CAFS: A Framework for Context-Aware Federated Services

In this paper we explore two issues: Federated Identity Management and Context-Aware Services. In the last decade or so we have seen these two technologies gaining considerable popularities as they offer a number of benefits to the user and other stakeholders. However, there are a few outstanding security and privacy issues that need to be resolved to harness the full potential of such services. We believe that these problems can be reduced significantly by integrating the federated identity architecture into the context-aware services. With this aim, we have developed a framework for Context-Aware Federated Services based on the Security Assertion Markup Language (SAML) and extensible Access Control Markup Language (XACML) standards. We have illustrated the applicability of our approach by showcasing some use-cases, analysed the security, privacy and trust issues involved in the framework and the advantages it offers

Data Minimisation in Communication Protocols: A Formal Analysis Framework and Application to Identity Management

With the growing amount of personal information exchanged over the Internet, privacy is becoming more and more a concern for users. One of the key principles in protecting privacy is data minimisation. This principle requires that only the minimum amount of information necessary to accomplish a certain goal is collected and processed. "Privacy-enhancing" communication protocols have been proposed to guarantee data minimisation in a wide range of applications. However, currently there is no satisfactory way to assess and compare the privacy they offer in a precise way: existing analyses are either too informal and high-level, or specific for one particular system. In this work, we propose a general formal framework to analyse and compare communication protocols with respect to privacy by data minimisation. Privacy requirements are formalised independent of a particular protocol in terms of the knowledge of (coalitions of) actors in a three-layer model of personal information. These requirements are then verified automatically for particular protocols by computing this knowledge from a description of their communication. We validate our framework in an identity management (IdM) case study. As IdM systems are used more and more to satisfy the increasing need for reliable on-line identification and authentication, privacy is becoming an increasingly critical issue. We use our framework to analyse and compare four identity management systems. Finally, we discuss the completeness and (re)usability of the proposed framework

A formal privacy analysis of identity management systems

With the growing amount of personal information exchanged over the Internet, privacy is becoming more and more a concern for users. In particular, personal information is increasingly being exchanged in Identity Management (IdM) systems to satisfy the increasing need for reliable on-line identification and authentication. One of the key principles in protecting privacy is data minimization. This principle states that only the minimum amount of information necessary to accomplish a certain goal should be collected. Several "privacy-enhancing" IdM systems have been proposed to guarantee data minimization. However, currently there is no satisfactory way to assess and compare the privacy they offer in a precise way: existing analyses are either too informal and high-level, or specific for one particular system. In this work, we propose a general formal method to analyse privacy in systems in which personal information is communicated and apply it to analyse existing IdM systems. We first elicit privacy requirements for IdM systems through a study of existing systems and taxonomies, and show how these requirements can be verified by expressing knowledge of personal information in a three-layer model. Then, we apply the formal method to study four IdM systems, representative of different research streams, analyse the results in a broad context, and suggest improvements. Finally, we discuss the completeness and (re)usability of the proposed method

Corporate Identity and Access Management System Architecture Improvement Proposal

Tato diplomová práce je zaměřena na posouzení stávající podoby systému správy identit ve firmě a navržení nové podoby za účelem zvýšení úrovně stability a informační bezpečnosti ve společnosti, primárně ve vztahu k systémům zpracovávajícím finanční data. V teoretické části jsou vymezeny základní oborové pojmy a popsány složky a princip fungování systému správy identit. V praktické části je provedena analýza současného stavu. Na základě analýzy jsou navrženy organizační i technické změny, včetně návrhu implementace a provedeno ekonomické zhodnocení celého návrhu.The master thesis focuses on assessment of current implementation of identity management system and proposal of a new implementation to increase level of stability and information security in the company, primarily regarding the systems that process financial data. In first part, basic theoretical knowledge related to identity management systems is defined. In second part, an analysis of current system state is performed. Based on this analysis, new organizational and technical solutions are proposed to the company. Finally, an implementation project proposal as well as with risk analysis and economic evaluation is completed in the end of this thesis.

