ДЕЦЕНТРАЛІЗОВАНА СИСТЕМА ІДЕНТИФІКАЦІЇ ТА СЕРТИФІКАЦІЇ

This article describes an approach to identification and certification in a decentralized environment. The protocol defines the way to integrate blockchain technology and web-of-trust concepts to create a decentralized public key infrastructure with easy user ID management. The essence of the scheme is to differentiate the entire infrastructure into 2 levels: the level of certification authorities (service providers) that jointly keep track of events related to user certificates; and the level of end users, systems and applications. During creating, updating, and revoking certificates, higher-level members reach a consensus on the confirmation of transactions associated with them, which ensures a higher level of validity of the certificates and synchronization of their status between certification centers. In turn, lower-level members do not need to perform complex verification procedures for a corresponding certificate: unlike the classic X.509 architecture and web-of-trust approach, the maximum number of checks in a chain can be two. An important feature of such a system is its ability to refuse certification centers: in the case of failure and / or compromise of the keys of one certification center, other network members continue to work seamlessly with others, and blockchain technology may make it impossible to add a certificate to a center whose keys have been compromised, because all the events in the system are connected by cryptographic methods. In particular, such a system can be used on the Internet of Things. Each individual sensor must communicate properly with other components of the system as a whole. In order to enable the secure interaction of these components, they must exchange encrypted messages to verify their integrity and authenticity, the provisioning scheme of which is in the described scheme.Ця стаття описує підхід до ідентифікації та сертифікації у децентралізованому середовищі. Протокол визначає шлях інтеграції блокчейн-технології та концепції web-of-trust для створення децентралізованої інфраструктури відкритих ключів зі зручним керуванням ідентифікаторами користувачів. Сутність схеми полягає у розмежуванні усієї інфраструктури на 2 рівня: рівень центрів сертифікації (постачальників послуг), які сумісно ведуть історію подій, що пов’язані з сертифікатами користувачів; та рівень кінцевих користувачів, систем та додатків. При створенні, оновленні та відкликанні сертифікатів, учасники вищого рівня досягають консенсусу відносно підтвердження пов’язаних з цим транзакцій, що забезпечує більш високий рівень валідності сертифікатів та синхронізацію їх стану між центрами сертифікації. У свою чергу учасникам нижчого рівня не потрібно виконувати складні процедури верифікації окремого сертифікату: на відміну від класичної Х.509 архітектури та web-of-trust підходу, максимальна кількість перевірок у ланцюжці може дорівнювати - двом. Важливою особливістю в такій системі є її здатність до відмови центрів сертифікації: у випадку відмови та/чи компрометації ключів одного центру сертифікації, інші учасники мережі продовжують безперебійно працювати з іншими, а технологія блокчейн може забезпечити неможливість додавання сертифікату центром, ключі якого були скомпрометовані, так як всі події в системі зв'язані за допомогою криптографічних методів. Зокрема, така система може використовуватися у Інтерні Речей (Internet of Things). Кожен індивідуальний сенсор повинен правильно комунікувати з іншими компонентами системи в цілому. Для надання безпечної взаємодії цих компонентів, вони повинні обмінюватися зашифрованими повідомленнями з можливістю перевірки їх цілісності та автентичності, схема надання котрих знаходиться в описаній схемі

Mobile Identity, Credential, and Access Management Framework

Organizations today gather unprecedented quantities of data from their operations. This data is coming from transactions made by a person or from a connected system/application. From personal devices to industry including government, the internet has become the primary means of modern communication, further increasing the need for a method to track and secure these devices. Protecting the integrity of connected devices collecting data is critical to ensure the trustworthiness of the system. An organization must not only know the identity of the users on their networks and have the capability of tracing the actions performed by a user but they must trust the system providing them with this knowledge. This increase in the pace of usage of personal devices along with a lack of trust in the internet has driven demand for trusted digital identities. As the world becomes increasingly mobile with the number of smart phone users growing annually and the mobile web flourishing, it is critical to implement strong security on mobile devices. To manage the vast number of devices and feel confident that a machine’s identity is verifiable, companies need to deploy digital credentialing systems with a strong root of trust. As passwords are not a secure method of authentication, mobile devices and other forms of IoT require a means of two-factor authentication that meets NIST standards. Traditionally, this has been done with Public Key Infrastructure (PKI) through the use of a smart card. Blockchain technologies combined with PKI can be utilized in such a way as to provide an identity and access management solution for the internet of things (IoT). Improvements to the security of Radio Frequency Identification (RFID) technology and various implementations of blockchain make viable options for managing the identity and access of IoT devices. When PKI first began over two decades ago, it required the use of a smart card with a set of credentials known as the personal identity verification (PIV) card. The PIV card (something you have) along with a personal identification number (PIN) (something you know) were used to implement two-factor authentication. Over time the use of the PIV cards has proven challenging as mobile devices lack the integrated smart card readers found in laptop and desktop computers. Near Field Communication (NFC) capability in most smart phones and mobile devices provides a mechanism to allow a PIV card to be read by a mobile device. In addition, the existing PKI system must be updated to meet the demands of a mobile focused internet. Blockchain technology is the key to modernizing PKI. Together, blockchain-based PKI and NFC will provide an IoT solution that will allow industry, government, and individuals a foundation of trust in the world wide web that is lacking today

