24,385 research outputs found
A Decentralised Digital Identity Architecture
Current architectures to validate, certify, and manage identity are based on
centralised, top-down approaches that rely on trusted authorities and
third-party operators. We approach the problem of digital identity starting
from a human rights perspective, with a primary focus on identity systems in
the developed world. We assert that individual persons must be allowed to
manage their personal information in a multitude of different ways in different
contexts and that to do so, each individual must be able to create multiple
unrelated identities. Therefore, we first define a set of fundamental
constraints that digital identity systems must satisfy to preserve and promote
privacy as required for individual autonomy. With these constraints in mind, we
then propose a decentralised, standards-based approach, using a combination of
distributed ledger technology and thoughtful regulation, to facilitate
many-to-many relationships among providers of key services. Our proposal for
digital identity differs from others in its approach to trust in that we do not
seek to bind credentials to each other or to a mutually trusted authority to
achieve strong non-transferability. Because the system does not implicitly
encourage its users to maintain a single aggregated identity that can
potentially be constrained or reconstructed against their interests,
individuals and organisations are free to embrace the system and share in its
benefits.Comment: 30 pages, 10 figures, 3 table
An Interoperable Access Control System based on Self-Sovereign Identities
The extreme growth of the World Wide Web in the last decade together with recent scandals related to theft or abusive use of personal information have left users unsatisfied withtheir digital identity providers and concerned about their online privacy. Self-SovereignIdentity (SSI) is a new identity management paradigm which gives back control over personal information to its rightful owner - the individual. However, adoption of SSI on theWeb is complicated by the high overhead costs for the service providers due to the lackinginteroperability of the various emerging SSI solutions. In this work, we propose an AccessControl System based on Self-Sovereign Identities with a semantically modelled AccessControl Logic. Our system relies on the Web Access Control authorization rules usedin the Solid project and extends them to additionally express requirements on VerifiableCredentials, i.e., digital credentials adhering to a standardized data model. Moreover,the system achieves interoperability across multiple DID Methods and types of VerifiableCredentials allowing for incremental extensibility of the supported SSI technologies bydesign. A Proof-of-Concept prototype is implemented and its performance as well as multiple system design choices are evaluated: The End-to-End latency of the authorizationprocess takes between 2-5 seconds depending on the used DID Methods and can theoretically be further optimized to 1.5-3 seconds. Evaluating the potential interoperabilityachieved by the system shows that multiple DID Methods and different types of VerifiableCredentials can be supported. Lastly, multiple approaches for modelling required Verifiable Credentials are compared and the suitability of the SHACL language for describingthe RDF graphs represented by the required Linked Data credentials is shown
Security and Privacy Issues in Wireless Mesh Networks: A Survey
This book chapter identifies various security threats in wireless mesh
network (WMN). Keeping in mind the critical requirement of security and user
privacy in WMNs, this chapter provides a comprehensive overview of various
possible attacks on different layers of the communication protocol stack for
WMNs and their corresponding defense mechanisms. First, it identifies the
security vulnerabilities in the physical, link, network, transport, application
layers. Furthermore, various possible attacks on the key management protocols,
user authentication and access control protocols, and user privacy preservation
protocols are presented. After enumerating various possible attacks, the
chapter provides a detailed discussion on various existing security mechanisms
and protocols to defend against and wherever possible prevent the possible
attacks. Comparative analyses are also presented on the security schemes with
regards to the cryptographic schemes used, key management strategies deployed,
use of any trusted third party, computation and communication overhead involved
etc. The chapter then presents a brief discussion on various trust management
approaches for WMNs since trust and reputation-based schemes are increasingly
becoming popular for enforcing security in wireless networks. A number of open
problems in security and privacy issues for WMNs are subsequently discussed
before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the
author's previous submission in arXiv submission: arXiv:1102.1226. There are
some text overlaps with the previous submissio
Bringing data minimization to digital wallets at scale with general-purpose zero-knowledge proofs
Today, digital identity management for individuals is either inconvenient and
error-prone or creates undesirable lock-in effects and violates privacy and
security expectations. These shortcomings inhibit the digital transformation in
general and seem particularly concerning in the context of novel applications
such as access control for decentralized autonomous organizations and
identification in the Metaverse. Decentralized or self-sovereign identity (SSI)
aims to offer a solution to this dilemma by empowering individuals to manage
their digital identity through machine-verifiable attestations stored in a
"digital wallet" application on their edge devices. However, when presented to
