pseudonymous authentication and authorization enhancing
play

Pseudonymous Authentication and Authorization enhancing ubiquitous - PowerPoint PPT Presentation

Jan 04, 2024 •570 likes •733 views

Pseudonymous Authentication and Authorization enhancing ubiquitous Identity Management Thomas Hildmann hildmann@prz.tu-berlin.de Berlin University of Technology (TUB) Content Motivation Advantages of pseudonymous A+A

  1. Pseudonymous Authentication and Authorization enhancing ubiquitous Identity Management Thomas Hildmann hildmann@prz.tu-berlin.de Berlin University of Technology (TUB)

  2. Content • Motivation – Advantages of pseudonymous A+A • Pseudonymous Authentication • Pseudonymous Authorization – ADFBlinder – Hiding of Structure-Application Mapping – Isolated ADF-Components • Summary

  3. Motivation – Works in B2B- • Ubiquitous A+A Environments (multi- – Just one (meta-) party A+A) database – Good for outsourcing – Effective, consistent – In case of an incident • Pseudonymity • Multilateral Security – Privacy Law – Principles and – Unions Methods are well- – Employees investigated – Insider attacks

  4. Pseudonymous Authentication • Implemented in Project „Campuskarte“ • Basic idea – Separation of Card-ID and User-ID – Card-ID revocation-lists – Knowledge is distributed between Application, Authentication-Server, Card- Database and Client-Computer

  5. Basic RBAC-Model UML-representation of simplified NIST RBAC model Derived model

  6. How to archive pseudonymity? • To authorize a person (s)he must be identified (may be pseudonymously). • Maintaining pseudonymity during the authorization-process. • This is possible by deploying necessary information: Initiator (subject), application/data (object), function (operation)

  7. Q ID A ADFBlinder-Architecture

  8. Hiding of Structure- Application-Mapping

  9. 2 2 1 1

  10. Hiding of Structure- User � SBR Application-Mapping SBR � ABR

  11. Isolated ADF-Components

  12. Comparing + simple cryptographic solution + no additional cryptography + just jails needed + mixes are well-investigated - RBAC-Metadirectory can - mixes must be driven track users Hiding of Structure- ADFBlinder-Architecture Application-Mapping + no additional crypto + no mixes - Metadir-Problem Isolated ADF-Components

  13. Summary • Advantages of ubiquitous IDM – Centralized structure / decentralized management – Homogeneous policy / fine grained customization – Users controlling their own identity • Disadvantages without pseudonymity – Traceability • Pseudonymous Authorization – Different implementation possible – We are implementing one

  14. Outlook – Use of modeling patterns • Implementation of (like programming RBAC-IDM System at patterns) Berlin University of – Pseudonymous Technology (TUB) Authentication and – Application Authorization comprehensive – Self administration and – Modeling of organization- delegation of rights and access-roles – Privacy suitable IDM – Distributed cross- organizational RBAC hildmann@prz.tu-berlin.de

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization, Sessions Authentication Determining user identity Multiple ways What you know (password) What you have (phone, RSA SecureID, Yubikey)

1.57k views • 28 slides
Remote File Access: Problems and Solutions Authentication and authorization Performance

Remote File Access: Problems and Solutions Authentication and authorization Performance

Remote File Access: Problems and Solutions Authentication and authorization Performance Synchronization Robustness Lecture 13 CS 111 Page 1 Summer 2013 Authorization and Authentication Authorization is determined if someone

886 views • 41 slides
Scaling Pseudonymous Authentication for Large Mobile Systems ACM WiSec19, May 17, 2019

Scaling Pseudonymous Authentication for Large Mobile Systems ACM WiSec19, May 17, 2019

Scaling Pseudonymous Authentication for Large Mobile Systems ACM WiSec19, May 17, 2019 Mohammad Khodaei, Hamid Noroozi, and Panos Papadimitratos Networked Systems Security Group www.eecs.kth.se/nss 1 / 29 Secure Vehicular Communication

597 views • 32 slides
Hour #1: Passwords Identification, Authentication, and Authorization Identification: You

Hour #1: Passwords Identification, Authentication, and Authorization Identification: You

CSCI E-170 Computer Security, Usability & Privacy Hour #1: Passwords Identification, Authentication, and Authorization Identification: You give your name Authentication: Youve proven that its really you.

