Auflistung nach:
Auflistung P305 - Open Identity Summit 2020 nach Erscheinungsdatum
1 - 10 von 19
Treffer pro Seite
Sortieroptionen
- KonferenzbeitragIoT Device Profiling: From MUD Files to S×C Contracts(Open Identity Summit 2020, 2020) Matthíasson, Guðni; Giaretta, Alberto; Dragoni, NicolaSecurity is a serious, and often neglected, issue in the Internet of Things (IoT). In order to improve IoT security, researchers proposed to use Security-by-Contract (S×C), a paradigm originally designed for mobile application platforms. However, S×C assumes that manufacturers equip their devices with security contracts, which makes hard to integrate legacy devices with S×C. In this paper, we explore a method to extract S×C contracts from legacy devices’ Manufacturer Usage Descriptions (MUDs). We tested our solution on 28 different MUD files, and we show that it is possible to create basic S×C contracts, paving the way to complete extraction tools.
- KonferenzbeitragIdToken: a new decentralized approach to digital identi-ty(Open Identity Summit 2020, 2020) Talamo, Edoardo; Pennacchi, AlmaThe ability to store and share digital data offers benefits that the digitization of information has become a growing trend but has raised questions about the security of personal data. There have been countless high-profile hacks and personal information leaks. Furthermore users don’t (and shouldn’t) always trust an external server of a third party to store their personal data. Blockchain tries to offer a compelling solution to the problem of combining accessibility with privacy and security. Records can be held securely, using end-to-end encryption, and yet openly authenticated so that data can still be trusted as reliable. This project goes deeper in this solution thanks to an innovative idea and development of a new kind of blockchain non fungible token specifically created to store and manage digital identities and sensible data. It has the potential to resolve issues blockchain alone was starting to approach and improves security, privacy and accessibility.
- KonferenzbeitragPrivacy and availability needs regarding user preferences for Smart Availability Assistant – towards a digitally enabled work life balance(Open Identity Summit 2020, 2020) Saternus, ZofiaThe use of communication technologies (CTs) enables blurring the traditional boundaries between work and private life. Many employers are worried about this situation and addressed those issues with different technological and organizational approaches. The goal of our research is to introduce improved enterprise availability management by developing an employee-friendly technological solution that actually reflects the variety of employees’ availability needs. Due to the overall aim of broadening and bridging research on an availability management, results of a quantitative study (N=821) insights into the management of individuals’ availability and key requirements regarding the development of a Smart Availability Assistant. In general, it became apparent that to appropriately design this kind of smart assistant we must not only recognize the heterogeneity of peoples’ availability preferences but also identify and meet employees’ privacy expectations by use of a Smart Availability Assistant.
- KonferenzbeitragIdentity Management as a target in cyberwar(Open Identity Summit 2020, 2020) Fritsch, LotharThis article will discuss Identity Management (IdM) and digital identities in the context of cyberwar. Cyberattacks that target or exploit digital identities in this context gain leverage through the central position of IdM digital infrastructures. Such attacks will compromize service operations, reduce the security of citizens and will expose personal data - those of military personell included. The article defines the issue, summarizes its background and then discusses the implications of cyberwar for vendors and applicants digital identity management infrastructures where IdM is positioned as a critical infrastructure in society.
- KonferenzbeitragCriteria for trustworthy digital transactions - Blockchain/DLT between eI-DAS, GDPR, Data and Evidence Preservation(Open Identity Summit 2020, 2020) Kusber, Tomasz; Schwalm, Steffe; Shamburger, Kalinda; Korte, UlrikeWith the help of eIDAS [Re14], legislators have created a resilient framework in EU and EFTA to place trustworthy digital transactions more and more in the centre of business relationships. The regulated use of the trust services (e.g. qualified electronic signature or seal etc.) as well as that of the secure electronic identities provides a solid foundation for the advancement of digitization. The adequate evidence of electronic records as long as they are needed is a critical success-factor for trustworthy digital transactions. The trustworthiness of the transactions must be based on compliance with the basic values of authenticity, integrity, reliability, availability, confidentiality and transferability. After a first hype there are increasingly more considerations also in regulated industries to use DLT for digital processes which have to be accountable. In order to make them evident and to fulfil documentation requirements it is necessary that DLT fulfils the legal framework and prior art based on defined criteria for trustworthy digital transactions. This paper focuses on the challenges and requirements for utilisation of DLT for trustworthy digital processes including long-term preservation.
