ZKP algorithm is demonstrated across diverse input sizes and parameters. Results indicate a success rate exceeding 90% on average, showcasing the robustness of the method. The recurring interaction between the Verifier and Prover enhances the Prover's authentication, thereby improving the algorithm's reliability. Implementation of the algorithm, achievable through standard cryptographic tools and protocols, can fortify the security of multiple cryptographic applications. A significant application can be found in Digital Identity Management Systems (DIMS). Currently, these systems are vulnerable to a myriad of threats, including identity spoofing, data breaches, and internal security risks. The application of the ZKP algorithm can simultaneously augment security and withhold sensitive information, potentially transforming the DIMS security landscape. Future research may focus on improving the efficiency and scalability of the multi-round ZKP algorithm. There also remains a vast potential for exploring additional applications of this technique within various cryptographic domains. [ABSTRACT FROM AUTHOR]

Published

2023

18. T-FIM: Transparency in Federated Identity Management for Decentralized Trust and Forensics Investigation.

Author

Xu, Bowen, Zhang, Zhijintong, Sun, Aozhuo, Guo, Juanjuan, Wang, Zihan, Li, Bingyu, Dong, Jiankuo, Jia, Shijie, and Song, Li

Subjects

TRUST, FORENSIC sciences, IDENTITY management systems, DIGITAL forensics, PUBLIC key cryptography, SUPERVISED learning

Abstract

Federated Identity Management (FIM) has gained significant adoption as a means to simplify user authentication and service authorization across diverse domains. It serves as a centralized authentication and authorization method, enabling users to access various applications or resources using credentials issued by a universally trusted identity provider (IdP). However, recent security incidents indicate that the reliability of credentials issued by IdP is not absolute in practice. If the IdP fails, it can persistently access any application that trusts it as any user. This poses a significant security threat to the entire system. Furthermore, with the increasing adoption of FIM across diverse scenarios, there is a growing demand for the development of an identity management system that can effectively support digital forensics investigations into malicious user behavior. In this work, we introduce transparency to federated identity management, proposing T-FIM to supervise unconditional trust. T-FIM employs privacy-preserving logs to record all IdP-issued tokens, ensuring that only the true owner can access the exact token. We utilize identity-based encryption (IBE), but not just as a black box, encrypting tokens before they are publicly recorded. In addition, we propose a decentralized private key generator (DPKG) to provide IBE private keys for users, avoiding the introduction of a new centralized trust node. T-FIM also presents a novel approach to digital forensics that enables forensic investigators to collect evidence in a privacy-preserving manner with the cooperation of the DPKG. We conduct a comprehensive analysis of the correctness, security, and privacy aspects of T-FIM. To demonstrate the practical feasibility of T-FIM, we evaluated the additional overhead through experimental evaluations. Additionally, we compared its performance with other similar schemes to provide a comprehensive understanding of its capabilities and advantages. [ABSTRACT FROM AUTHOR]

Published

2023

19. Exploiting Misconfiguration Vulnerabilities in Microsoft's Azure Active Directory for Privilege Escalation Attacks.

Author

Haimed, Ibrahim Bu, Albahar, Marwan, and Alzubaidi, Ali

Subjects

MICROSOFT Azure (Computing platform), IDENTITY management systems, DIRECTORIES, ONLINE identities

Abstract

Cloud services provided by Microsoft are growing rapidly in number and importance. Azure Active Directory (AAD) is becoming more important due to its role in facilitating identity management for cloud-based services. However, several risks and security issues have been associated with cloud systems due to vulnerabilities associated with identity management systems. In particular, misconfigurations could severely impact the security of cloud-based systems. Accordingly, this study identifies and experimentally evaluates exploitable misconfiguration vulnerabilities in Azure AD which can eventually lead to the risk of privilege escalation attacks. The study focuses on two scenarios: dynamic group settings and the activation of the Managed Identity feature on virtual devices. Through experimental evaluation, the research demonstrates the successful execution of these attacks, resulting in unauthorized access to sensitive information. Finally, we suggest several approaches to prevent such attacks by isolating sensitive systems to minimize the possibility of damage resulting from a misconfiguration accident and highlight the need for further studies. [ABSTRACT FROM AUTHOR]

Published

2023

20. Development of a Secure Decentralized Identity Management System using Blockchain Technology.

Author

Khan, Shah Nawaz, Mishra, Saurabh, Nautiyal, Abhishek, and Thakur, Payal

Subjects

IDENTITY management systems, BLOCKCHAINS, DIGITAL technology, SYSTEM failures, ELECTRONIC commerce

Abstract

This research paper presents the development of a secure, decentralized, selfgoverning blockchain technology. This article discusses the benefits of using blockchain for selfregulation and highlights the challenges that arise during development. The system plans to use blockchain technology to securely and distributed store customers' personal information, thus reducing the risk of data breaches and cyber attacks. The article examines the stability and performance of the system through various tests and simulations, demonstrating its stability and robustness. Overall, this research paper provides a comprehensive overview of the development of secure and reliable self-management systems that can be used for various applications in the digital world. In today's world, digital signals are an important part of our lives. From online commerce to social media, we rely on self-awareness processes to access services and communicate with others. But the importance of these systems creates a system of failures, making them vulnerable to cyber attacks and data breaches. To solve these problems, decentralized self-regulation using blockchain technology has emerged as a solution. In this research paper, we present the development of a secure, decentralized, self-governing blockchain technology. [ABSTRACT FROM AUTHOR]