486 views • 31 slides
Complex architectures for authentication and authorization on AWS Boyan Dimitrov Director

Complex architectures for authentication and authorization on AWS Boyan Dimitrov Director

Complex architectures for authentication and authorization on AWS Boyan Dimitrov Director Platform Engineering @ Sixt @nathariel September 2019 Our Focus Today ? Authenticate Key patterns for authentication & Authorize and

510 views • 38 slides
Secure SDN Authentication & Authorization for Multi-tenancy (DNS based PKI model) Author:

Secure SDN Authentication & Authorization for Multi-tenancy (DNS based PKI model) Author:

IETF94 2 Nov. 2015 Yokohama SDNRG WG Secure SDN Authentication & Authorization for Multi-tenancy (DNS based PKI model) Author: www.huawei.com Hosnieh Rafiee Ietf{at}rozanak.com Motivation Problem: secure SDN authentication,

546 views • 10 slides
CSE 510 Web Data Engineering Access Control Authentication & Authorization UB CSE 510 Web

CSE 510 Web Data Engineering Access Control Authentication & Authorization UB CSE 510 Web

CSE 510 Web Data Engineering Access Control Authentication & Authorization UB CSE 510 Web Data Engineering Access Control Mechanisms Declarative Authorization using Realms The expression of app security external to the app

540 views • 26 slides
Security Assessment of Authentication and Authorization Mechanisms in Ethereum, Quorum,

Security Assessment of Authentication and Authorization Mechanisms in Ethereum, Quorum,

Security Assessment of Authentication and Authorization Mechanisms in Ethereum, Quorum, Hyperledger Fabric and Corda Marie-Jeanne Lagarde, Master's thesis 2018-2019 Agenda Introduction Motivation 1. Scope 2. Research Questions 3.

467 views • 35 slides
EGI-Engage JRA1.1 Authentication and Authorization Infrastructure Christos Kanellopoulos

EGI-Engage JRA1.1 Authentication and Authorization Infrastructure Christos Kanellopoulos

EGI-Engage JRA1.1 Authentication and Authorization Infrastructure Christos Kanellopoulos Nicolas Liampotis - GRNET WP3 Meeting - 2017.03.24 www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union

352 views • 14 slides
http://xkcd.com/932/ Homework 2 Review CS 166: Information Security Authorization: Part 1 Prof.

http://xkcd.com/932/ Homework 2 Review CS 166: Information Security Authorization: Part 1 Prof.

http://xkcd.com/932/ Homework 2 Review CS 166: Information Security Authorization: Part 1 Prof. Tom Austin San Jos State University Authentication vs Authorization Authentication Are you who you say you are? Restrictions on who

1.14k views • 79 slides
Apache Airavata Security Manager Authentication & Authorization Im Implementation for a

Apache Airavata Security Manager Authentication & Authorization Im Implementation for a

Apache Airavata Security Manager Authentication & Authorization Im Implementation for a Multi- Tenant e-Science Framework Supun Nakandala, Hasini Gunasinghe, Suresh Marru and Marlon Pierce Science Gateways Research Center Indiana

695 views • 33 slides
Unified Authentication, Authorization, and User Administration An Open Source Approach Ted

Unified Authentication, Authorization, and User Administration An Open Source Approach Ted

Unified Authentication, Authorization, and User Administration An Open Source Approach Ted C. Cheng, Howard Chu, Matthew Hardin Symas Corporation Outline Evolution of Related Technologies Unified AAA Architecture Provisioning AAA

396 views • 27 slides
Energy Efficient Authentication and Authorization for Multi-node Cooperative Connectivity and

Energy Efficient Authentication and Authorization for Multi-node Cooperative Connectivity and

Energy Efficient Authentication and Authorization for Multi-node Cooperative Connectivity and Reliability PhD Candidate Vandana Rohokale (vmr@es.aau.dk) Supervisor Prof. Ramjee Prasad CTIF, Aalborg, Denmark Co-supervisors Assoc. Prof. Horia

372 views • 13 slides
Mutual Authentication and Authorization for Interconnecting Home Automation Systems Master Thesis

Mutual Authentication and Authorization for Interconnecting Home Automation Systems Master Thesis

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Mutual Authentication and Authorization for Interconnecting Home Automation Systems Master Thesis Final talk Karthik Mathiazhagan

735 views • 18 slides
Using The Delegated CoAP Authentication and Authorization Framework (DCAF) With CBOR Encoded