Digital Identity Scheme

학위논문(석사) -- 서울대학교대학원 : 행정대학원 글로벌행정전공, 2023. 2. Junki Kim.디지털 아이덴티티는 디지털 서비스와의 상호작용에서 개인을 고유하게 차별화하는 속성을 의미한다. 따라서 디지털 아이덴티티 전략은 디지털 아이덴티티 라이프사이클을 관리하는 정책, 기술, 조직 및 프로세스의 잘 설계된 집합체이다. 이는 디지털 변환의 필수 요소이며 디지털 신뢰를 강화하기 위한 핵심 요소이다. 그런 맥락에서, 이 논문은 국가 차원에서 디지털 아이덴티티 체계를 관리하는 데 있어 어려움을 이해하는 것을 목표로 한다. 정확성, 포괄성, 안전성, 사용 가능한 디지털 ID의 이점은 공공 및 민간 부문, 아카데미 및 국제 조직에 의해 널리 인식되고 있다. 이와 더불어 COVID-19의 세계적인 확산으로 인해 사회적 거리두기 조치와 비대면 거래가 증가하면서, 우리는 정부와 기업에 의해 개발되는 디지털 인증 플랫폼이 발전하는 것을 볼 수 있다. 그 결과, 대한민국(이하 한국)과 페루와 같은 나라들은 핸드폰, 인공지능, 빅데이터, 상호운용성, 데이터센터와 같은 부상한 기술을 활용하여 식별 및 인증 프로세스의 효율성을 높이기 위해 서로 다른 종류의 이니셔티브와 플랫폼을 개발, 시행하고 있다. 이에 따라 현재까지 정부24를 전자정부 공식포털로, 디지털원패스(Digital ONEPASS)를 디지털인증플랫폼으로 구현해 시민 비대면 인증이 가능하도록 하고 있으며, 주민등록제도(RRS)도 한국 디지털 아이덴티티 제도의 핵심요소로 자리매김하고 있다. 이와 비슷하게 페루의 경우 기존의 전자정부 접근 방식이 디지털 정부라는 새로운 패러다임으로 변모하였다는 것과, 디지털 기술은 더 이상 기술적 문제가 아니라 정치, 법률, 협력적 문제라는 이해를 바탕으로 2018년 디지털 정부가 제정되었다. 디지털 정체성을 강화하기 위해 두 개의 디지털 플랫폼이 시행되고 있는데, 하나는 시민 지향의 단일 디지털 플랫폼(GOB.PE)이며, 다른 하나는 디지털 신원 확인 및 인증을 위한 국가 플랫폼(ID)이다. 두 플랫폼은 정부에 의해 유지되고 개발된다. 이처럼 한국과 페루의 정책 사이에 유사점이 있지만 결과는 다르다. 전자정부개발지수(EDGI)에서 한국은 세계 2위, 페루는 71위, 한국은 디지털 인증 플랫폼이 구현되어 있고, 정부24는 다양한 인증을 사용하고 있다. ONE PASS, KAKAO, 삼성 PASS 등 시민을 위한 간편하고 편리한 인증 방법이 사용된다. 또한 2021년까지 정부24를 통해 온라인으로 접수된 청원은 13202만 5035건에 달하며, 증명서와 문서는 시민이 직접 프린터를 통해 출력했다. 페루의 경우 디지털 아이덴티티 전략은 디지털 정부법이 규제하는 공공부문의 디지털 아이덴티티 프레임워크를 기반으로 정부가 기본적으로 주도하는 진행형 프로세스다. 따라서, 본 연구에서는 한국의 디지털 아이덴티티 전략이 개인의 디지털 아이덴티티의 정확성, 포괄성, 보안성 및 사용성을 강화하기 위해 어떤 성과를 내고 있는지 중점적으로 살펴보려고 한다. 우리는 유엔과 경제협력개발기구(OECD)가 사용하는 프레임워크를 적용한 비교 프레임워크를 활용해 유사점과 차이점을 규명할 예정이다. 한국과 페루의 비교 연구를 수행하는 시의적절하다. 왜냐하면 페루는 한국의 디지털 아이덴티티 제도의 모범 사례와 좋은 교훈을 활용할 수 있고 더 나은 정책과 결정을 설계할 수 있기 때문이다. 본 연구에서는 한국과 페루의 ICT 전문가와 온라인 인터뷰를 통해 양국의 디지털 아이덴티티 체계에 대한 심층적인 이해를 창출하는 정성적 연구 방법을 활용하였다. 총 10명의 전문가를 인터뷰했는데, 전문가와의 인터뷰는 한국과 페루의 디지털 아이덴티티 진화에 대한 개요를 제공하고 페루의 디지털 아이덴티티 제도 구현 과정에서 발생하는 과제를 식별할 수 있다. 디지털 공공 서비스의 개발 및 제공을 지원하기 위한 강력하고 지속적인 디지털 리더십, 시의적절한 법적 프레임워크, 현대 ICT 기술이라는 세 가지 요소에서 큰 차이가 나타났음을 알 수 있었다. 하지만 이 연구결과는 또한 페루에서 디지털 아이덴티티 생태계를 조성하기 위한 목적으로 제도적 정비를 하고, 규제를 개선하며, 예산을 최적화한다면 큰 성과를 얻을 수 있음을 시사한다. 주요 키워드: 디지털 아이덴티티, 디지털 정부, 디지털 변환, 디지털 아이덴티티 전략Digital identity is the collection of attributes that uniquely differentiates a person in his interaction with digital services. The literature and previous research suggest that it is an essential component to the digital transformation and a vital element for strengthening the digital trust. Currently, due to worldwide spread of COVID-19, which has accelerated the digital transition in the public and private sector, the non-face-to-face transactions have been increased, coupled with cybercrimes such as identity theft, private data leakage, fraud, among other cybercrimes. In this sense, governments should become aware of the importance of digital identity management, because it is increasingly embedded in everything we do in our digital and offline life (WEF, Identity in the Digital World a new chapter in the social contract, 2018, p. 9). To deal with those issues and leverage all the potential of digital identity at national level, many countries implement a Digital Identity Scheme, which is a well-designed and articulated collection of policies, business rules, technologies, organizations, and processes in charge of governing the digital identity lifecycle to promote a digital society. Hence, countries such as The Republic of Korea (hereinafter, Korea) and The Republic of Peru (hereinafter, Peru) have been developed and implemented different kind of policies, legal instruments, initiatives, and digital technologies to enhance accessibility, efficiency and security of the identification and authentication process, for instance, Korea has issued the Electronic Government Law and implemented cross-platforms such as Government24 (정부24) as official electronic government portal, Digital ONEPASS (디지털원패스) as a digital authentication platform to enable a convenient no-face-to-face authentication of the citizens, Resident Registration System (RRS), as a fundamental national information system which manages and stores relevant personal information of Koreans, and Sharing Information System (행정정보공동이용시스템), as a interoperability platform to exchange information with governmental agencies. Moreover, Korea has a PKI Scheme which is divided into a National Public Key Infrastructure (NPKI), and a Government Public Key