Federated identity architecture of the european eID system

Federated identity management is a method that facilitates management of identity processes and policies among the collaborating entities without a centralized control. Nowadays, there are many federated identity solutions, however, most of them covers different aspects of the identification problem, solving in some cases specific problems. Thus, none of these initiatives has consolidated as a unique solution and surely it will remain like that in a near future. To assist users choosing a possible solution, we analyze different federated identify approaches, showing main features, and making a comparative study among them. The former problem is even worst when multiple organizations or countries already have legacy eID systems, as it is the case of Europe. In this paper, we also present the European eID solution, a purely federated identity system that aims to serve almost 500 million people and that could be extended in midterm also to eID companies. The system is now being deployed at the EU level and we present the basic architecture and evaluate its performance and scalability, showing that the solution is feasible from the point of view of performance while keeping security constrains in mind. The results show a good performance of the solution in local, organizational, and remote environments

Tutorial: Identity Management Systems and Secured Access Control

Identity Management has been a serious problem since the establishment of the Internet. Yet little progress has been made toward an acceptable solution. Early Identity Management Systems (IdMS) were designed to control access to resources and match capabilities with people in well-defined situations, Today’s computing environment involves a variety of user and machine centric forms of digital identities and fuzzy organizational boundaries. With the advent of inter-organizational systems, social networks, e-commerce, m-commerce, service oriented computing, and automated agents, the characteristics of IdMS face a large number of technical and social challenges. The first part of the tutorial describes the history and conceptualization of IdMS, current trends and proposed paradigms, identity lifecycle, implementation challenges and social issues. The second part addresses standards, industry initia-tives, and vendor solutions. We conclude that there is disconnect between the need for a universal, seamless, trans-parent IdMS and current proposed standards and vendor solutions

ENHANCING PRIVACY IN MULTI-AGENT SYSTEMS

La pérdida de privacidad se está convirtiendo en uno de los mayores problemas en el mundo de la informática. De hecho, la mayoría de los usuarios de Internet (que hoy en día alcanzan la cantidad de 2 billones de usuarios en todo el mundo) están preocupados por su privacidad. Estas preocupaciones también se trasladan a las nuevas ramas de la informática que están emergiendo en los ultimos años. En concreto, en esta tesis nos centramos en la privacidad en los Sistemas Multiagente. En estos sistemas, varios agentes (que pueden ser inteligentes y/o autónomos) interactúan para resolver problemas. Estos agentes suelen encapsular información personal de los usuarios a los que representan (nombres, preferencias, tarjetas de crédito, roles, etc.). Además, estos agentes suelen intercambiar dicha información cuando interactúan entre ellos. Todo esto puede resultar en pérdida de privacidad para los usuarios, y por tanto, provocar que los usuarios se muestren adversos a utilizar estas tecnologías. En esta tesis nos centramos en evitar la colección y el procesado de información personal en Sistemas Multiagente. Para evitar la colección de información, proponemos un modelo para que un agente sea capaz de decidir qué atributos (de la información personal que tiene sobre el usuario al que representa) revelar a otros agentes. Además, proporcionamos una infraestructura de agentes segura, para que una vez que un agente decide revelar un atributo a otro, sólo este último sea capaz de tener acceso a ese atributo, evitando que terceras partes puedan acceder a dicho atributo. Para evitar el procesado de información personal proponemos un modelo de gestión de las identidades de los agentes. Este modelo permite a los agentes la utilización de diferentes identidades para reducir el riesgo del procesado de información. Además, también describimos en esta tesis la implementación de dicho modelo en una plataforma de agentes.Such Aparicio, JM. (2011). ENHANCING PRIVACY IN MULTI-AGENT SYSTEMS [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/13023Palanci

Digital Identity Interoperability and eInnovation

This paper, one of three case studies in a transatlantic research project exploring the connection between Information and Communication Technology interoperability and eInnovation, considers the current state and possible evolution of Digital Identity. While consumers would undoubtedly reap convenience benefits from an ubiquitous single sign-on (SSO) technology, the potential for privacy and security issues makes Digital ID a complex issue. The user-centric, federated, and centralized models of Digital ID each have their advantages and drawbacks. While a few companies have previously attempted to establish a single Digital ID standard that they would control, the failure of those efforts has led to a situation where most players in the industry seem to see interoperability as essential to build up the market in the face of frequent ambivalence from consumers, e-commerce merchants, and other potential users. Broadly, Digital ID could enable a wide range of new Web-based applications, increasing consumers' flexibility and reducing transactions costs. However, having Digital ID be too ubiquitous could threaten the continued viability of anonymous speech in some contexts. It could also lead to more entities having greater access to personal data of consumers, raising the stakes of potential data breaches. The paper concludes that the route to interoperability most likely to lead to innovation would include continued collaboration among industry players to settle on one or a few consolidated efforts. Except in special areas, governments can best play a peripheral role, encouraging coordination through soft regulatory approaches like bringing stakeholders together and using their market power as major data holders and users. If privacy and security issues are addressed (and current stakeholders seem acutely aware of them), Digital ID interoperability has the potential to be extremely generative, creating new markets and enabling interoperability among other applications and services. If, however, coordination breaks down among market leaders and rival technologies emerge, it seems likely that user adoption will remain low and the benefits will be limited