- KonferenzbeitragAccountable Trust Decisions: A Semantic Approach(Open Identity Summit 2020, 2020) Schlichtkrull, Anders; Mödersheim, SebastianThis paper is concerned with the question of how to obtain the highest possible assurance on trust policy decisions: when accepting an electronic transaction of substantial value or significant implications, we want to be sure that this did not happen because of a bug in a policy checker. Potential bugs include bugs in parsing documents, in signature checking, in checking trust lists, and in the logical evaluation of the policy. This paper focuses on the latter kind of problems and our idea is to validate the logical steps of the trust decision by another, complementary method. We have implemented this for the Trust Policy Language of the LIGHTest project and we use the completely independently developed FOL theorem prover RP_X as a complementary method.
- KonferenzbeitragData Protection Impact Assessment in Identity Control Management with a Focus on Biometrics(Open Identity Summit 2020, 2020) Bisztray, Tamas; Gruschka, Nils; Mavroeidis, Vasileios; Fritsch, LotharPrivacy issues concerning biometric identification are becoming increasingly relevant due to their proliferation in various fields, including identity and access control management (IAM). The General Data Protection Regulation (GDPR) requires the implementation of a data protection impact assessment for privacy critical systems. In this paper, we analyse the usefulness of two different privacy impact assessment frameworks in the context of biometric data protection. We use experiences from the SWAN project that processes four different biometric characteristics for authentication purposes. The results of this comparison elucidate how useful these frameworks are in identifying sector-specific privacy risks related to IAM and biometric identification.
- KonferenzbeitragOn the diffusion of security behaviours(Open Identity Summit 2020, 2020) Kurowski, Sebastian; Roßnagel, HeikoSecurity behaviour has been researched from a variety of theoretical lenses, however a clear picture on the factors that foster secure behaviour is still missing. This contribution uses the diffusion of innovations theory and applies it to four exemplary security behaviours to identify how it can explain the uptake of each behaviour. In contrast to many other approaches, it focuses on the behaviour itself, not the behaving individual. We are able to show differences in the uptake of idealized security behaviours. A perceived relative advantage positively impacts the uptake of a behaviour, however this advantage seems rarely to be motivated by a perceived risk. Risk only seems to play a minor role for the diffusion of security behaviours. Additionally, the relative advantage does not seem to be a necessity for the diffusion of a behaviour. If the other properties namely compatibility, triability, observability, and low complexity of a behaviour are adequately fulfilled a successful diffusion is still possible.
- KonferenzbeitragIdentification collapse - contingency in Identity Management(Open Identity Summit 2020, 2020) Fritsch, LotharIdentity management (IdM) facilitates identification, authentication and authorization in most digital processes that involve humans. Digital services as well as work processes, customer relationship management, telecommunications and payment systems rely on forms of IdM. IdM is a business-critical infrastructure. Organizations rely on one specific IdM technology chosen to fit a certain context. Registration, credential issuance and deployment of digital identities are then bound to the chosen technology. What happens if that technology is disrupted? This article discusses consequences and mitigation strategies for identification collapse based on case studies and literature search. The result is a surprising shortage of available documented mitigation and recovery strategies for identification collapse.
- KonferenzbeitragSelf-sovereign and Decentralized identity as the future of identity management?(Open Identity Summit 2020, 2020) Kubach, Michael; Schunck, Christian H.; Sellung, Rachelle; Roßnagel, HeikoBlockchain-based Self-sovereign and Decentralized identity approaches are seen by many as the future of identity management. These solutions are supposed to finally bring universally usable, trustworthy, secure, and privacy friendly digital identities for everyone and all use cases. This paper first presents the promises of this technological app