4,159 research outputs found
A Decentralised Digital Identity Architecture
Current architectures to validate, certify, and manage identity are based on
centralised, top-down approaches that rely on trusted authorities and
third-party operators. We approach the problem of digital identity starting
from a human rights perspective, with a primary focus on identity systems in
the developed world. We assert that individual persons must be allowed to
manage their personal information in a multitude of different ways in different
contexts and that to do so, each individual must be able to create multiple
unrelated identities. Therefore, we first define a set of fundamental
constraints that digital identity systems must satisfy to preserve and promote
privacy as required for individual autonomy. With these constraints in mind, we
then propose a decentralised, standards-based approach, using a combination of
distributed ledger technology and thoughtful regulation, to facilitate
many-to-many relationships among providers of key services. Our proposal for
digital identity differs from others in its approach to trust in that we do not
seek to bind credentials to each other or to a mutually trusted authority to
achieve strong non-transferability. Because the system does not implicitly
encourage its users to maintain a single aggregated identity that can
potentially be constrained or reconstructed against their interests,
individuals and organisations are free to embrace the system and share in its
benefits.Comment: 30 pages, 10 figures, 3 table
Anonymous certification for E-assessment opinion polls
Anonymous certification (AC) refers to cryptographic mechanisms in which users get certified from trusted issuers, with regard to some pre-defined user attributes, in order to produce presentation tokens. Such tokens satisfy service providersâ access policies, without revealing sensitive user information. AC systems are generally classified under two main different categories: (1) one-time show credentials that can be shown once for avoiding their originating user being traced from one transaction to another, and (2) multi-show credentials that can be used many times while avoiding their originating user to be traced. In this paper, we consider e-assessment opinion polls scenarios and propose an AC scheme where the one-time show property is relevant for making sure each user cannot hand in more than one poll in order to get significant results. To mitigate cheating, the scheme is provided with two extra procedures: attribute revocation and anonymity removal. The correctness of our scheme, as well as unforgeability, privacy and anonymity removal, are analyzed and demonstrated
Data Minimisation in Communication Protocols: A Formal Analysis Framework and Application to Identity Management
With the growing amount of personal information exchanged over the Internet,
privacy is becoming more and more a concern for users. One of the key
principles in protecting privacy is data minimisation. This principle requires
that only the minimum amount of information necessary to accomplish a certain
goal is collected and processed. "Privacy-enhancing" communication protocols
have been proposed to guarantee data minimisation in a wide range of
applications. However, currently there is no satisfactory way to assess and
compare the privacy they offer in a precise way: existing analyses are either
too informal and high-level, or specific for one particular system. In this
work, we propose a general formal framework to analyse and compare
communication protocols with respect to privacy by data minimisation. Privacy
requirements are formalised independent of a particular protocol in terms of
the knowledge of (coalitions of) actors in a three-layer model of personal
information. These requirements are then verified automatically for particular
protocols by computing this knowledge from a description of their
communication. We validate our framework in an identity management (IdM) case
study. As IdM systems are used more and more to satisfy the increasing need for
reliable on-line identification and authentication, privacy is becoming an
increasingly critical issue. We use our framework to analyse and compare four
identity management systems. Finally, we discuss the completeness and
(re)usability of the proposed framework
Bringing data minimization to digital wallets at scale with general-purpose zero-knowledge proofs
Today, digital identity management for individuals is either inconvenient and
error-prone or creates undesirable lock-in effects and violates privacy and
security expectations. These shortcomings inhibit the digital transformation in
general and seem particularly concerning in the context of novel applications
such as access control for decentralized autonomous organizations and
identification in the Metaverse. Decentralized or self-sovereign identity (SSI)
aims to offer a solution to this dilemma by empowering individuals to manage
their digital identity through machine-verifiable attestations stored in a
"digital wallet" application on their edge devices. However, when presented to
a relying party, these attestations typically reveal more attributes than
required and allow tracking end users' activities. Several academic works and
practical solutions exist to reduce or avoid such excessive information
disclosure, from simple selective disclosure to data-minimizing anonymous
credentials based on zero-knowledge proofs (ZKPs). We first demonstrate that
the SSI solutions that are currently built with anonymous credentials still
lack essential features such as scalable revocation, certificate chaining, and
integration with secure elements. We then argue that general-purpose ZKPs in
the form of zk-SNARKs can appropriately address these pressing challenges. We
describe our implementation and conduct performance tests on different edge
devices to illustrate that the performance of zk-SNARK-based anonymous
credentials is already practical. We also discuss further advantages that
general-purpose ZKPs can easily provide for digital wallets, for instance, to
create "designated verifier presentations" that facilitate new design options
for digital identity infrastructures that previously were not accessible
because of the threat of man-in-the-middle attacks
Formal Security Analysis and Performance Evaluation of the Linkable Anonymous Access Protocol
Part 2: The 2014 Asian Conference on Availability, Reliability and Security, AsiaARES 2014International audienceThe introduction of e-Health applications has not only brought benefits, but also raised serious concerns regarding security and privacy of health data. The increasing demands of accessing health data, highlighted critical questions and challenges concerning the confidentiality of electronic patient records and the efficiency of accessing these records. Therefore, the aim of this paper is to provide secure and efficient access to electronic patient records. In this paper, we propose a novel protocol called the Linkable Anonymous Access protocol (LAA). We formally verify and analyse the protocol against security properties such as secrecy and authentication using the Casper/FDR2 verification tool. In addition, we have implemented the protocol using the Java technology to evaluate its performance. Our formal security analysis and performance evaluation proved that the LAA protocol supports secure access to electronic patient records without compromising performance
Trust Evaluation for Embedded Systems Security research challenges identified from an incident network scenario
This paper is about trust establishment and trust
evaluations techniques. A short background about trust, trusted
computing and security in embedded systems is given. An analysis
has been done of an incident network scenario with roaming
users and a set of basic security needs has been identified.