Published

2023

21. MANAGEMENTUL ACCESULUI ŞI AL IDENTITĂŢILOR ÎN INFRASTRUCTURILE IoT.

Author

RĂSTOCEANU, Florin

Subjects

IDENTITY management systems, INTERNET of things, INTERNET, HETEROGENEITY, ARCHITECTS

Abstract

The Internet of Things (IoT) is expanding and taking over more and more aspects of our lives. Connecting the environment and people to the Internet means that security threats in this environment are also transferred to them. Ensuring a sufficiently high level of security in IoT infrastructures is difficult due to the limited resources and heterogeneity of this environment. In this paper I have addressed some of the basic security services like authentication and authorization, in an attempt to identify those features that are essential for deployment in IoT infrastructures. Thus, I have classified authentication methods according to the credentials, highlighting those that are suitable to be used by IoT devices. I have analyzed the existing authorization methods and identified the coverage of some properties that need to be fulfilled for widespread use in IoT environments. Finally, I identified types of identity management systems according to the degree of centralization and the technologies used. Such a comprehensive analysis of existing access and identity management solutions with real-world applicability in IoT environments highlights the advantages and disadvantages of each solution and is a real support for security architects designing IoT networks. [ABSTRACT FROM AUTHOR]

Published

2023

22. Holistic Security In The Age Of Digitalization.

Author

SMITH, WILLIAM and ATKINS, VICOTR

Subjects

RANSOMWARE, DIGITAL technology, INFORMATION technology, IDENTITY management systems, INFRASTRUCTURE (Economics)

Abstract

The article discusses the importance of integrating physical and cybersecurity measures to create a holistic and coordinated approach to security. It highlights the need for organizations to proactively prepare for both physical and cyber threats, as failing to do so can lead to significant disruption. The article also emphasizes the rise in cyber threats, particularly to critical infrastructure, and the need for strong cybersecurity measures to protect against these threats. It provides recommendations for improving cybersecurity, such as incorporating secure remote access, continuous monitoring and detection strategies, and implementing a zero-trust security platform. Overall, the article emphasizes the importance of assessing and maximizing security infrastructure to ensure the safety and reliability of operations. [Extracted from the article]

Published

2024

23. Digital Carbon Accounting for Accelerating Decarbonization: Characteristics of ISEnabled System Architectures.

Author

Körner, Marc-Fabian, Schober, Marcus, Ströher, Tobias, and Strüker, Jens

Subjects

ACCOUNTING, INFORMATION storage & retrieval systems, IDENTITY management systems, DIGITAL technology, SCHOLARS

Abstract

To cope with climate change, an effective reduction of greenhouse gas (GHG) emissions is necessary. An acceleration of decarbonization still lacks an efficient way to precisely account GHG emissions. Recent literature acknowledges the role of Information Systems (IS) research, particularly Green IS, to contribute to decarbonization by enabling digital carbon accounting (CA). In this context, various scholars set out to design system architectures – often focusing on the energy sector due to its large potential for decarbonization. As research and practice lack a comprehensive overview (e.g., to develop standards), our work aims at reducing this identified gap by providing key characteristics of digital CA system architectures that we derive from an extensive, structured literature review and a consecutive deductive and descriptive approach. We argue that a stronger focus on both, user and identity management and interoperable registries, may be beneficial to foster digital CA. [ABSTRACT FROM AUTHOR]

Published

2023

24. Towards an Improved Taxonomy of Attacks Related to Digital Identities and Identity Management Systems.

Author

Pöhn, Daniela and Hommel, Wolfgang

Subjects

IDENTITY management systems, INFORMATION technology, DIGITAL transformation, INTELLIGENCE sharing, COMPUTER networks, TAXONOMY

Abstract

Digital transformation with the adoption of cloud technologies, outsourcing, and working-from-home possibilities permits flexibility for organizations and persons. At the same time, it makes it more difficult to secure the IT infrastructure as the IT team needs to keep track of who is accessing what data from where and when on which device. With these changes, identity management as a key element of security becomes more important. Identity management relates to the technologies and policies for the identification, authentication, and authorization of users (humans and devices) in computer networks. Due to the diversity of identity management (i.e., models, protocols, and implementations), different requirements, problems, and attack vectors need to be taken into account. In order to secure identity management systems with their identities, a systematic approach is required. In this article, we propose the improved framework Taxonomy for Identity Management related to Attacks (TaxIdMA). The purpose of TaxIdMA is to classify existing attacks, attack vectors, and vulnerabilities associated with system identities, identity management systems, and end-user identities. In addition, the background of these attacks can be described in a structured and systematic way. The taxonomy is applied to the Internet of Things and self-sovereign identities. It is enhanced by a description language for threat intelligence sharing. Last but not least, TaxIdMA is evaluated and improved based on expert interviews, statistics, and discussions. This step enables broader applicability and level of detail at the same time. The combination of TaxIdMA, which allows a structured way to outline attacks and is applicable to different scenarios, and a description language for threat intelligence helps to improve the security identity management systems and processes. [ABSTRACT FROM AUTHOR]

Published

2023

25. Ensuring Academic Integrity and Trust in Online Learning Environments: A Longitudinal Study of an AI-Centered Proctoring System in Tertiary Educational Institutions.