Authentication and Identity Management for the EPOS Project

The increase in the number of online services emphasizes the value of authentication and identity management that we, even without realizing, depend on. In EPOS this authentication and identity management are also crucial, by dealing and being responsible for large amounts of heterogeneous data in multiple formats and from various providers, that can be public or private. Controlling and identify the access to this data is the key. For this purpose, it is necessary to create a system capable of authenticating, authorizing, and account the usage of these services. While services in a development phase can have authentication and authorization modules directly implemented in them, this is not an option for legacy services that cannot be modified. This thesis regards the issue of providing secure and interoperable authentication and authorization framework, associated with correct identity management and an accounting module, stating the difficulties faced and how to be addressed. These issues are approached by implementing the proposed methods in one of the GNSS Data and Products TCS services, that will serve as a study case. While authentication mechanisms have improved constantly over the years, with the addition of multiple authentication factors, there is still not a clear and defined way of how authentication should be done. New security threats are always showing up, and authentication systems need to adapt and improve while maintaining a balance between security and usability. Our goal is, therefore, to propose a system that can provide a good user experience allied to security, which can be used in the TCS services or other web services facing similar problems.A importância da autenticação e gestão de identidades, de que dependemos inconscientemente, aumenta com o crescimento do número de serviços online ao nosso dispor. No EPOS, devido à disponibilização e gestão de dados heterogéneos de várias entidades, que podem ser públicas ou privadas, a existência de um sistema de autenticação e gestão de identidades é também crucial, em que o controlo e identificação do acesso a estes dados é a chave. Numa fase de desenvolvimento dos serviços, estes módulos de autenticação e autorização podem ser diretamente implementados e é possível existir uma adaptação do software aos mesmos. No entanto, há serviços já existentes, cujas alterações implicam mudanças de grande escala e uma reformulação de todo o sistema, e como tal não é exequível fazer alterações diretas aos mesmos. Esta dissertação aborda o desenvolvimento de um sistema de autenticação e autorização seguro e interoperável, associado a uma correta gestão de identidades e um módulo de controlo, identificando os problemas encontrados e propondo soluções para os mesmos. Este desenvolvimento é aplicado num dos serviços do TCS GNSS Data and Products e servirá como caso de estudo. Embora os mecanismos de autenticação tenham melhorado continuamente ao longo dos anos, com a adição de vários fatores de autenticação, ainda não existe um método único e claro de como a autenticação deve ser feita. Novas ameaças estão sempre a surgir e os sistemas atuais precisam de se adaptar e melhorar, mantendo um equilíbrio entre segurança e usabilidade. O nosso objetivo é propor um sistema que possa aliar a segurança a uma boa experiência para o utilizador, e que possa ser utilizado não só nos serviços do TCS, mas também em outros serviços web que enfrentem problemas semelhantes

La gestion de l'identité fédérée et hiérarchique pour le paradigme IaaS

Au fur et à mesure que les nuages informatiques gagnent en popularité, de plus en plus de services tendent à être hébergés sur de telles plateformes. Il est même possible d’héberger une infrastructure informatique complète sur une plateforme de nuages informatiques. Ceci constitue le paradigme IaaS (Infrastructure as a Service). Or, à force d’être utilisées dans différents contextes, des failles dans le modèle d’opération des plateformes de nuages informatiques actuelles commencent à ressortir. L’une d’entre elles concerne le fait qu’ils ne s’intéressent qu’à un seul fournisseur et conséquemment, ne prennent pas en compte l’interopérabilité entre ces fournisseurs de ressources. Cette fonctionnalité peut être spécialement utile pour des petits fournisseurs voulant unir leurs ressources limitées afin de réaliser un objectif commun par exemple. L’interopérabilité interfournisseur permet aussi aux clients de faire affaire avec plusieurs fournisseurs, sans jamais être indéfiniment liés à un seul d’entre eux. Dans l’état actuel des choses, il est généralement très difficile pour un client de migrer ses ressources d’un nuage à un autre. Afin de résoudre ces lacunes, les fournisseurs de nuages informatiques devraient adopter le modèle des nuages informatiques fédérés. Ce modèle leur permettrait de bâtir des nuages complètement distribués, de collaborer et de partager des ressources entre eux de manière transparente. Dans ce mémoire, une architecture de gestion de l’identité et de contrôle d’accès flexible destinée à de tels environnements est décrite. L’approche utilise des technologies de gestion de l’identité fédérée afin de faciliter la création de nuages informatiques fédérées et d’organisations virtuelles dynamiques. Elle s’appuie aussi sur le modèle de contrôle d’accès basé sur les attributs ABAC qui dispose d’une grande flexibilité et fournit un haut degré de flexibilité aux fournisseurs en ce qui concerne leurs actifs. Des fournisseurs membres d’une collaboration sont ainsi en mesure de partager des ressources en fonction des politiques de sécurité établies

