Identity Management

IdM in the Future Internet

Identity management is an almost indispensable component of today’s organizations and companies, as it plays a key role in authentication and access control. However, it is widely recognized as a costly and time-consuming task. The advent of cloud computing technologies, together with the promise of flexible, cheap and efficient provision of services, has provided the opportunity to externalize such a common process, shaping what has been called Identity Management as a Service (IDaaS). Nevertheless, as in the case of other cloud-based services, IDaaS brings with it great concerns regarding security and privacy, such as the loss of control over the outsourced data. One of our research lines tackles this problem by using cryptographic means instead of just relying in access control policies and models. In [1], we applly proxy re-encryption techniques for creating a special OpenID provider that is not capable of reading the user's information but still provides an identity service. This research has been further refined in [2][3]. In this work, we propose a general model for privacy-preserving Identity Management as a Service, and describe a particular instantiation of this model using SAML 2.0.

Identity management does not only involve users in the system. Within the PASSIVE project, we have worked towards an authentication and authorization scheme for applications, users and resources that is suitable for its use in large and highly dynamic deployments such as the Cloud [4]. Other work in this area identifies the challenges that arise in the intersection of interconnected clouds and identity management [5].

Another relevant scenario of the Future Internet is the Internet of Things, where heterogeneous wireless devices interact in the common context. Wireless devices can also serve a supporting technology for continuous authentication or even as a complete alternative to biometrics when accessing proximity-based services. In [6] we present the implementation of a secure, non-invasive continuous authentication scheme supported by the use of Wearable Wireless Devices (WWD), which allow users to gain access to proximity-based services while preserving their privacy.

Privacy and Anonymity

In its third Recommendation, the RISEPTIS TECHNICAL report proposes the development of an identity and authentication framework in the EU. It is recognized that there will not be a unique and unified eID format, and there must coexist multiple national and regional as well as commercial schemes. There is also a broad consensus on the need for flexible identity systems where users can get service on demand (as part of the user-centric identity management) with respect to their preferences:
- The ability to decide the security level of data transmitted (sent or received),
- The ability to decide the level of anonymity of such data,
- The ability to choose between various types of connections, according to the desired level of anonymity. In each of these levels, only part of the identity of that connection in particular should be disclosed.

One of the Identity aspects in which NICS is currently working is the implementation of a solution for Anonymous Age Verification using the national electronic identity document (DNIe). We must distinguish (as does the report's recommendation RISEPTIS) between the authentication needs when interacting with public authorities or our financial institutions (eg DNIe) and those that arise from everyday needs on the network (eg the purchase of an article in which the buyer data that are not strictly necessary for the operation must remain undisclosed.) For this last stage, and combining two types of identity (verified and pseudonymous) between the different technologies available, we have chosen the Information Cards to develop an anonymous age verification application that allows a user to demonstrate his age without providing additional data [7]. In the process of generating the i-card (Information Card), the DNIe is used. Thus, for example, the immediate application for users appears in purchasing products online, which can prove they were old enough to perform the operation without providing additional data strictly necessary to the service provider. In this process, the user must use the DNIe only once (for regisration) from his computer.

However, at present, one of the major problems of the DNIe use in Spain is the lack of applications that make use of it in innovative ways. Therefore we propose to use mobile devices or smartphones as well as devices that interact with DNIe readers to allow citizens to manage and securely authenticate regardless of their location, as an intermediary between users and the PC so that, when digitally signing documents, the user must not explicitly trust the PC, but his mobile device in order to check the integrity of the document to be signed just before proceeding. The main objective is to avoid potential damage from malware installed on the PC that could endanger the digital signature. Currently some NICS' members are part of the National DNIe Working Group  which works on pushing forward new applications for the DNIe.

Privilege Management Infraestructures

Privilege management infraestructures (PMI) arise as an evolution of PKI where not only identity is considered but the privileges or access rights asociates to the diferent roles or individuals in the organizations. This reserach topics is one of the oldest within NICS and was consolidated in the project PRIVILEGE. In this project we worked mainly with X.509 Attribute Certificates. We developed a practical implementation of a Privilege Management Infrastructure (PMI) and a mechanism to perform controlled delegation, making use of the extension fields of the attribute certificates [8] [9]. Our proposal is based on graphs, including in each certificate a real number ( in the interval [0,1]) that measures the level of confidence of the issuer on the issued certificate. This enables us to compute trust on the granted privileges over the delegation graph.

In [10] we proposed a solution to enhance the X.509 attribute certificate in such a way that it becomes a conditionally anonymous attribute certificate. After that, we designed a protocol to obtain such certificates in a way that respects users' anonymity by using a fair blind signature scheme. We also show how to use such certificates and describe a few cases where problems could arise, identifying some open problems.