Author

Fidas, Christos A., Belk, Marios, Constantinides, Argyris, Portugal, David, Martins, Pedro, Pietron, Anna Maria, Pitsillides, Andreas, and Avouris, Nikolaos

Subjects

INTEGRITY, EDUCATION ethics, ONLINE education, IDENTITY management systems, TRUST, LEARNING Management System

Abstract

The credibility of online examinations in Higher Education is hardened by numerous factors and use-case scenarios. This paper reports on a longitudinal study, that spanned over eighteen months, in which various stakeholders from three European Higher Education Institutions (HEIs) participated, aiming to identify core threat scenarios experienced during online examinations, and to, accordingly, propose threat models, data metrics and countermeasure features that HEI learning management systems can embrace to address the identified threat scenarios. We also report on a feasibility study of an open-source intelligent and continuous student identity management system, namely TRUSTID, which implements the identified data metrics and countermeasures. A user evaluation with HEI students (n = 133) revealed that the TRUSTID system is resilient and effective against impersonation attacks, based on intelligent face and voice identification mechanisms, and scored well in usability and user experience. Aspects concerning the preservation of privacy in storing, retrieving and processing sensitive personal data are also discussed. [ABSTRACT FROM AUTHOR]

Published

2023

26. DIdM-EIoTD: Distributed Identity Management for Edge Internet of Things (IoT) Devices.

Author

Sadique, Kazi Masum, Rahmani, Rahim, and Johannesson, Paul

Subjects

*INTERNET of things, *IDENTITY management systems, *BLOCKCHAINS, *DATA privacy, *SMART devices

Abstract

The Internet of Things (IoT) paradigm aims to enhance human society and living standards with the vast deployment of smart and autonomous devices, which requires seamless collaboration. The number of connected devices increases daily, introducing identity management requirements for edge IoT devices. Due to IoT devices' heterogeneity and resource-constrained configuration, traditional identity management systems are not feasible. As a result, identity management for IoT devices is still an open issue. Distributed Ledger Technology (DLT) and blockchain-based security solutions are becoming popular in different application domains. This paper presents a novel DLT-based distributed identity management architecture for edge IoT devices. The model can be adapted with any IoT solution for secure and trustworthy communication between devices. We have comprehensively reviewed popular consensus mechanisms used in DLT implementations and their connection to IoT research, specifically identity management for Edge IoT devices. Our proposed location-based identity management model is generic, distributed, and decentralized. The proposed model is verified using the Scyther formal verification tool for security performance measurement. SPIN model checker is employed for different state verification of our proposed model. The open-source simulation tool FobSim is used for fog and edge/user layer DTL deployment performance analysis. The results and discussion section represents how our proposed decentralized identity management solution should enhance user data privacy and secure and trustworthy communication in IoT. [ABSTRACT FROM AUTHOR]

Published

2023

27. A framework of blockchain-based secure and privacy-preserving E-government system.

Author

Elisa, Noe, Yang, Longzhi, Chao, Fei, and Cao, Yi

Subjects

*DENIAL of service attacks, *BLOCKCHAINS, *IDENTITY management systems, *INTERNET in public administration, *INFORMATION technology security, *DATA privacy

Abstract

Electronic government (e-government) uses information and communication technologies to deliver public services to individuals and organisations effectively, efficiently and transparently. E-government is one of the most complex systems which needs to be distributed, secured and privacy-preserved, and the failure of these can be very costly both economically and socially. Most of the existing e-government systems such as websites and electronic identity management systems (eIDs) are centralized at duplicated servers and databases. A centralized management and validation system may suffer from a single point of failure and make the system a target to cyber attacks such as malware, denial of service attacks (DoS), and distributed denial of service attacks (DDoS). The blockchain technology enables the implementation of highly secure and privacy-preserving decentralized systems where transactions are not under the control of any third party organizations. Using the blockchain technology, exiting data and new data are stored in a sealed compartment of blocks (i.e., ledger) distributed across the network in a verifiable and immutable way. Information security and privacy are enhanced by the blockchain technology in which data are encrypted and distributed across the entire network. This paper proposes a framework of a decentralized e-government peer-to-peer (p2p) system using the blockchain technology, which can ensure both information security and privacy while simultaneously increasing the trust of the public sectors. In addition, a prototype of the proposed system is presented, with the support of a theoretical and qualitative analysis of the security and privacy implications of such system. [ABSTRACT FROM AUTHOR]

Published

2023

28. Towards a Methodology for Formally Analyzing Federated Identity Management Systems

Author

Ksystra, Katerina, Dimarogkona, Maria, Triantafyllou, Nikolaos, Stefaneas, Petros, Kavassalis, Petros, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, and Margaria, Tiziana, editor

Published

2022

29. ENHANCED ANALYSIS OF BLOCKCHAIN BASED FINANCIAL INSTITUTIONS.

Author

Sairam, A., Sasikumar, D., Kumar, R. Sendhil, and Yuvaraj, B.

