Auflistung nach:
Auflistung P325 - Open Identity Summit 2022 nach Erscheinungsdatum
1 - 10 von 14
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragContinuous authorization over HTTP using Verifiable Credentials and OAuth 2.0(Open Identity Summit 2022, 2022) Fotiou, Nikos; Faltaka, Evgenia; Kalos, Vasilis; Kefala, Anna; Pittaras, Iakovos; Siris, Vasilios A.; Polyzos, George C.We design, implement, and evaluate a solution for achieving continuous authorization of HTTP requests exploiting Verifiable Credentials (VCs) and OAuth 2.0. Specifically, we develop a VC issuer that acts as an OAuth 2.0 authorization server, a VC verifier that transparently protects HTTP-based resources, and a VC wallet implemented as a browser extension capable of injecting the necessary authentication data in HTTP requests without needing user intervention. Our approach is motivated by recent security paradigms, such as the Zero Trust architecture, that require authentication and authorization of every request and it is tailored for HTTP-based services, accessed using a web browser. Our solution leverages JSONWeb Tokens and JSONWeb Signatures for encoding VCs and protecting their integrity, achieving this way interoperability and security. VCs in our system are bound to a user-controlled public key or a Decentralized Identifier, and mechanisms for proving possession are provided. Finally, VCs can be easily revoked.
- KonferenzbeitrageIDAS 2.0: Challenges, perspectives and proposals to avoid contradictions between eIDAS 2.0 and SSI(Open Identity Summit 2022, 2022) Schwalm, Steffen; Albrecht, Daria; Alamillo, IgnacioThe proposal for review of the eIDAS Regulation from 2021 has opened strong expectations for a deep change in traditional identity models. The user-centric identity model proposed starts with the creation of European Digital Identity Wallets that will enable citizens’ control over their data in identification and authentication processes without control by entities providing the identification services. Likewise, with the proposed legal rules for giving legal certainty to electronic ledgers and blockchains, [eIDAS2]opens possibilities to decentralization, especially for the provision and management of user’s attributes. The implementation of qualified trust services for attestations or electronic ledgers limits decentralization by requirement of a trusted 3rd party. Standardization will be key in assuring interoperability at the EU level. What are the challenges and opportunities of eIDAS 2.0? And what are the main focuses and needs of (European) standardization? These and other questions will be analysed and discussed in the paper.
- KonferenzbeitragTowards robustness of keyboard-entered authentication factors with thermal wiping against thermographic attacks(Open Identity Summit 2022, 2022) Fritsch, Lothar; Mecaliff, Marie; Opdal, Kathinka W.; Rundgreen, Mathias; Sachse, TorilMany authentication methods use keyboard entry for one of their authentication factors. Keyboards factors have been compromised exploiting physical fingerprints, substances from fingers visible on keys, with acoustic recordings through mobile phones, and through video reflections captured by high-resolution cameras used for video conferencing. Heat transfer from human fingers to keypads is an additional attack channel that has been demonstrated. There are few mitigation measures published against this type of attack. This article summarizes the feasibility of thermographic attacks against computer keyboards and against door pin pads, as well as the efficiency of the scrubbing technique deployed in order to counter thermographic attacks. For this purpose, a series of experiments with small, mobile thermal cameras were carried out. We report findings such as time intervals and other constraints for successful laboratory observation of authentication factors, describe scrubbing methods and report the performance of those methods.
- KonferenzbeitragIntegration of Self-Sovereign Identity into Conventional Software using Established IAM Protocols: A Survey(Open Identity Summit 2022, 2022) Kuperberg, Michael; Klemens, RobinSelf-Sovereign Identity (SSI) is an approach based on asymmetric cryptography and on decentralized, user-controlled exchange of signed assertions. Most SSI implementations are not based on hierarchic certification schemas, but rather on the peer-to-peer and distributed “web of trust” without root or intermediate CAs. As SSI is a nascent technology, the adoption of vendor-independent SSI standards into existing software landscapes is at an early stage. Conventional enterprise-grade IAM implementations and cloud-based Identity Providers rely on widely established pre-SSI standards, and both will not be replaced by SSI offerings in the next few years. The contribution of this paper is an analysis of patterns and products to bridge unmodified pre-SSI applications and conventional IAM with SSI implementations. Our analysis covers 40+ SSI implementations and major authentication protocols such as OpenID Connect and LDAP.
