| Abstract |
In todays Information Systems, including applications, platforms and services, users are requested to present credentials with local significance, in order to be authenticated and gain access to internal functionality. This way every user is required to have a different login-password combination for each online service, not to mention different credentials for different roles within a service. As a result users tend to choose poor passwords that are easy to remember, or even repeat the same login-password information in several services. This poses serious security threats to service providers and a severe privacy risk for end-users. The solution is to shift to digital identity management systems. Such a system will issue a digital identity for every user and will be able to control the full life cycle of these identities, from creation to termination. Another aspect of such a system is the single sign-on mechanism, whereby a single action of user authentication and authorization can permit a user to access multiple services without the need to execute any local authentication procedure. We can think of the digital identity as the identity card for the digital world, but with privacy concerns in order to eliminate any threats posed by the nature of the Internet. We started by evaluating existing identity management implementations and to propose a solution of our own. Our Identity Management Infrastructure (IMI) differs from similar approaches, by targeting a global scale deployment and problems that arise from such a goal. Another difference is that our technique sets the end-user as the sole holder of his identity information. This prevents the existence of a single point where multiple digital identities are held, which could become a target for potential attackers. The benefits (as seen from our approach) are improved security, accountability, reduced administration costs and privacy protection. In this thesis we explore the opportunity of shifting to a digital identity management infrastructure, while preserving the anonymity currently experienced by users. Our goal is to provide accountability to digital identity holders, while allowing the user to remain anonymous and give service providers and end-users strong guarantees about the security aspects of our approach. The design and development of our infrastructure was mainly driven by these contradicting factors, but the ease of deployment was also among our considerations. Finally, we consider the security risks involved in our approach. The model used identified the amount of information being exposed, in various attacks towards the components of our infrastructure. The results where crucial in order to identify the weak links of our approach and to provide us with directions for future work.
|
Υποδομή Διαχείρισης Ταυτοτήτων για τον Ψηφιακό Κόσμο