Subjects

IDENTITY management systems, FINANCIAL institutions, BLOCKCHAINS, ELECTRONIC funds transfers, DATA warehousing

Abstract

The blockchain technology has provided a revolutionary way of secure data storage and transfer. It is a distributed ledger technology (DLT) that creates a secure and immutable record of transactions. This technology has been used to create secure and reliable systems for financial institutions. The blockchain based security system provides a secure platform for financial institutions. It ensures that the transactions are secure and immutable. This technology has been used to create digital assets that can be securely stored and transferred. It also ensures that the transactions are transparent and secure. The blockchain technology can be used to enable secure transactions between financial institutions. By using the blockchain, financial institutions can create a secure platform for transactions. This will ensure that the transactions are secure and immutable. It also ensures that the transactions are transparent and secure. The blockchain technology can also be used to create a secure system for digital identity management. This will ensure that the digital identities of the users are secure and immutable. It also ensures that the users' identity is protected and secure. The blockchain technology can also be used to create a secure platform for digital payments. This will ensure that the payments are secure and immutable. It also ensures that the payments are transparent and secure. [ABSTRACT FROM AUTHOR]

Published

2023

30. Peer-to-Peer User Identity Verification Time Optimization in IoT Blockchain Network.

Author

Kairaldeen, Ammar Riadh, Abdullah, Nor Fadzilah, Abu-Samah, Asma, and Nordin, Rosdiadee

Subjects

*DATA structures, *IDENTITY management systems, *BLOCKCHAINS, *INTERNET of things, *PEER-to-peer architecture (Computer networks)

Abstract

Blockchain introduces challenges related to the reliability of user identity and identity management systems; this includes detecting unfalsified identities linked to IoT applications. This study focuses on optimizing user identity verification time by employing an efficient encryption algorithm for the user signature in a peer-to-peer decentralized IoT blockchain network. To achieve this, a user signature-based identity management framework is examined by using various encryption techniques and contrasting various hash functions built on top of the Modified Merkle Hash Tree (MMHT) data structure algorithm. The paper presents the execution of varying dataset sizes based on transactions between nodes to test the scalability of the proposed design for secure blockchain communication. The results show that the MMHT data structure algorithm using SHA3 and AES-128 encryption algorithm gives the lowest execution time, offering a minimum of 36% gain in time optimization compared to other algorithms. This work shows that using the AES-128 encryption algorithm with the MMHT algorithm and SHA3 hash function not only identifies malicious codes but also improves user integrity check performance in a blockchain network, while ensuring network scalability. Therefore, this study presents the performance evaluation of a blockchain network considering its distinct types, properties, components, and algorithms' taxonomy. [ABSTRACT FROM AUTHOR]

Published

2023

31. Cybersecurity Risk Management Framework for Blockchain Identity Management Systems in Health IoT.

Author

Alamri, Bandar, Crowley, Katie, and Richardson, Ita

Subjects

*IDENTITY management systems, *BLOCKCHAINS, *INTERNET of things, *INTERNET security, *DATA security

Abstract

Blockchain (BC) has recently paved the way for developing Decentralized Identity Management (IdM) systems for different information systems. Researchers widely use it to develop decentralized IdM systems for the Health Internet of Things (HIoT). HIoT is considered a vulnerable system that produces and processes sensitive data. BC-based IdM systems have the potential to be more secure and privacy-aware than centralized IdM systems. However, many studies have shown potential security risks to using BC. A Systematic Literature Review (SLR) conducted by the authors on BC-based IdM systems in HIoT systems showed a lack of comprehensive security and risk management frameworks for BC-based IdM systems in HIoT. Conducting a further SLR focusing on risk management and supplemented by Grey Literature (GL), in this paper, a security taxonomy, security framework, and cybersecurity risk management framework for the HIoT BC-IdM systems are identified and proposed. The cybersecurity risk management framework will significantly assist developers, researchers, and organizations in developing a secure BC-based IdM to ensure HIoT users' data privacy and security. [ABSTRACT FROM AUTHOR]

Published

2023

32. Precise indoor location system using Ultra-Wideband technology.

Author

GNAŚ, Dominik and ADAMKIEWICZ, Przemysław

Subjects

IDENTITY management systems

Abstract

Copyright of Przegląd Elektrotechniczny is the property of Przeglad Elektrotechniczny and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2023

33. A Bibliometric Study of Scientific Production on Self-Sovereign Identity.

Author

Pava Díaz, Roberto Albeiro, Páez Méndez, Rafael Vicente, and Niño Vásquez, Luis Fernando

Subjects

IDENTITY management systems, BIBLIOMETRICS, COMPUTER science, BIOMETRY, ELECTRONIC records, PROGRAMMING languages, ELECTRONIC journals, BIOMETRIC identification, ELECTRONIC authentication

Abstract

Copyright of Ingeniería (0121-750X) is the property of Ingenieria and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2023

34. CYBERSECURITY: Implementation of Executive Order Requirements Is Essential to Address Key Actions.

Author

Cain, Marisol Cruz

Subjects

INTERNET security laws, EXECUTIVE orders, MANAGEMENT information systems, INTERNET security, CHIEF information officers, IDENTITY management systems

Abstract

The United States Government Accountability Office (GAO) has published a report on the implementation of Executive Order 14028, which aims to enhance federal resilience in protecting IT systems from cyber threats. The report states that three key agencies, including the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, have fully completed 49 out of 55 requirements outlined in the order. These requirements address critical cybersecurity challenges, such as sharing threat information, modernizing government cybersecurity, and enhancing software supply chain security. The report also highlights additional cyber issue areas identified by federal chief information security officers, which the order addresses. The GAO recommends that the Department of Homeland Security and the Office of Management and Budget fully implement the order's requirements. [Extracted from the article]