- KonferenzbeitragPreservation of (higher) Trustworthiness in IAM for distributed workflows and systems based on eIDAS(Open Identity Summit 2022, 2022) Strack, H.; Karius, S.; Gollnick, M.; Lips, M.; Wefel, S.; Altschaffel, R.The secure digitalisation of distributed workflows with different stakeholders (and trust relationships) using systems from different stakeholder domains is of increasing interest. Just one example is the workflow/policy area of student mobility. Others are from public administration and from economic sectors. According to the eIDAS regulation, eID and trust services (TS) are available across EU - upcoming also EUid & wallets (eIDAS 2.0) - to improve security aspects (providing interoperability or standards). We present some security enhancements to maintainhigher trustworthiness in Identity and Access Management (IAM) services for different policy areas with mandatory, owner-based and self-sovereign control aspects - based on eIDAS and different standards and the integration of views/results from deployed or ongoing projects (EMREX/ELMO, Europass/ EDCI, eIDAS, EUid, Verifiable Credentials, NBP initiative, OZG implementation, Self-Sovereign Identities SSI, RBAC, ABAC, DAC/MAC, IPv6) and a trustistor.
- KonferenzbeitragA user-centric approach to IT-security risk analysis for an identity management solution(Open Identity Summit 2022, 2022) Fähnrich, Nicolas; Winterstetter, Matthias; Kubach, MichaelIn order to build identity management (IdM) solutions that are secure in the practical application context, a holistic approach their IT-security risk analysis is required. This complements the indispensable technical, and crypto-focused analysis of risks and vulnerabilities with an approach that puts another important vector for security in the center: the users and their usage of the technology over the whole lifecycle. In our short paper we focus exclusively on the user-centric approach and present an IT-security risk analysis that is structured around the IdM lifecycle.
- KonferenzbeitragA novel approach to establish trust in verifiable credential issuers in Self-sovereign identity ecosystems using TRAIN(Open Identity Summit 2022, 2022) Johnson Jeyakumar, Isaac H.; Chadwick, David W.; Kubach, MichaelSelf-sovereign identity (SSI) promises to bring decentralized privacy friendly identity management (IdM) ecosystems to everyone. Yet, trust management in SSI remains challenging. In particular, it lacks a holistic approach that combines trust and governance frameworks. A practical and scalable mechanism is needed for verifiers to externally verify their trust in credential issuers. This paper illustrates how TRAIN (Trust mAnagement INfrastructure), an approach based on established components like ETSI trust lists and the Domain Name System (DNS), can be used as a trust registry component to provide a holistic approach for trust management in SSI ecosystems. TRAIN facilitates individual trust decisions through the discovery of trust lists in SSI ecosystems, along with published credential schemas, so that verifiers can perform informed trust decisions about issued credentials.
- KonferenzbeitragAdversary Tactics and Techniques specific to Cryptocurrency Scams(Open Identity Summit 2022, 2022) Horch, Andrea; Schunck, Christian H.; Ruff, ChristopherAt the end of the year 2020, there was a steep uptrend of the cryptocurrency market. The global market capitalization of cryptocurrencies climbed from 350 billion US$ in October 2020 to almost 2.5 trillion US$ in May 2021 and reached 3 trillion US$ in November 2021. Currently, there are more than 17,600 cryptocurrencies listed on CoinMarketCap. The ample amount of money within the market attracts investors as well as scammers and hackers. Recent incidents like the BadgerDAO hack have shown how easy it is to steal cryptocurrencies. While all the standard scamming and hacking techniques such as identity theft, social engineering and web application hacking are successfully employed by attackers, new scams very specific to cryptocurrencies emerged, which are the focus of this paper.
- KonferenzbeitragOnline tool for matching company demands with IT-security offerings(Open Identity Summit 2022, 2022) Fähnrich, Nicolas; Roßnagel, HeikoSmall and medium sized companies (SMEs) are often insufficiently protected against cyberattacks although there is a wide range of cybersecurity guidelines, products and services availableIn this paper, we present an online tool to support SMEs in improving their IT-security level by enabling them to identify critical business processes and to identify the most pressing protection needs by using a lightweight value chain-based approach. For using the online tool, no expert knowledge of the company’s IT-infrastructure or implemented IT-security measures is required, since no assessment of cybersecurity threats but of the impact of potential damage scenarios on business processes is carried out. Based on a generated set of recommendations, companies are provided with suitable IT-security measures and corresponding offerings in a prioritized order. These offerings include services and products to implement the given recommendations.
- KonferenzbeitragFlexible Method for Supporting OAuth 2.0 Based Security Profiles in Keycloak(Open Identity Summit 2022, 2022) Norimatsu, Takashi; Nakamura, Yuichi; Yamauchi, ToshihiroKeycloak is identity and access control open-source software. When used for open banking, where many OAuth 2.0 clients need to be managed and a different OAuth 2.0-based security profile needs to be applied to each type of API, the problem of increasing managerial costs by the Keycloak administrator occurs because Keycloak's security profile logic depends on the client settings, and the logic cannot be changed for each client's request. This paper proposes its solution by separating the security profile logic from the client settings, and by changing the security profile for each client's request based on the content of the request, and actual security profiles Financial-grade API (FAPI) are implemented to Keycloak. The paper calculates managerial costs in both the existing and proposed methods in scenarios managing FAPI, and compares the results. The comparison shows that using the proposed method reduces costs. Our implementations are contributed to Keycloak.