103 research outputs found
Identity in research infrastructure and scientific communication: Report from the 1st IRISC workshop, Helsinki Sep 12-13, 2011
Motivation for the IRISC workshop came from the observation that identity and digital identification are increasingly important factors in modern scientific research, especially with the now near-ubiquitous use of the Internet as a global medium for dissemination and debate of scientific knowledge and data, and as a platform for scientific collaborations and large-scale e-science activities.

The 1 1/2 day IRISC2011 workshop sought to explore a series of interrelated topics under two main themes: i) unambiguously identifying authors/creators & attributing their scholarly works, and ii) individual identification and access management in the context of identity federations. Specific aims of the workshop included:

• Raising overall awareness of key technical and non-technical challenges, opportunities and developments.
• Facilitating a dialogue, cross-pollination of ideas, collaboration and coordination between diverse – and largely unconnected – communities.
• Identifying & discussing existing/emerging technologies, best practices and requirements for researcher identification.

This report provides background information on key identification-related concepts & projects, describes workshop proceedings and summarizes key workshop findings
Authentication and Identity Management for the EPOS Project
The increase in the number of online services emphasizes the value of authentication and
identity management that we, even without realizing, depend on. In EPOS this authentication
and identity management are also crucial, by dealing and being responsible for large amounts
of heterogeneous data in multiple formats and from various providers, that can be public or
private. Controlling and identify the access to this data is the key. For this purpose, it is
necessary to create a system capable of authenticating, authorizing, and account the usage of
these services. While services in a development phase can have authentication and authorization
modules directly implemented in them, this is not an option for legacy services that cannot be
modified. This thesis regards the issue of providing secure and interoperable authentication
and authorization framework, associated with correct identity management and an accounting
module, stating the difficulties faced and how to be addressed. These issues are approached by
implementing the proposed methods in one of the GNSS Data and Products TCS services, that
will serve as a study case. While authentication mechanisms have improved constantly over
the years, with the addition of multiple authentication factors, there is still not a clear and
defined way of how authentication should be done. New security threats are always showing
up, and authentication systems need to adapt and improve while maintaining a balance between
security and usability. Our goal is, therefore, to propose a system that can provide a good user
experience allied to security, which can be used in the TCS services or other web services facing
similar problems.A importância da autenticação e gestão de identidades, de que dependemos inconscientemente, aumenta com o crescimento do número de serviços online ao nosso dispor. No EPOS,
devido à disponibilização e gestão de dados heterogéneos de várias entidades, que podem ser
públicas ou privadas, a existência de um sistema de autenticação e gestão de identidades é
também crucial, em que o controlo e identificação do acesso a estes dados é a chave. Numa
fase de desenvolvimento dos serviços, estes módulos de autenticação e autorização podem ser
diretamente implementados e é possível existir uma adaptação do software aos mesmos. No
entanto, há serviços já existentes, cujas alterações implicam mudanças de grande escala e
uma reformulação de todo o sistema, e como tal não é exequível fazer alterações diretas aos
mesmos. Esta dissertação aborda o desenvolvimento de um sistema de autenticação e autorização seguro e interoperável, associado a uma correta gestão de identidades e um módulo de
controlo, identificando os problemas encontrados e propondo soluções para os mesmos. Este
desenvolvimento é aplicado num dos serviços do TCS GNSS Data and Products e servirá como
caso de estudo. Embora os mecanismos de autenticação tenham melhorado continuamente ao
longo dos anos, com a adição de vários fatores de autenticação, ainda não existe um método
único e claro de como a autenticação deve ser feita. Novas ameaças estão sempre a surgir e
os sistemas atuais precisam de se adaptar e melhorar, mantendo um equilíbrio entre segurança
e usabilidade. O nosso objetivo é propor um sistema que possa aliar a segurança a uma boa
experiência para o utilizador, e que possa ser utilizado não só nos serviços do TCS, mas também
em outros serviços web que enfrentem problemas semelhantes
Identity management policy and unlinkability: a comparative case study of the US and Germany
This study compares the privacy policies of Germany and the US in the field of identity management. It analyses the emergence of unlinkability within the countries’ electronic citizen identity initiatives. The study used qualitative research methods, including semi-structured interview and document analysis, to analyse the policy-making processes surrounding the issue of unlinkability. The study found that unlinkability is emerging in different ways in each country. Germany’s data protection and privacy regimes are more coherent than the US, and unlinkability was an incremental policy change. US unlinkability policies are a more significant departure from its data protection and policy regimes. New institutionalism is used to help explain the similarities and differences between the two countries’ policies. Scholars have long been calling for the use of privacy-enhancing technologies (PETs) in policy-making, and unlinkability falls into this category. By employing PETs in this way, German and US identity management policies are in the vanguard of their respective privacy regimes. Through these policies, the US comes closer to German and European data protection policies, doing so non-legislatively. The digital citizen identities appearing in both countries must be construed as commercial products inasmuch as official identities. Lack of attendance to the commercial properties of these identities frustrates policy goals. As national governments embark on further identity management initiatives, commercial and design imperatives, such as value to the citizen and usability, must be considered for policy to be successful
Aspects of internet security: identity management and online child protection
This thesis examines four main subjects; consumer federated Internet Identity Management
(IdM), text analysis to detect grooming in Internet chat, a system for using steganographed
emoticons as ‘digital fingerprints’ in instant messaging and a systems analysis of online child
protection.
The Internet was never designed to support an identity framework. The current username /
password model does not scale well and with an ever increasing number of sites and services
users are suffering from password fatigue and using insecure practises such as using the same