Published

2024

35. Advanced Authentication Mechanisms for Identity and Access Management in Cloud Computing.

Author

Alsirhani, Amjad, Ezz, Mohamed, and Mostafa, Ayman Mohamed

Subjects

IDENTITY management systems, CLOUD computing, PRIVACY, END-user computing, PRIVATE security services

Abstract

Identity management is based on the creation and management of user identities for granting access to the cloud resources based on the user attributes. The cloud identity and access management (IAM) grants the authorization to the end-users to perform different actions on the specified cloud resources. The authorizations in the IAM are grouped into roles instead of granting them directly to the end-users. Due to the multiplicity of cloud locations where data resides and due to the lack of a centralized user authority for granting or denying cloud user requests, there must be several security strategies and models to overcome these issues. Another major concern in IAM services is the excessive or the lack of access level to different users with previously granted authorizations. This paper proposes a comprehensive review of security services and threats. Based on the presented services and threats, advanced frameworks for IAM that provide authentication mechanisms in public and private cloud platforms. A threat model has been applied to validate the proposed authentication frameworks with different security threats. The proposed models proved high efficiency in protecting cloud platforms from insider attacks, single sign-on failure, brute force attacks, denial of service, user privacy threats, and data privacy threats. [ABSTRACT FROM AUTHOR]

Published

2022

36. Evolving cybersecurity landscape – Comparing the regulatory approaches in the EU, in China and in Singapore — An analysis of legislative approaches to key issues in tackling a global phenomenon.

Author

Zirnstein, Yannick, Lin Lee, Yue, and Ge, Amanda

Subjects

INTERNET security, SAFETY standards, INFORMATION technology industry, LEGAL liability, RIGHT of privacy, IDENTITY management systems

Abstract

The article addresses the key concepts of the Draft Cyber Resilience Act (CRA) and provides a comparative analysis with regard to both existing and prospective cybersecurity regulations in China and Singapore. Topics include powers granted to public authorities in the event of non-compliance with legal requirements; and prevention of cyber risks associated with connected devices and products with digital elements.

Published

2022

37. Towards Improving Privacy and Security of Identity Management Systems Using Blockchain Technology: A Systematic Review.

Author

Alanzi, Haifa and Alkhatib, Mohammad

Subjects

IDENTITY management systems, BLOCKCHAINS, SECURITY management, BIOMETRIC identification, EMAIL security, PRIVACY, BIOMETRY, INFORMATION sharing

Abstract

An identity management system (IDMS) manages and organizes identities and credentials information exchanged between users, identity providers (IDPs), and service providers (SPs) to ensure confidentiality and enhance privacy of users' personal data. Traditional or centralized IDMS rely on a third party to store a user's personal information, authenticate the user, and organize the entire process. This clearly constitutes threats to the privacy of the user, in addition to other issues, such as single point of failure (SPOF), user tracking, and data availability issues. Blockchain technology has many useful features that can contribute to solving traditional IDMS issues, such as decentralization, immutability, and anonymity. Blockchain represents an attractive solution for many issues related to traditional IDMS, including privacy, third-party control, data leakage, and SPOF, supported by Distributed Ledger Technology (DLT) security features and powerful smart contracts technology. The current study presents a systematic literature review and analysis for recently proposed solutions that adopt the traditional centralized approach, as well as solutions based on blockchain technology. The study also aims to provide a deep understanding of proposed IDMS solutions and best practices, and highlight the research gaps and open issues related to IDMSs and users' privacy. In particular, the current research focuses on analyzing the blockchain-based solutions and illustrating their strengths and weaknesses, as well as highlighting the promising blockchain technology framework that can be utilized to enhance privacy and solve security issues in a centralized IDMS. Such a study is an important step towards developing efficient solutions that address the pressing needs in the field. [ABSTRACT FROM AUTHOR]

Published

2022

38. Digital Identity Verification and Management System of Blockchain-Based Verifiable Certificate with the Privacy Protection of Identity and Behavior.

Author

Song, Zhiming, Wang, Guiwen, Yu, Yimin, and Chen, Taowei

Subjects

IDENTITY management systems, BLOCKCHAINS, PRIVACY, VERNACULAR architecture, DIGITAL signatures

Abstract

Due to the advantages in self-sovereignty identity management and scalability of blockchain, digital identity verification and management systems (DIVMS) of blockchain-based verifiable certificates (VC) are getting more and more attention. However, user privacy in the systems' traditional architectures cannot be guaranteed. In this paper, the zero-knowledge succinct noninteractive arguments of knowledge (zkSNARKs) referred to as Groth16 are introduced in order to implement privacy protection of the user's identity and behavior of DIVMS of blockchain-based VC. In the proposed architecture, the malleability attack of Groth16 is considered, and verifications of zero-knowledge proof (ZKP) and the digital signature of an identity provider (IDP) attached to VC and the status management of VC are implemented on the smart contracts of the blockchain to overcome single point failure. Furthermore, a prototype system is designed to verify the proposed architecture's capability in privacy protection and to evaluate its performances in cost and throughput. Finally, the security of the proposed architecture is discussed, and its comparisons are conducted with those existing blockchain-based DIVMSs, especially those systems using Groth16 of zkSNARKs to improve the privacy of user. All results mentioned above have shown that the proposed system is efficient and safe, and it can improve the privacy of DIVMS of the blockchain based VC while avoiding single point failure. [ABSTRACT FROM AUTHOR]