Using The Delegated CoAP Authentication and Authorization Framework (DCAF) With CBOR Encoded

Using The Delegated CoAP Authentication and Authorization Framework (DCAF) With CBOR Encoded Message Syntax draft-bergmann-ace-dcaf-cose Olaf Bergmann, Stefanie Gerdes { gerdes | bergmann } @tzi.org Presented by Carsten Bormann cabo@tzi.org

502 views • 18 slides
Authentication in Drupal DrupalCamp Spain 2014 About me, @juampy72 Drupal 7 and 8 module

Authentication in Drupal DrupalCamp Spain 2014 About me, @juampy72 Drupal 7 and 8 module

Juampy Novillo Requena Authentication in Drupal DrupalCamp Spain 2014 About me, @juampy72 Drupal 7 and 8 module Developer at Lullabot maintainer and core developer Let's start by defining Authentication and Authorization Authentication

909 views • 32 slides
STUDY 073 Simplification to Efavirenz-TDF-FTC Study 073: Design Study Design: Study 073

STUDY 073 Simplification to Efavirenz-TDF-FTC Study 073: Design Study Design: Study 073

Simplification to Efavirenz-TDF-FTC STUDY 073 Simplification to Efavirenz-TDF-FTC Study 073: Design Study Design: Study 073 Background : Randomized, controlled, open label phase 3 trial evaluating a simplification strategy for patients

213 views • 6 slides
A Direct Proof of Schwichtenbergs Bar Recursion Closure Theorem Silvia Steila on-going work

A Direct Proof of Schwichtenbergs Bar Recursion Closure Theorem Silvia Steila on-going work

A Direct Proof of Schwichtenbergs Bar Recursion Closure Theorem Silvia Steila on-going work with Paulo Oliva and Stefano Berardi Universit at Bern May 27th, 2016 System T System T consists of the simply typed -calculus, enriched

369 views • 18 slides
A construction of the affine VW supercategory Mee Seong Im United States Military Academy West

A construction of the affine VW supercategory Mee Seong Im United States Military Academy West

A construction of the affine VW supercategory Mee Seong Im United States Military Academy West Point, NY Institute for Computational and Experimental Research in Mathematics Brown University, Providence, RI Mee Seong Im The affine VW

596 views • 40 slides
Promoting Word Learning This session will through Caregiver Contingent Review factors that

Promoting Word Learning This session will through Caregiver Contingent Review factors that

24th March 2018 Promoting Word Learning This session will through Caregiver Contingent Review factors that impact on early word talk: learning including caregiver contingent talk Findings from two home-based Present findings from two

376 views • 4 slides
(Minimal) Model Generation Useful for several tasks: hardware and software verification

(Minimal) Model Generation Useful for several tasks: hardware and software verification

ormal ethods roup Computing Minimal Models Modulo Subset-Simulation for Modal Logics Fabio Papacchini Renate A. Schmidt School of Computer Science The University of Manchester September 20, 2013 F. Papacchini, R. A. Schmidt

821 views • 43 slides
The Road to Advanced Mission Critical Linux Support: an Open Source Approach marco bill-peter

The Road to Advanced Mission Critical Linux Support: an Open Source Approach marco bill-peter

The Road to Advanced Mission Critical Linux Support: an Open Source Approach marco bill-peter vice president Global Support Services marco bill-peter Red Hat is the world's leading provider of open source solutions, using a community-powered

335 views • 30 slides
Vector Spaces Sets Closed Under Operations Defn. A set S is closed under some opera- tion if

Vector Spaces Sets Closed Under Operations Defn. A set S is closed under some opera- tion if

Vector Spaces Sets Closed Under Operations Defn. A set S is closed under some opera- tion if applying that operation to elements of S always produces an element of S . For example, the integers are closed under ad- dition: adding two integers

420 views • 14 slides
DATA LEVEL PARALLELISM Mahdi Nazm Bojnordi Assistant Professor School of Computing University

DATA LEVEL PARALLELISM Mahdi Nazm Bojnordi Assistant Professor School of Computing University

DATA LEVEL PARALLELISM Mahdi Nazm Bojnordi Assistant Professor School of Computing University of Utah CS/ECE 6810: Computer Architecture Overview Announcement Homework 5: due on Nov. 20 th This lecture Data level parallelism

971 views • 34 slides

More recommend