password across websites. In addition users are supplying personal information to vast
number of sites and services with little, if any control over how that information is used.
A new identity metasystem promises to bring federated identity, which has found success in
the enterprise to the consumer, placing the user in control and limiting the disclosure of
personal information. This thesis argues though technical feasible no business model exists to
support consumer IdM and without a major change in Internet culture such as a breakdown in
trust and security a new identity metasystem will not be realised.
Is it possible to detect grooming or potential grooming from a statistical examination of
Internet chat messages? Using techniques from speaker verification can grooming
relationships be detected? Can this approach improve on the leading text analysis technique –
Bayesian trigram analysis? Using a novel feature extraction technique and Gaussian Mixture
Models (GMM) to detect potential grooming proved to be unreliable. Even with the benefit
of extensive tuning the author doubts the technique would match or improve upon Bayesian
analysis. Around 80% of child grooming is blatant with the groomer disguising neither their
age nor sexual intent. Experiments conducted with Bayesian trigram analysis suggest this
could be reliably detected, detecting the subtle, devious remaining 20% is considerably
harder and reliable detection is questionable especially in systems using teenagers (the most
at risk group).
Observations of the MSN Messenger service and protocol lead the author to discover a
method by which to leave digitally verifiable files on the computer of anyone who chats with
a child by exploiting the custom emoticon feature. By employing techniques from
steganography these custom emoticons can be made to appear innocuous. Finding and
removing custom emoticons is a non-trivial matter and they cannot be easily spoofed.
Identification is performed by examining the emoticon (file) hashes. If an emoticon is
recovered e.g. in the course of an investigation it can be hashed and the hashed compared
against a database of registered users and used to support non-repudiation and confirm if an
individual has indeed been chatting with a child.
Online child protection has been described as a classic systems problem. It covers a broad
range of complex, and sometimes difficult to research issues including technology, sociology,
psychology and law, and affects directly or indirectly the majority of the UK population. Yet
despite this the problem and the challenges are poorly understood, thanks in no small part to
mawkish attitudes and alarmist media coverage. Here the problem is examined holistically;
how children use technology, what the risks are, and how they can best be protected – based
not on idealism, but on the known behaviours of children. The overall protection message is
often confused and unrealistic, leaving parents and children ill prepared to protect
themselves. Technology does have a place in protecting children, but this is secondary to a
strong and understanding parent/child relationship and education, both of the child and
parent
On the Privacy Practices of Just Plain Sites
In addition to visiting high profile sites such as Facebook and Google, web
users often visit more modest sites, such as those operated by bloggers, or by
local organizations such as schools. Such sites, which we call "Just Plain
Sites" (JPSs) are likely to inadvertently represent greater privacy risks than
high profile sites by virtue of being unable to afford privacy expertise. To
assess the prevalence of the privacy risks to which JPSs may inadvertently be
exposing their visitors, we analyzed a number of easily observed privacy
practices of such sites. We found that many JPSs collect a great deal of
information from their visitors, share a great deal of information about their
visitors with third parties, permit a great deal of tracking of their visitors,
and use deprecated or unsafe security practices. Our goal in this work is not
to scold JPS operators, but to raise awareness of these facts among both JPS
operators and visitors, possibly encouraging the operators of such sites to
take greater care in their implementations, and visitors to take greater care
in how, when, and what they share.Comment: 10 pages, 7 figures, 6 tables, 5 authors, and a partridge in a pear
tre
A survey of secure middleware for the Internet of Things
The rapid growth of small Internet connected devices, known as the Internet of Things (IoT), is creating a new set of challenges to create secure, private infrastructures. This paper reviews the current literature on the challenges and approaches to security and privacy in the Internet of Things, with a strong focus on how these aspects are handled in IoT middleware. We focus on IoT middleware because many systems are built from existing middleware and these inherit the underlying security properties of the middleware framework. The paper is composed of three main sections. Firstly, we propose a matrix of security and privacy threats for IoT. This matrix is used as the basis of a widespread literature review aimed at identifying requirements on IoT platforms and middleware. Secondly, we present a structured literature review of the available middleware and how security is handled in these middleware approaches. We utilise the requirements from the first phase to evaluate. Finally, we draw a set of conclusions and identify further work in this area
Identity management policy and unlinkability: a comparative case study of the US and Germany
This study compares the privacy policies of Germany and the US in the field of identity management. It analyses the emergence of unlinkability within the countries’ electronic citizen identity initiatives. The study used qualitative research methods, including semi-structured interview and document analysis, to analyse the policy-making processes surrounding the issue of unlinkability. The study found that unlinkability is emerging in different ways in each country. Germany’s data protection and privacy regimes are more coherent than the US, and unlinkability was an incremental policy change. US unlinkability policies are a more significant departure from its data protection and policy regimes. New institutionalism is used to help explain the similarities and differences between the two countries’ policies. Scholars have long been calling for the use of privacy-enhancing technologies (PETs) in policy-making, and unlinkability falls into this category. By employing PETs in this way, German and US identity management policies are in the vanguard of their respective privacy regimes. Through these policies, the US comes closer to German and European data protection policies, doing so non-legislatively. The digital citizen identities appearing in both countries must be construed as commercial products inasmuch as official identities. Lack of attendance to the commercial properties of these identities frustrates policy goals. As national governments embark on further identity management initiatives, commercial and design imperatives, such as value to the citizen and usability, must be considered for policy to be successful
- …