Infrastructure (GPKI). All these regulations, technologies and platforms are vital elements of the Korean Digital Identity Scheme. In the case of Peru, based on Law N° 26497 enacted in 1995, the government has been managing and maintaining the National Identification Registry of Peruvian. Moreover, since issuance of Digital Government Law in 2018, Peru has been implemented different kind of cross-platforms such as the Single Digital Platform for Citizen Orientation (GOB.PE), to offer one point of contact between government and citizens, National Interoperability Platform, to promote information exchange among public entities, the National Digital Government Platform, to provide cloud services to the public entities, and National Platform for Identification and Authentication of Digital Identity (ID.GOB.PE), to verify a persons identity. Although there are similarities, the outcomes are different, in the Electronic Government Development Index 2022, Korea is ranked 3rd in the world, while Peru is ranked 59th, from another side, in terms of digital identity, Korea has a digital identity ecosystem operating, for instance Government24 accepts several authentication methods which are easily and conveniently for the citizens such as ONEPASS, KAKAO, Samsung PASS, among others (MOIS, Status of Government 24, 2022). To 2021, almost 132,025,035 petitions were filed online through Government24 (MOIS, Status of Government 24, 2022). In the case of Peru, the digital identity scheme is an ongoing project, which is leading basically by the government, based on the Digital Government Law and its enforcement decree. In that vein, this research aims at understanding the components for governing and managing a Digital Identity Scheme in Korea and Peru and identifying the gap between them. Therefore, in this study we are going to focus on how the Digital Identity Scheme of Korea is performing to strengthen accuracy, inclusiveness, security, and usability of digital identity of persons. We are going to establish the similarities and differences by using a comparison framework which is an adaptation of the frameworks used by the United Nations (UN), International Telecommunication Union (UIT) and Organization for Economic Cooperation and Development (OECD). Additionally, in this moment, undertaking a comparison study between Korea and Peru is a relevant work, because Peru is implementing transversal digital government platforms based on the Digital Government Law, and based on that we are dealing with cybercrimes and digital threats, that is why we can learn of the best practices and good lessons of the Digital Identity Scheme in Korea and design better policies and decisions for Peruvian implementation. This research was carried out by using a qualitative research method which involved online interviews with ICT specialists from Korea and Peru to generate an in-depth understanding of the digital identity scheme of both countries. A total of ten specialists were interviewed. Interviews provide an overview of the digital identity evolution in Korea and allow me to identify challenges and policy recommendations in the implementation process of Digital Identity Scheme in Peru. Based on the results the big differences are integrated in three factors: strong and continuous digital leadership, timely legal framework, and modern ICT technology to support development and public services rendering. However, the results also suggest that it is possible to get big achievements on the Digital Identity Scheme in Peru, making institutional arrangements, enhancing digital regulation and optimizing the budget with the purpose to create a sustainable digital identity ecosystem.ABSTRACT 5 LIST OF ABBREVIATIONS 9 LIST OF TABLES 9 CHAPTER 1: INTRODUCTION 12 1.1 STUDY BACKGROUND 12 1.2 BACKGROUND OF THE COUNTRIES 20 1.3 THEORETICAL BACKGROUND 27 1.4 PURPOSE OF THE RESEARCH 39 CHAPTER 2. KEY CONCEPTS AND FRAMEWORK 43 CHAPTER 3: LITERATURE REVIEW 77 CHAPTER 4: DIGITAL IDENTITY IN KOREA AND PERU 86 4.1 LEGAL FRAMEWORK 86 4.2 TECHNOLOGY 100 4.3 GOVERNANCE AND LEADERSHIP 116 4.4 BUDGET 120 4.5 MARKET 122 4.6 FINDINGS 122 CHAPTER 5: CONCLUSIONS 132 5.1 SUMMARY OF THE THESIS 132 5.2 POLICY COMPARISON 143 5.3 POLICY RECOMMENDATIONS 145 5.4 LIMITATIONS OF THE RESEARCH 150 REFERENCES 152 APPENDICES 158 APPENDIX 1. QUESTIONNAIRE 158 APPENDIX 2. MATRIZ OF COMPARISON 167석