Published

2022

39. Health-zkIDM: A Healthcare Identity System Based on Fabric Blockchain and Zero-Knowledge Proof.

Author

Bai, Tianyu, Hu, Yangsheng, He, Jianfeng, Fan, Hongbo, and An, Zhenzhou

Subjects

*IDENTITY management systems, *BLOCKCHAINS, *HEALTH care industry, *ONLINE identities

Abstract

The issue of identity authentication for online medical services has been one of the key focuses of the healthcare industry in recent years. Most healthcare organizations use centralized identity management systems (IDMs), which not only limit the interoperability of patient identities between institutions of healthcare, but also create isolation between data islands. The more important matter is that centralized IDMs may lead to privacy disclosure. Therefore, we propose Health-zkIDM, a decentralized identity authentication system based on zero-knowledge proof and blockchain technology, which allows patients to identify and verify their identities transparently and safely in different health fields and promotes the interaction between IDM providers and patients. The users in Health-zkIDM are uniquely identified by one ID registered. The zero-knowledge proof technology is deployed on the client, which provides the user with a proof of identity information and automatically verifies the user's identity after registration. We implemented chaincodes on the Fabric, including the upload of proof of identity information, identification, and verification functions. The experiences show that the performance of the Health-zkIDM system can achieve throughputs higher than 400 TPS in Caliper. [ABSTRACT FROM AUTHOR]

Published

2022

40. Detection Method for Randomly Generated User IDs: Lift the Curse of Dimensionality

Author

Inwoo Ro, Boojoong Kang, Choonghyun Seo, and Eul Gyu Im

Subjects

Authentication, computer crime, identity management systems, web sites, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Internet services are essential to our daily life in these days, and user accounts are usually required for downloading or browsing for multimedia contents from service providers such as Yahoo, Google, YouTube and so on. Attackers who perform malicious actions against these services use fake user accounts to hide their identity, or use them to continue malicious actions even after being caught by the service’s detection system. Using a random string generation algorithm for user identification (ID) string is one of the common method to create and obtain a large number of fake user accounts. To detect IDs and to defend against such attacks, some researchers have proposed the models that detect randomly generated IDs. Among these detection models, the ${n}$ -gram-based using term frequency-inverse document frequency model is regarded as a state-of-the-art model to detect randomly generated IDs, but ${n}$ -gram-based approaches have the problem of the curse of dimensionality because the sparsity of feature vector increases exponentially with the increase of size ${n}$ . As a result, the improvement of the detection accuracy is limited since size ${n}$ cannot be increased. This paper proposes two methods to detect randomly generated IDs more accurately. The first is to avoid the curse of dimensionality with the compression of feature dimension size. The second is a technique to reduce false positives by using pattern matching and Bhattacharyya distance. We tested our method with about 3 million normal user IDs collected from the real portal service, 1 million IDs generated by a random string generation algorithm, and 8,541 IDs found after being used for malicious behavior in real portal services. The experimental results showed that the proposed method can improve detection accuracy as well as inference performance.

Published

2022

41. Decentralization Using Quantum Blockchain: A Theoretical Analysis

Author

Zebo Yang, Tara Salman, Raj Jain, and Roberto Di Pietro

Subjects

Blockchains, consensus protocol, decentralized applications, identity management systems, quantum computing, quantum networks, Atomic physics. Constitution and properties of matter, QC170-197, Materials of engineering and construction. Mechanics of materials, TA401-492

Abstract

Blockchain technology has been prominent recently due to its applications in cryptocurrency. Numerous decentralized blockchain applications have been possible due to blockchains’ nature of distributed, secured, and peer-to-peer storage. One of its technical pillars is using public-key cryptography and hash functions, which promise a secure, pseudoanonymous, and distributed storage with nonrepudiation. This security is believed to be difficult to break with classical computational powers. However, recent advances in quantum computing have raised the possibility of breaking these algorithms with quantum computers, thus, threatening the blockchains’ security. Quantum-resistant blockchains are being proposed as alternatives to resolve this issue. Some propose to replace traditional cryptography with postquantum cryptography—others base their approaches on quantum computer networks or quantum internets. Nonetheless, a new security infrastructure (e.g., access control/authentication) must be established before any of these could happen. This article provides a theoretical analysis of the quantum blockchain technologies that could be used for decentralized identity authentication. We put together a conceptual design for a quantum blockchain identity framework and give a review of the technical evidence. We investigate its essential components and feasibility, effectiveness, and limitations. Even though it currently has various limitations and challenges, we believe a decentralized perspective of quantum applications is noteworthy and likely.