Security, Trust and Privacy (STP) Model for Federated Identity and Access Management (FIAM) Systems

The federated identity and access management systems facilitate the home domain organization users to access multiple resources (services) in the foreign domain organization by web single sign-on facility. In federated environment the user’s authentication is performed in the beginning of an authentication session and allowed to access multiple resources (services) until the current session is active. In current federated identity and access management systems the main security concerns are: (1) In home domain organization machine platforms bidirectional integrity measurement is not exist, (2) Integrated authentication (i.e., username/password and home domain machine platforms mutual attestation) is not present and (3) The resource (service) authorization in the foreign domain organization is not via the home domain machine platforms bidirectional attestation

Data Protection for the Internet of Things

The Internet of Things (abbreviated: “IoT”) is acknowledged as one of the most important disruptive technologies with more than 16 billion devices forecasted to interact autonomously by 2020. The idea is simple, devices will help to measure the status of physical objects. The devices, containing sensors and actuators, are so small that they can be integrated or attached to any object in order to measure that object and possibly change its status accordingly. A process or work flow is then able to interact with those devices and to control the objects physically. The result is the collection of massive data in a ubiquitous form. This data can be analysed to gain new insights, a benefit propagated by the “Big Data” and “Smart Data” paradigms. While governments, cities and industries are heavily involved in the Internet of Things, society’s privacy awareness and the concerns over data protection in IoT increase steadily. The scale of the collection, processing and dissemination of possibly private information in the Internet of Things has long begun to raise privacy concerns. The problem is a fundamental one, it is the massive data collection that benefits the investment on IoT, while it contradicts the interest on data minimization coming from privacy advocates. And the challenges go even further, while privacy is an actively researched topic with a mature variety of privacy preserving mechanisms, legal studies and surveillance studies in specific contexts, investigations of how to apply this concepts in the constrained environment of IoT have merely begun. Thus the objective of this thesis is threefold and tackles several topics, looking at them in a differentiated way and later bringing them together for one of the first, (more) complete pictures of privacy in IoT. The first starting point is the throughout study of stakeholders, impact areas and proposals on an architectural reference model for IoT. At the time of this writing, IoT was adversed heavily by several companies, products and even governments, creating a blurred picture of what IoT really is. This thesis surveys stakeholders, scenarios, architecture paradigms and definitions to find a working definition for IoT which adequately describes the intersection between all of the aforementioned topics. In a further step, the definition is applied exemplary on two scenarios to identify the common building blocks of those scenarios and of IoT in general. The building blocks are then verified against a similar approach by the IoT-A and Rerum projects and unified to an IoT domain model. This approach purposefully uses notions and paradigms provided in related scientific work and European projects in order to benefit from existing efforts and to achieve a common understanding. In this thesis, the observation of so called cyber-physical properties of IoT leads to the conclusion that IoT proposals miss a core concept of physical interaction in the “real world”. Accordingly, this thesis takes a detour to jurisdiction and identifies ownership and possession as a main concept of “human-to-object” relationships. The analysis of IoT building blocks ends with an enhanced IoT domain model. The next step breaks down “privacy by design”. Notably hereby is that privacy by design has been well integrated in to the new European General Data Protection Regulation (GDPR). This regulation heavily affects IoT and thus serves as the main source of privacy requirements. Gürses et al.’s privacy paradigm (privacy as confidentiality, privacy as control and privacy as practice) is used for the breakdown, preceded by a survey of relevant privacy proposals, where relevancy was measured upon previously identified IoT impact areas and stakeholders. Independently from IoT, this thesis shows that privacy engineering is a task that still needs to be well understood. A privacy development lifecycle was therefore sketched as a first step in this direction. Existing privacy technologies are part of the survey. Current research is summed up to show that while many schemes exist, few are adequate for actual application in IoT due to their high energy or computational consumption and high implementation costs (most notably caused by the implementation of special arithmetics). In an effort to give a first direction on possible new privacy enhancing technologies for IoT, new technical schemes are presented, formally verified and evaluated. The proposals comprise schemes, among others, on relaxed integrity protection, privacy friendly authentication and authorization as well as geo-location privacy. The schemes are presented to industry partners with positive results. This technologies have thus been published in academia and as intellectual property items. This thesis concludes by bringing privacy and IoT together. The final result is a privacy enhanced IoT domain model accompanied by a set of assumptions regarding stakeholders, economic impacts, economic and technical constraints as well as formally verified and evaluated proof of concept technologies for privacy in IoT. There is justifiable interest in IoT as it helps to tackle many future challenges found in several impact areas. At the same time, IoT impacts the stakeholders that participate in those areas, creating the need for unification of IoT and privacy. This thesis shows that technical and economic constraints do not impede such a process, although the process has merely begun

Identity in eHealth - from the reality of physical identification to digital identification.

Mestrado em Informática MédicaMaster Programme in Medical Informatic