Análisis comparativo entre el esquema de identidad digital de Perú y Corea del Sur enfocado en la identificación y autenticación de personas naturales

Digital identity is a collection of attributes that uniquely differentiate a person in their interaction with digital services. Literature and previous research suggest that it is an essential component in Digital Transformation and a vital element to strengthen digital trust. In that sense, governments should become aware of the importance of digital identity management, because it is embedded in almost everything we do outside and inside the digital environment. Consistent with the above, both the Republic of South Korea and the Republic of Peru have developed and implemented different policies, legal instruments, initiatives, digital technologies and data to manage people's digital identity. Although there are similarities between both schemes, there are different results in digital matters. Therefore, this study seeks to identify the components that have allowed South Korea to implement and maintain an inclusive, reliable and secure Digital Identity Scheme for the identification and authentication of people.La identidad digital es una colección de atributos que diferencian de manera única a una persona en su interacción con los servicios digitales. La literatura y previas investigaciones sugieren que es un componente esencial en la Transformación Digital y vital elemento para fortalecer la confianza digital. En ese sentido, los gobiernos deberían tomar conciencia de la importancia de la gestión de la identidad digital, debido a que esta embebida en casi todo lo que hacemos fuera y dentro del entorno digital. Consistente con lo anterior, tanto la República de Corea del Sur y la Republica del Perú han desarrollado e implementado diferentes políticas, instrumentos legales, iniciativas, tecnologías digitales y datos para gestionar la identidad digital de las personas. Aunque existen similitudes entre ambos esquemas, existen diferentes resultados en materia digital. Por lo expresado, este estudio busca identificar los componentes que han permitido a Corea del Sur implementar y mantener un Esquema de Identidad Digital inclusivo, confiable y seguro para la identificación y autenticación de personas.Corea del Sur. Korean Government. Capacity Improvement & Advancement for Tomorrow scholarship (CIAT)Tesi