Published

2022

42. Self-Sovereignty Identity Management Model for Smart Healthcare System.

Author

Bai, Pinky, Kumar, Sushil, Aggarwal, Geetika, Mahmud, Mufti, Kaiwartya, Omprakash, and Lloret, Jaime

Subjects

*IDENTITY management systems, *DENIAL of service attacks, *DAM failures, *INTERNET of things, *QUALITY of service, *MEDICAL care

Abstract

An identity management system is essential in any organisation to provide quality services to each authenticated user. The smart healthcare system should use reliable identity management to ensure timely service to authorised users. Traditional healthcare uses a paper-based identity system which is converted into centralised identity management in a smart healthcare system. Centralised identity management has security issues such as denial of service attacks, single-point failure, information breaches of patients, and many privacy issues. Decentralisedidentity management can be a robust solution to these security and privacy issues. We proposed a Self-Sovereign identity management system for the smart healthcare system (SSI-SHS), which manages the identity of each stakeholder, including medical devices or sensors, in a decentralisedmanner in the Internet of Medical Things (IoMT) Environment. The proposed system gives the user complete control of their data at each point. Further, we analysed the proposed identity management system against Allen and Cameron's identity management guidelines. We also present the performance analysis of SSI as compared to the state-of-the-art techniques. [ABSTRACT FROM AUTHOR]

Published

2022

43. NEW PRODUCTS.

Subjects

*NEW product development, *SMART devices, *IDENTITY management systems, *INDUSTRIAL hygiene, *BULK solids, *POWDER coating

Abstract

The document titled "NEW PRODUCTS" provides information on various new products related to occupational health and safety. These products include safety helmet canopy hoods, smart communication eye protection, climbing helmets, air flow calibrators, chemical management systems, augmented reality tools, vacuum conveyors, fire extinguisher adapters, athletic work boots, wireless access control solutions, risk assessment software, angle lights, and generative AI safety assistants. Each product is described briefly, highlighting its features and benefits. More information on each product can be found through the provided URLs. [Extracted from the article]

Published

2024

44. Self-Sovereign Identity Systems : Evaluation Framework

Author

Satybaldy, Abylay, Nowostawski, Mariusz, Ellingsen, Jørgen, Rannenberg, Kai, Editor-in-Chief, Soares Barbosa, Luís, Editorial Board Member, Goedicke, Michael, Editorial Board Member, Tatnall, Arthur, Editorial Board Member, Neuhold, Erich J., Editorial Board Member, Stiller, Burkhard, Editorial Board Member, Tröltzsch, Fredi, Editorial Board Member, Pries-Heje, Jan, Editorial Board Member, Kreps, David, Editorial Board Member, Reis, Ricardo, Editorial Board Member, Furnell, Steven, Editorial Board Member, Mercier-Laurent, Eunika, Editorial Board Member, Winckler, Marco, Editorial Board Member, Malaka, Rainer, Editorial Board Member, Friedewald, Michael, editor, Önen, Melek, editor, Lievens, Eva, editor, Krenn, Stephan, editor, and Fricker, Samuel, editor

Published

2020

45. Improving the security of real world identity management systems

Author

Li, Wanpeng

Subjects

005.8, identity management, OAuth 2.0, OpenID Connect, Authentication, Identity Management Systems, Authorization

Abstract

Although identity management systems (notably OAuth 2.0 and OpenID Connect) have been widely adopted by a range of Relying Parties and Identity Providers, it is not yet clear whether practical implementations of these systems are actually secure. In this thesis we investigate this question. In doing so we describe two large-scale empirical studies of the security of real-world identity management systems; the purposes of these studies include identifying areas for improvement in the design and implementation of the systems, as well as addressing issues acting as barriers to adoption. As part of the underlying goal of improving operational security, a new scheme is also proposed to enhance user security for OpenID Connect. In the first of the two studies we examined 60 Relying Parties (RPs) and ten Identity Providers (IdPs) supporting OAuth 2.0 based identity management services in China. In the second study we considered 103 RPs supporting OpenID Connect-based identity management using Google as the IdP. In both cases we recorded and carefully analysed the browser-relayed messages sent between the RP and IdP, identifying a number of major security vulnerabilities, some with very serious potential consequences for end user security. We further designed and implemented proof-of-concept attacks to demonstrate the seriousness of the vulnerabilities we identified. We also reported the vulnerabilities to the most seriously affected parties, helped them to fix the problem, as well as providing detailed recommendations for both IdPs and RPs, designed to reduce the risk of such vulnerabilities occurring in the future. To improve user security when using OpenID Connect, a novel client-based scheme is proposed, designed to mitigate phishing attacks and to provide a consistent user interface. A prototype of the scheme is described, which allows for greater user control during the authentication process.

Published

2017

46. Design Considerations for Protection of Blockchain based Digital Identity Ecosystem.

Author

Pillai, Akshay, Ramachandran, Arunkumar Vasanthakumary, and Saraswat, Vishal

Subjects

DESIGN protection, IDENTITY management systems, BLOCKCHAINS, COST effectiveness, SECURITY systems

Abstract

Digital identity provides mechanisms for personally identifying information (PII) to be asserted and verified in digital services and transactions. Self-sovereign identities (SSI) are digital identities that allow users to self-manage their digital identities and have full control over it without depending on third-party providers to store and centrally manage the data. To utilize the full potential of digital identity to enable personalized services and efficient transactions, blockchain technology is being proposed to manage digital identity in a decentralized manner as the means to achieve the holy grail. While it certainly has promise, the growing number of threats on the blockchain ecosystem and traditional identity management system call for a systematic approach towards securing the identity management on based on blockchain. In this work, we study the existing attacks and vulnerabilities and present possible hypothetical attack scenarios which may get executed in future by these vulnerabilities. We have analyzed the attacks scenarios with comparison of attack cost and benefits of the attacker and comparison of mitigation cost and damage cost of each attack. We focus on the different attacks and usecases on the blockchain based digital identity systems which would help developers to secure their designs. We describe each attack with its mechanism, usecase(s), benefits and requirements of the attacker for successful attack with the possible damage scenarios and consequences, comparison of attack cost and benefits, comparison of mitigation cost and damage cost, possible mitigation and some security measures for each attack. [ABSTRACT FROM AUTHOR]