These needs have been used to derive security requirements for devices and systems, supporting the considered scenario. Using the requirements, a list of major security challenges for future research regarding trust establishment in dynamic networks have been collected and elaboration on some different approaches for future research has been done.This work was supported by the Knowledge foundation and RISE within the ARIES project
Handling privacy and concurrency in an online educational evaluation system
Nowadays, all academic institutions exhibit and distribute their material over Internet. Moreover, e-learning and e-evaluation products is one of the most rapidly expanding areas of education and training, with nearly 30% of U.S. college and university students now taking at least one online course. However, Internet increases the vulnerability of digital educational content exploitation since it is a potential hostile environment for secure data management. The challenge is that providing current online educational tools that are accessible by a large number of users, these educational environments handle data of varying sensitivity thus it is increasingly important to reason about and enforce information privacy guarantees in the presence of concurrency. The present paper provides a privacy preserving approach in a concurrent online educational evaluation system. It introduces a privacy preserving approach for utilizing online concurrent evaluation of acquired student competencies that handles the increasingly complex issues of designing, developing and e-competence evaluation systems suitable for educational and e-learning environments. The proposed architecture for an online competence evaluation system offers access control and protect users' private data while, it provides concurrent procedures for evaluating competencies. © 2019 International Press of Boston, Inc. All rights reserved.European Commission, ECThis work has been partially supported by the âImplementation of Software Engineering Com-petence Remote Evaluation for Master Program Graduates (iSECRET)â project No 2015-1-LVo1-KA203-013439 funded by ERASMUS+ of the European Commission
Accountable infrastructure and its impact on internet security and privacy
The Internet infrastructure relies on the correct functioning of the basic underlying protocols, which were designed for functionality. Security and privacy have been added post hoc, mostly by applying cryptographic means to different layers of communication. In the absence of accountability, as a fundamental property, the Internet infrastructure does not have a built-in ability to associate an action with the responsible entity, neither to detect or prevent misbehavior. In this thesis, we study accountability from a few different perspectives. First, we study the need of having accountability in anonymous communication networks as a mechanism that provides repudiation for the proxy nodes by tracing back selected outbound traffic in a provable manner. Second, we design a framework that provides a foundation to support the enforcement of the right to be forgotten law in a scalable and automated manner. The framework provides a technical mean for the users to prove their eligibility for content removal from the search results. Third, we analyze the Internet infrastructure determining potential security risks and threats imposed by dependencies among the entities on the Internet. Finally, we evaluate the feasibility of using hop count filtering as a mechanism for mitigating Distributed Reflective Denial-of-Service attacks, and conceptually show that it cannot work to prevent these attacks.Die Internet-Infrastrutur stĂŒtzt sich auf die korrekte AusfĂŒhrung zugrundeliegender Protokolle, welche mit Fokus auf FunktionalitĂ€t entwickelt wurden. Sicherheit und Datenschutz wurden nachtrĂ€glich hinzugefĂŒgt, hauptsĂ€chlich durch die Anwendung kryptografischer Methoden in verschiedenen Schichten des Protokollstacks. Fehlende Zurechenbarkeit, eine fundamentale Eigenschaft Handlungen mit deren Verantwortlichen in Verbindung zu bringen, verhindert jedoch, Fehlverhalten zu erkennen und zu unterbinden.
Diese Dissertation betrachtet die Zurechenbarkeit im Internet aus verschiedenen Blickwinkeln. Zuerst untersuchen wir die Notwendigkeit fĂŒr Zurechenbarkeit in anonymisierten Kommunikationsnetzen um es Proxyknoten zu erlauben Fehlverhalten beweisbar auf den eigentlichen Verursacher zurĂŒckzuverfolgen. Zweitens entwerfen wir ein Framework, das die skalierbare und automatisierte Umsetzung des Rechts auf Vergessenwerden unterstĂŒtzt. Unser Framework bietet Benutzern die technische Möglichkeit, ihre Berechtigung fĂŒr die Entfernung von Suchergebnissen nachzuweisen. Drittens analysieren wir die Internet-Infrastruktur, um mögliche Sicherheitsrisiken und Bedrohungen aufgrund von AbhĂ€ngigkeiten zwischen den verschiedenen beteiligten EntitĂ€ten zu bestimmen. Letztlich evaluieren wir die Umsetzbarkeit von Hop Count Filtering als ein Instrument DRDoS Angriffe abzuschwĂ€chen und wir zeigen, dass dieses Instrument diese Art der Angriffe konzeptionell nicht verhindern kann
- âŠ