a relying party, these attestations typically reveal more attributes than
required and allow tracking end users' activities. Several academic works and
practical solutions exist to reduce or avoid such excessive information
disclosure, from simple selective disclosure to data-minimizing anonymous
credentials based on zero-knowledge proofs (ZKPs). We first demonstrate that
the SSI solutions that are currently built with anonymous credentials still
lack essential features such as scalable revocation, certificate chaining, and
integration with secure elements. We then argue that general-purpose ZKPs in
the form of zk-SNARKs can appropriately address these pressing challenges. We
describe our implementation and conduct performance tests on different edge
devices to illustrate that the performance of zk-SNARK-based anonymous
credentials is already practical. We also discuss further advantages that
general-purpose ZKPs can easily provide for digital wallets, for instance, to
create "designated verifier presentations" that facilitate new design options
for digital identity infrastructures that previously were not accessible
because of the threat of man-in-the-middle attacks
A Decentralized Approach Towards Responsible AI in Social Ecosystems
For AI technology to fulfill its full promises, we must design effective
mechanisms into the AI systems to support responsible AI behavior and curtail
potential irresponsible use, e.g. in areas of privacy protection, human
autonomy, robustness, and prevention of biases and discrimination in automated
decision making. In this paper, we present a framework that provides
computational facilities for parties in a social ecosystem to produce the
desired responsible AI behaviors. To achieve this goal, we analyze AI systems
at the architecture level and propose two decentralized cryptographic
mechanisms for an AI system architecture: (1) using Autonomous Identity to
empower human users, and (2) automating rules and adopting conventions within
social institutions. We then propose a decentralized approach and outline the
key concepts and mechanisms based on Decentralized Identifier (DID) and
Verifiable Credentials (VC) for a general-purpose computational infrastructure
to realize these mechanisms. We argue the case that a decentralized approach is
the most promising path towards Responsible AI from both the computer science
and social science perspectives
Zero-Knowledge Proof-of-Identity: Sybil-Resistant, Anonymous Authentication on Permissionless Blockchains and Incentive Compatible, Strictly Dominant Cryptocurrencies
Zero-Knowledge Proof-of-Identity from trusted public certificates (e.g.,
national identity cards and/or ePassports; eSIM) is introduced here to
permissionless blockchains in order to remove the inefficiencies of
Sybil-resistant mechanisms such as Proof-of-Work (i.e., high energy and
environmental costs) and Proof-of-Stake (i.e., capital hoarding and lower
transaction volume). The proposed solution effectively limits the number of
mining nodes a single individual would be able to run while keeping membership
open to everyone, circumventing the impossibility of full decentralization and
the blockchain scalability trilemma when instantiated on a blockchain with a
consensus protocol based on the cryptographic random selection of nodes.
Resistance to collusion is also considered.
Solving one of the most pressing problems in blockchains, a zk-PoI
cryptocurrency is proved to have the following advantageous properties:
- an incentive-compatible protocol for the issuing of cryptocurrency rewards
based on a unique Nash equilibrium
- strict domination of mining over all other PoW/PoS cryptocurrencies, thus
the zk-PoI cryptocurrency becoming the preferred choice by miners is proved to
be a Nash equilibrium and the Evolutionarily Stable Strategy
- PoW/PoS cryptocurrencies are condemned to pay the Price of Crypto-Anarchy,
redeemed by the optimal efficiency of zk-PoI as it implements the social
optimum
- the circulation of a zk-PoI cryptocurrency Pareto dominates other PoW/PoS
cryptocurrencies
- the network effects arising from the social networks inherent to national
identity cards and ePassports dominate PoW/PoS cryptocurrencies
- the lower costs of its infrastructure imply the existence of a unique
equilibrium where it dominates other forms of paymentComment: 2.1: Proof-of-Personhood Considered Harmful (and Illegal); 4.1.5:
Absence of Active Authentication; 4.2.6: Absence of Active Authentication;
4.2.7: Removing Single-Points of Failure; 4.3.2: Combining with
Non-Zero-Knowledge Authentication; 4.4: Circumventing the Impossibility of
Full Decentralizatio
Tutorial: Identity Management Systems and Secured Access Control
Identity Management has been a serious problem since the establishment of the Internet. Yet little progress has been made toward an acceptable solution. Early Identity Management Systems (IdMS) were designed to control access to resources and match capabilities with people in well-defined situations, Today’s computing environment involves a variety of user and machine centric forms of digital identities and fuzzy organizational boundaries. With the advent of inter-organizational systems, social networks, e-commerce, m-commerce, service oriented computing, and automated agents, the characteristics of IdMS face a large number of technical and social challenges. The first part of the tutorial describes the history and conceptualization of IdMS, current trends and proposed paradigms, identity lifecycle, implementation challenges and social issues. The second part addresses standards, industry initia-tives, and vendor solutions. We conclude that there is disconnect between the need for a universal, seamless, trans-parent IdMS and current proposed standards and vendor solutions
- …