Tunable Security for Deployable Data Outsourcing

Security mechanisms like encryption negatively affect other software quality characteristics like efficiency. To cope with such trade-offs, it is preferable to build approaches that allow to tune the trade-offs after the implementation and design phase. This book introduces a methodology that can be used to build such tunable approaches. The book shows how the proposed methodology can be applied in the domains of database outsourcing, identity management, and credential management

User-controlled Identity Management Systems using mobile devices

Thousands of websites providing an array of diversified online services have been the crucial factor for popularising the Internet around the world during last 15 years. The current model of accessing the majority of those services requires users to register with a Service Provider - an administrative body that offers and provides online services. The registration procedure involves users providing a number of pieces of data about themselves which are then stored at the provider. This data provides a digital image of the user and is commonly known as the Identity of the user in that provider. To access different online services, users register at different providers and ultimately end up with a number of scattered identities which become increasingly difficult to manage. It is one of the major problems of the current setting of online services. What is even worse is that users have less control over the data stored in these providers and have no knowledge how their data is treated by providers. The concept of Identity Management has been introduced to help users facilitate the management of their identities in a user-friendly, secure and privacy-friendly way and thus, to tackle the stated problems. There exists a number of Identity Management models and systems, unfortunately, none of them has played a pivotal role in tackling the problems effectively and comprehensively. Simultaneously, we have experienced another trend expanding at a remarkable rate: the consumption and the usage of smart mobile devices. These mobile devices are not only growing in numbers but also in capability and capacity in terms of processing power and memory. Most are equipped with powerful hardware and highly-dynamic mobile operating systems offering touch-sensitive intuitive user-interfaces. In many ways, these mobile devices have become an integrated part of our day-to-day life and accompany us everywhere we go. The capability, portability and ubiquitous presence of such mobile devices lead to the core objective of this research: the investigation of how such mobile devices can be used to overcome the limitations of the current Identity Management Systems as well as to provide innovative online services. In short, this research investigates the need for a novel Identity Management System and the role the current generation of smart mobile devices can play in realising such a system. In this research it has been found that there exist different inconsistent notions of many central topics in Identity Management which are mostly defined in textual forms. To tackle this problem, a comprehensive mathematical model of Identity and Identity Management has been developed. The model has been used to analyse several phenomenons of Identity Management and to characterise different Identity Management models. Next, three popular Identity Management Systems have been compared using a taxonomy of requirements to identify the strength and weakness of each system. One of the major findings is that how different privacy requirements are satisfied in these systems is not standardised and depends on a specific implementation. Many systems even do not satisfy many of those requirements which can drastically affect the privacy of a user. To tackle the identified problems, the concept of a novel Identity Management System, called User-controlled Identity Management System, has been proposed. This system offers better privacy and allows users to exert more control over their data from a central location using a novel type of provider, called Portable Personal Identity Provider, hosted inside a smart mobile device of the user. It has been analysed how the proposed system can tackle the stated problems effectively and how it opens up new doors of opportunities for online services. In addition, it has been investigated how contextual information such as a location can be utilised to provide online services using the proposed provider. One problem in the existing Identity Management Systems is that providers cannot provide any contextual information such as the location of a user. Hosting a provider in a mobile device allows it to access different sensors of the device, retrieve contextual information from them and then to provide such information. A framework has been proposed to harness this capability in order to offer innovative services. Another major issue of the current Identity Management Systems is the lack of an effective mechanism to combine attributes from multiple providers. To overcome this problem, an architecture has been proposed and it has been discussed how this architecture can be utilised to offer innovative services. Furthermore, it has been analysed how the privacy of a user can be improved using the proposed provider while accessing such services. Realising these proposals require that several technical barriers are overcome. For each proposal, these barriers have been identified and addressed appropriately along with the respective proof of concept prototype implementation. These prototypes have been utilised to illustrate the applicability of the proposals using different use-cases. Furthermore, different functional, security and privacy requirements suitable for each proposal have been formulated and it has been analysed how the design choices and implementations have satisfied these requirements. Also, no discussion in Identity Management can be complete without analysing the underlying trust assumptions. Therefore, different trust issues have been explored in greater details throughout the thesis