Another relevant are within PMI is supporting dynamic access control policies based on context information [11] and include in the decision making process not only roles and identities but also user attributes [12]

PMI can also be used for identity verification. Within the OSAMI project we have implemented solution for the distribution of secure code using OpenID and signatures with public key certificates of short duration (created from the OpenID information) [13]. In this way, developers can distribute signed code without the need for a long term digital certificate. This solution can be applied to those scenarios in which there is a dynamism in the programming team of these components such as in the open source community.


References

  1. D. Nuñez, I. Agudo, and J. Lopez, "Integrating OpenID with Proxy Re-Encryption to enhance privacy in cloud-based identity services", In IEEE CloudCom 2012, IEEE Computer Society, pp. 241 - 248, Dec 2012. DOI More..

    Abstract

    The inclusion of identity management in the cloud computing landscape represents a new business opportunity for providing what has been called Identity Management as a Service (IDaaS). Nevertheless, IDaaS introduces the same kind of problems regarding privacy and data confidentiality as other cloud services; on top of that, the nature of the outsourced information (users’ identity) is critical. Traditionally, cloud services (including IDaaS) rely only on SLAs and security policies to protect the data, but these measures have proven insufficient in some cases; recent research has employed advanced cryptographic mechanisms as an additional safeguard. Apart from this, there are several identity management schemes that could be used for realizing IDaaS systems in the cloud; among them, OpenID has gained crescent popularity because of its open and decentralized nature, which makes it a prime candidate for this task. In this paper we demonstrate how a privacy-preserving IDaaS system can be implemented using OpenID Attribute Exchange and a proxy re-encryption scheme. Our prototype enables an identity provider to serve attributes to other parties without being able to read their values. This proposal constitutes a novel contribution to both privacy and identity management fields. Finally, we discuss the performance and economical viability of our proposal.

  2. Citekey blindidm2013 not found
  3. D. Nuñez, I. Agudo, and J. Lopez, "Leveraging Privacy in Identity Management as a Service through Proxy Re-Encryption", In Ph.D Symposium of the European Conference on Service-Oriented and Cloud Computing (ESOCC) 2013, September 2013. More..

    Abstract

    The advent of cloud computing has provided the opportunity to externalize the identity management processes, shaping what has been called Identity Management as a Service (IDaaS). However, as in the case of other cloud-based services, IDaaS brings with it great concerns regarding security and privacy, such as the loss of control over the outsourced data. As part of this PhD thesis, we analyze these concerns and propose BlindIdM, a model for privacy-preserving IDaaS with a focus on data privacy protection through the use of proxy re-encryption.

  4. N. Libor, et al., "Strong Authentication of Humans and Machines in Policy Controlled Cloud Computing Environment Using Automatic Cyber Identity", In Information Security Solutions Europe 2012, N. Pohlmann, H. Reimer, and W. Schneider Eds., Springer Vieweg, pp. 195-206, 2012. DOI More..

    Abstract

    The paper describes the experience with integration of automatic cyber identity technology with policy controlled virtualisation environment. One identity technology has been used to enable strong authentication of users (human beings) as well as machines (host systems) to the virtualization management system. The real experimental evaluation has been done in PASSIVE project (Policy-Assessed system-level Security of Sensitive Information processing in Virtualised Environments - SEVENTH FRAMEWORK PROGRAMME THEME ICT-2009.1.4 INFORMATION AND COMMUNICATION TECHNOLOGIES - Small or medium-scale focused research project - Grant agreement no.: 257644).

  5. D. Nuñez, I. Agudo, P. Drogkaris, and S. Gritzalis, "Identity Management Challenges for Intercloud Applications", In 1st International Workshop on Security and Trust for Applications in Virtualised Environments (STAVE 2011), vol. 187, pp. 198-204, June, 2011. DOI More..

    Abstract

    Intercloud notion is gaining a lot of attention lately from both enterprise and academia, not only because of its benefits and expected results but also due to the challenges that it introduces regarding interoperability and standardisation. Identity management services are one of the main candidates to be outsourced into the Intercloud, since they are one of the most common services needed by companies and organisations. This paper addresses emerging identity management challenges that arise in intercloud formations, such as naming, identification, interoperability, identity life cycle management and single sign-on.

  6. I. Agudo, R. Rios, and J. Lopez, "A Privacy-Aware Continuous Authentication Scheme for Proximity-Based Access Control", In Computers & Security, vol. 39 (B), Elsevier, pp. 117-126, 11/2013. ISI JCR Impact Factor 2013: 1.172 DOI More..

    Abstract

    Continuous authentication is mainly associated with the use of biometrics to guarantee that a resource is being accessed by the same user throughout the usage period. Wireless devices can also serve as a supporting technology for continuous authentication or even as a complete alternative to biometrics when accessing proximity-based services. In this paper we present the implementation of a secure, non-invasive continuous authentication scheme supported by the use of Wearable Wireless Devices (WWD), which allow users to gain access to proximity-based services while preserving their privacy. Additionally we devise an improved scheme that circumvents some of the limitations of our implementation.

