Autor*innen mit den meisten Dokumenten
Neueste Veröffentlichungen
- TextdokumentDerived Partial Identities Generated from App Permissions(Open Identity Summit 2017, 2017) Fritsch, Lothar; Momen, NurulThis article presents a model of partial identities derived from app permissions that is based on Pfitzmann and Hansen’s terminology for privacy [PH10]. The article first shows how app permissions accommodate the accumulation of identity attributes for partial digital identities by building a model for identity attribute retrieval through permissions. Then, it presents an experimental survey of partial identity access for selected app groups. By applying the identity attribute retrieval model on the permission access log from the experiment, we show how apps’ permission usage is providing to identity profiling.
- TextdokumentA Mechanism for Discovery and Verification of Trust Scheme Memberships: The Lightest Reference Architecture(Open Identity Summit 2017, 2017) Roßnagel, HeikoElectronic transactions are an integral component of private and business life. For this purpose, a certification of trustworthy electronic identities supported from authorities is often required. Within the EU-funded LIGHTest project, a global trust infrastructure based on DNS is built, where arbitrary authorities can publish their trust information. A high level description of the LIGHTest reference architecture is presented. Then, the Trust Scheme Publication Authority, which enables discovery and verification of trust scheme memberships is introduced.
- TextdokumentPrivacy dark patterns in identity management(Open Identity Summit 2017, 2017) Fritsch, LotharThis article presents three privacy dark patterns observed in identity management. Dark patterns are software design patterns that intentionally violate requirements, in the given case privacy requirements for identity management. First, the theoretical background is presented, and then next, the observed patterns are documented, described and formalized. The resulting dark patterns show how security is used as obfuscation of data collection, how the seemingly harmless collection of additional data is advertised to end users, and how the use of anonymization technology is actively discouraged by service providers.
- TextdokumentTowards Privacy-Preserving and User-Centric Identity Management as a Service(Open Identity Summit 2017, 2017) Dash, Pritam; Rabensteiner, Christof; Hörandner, Felix; Roth, SimonIdentification, authentication and the exchange of users’ identity information are key factors in protecting access to online services. Especially cost-effectiveness is a considerable incentive to move identity management models into the public cloud. As cloud environments are not fully trusted, the users’ sensitive attributes must not be stored or transmitted in plain, while it still has to be possible to share them. One approach is to employ proxy re-encryption, which enables the identity provider to transform a user’s encrypted attributes into ciphertext for an authorized service provider. However, for adoption, the user’s perspective must not be neglected. In this paper, we propose a user-friendly and user-centric identity management solution that employs cryptographic mechanisms to protect the users’ privacy and keep them in control of the data sharing process. We integrate proxy re-encryption into the widely-adopted OpenID Connect protocol to achieve end-to-end confidentiality. To make this concept user-friendly, we introduce a mobile app that handles the involved cryptographic operations which rely on keys securely stored in a trusted execution environment.
- TextdokumentPassword Assistance(Open Identity Summit 2017, 2017) Horsch, Moritz; Braun, Johannes; Buchmann, JohannesFor decades, users are not able to realize secure passwords for their user accounts at Internet services. Users’ passwords need to fulfil general security requirements and the password requirements of services. Furthermore, users need to cope with different password implementations at services. Finally, users need to perform a multitude of tasks to properly manage their large password portfolios. This is practically impossible. In this paper, we introduce the vision of a password assistant. It supports users in all duties and tasks with regard to their passwords, from the creation of secure passwords to the recovery of them in case of loss. Moreover, it provides an extensive automatization of all password tasks that reduces the users’ efforts and activities to deal with passwords to a minimum. A password assistant enables high security for passwords as well as improves their ease of use. First, we provide a detailed description of the problem of users to realize secure passwords for their accounts in practice. Second, we outline the vision of a password assistant, describe its technical foundation, and introduce the related open-source project starting to realize the first password assistant.
