Auflistung nach:
Auflistung P293 - Open Identity Summit 2019 nach Erscheinungsdatum
1 - 10 von 19
Treffer pro Seite
Sortieroptionen
- TextdokumentThe ENTOURAGE Privacy and Security Reference Architecture for Internet of Things Ecosystems(Open Identity Summit 2019, 2019) Zibuschka, Jan; Horsch, Moritz; Kubach, MichaelThe Internet of Things (IoT), with its ubiquitous sensors and actuators, enables highly useful novel use cases, notably in the field of digital assistance. It also raises unprecedented privacy and security issues. This contribution presents a reference architecture for an ecosystem of digital assistants with minimal barriers of entry, that aims to be both secure and privacy-respecting. We present concise definitions, requirements, and a layered architectural structure for IoT assistants. Moreover, we introduce privacy and security assistants building on privacy patterns such as privacy dashboard, privacy mode and security and privacy policies and interface.
- TextdokumentTowards a standardised preservation service for qualified electronic signatures and qualified electronic seals(Open Identity Summit 2019, 2019) Otto, Florian; Wich, Tobias; Hühnlein, Tina; Prechtl, Mike; Hühnlein, DetlefTo preserve the legal validity and conclusiveness of qualified electronic signatures and qualified electronic seals over long periods of time it is necessary to apply appropriate preservation techniques. The present contribution provides an overview of the corresponding standards for long-term preservation of digital signatures, which are currently developed within ETSI TC ESI and outlines the design of a corresponding reference implementation, which is currently developed within the EU-funded FutureTrust project.
- TextdokumentHow to harmonise local and remote signing(Open Identity Summit 2019, 2019) Hühnlein, Detlef; Wich, Tobias; Hühnlein, Tina; Schuberth, Sebastian; Lottes, René; Crossley, Neil; Otto, FlorianWhile the generation of qualified electronic signatures traditionally required the use of local qualified electronic signature creation devices (QSCD) in form of smart cards for example, the eIDAS-Regulation [EU14] introduced the promising option for Hardware Security Module (HSM) based QSCDs and remote signature protocols, which are especially suitable for mobile environments. As the technical interfaces of these two approaches are fundamentally different, one until today needs to choose a solution, which either supports local or remote signing but not both. In this paper we show how to harmonise the two seemingly distinct worlds in order to enable adaptive signing solutions which seamlessly allow to use both local and remote QSCDs and provide the best possible user experience for the generation of qualified electronic signatures.
- TextdokumentLessons learned – Conducting a User Experience evaluation of a Trust Policy Authoring Tool(Open Identity Summit 2019, 2019) Weinhardt, Stephanie; St. Pierre, DoreenMost contributions on usable policy authoring and usable IT-Security only focus on the design phase of a tool and on stating guidelines how to make these tools and systems user friendly. There are only some contributions introducing work regarding usability evaluations but even less introducing user experience evaluations. This contribution wants to address this lack. Based on a user experience evaluation with a trust policy authoring tool we present the lessons learned derived from the results.
- TextdokumentOpen Identity Summit 2019(Open Identity Summit 2019, 2019) Roßnagel, Heiko; Wagner, Sven; Hühnlein, Detlef
- TextdokumentPolicy-based Access Control for the IoT and Smart Cities(Open Identity Summit 2019, 2019) Omolola, Olamide; More, Stefan; Fasllija, Edona; Wagner, Georg; Alber, LukasThe Internet of Things (IoT) can revolutionise the interaction between users and technology. This interaction generates sensitive and personal data. Therefore, access to the information they provide should be restricted to only authorised users. However, the limited storage and memory in IoT make it impractical to deploy traditional mechanisms to control access. In this paper, we propose a new access control mechanism based on trust policies adapted from LIGHTest. The proposed protocol also handles delegations in the IoT context elegantly. We provide the protocol overview and discuss its practical applications in the IoT environment.
- TextdokumentLet’s Revoke! Mitigating Revocation Equivocation by re-purposing the Certificate Transparency Log(Open Identity Summit 2019, 2019) Mueller, Tobias; Stübs, Marius; Federrath, HannesDistributing cryptographic keys and asserting their validity is a challenge for any system relying on such keys, for example the World Wide Web with HTTPS or OpenPGP encrypted email. When keys get stolen or compromised, it is desirable to shorten the time during which an attacker can decrypt or sign messages. This is usually achieved by revoking the affected certificates. We investigate the security requirements for distributing key revocations in the context of asynchronous decentralised messaging and analyse the status quo with respect to these requirements. We show that equivocation, integrity protection, and non-repudiation pose a challenge in today’s revocation distribution infrastructure. We find that a publicly verifiable append-only data structure serves our purpose and notice that operating such an infrastructure is expensive. We propose a revocation distribution scheme that fulfils our requirements. Our scheme uses the already existing Certificate Transparency (CT) logs of the WebPKI as a publicly verifiable append-only data structure for storing revocations through specially crafted TLS certificates. The security of our system largely stems from the properties of these CT logs. Additionally, we analyse the computational and bandwidth requirements of our scheme and show limitations of the protocol we propose.
- TextdokumentEvolving the DSS-X standard(Open Identity Summit 2019, 2019) Kühne, AndreasThis document describes the adoption of an existing specification (for signature creation and validation) to new challenges both in signature-specific and general technical requirements. The major work item is the need to support multiple interface description syntaxes. This document also discusses an approach of automatic document generation to provide multiple artefacts in a consistent and timely manner. This contribution wants to outline a way to maintain specifications in a changing landscape of requirements.
- TextdokumentBlockchain-based consent manager for GDPR compliance(Open Identity Summit 2019, 2019) Vargas; Juan CamiloThe General Data Protection Regulation represents great challenges for companies. This paper proposes a model of consent management for personal data that uses blockchain technology to help address part of these challenges. On the one hand, the model aims to facilitate compliance with the regulation and offer an agile tool for consent control and interaction between data subjects, controllers and processors. On the other hand, it aims to offer data subjects a tool to assert their rights and get bigger control over their consents and indirectly over personal data. A proof of concept was developed using Hyperledger Fabric and allowed to identify the benefits and challenges of the model.
- TextdokumentAnonymization Is Dead – Long Live Privacy(Open Identity Summit 2019, 2019) Zibuschka, Jan; Kurowski, Sebastian; Roßnagel, Heiko; Schunck, Christian H.; Zimmermann, ChristianPrivacy is a multi-faceted, interdisciplinary concept, with varying meaning to different people and disciplines. To most researchers, anonymity ist he “holy grail” of privacy research, as it suggests that it may be possible to avoid personal information altogether. However, time and time again, anonymization has been shown to be infeasible. Even de-facto anonymity is hardly achievable using state-of-the-art cryptographic anonymization techniques. Furthermore, as there are inherent tensions between the privacy protection goals of confidentiality, availability, integrity, transparency, intervenability and unlinkability, failed attempts to achieve full anonymization may make it impossible to provide data-subjects with transparency and intervenability. This is highly problematic as such mechanisms are required by regulation such as the General Data Protection Regulation (GDPR). Therefore, we argue for a paradigm shift away from anonymization towards transparency, accountability, and intervenability.