Published

2022

47. Device life cycle management requirements for identity and access management in the factory of future environment.

Author

Partanen, Jari, Kylänpää, Markku, Loukusa, Sanna, Korkiakoski, Markku, and Salonen, Jarno

Subjects

FACTORY management, IDENTITY management systems, INTERNET protocols, INDUSTRIAL robots

Abstract

Future factories will contain a huge number of interconnected systems and various Internet of Things (IoT) devices. Due to the increased complexity, the identity and access management of these systems during their entire device life cycle is a challenging task. At the same time, there is a shift from legacy automation protocols to the use of Internet protocols. This development is increasing connectivity that will also expose more subsystems to new kinds of attacks. This article presents the typical device life cycle requirements for identity and access management in future industrial automation context also known as the factory of the future (FoF). We have considered two architecture candidates, namely the cloud and web-based architectures. The requirements for a device life cycle management system called PROSE are given as an example use case. The article describes our research by presenting a practical example of the requirements that have been used to build a device life cycle management system. [ABSTRACT FROM AUTHOR]

Published

2022

48. A Scalable Block Chain Framework for User Identity Management in a Decentralized Network.

Author

Geetha, R., Padmavathy, T., and Umarani Srikanth, G.

Subjects

IDENTITY management systems, DATA structures, BLOCKCHAINS, SELF, STORE location, DISTRIBUTED algorithms, 3G networks

Abstract

In a decentralized network every user makes use of personal identity details at different places for various services and these details are shared with third-parties without their consent and stored at an unknown location. Organizations like government, banks and social platforms are considered to be the weakest area in the current identity management system as they are vulnerable which in turn leads to compromising billions of user identity data. Block chain based User Identity Management is a solution which provides a decentralized environment that manages the user identity data and their related Know-Your-Customer documents in a distributed ledger. All the transactions of the network are stored in the block, which is a type of a data structure and these blocks are validated using the powerful consensus algorithms and linked to form a block chain. Smart contracts will act as an interface between the client and the block chain network. User's information cannot be provided to any third party vendors without the explicit consent of the user. This paper proposes a framework for User Identity Management using Block chain technology in a decentralized network. The proposed framework ensures a high level privacy and security for the personal identity details and the documents. In addition to that the performance analysis of the framework is presented in terms of Transaction immutability, Mining Resource, Memory utilization and Difficulty Variation. The results of the analysis proves that the proposed framework performs better in terms of all these factors. [ABSTRACT FROM AUTHOR]

Published

2022

49. "He Lied to the People, Saying 'I Am Nebuchadnezzar'": Issues in Authority Control for Rebels, Usurpers, Eccentric Nobility, and Dissenting Royalty.

Author

McKee, Gabriel

Subjects

*NAME authority records (Information retrieval), *ORGANIZATIONAL legitimacy, *ACHAEMENIAN inscriptions, *IDENTITY management systems

Abstract

Current cataloging guidelines for creating name authority records (NARs) for royalty and nobility assume that an individual's claim to a royal title is clear and unambiguous. In the case of historical rebels, usurpers, and eccentrics who claim royal titles for themselves, however, the guidelines are not so clear. When we attempt to describe people and places from a disputed past, we actively enter into their struggles for power, but descriptive cataloging standards such as Resource Description and Access (RDA) do not address the question of the legitimacy of a claimed title. Fortunately, recent scholarship on self-determination in NARs for living creators and subject terminology for contested political jurisdictions can help to develop more ethical practices for historical names of ambiguous legitimacy. This paper uses Nidintu-Bēl/Nebuchadnezzar III, a rebel against the Achaemenid emperor Darius I named in the Behistun inscription (6th century BCE), as a case study to establish best practices for the identity management of historical representatives of dissenting royalty. [ABSTRACT FROM AUTHOR]

Published

2022

50. Enhanced Multilevel Fuzzy Inference System for Risk Adaptive Hybrid RFID Access Control System.

Author

Suleiman, Dima, Al-Zewairi, Malek, and Shaout, Adnan

Subjects

FUZZY logic, FUZZY systems, ACCESS control, IDENTITY management systems, BEHAVIORAL assessment

Abstract

Risk-based access control systems are part of identity management systems used to accommodate environments with needs for dynamic access control decisions. The risk value is subjected to overestimation or underestimation since it is measured qualitatively, thus; causing uncertainty problems, which was apparent in a previously proposed hybrid risk adaptive (HRA) access control system. Conversely, Fuzzy Inference Systems can deal with the uncertainty of measures and control the outcomes more precisely; therefore, a multilevel fuzzy inference system (HRA-MFIS) was proposed to replace the risk assessment model in HRA. This paper continues to improve the previous model by introducing an enhanced multilevel fuzzy inference system (EHRA-MFIS), which utilizes user behaviour and time analysis to detect anomalous access behaviour. Moreover, it improves the hybrid adaptive risk calculation module by adding authentication, classification and the degree of user anomalous behaviour to the risk calculation algorithm. The results show that the proposed model has smoothed out the transition between the different risk levels and enhanced the system's overall security by considering the failed authorization attempts and failed authentication attempts, asset classification, and user behaviour when calculating the risk level. [ABSTRACT FROM AUTHOR]

Published

2022