Dea2uth: A Decentralized Authentication and Authorization Scheme for Secure Private Data Transfer

The sharing of private information is a daunting, multifaceted, and expensive undertaking. Furthermore, identity management is an additional challenge that poses significant technological, operational, and legal obstacles. Present solutions and their accompanying infrastructures rely on centralized models that are susceptible to hacking and can hinder data control by the rightful owner. Consequently, blockchain technology has generated interest in the fields of identity and access control. This technology is viewed as a potential solution due to its ability to offer decentralization, transparency, provenance, security, and privacy benefits. Nevertheless, a completely decentralized and private solution that enables data owners to control their private data has yet to be presented.In this dissertation, we introduce DeA2uth, a novel decentralized, authentication and authorization scheme for secure private data transfer. DeA2uth combines blockchain, smart-contracts, decentralized identity, and distributed peer-to-peer (P2P) storage to give users more control of their private data, and permissioning power to share without third party services. For this scheme, identity is proven using decentralized identifiers and verifiable credentials, while authorization to share data is performed using the blockchain. A prototype was developed using the Ethereum Blockchain and the InterPlanetary Files System, a P2P file sharing protocol. We evaluated DeA2uth through use-case studies and metrics such as security, performance, and cost. Our findings indicate DeA2uth to be viable alternative to using centralized services; however, the underlying technologies are still in its infancies and requires more testing before it can supplant traditional services. Overall, this dissertation provides a comprehensive examination of current decentralized technologies and con- tributes to a possible future where users have complete control over their data

Revisión sistemática del uso de Blockchains en datos clínicos y su aplicación en Colombia

Trabajo de investigaciónEste documento presenta una revisión sistemática realizada en 3 fuentes de datos como IEEE, Scopus y Web of Science, buscando una síntesis de información para visualizar qué aplicaciones o desarrollos hay en el mundo acerca de blockchain, qué temas y soluciones abarca, qué se está tratando, qué implantaciones hay en curso y cuáles son los retos actuales y futuros para de esta manera divisar cuáles pueden ser los campos en los que esta tecnología se incorpore en la salud colombiana.INTRODUCCIÓN 1. GENERALIDADES 2. PLANIFICACIÓN DE LA REVISIÓN SISTEMÁTICA 3. RESULTADOS 4. DESARROLLO DE LA PROPUESTA CONCLUSIONES RECOMENDACIONES BIBLIOGRAFÍA ANEXOSPregradoIngeniero de Sistema

Improving Security for the Internet of Things: Applications of Blockchain, Machine Learning and Inter-Pulse Interval

The Internet of Things (IoT) is a concept where physical objects of various sizes can seamlessly connect and communicate with each other without human intervention. The concept covers various applications, including healthcare, utility services, automotive/vehicular transportation, smart agriculture and smart city. The number of interconnected IoT devices has recently grown rapidly as a result of technological advancement in communications and computational systems. Consequently, this trend also highlights the need to address issues associated with IoT, the biggest risk of which is commonly known to be security. This thesis focuses on three selected security challenges from the IoT application areas of connected and autonomous vehicles (CAVs), Internet of Flying Things (IoFT), and human body interface and control systems (HBICS). For each of these challenges, a novel and innovative solution is proposed to address the identified problems. The research contributions of this thesis to the literature can be summarised as follows: • A blockchain-based conditionally anonymised pseudonym management scheme for CAVs, supporting multi-jurisdictional road networks. • A Sybil attack detection scheme for IoFT using machine learning carried out on intrinsically generated physical layer data of radio signals. • A potential approach of using inter-pulse interval (IPI) biometrics for frequency hopping to mitigate jamming attacks on HBICS devices