- TextdokumentTowards secure and standard-compliant implementations of the PSD2 Directive(Open Identity Summit 2017, 2017) Wich, Tobias; Nemmert, Daniel; Hühnlein, DetlefThe present article provides a compact overview of the most important requirements of the so-called “Payment Services Directive 2” (PSD2) [Di15], together with the related Regulatory Technical Standard on authentication and communication [Eu17] according to Article 98, and outlines how the pivotal “Access-to-Account-Interface” can be securely implemented based on widely acknowledged international standards.
- TextdokumentAn explorative approach on the impact of external and organizational events on information security(Open Identity Summit 2017, 2017) Ajazaj, Ilirjana; Kurowski, SebastianThis contribution aims at the research question on which observable organizational events occur prior to an information security incident, and how these may relate to the organization. It therefore uses a dataset that was built using Google News, and the list of data breaches from [Mc17] to analyse which organizational events occur most often. It provides a categorization of these events, which were built by using a grounded theory approach. On the other hand, causal chains are constructed by sing the sociologic system theory and constructivism. Both, the causal chains and the organizational event categories are applied together within this contribution to discuss, the likelihood of the causalities of the occurred events. However, events, such as financial gains also exhibit a higher occurrence prior to an information security incident. This contribution is a speculative, yet first approach on this question. Further research will focus on refining the constructed causalities.
- TextdokumentA meta-heuristic for access control test data creation in access control model testing(Open Identity Summit 2017, 2017) Winterstetter, Matthias; Kurowski, SebastianUser to Document Access data is in most cases protected and as such difficult to acquire for research purposes. This work seeks to circumvent this problem by creating research data on the basis of reference processes through the evolutionary Algorithm. Data created through this method, while not as accurate as real data, still has it’s foundation in reality through the reference process and can as such be used as a replacement.
- TextdokumentHarmonizing Delegation Data Formats(Open Identity Summit 2017, 2017) Wagner, Georg; Omolola, Olamide; More, StefanDelegations are an integral part of daily transactions. A delegation is the process of authorizing one entity to act on behalf of another. For the delegation to work, the claim that an entity is authorized to act on behalf of another entity needs to be verified. Verifying an analog delegation can be done by checking if the name of a user is on a list of authorized persons. In contrast, in electronic transactions the implementation of a delegation and its verification can be a difficult task. A user logging into a system or signing documents with an electronic signature involving a delegation may be required to show this delegation within the signature. This delegation needs to be discovered and verified during the transaction. Many solutions using eXtensible Markup Language (XML) have been proposed to represent delegations; unfortunately, most of these schemes are designed to be used for one specific domain. In this paper, we propose a delegation scheme that fills this gap by providing a general representation for delegation that can be easily extended to different domains.
- TextdokumentDesign and Implementation Aspects of Mobile Derived Identities(Open Identity Summit 2017, 2017) Träder, Daniel; Zeier, Alexander; Heinemann, AndreasWith the ongoing digitalisation of our everyday tasks, more and more eGovernment services make it possible for citizens to take care of their administrative obligations online. This type of services requires a certain assurance level for user authentication. To meet these requirements, a digital identity issued to the citizen is essential. Nowadays, due to the widespread use of smartphones, mobile user authentication is often favoured. This naturally supports two-factor authentication schemes (2FA). We use the term mobile derived identity to stress two aspects: a) the identity is enabled for mobile usage and b) the identity is somehow derived from a physical or digital proof of identity. This work reviews 21 systems and publications that support mobile derived identities. One subset of the considered systems is already in place (public or private sector in Europe), another subset is subject to research. Our goal is to identify prevalent design and implementation aspects for these systems in order to gain a better understanding on best practises and common views on mobile derived identities. We found, that research prefers storing identity data on the mobile device itself whereas real world systems usually rely on cloud storage. 2FA is common in both worlds, however biometrics as second factor is the exception.