    Impact Factor: 1.172
    Journal Citation Reports® Science Edition (Thomson Reuters, 2013)

  7. J. A. Onieva, et al., "Como proteger la privacidad de los usuarios en Internet. Verificación anónima de la mayoría de edad", In XII Reunión Española sobre Criptología y Seguridad de la Información - RECSI 2012, Mondragon, pp. 297-302, Sep 2012. More..
  8. I. Agudo, J. Lopez, and J. A. Montenegro, "A Representation Model of Trust Relationships with Delegation Extensions", In 3th International Conference on Trust Management (iTRUST’05), LNCS 3477, Springer, pp. 9-22, May, 2005. DOI More..

    Abstract

    Logic languages establish a formal framework to solve authorization and delegation conflicts. However, we consider that a visual representation is necessary since graphs are more expressive and understandable than logic languages. In this paper, and after overviewing previous works using logic languages, we present a proposal for graph representation of authorization and delegation statements. Our proposal is based on Varadharajan et al. solution, though improve several elements of that work. We also discuss about the possible implementation of our proposal using attribute certificates.

  9. I. Agudo, J. Lopez, and J. A. Montenegro, "A Graphical Delegation Solution for X.509 Attribute Certificates", In ERCIM News, no. 63, ERCIM, pp. 33-34, October, 2005. More..
  10. V. Benjumea, J. Lopez, J. A. Montenegro, and J. M. Troya, "A First Approach to Provide Anonymity in Attribute Certificates", In 2004 International Workshop on Practice and Theory in Public Key Cryptography (PKC’04), LNCS 2947, Springer, pp. 402-415, March, 2004. More..

    Abstract

    This paper focus on two security services for internet applications:authorization and anonymity. Traditional authorization solutionsare not very helpful for many of the Internet applications; however,attribute certificates proposed by ITU-T seems to be well suited andprovide adequate solution. On the other hand, special attention is paidto the fact that many of the operations and transactions that are part ofInternet applications can be easily recorded and collected. Consequently,anonymity has become a desirable feature to be added in many cases. Inthis work we propose a solution to enhance the X.509 attribute certificatein such a way that it becomes a conditionally anonymous attributecertificate. Moreover, we present a protocol to obtain such certificatesin a way that respects users’ anonymity by using a fair blind signaturescheme. We also show how to use such certificates and describe a fewcases where problems could arise, identifying some open problems.

  11. I. Agudo, J. Lopez, and J. A. Montenegro, "Attributes Delegation Based on Ontologies and Context Information", In 10th IFIP TC-6 TC-11 International Conference on Communications and Multimedia on Security (CMS’06), LNCS 4237, Springer, pp. 54-66, October, 2006. DOI More..

    Abstract

    This paper presents a model for delegation based on partial orders, proposing the subclass relation in OWL as a way to represent the partial orders. Delegation and authorization decisions are made based on the context. In order to interact with the context, we define the Type of a credential as a way to introduce extra information regarding context constraints. When reasoning about delegation and authorization relationships, our model benefits from partial orders, defining them over entities, attributes and the credential type. Using these partial orders, the number of credentials required is reduced. It also classifies the possible criteria for making authorization decisions based on the context, in relation to the necessary information.

  12. I. Agudo, J. Lopez, and J. A. Montenegro, "Attribute delegation in ubiquitous environments", In 3rd international conference on Mobile multimedia communications (MobiMedia ’07), ICST, pp. 43:1–43:6, 2007. More..

    Abstract

    When delegation is implemented using the attribute certificates in a Privilege Management Infrastructure (PMI), this one reaches a considerable level of distributed functionality. However, the approach is not flexible enough for the requirements of ubiquitous environments. Additionally, the PMI can become a too complex solution for devices such as smartphones and PDAs, where resources are limited. In this work, we solve the previous limitations by defining a second class of attributes, called domain attributes, which are managed directly by users and are not right under the scope of the PMI, thus providing a light solution for constrained devices. The two classes of attributes are related by defining a simple ontology. We also introduce in the paper the concept of Attribute Federation which is responsible for supporting domain attributes and the corresponding ontology.

  13. I. Agudo, J. A. Onieva, and D. Merida, "Distribución segura de componentes software basada en OpenID", In XI Reunión Española sobre Criptología y Seguridad de la Información (RECSI 2010), September, 2010. More..

    Abstract

    En la actualidad, cada vez son más frecuentes los ataques software mediante la utilización de malware o sustitución de programas (o componentes) en los repositorios a los cuales los usuarios finales (o máquinas) acceden. Esta situación se ve de alguna manera acentuada con el dinamismo existente en la programación y ejecución de estos componentes, en la que distintos desarrolladores pueden participar para desplegar un determinado servicio o parte de él. Por ello, en este artículo se presenta una solución para la distribución de código de forma segura usando OpenID y firmas con certificados de clave pública de corta duración. De esta forma, se consigue un compromiso de seguridad que permite distribuir código firmado sin la necesidad de que los desarrolladores dispongan a priori de un certificado específico. Presentamos además algunos detalles acerca de la implementación realizada para hacer realidad este diseño.