Pub Date : 2022-09-22DOI: 10.48550/arXiv.2209.11108
Masato Hirai, Daisuke Kotani, Y. Okabe
An access control model called Zero Trust Architecture (ZTA) has attracted attention. ZTA uses information of users and devices, called context, for authentication and authorization. Zero Trust Federation (ZTF) has been proposed as a framework for extending an idea of identity federation to support ZTA. ZTF defines CAP as the entity that collects context and provides it to each organization (Relying Party; RP) that needs context for authorization based on ZTA. To improve the quality of authorization, CAPs need to collect context from various data sources. However, ZTF did not provide a method for collecting context from data sources other than RP. In this research, as a general model for collecting context in ZTF, we propose a method of linking identifiers between the data source and CAP. This method provides a way to collect context from some of such data sources in ZTF. Then, we implemented our method using RADIUS and MDM as data sources and confirmed that their contexts could be collected and used.
{"title":"Linking Contexts from Distinct Data Sources in Zero Trust Federation","authors":"Masato Hirai, Daisuke Kotani, Y. Okabe","doi":"10.48550/arXiv.2209.11108","DOIUrl":"https://doi.org/10.48550/arXiv.2209.11108","url":null,"abstract":"An access control model called Zero Trust Architecture (ZTA) has attracted attention. ZTA uses information of users and devices, called context, for authentication and authorization. Zero Trust Federation (ZTF) has been proposed as a framework for extending an idea of identity federation to support ZTA. ZTF defines CAP as the entity that collects context and provides it to each organization (Relying Party; RP) that needs context for authorization based on ZTA. To improve the quality of authorization, CAPs need to collect context from various data sources. However, ZTF did not provide a method for collecting context from data sources other than RP. In this research, as a general model for collecting context in ZTF, we propose a method of linking identifiers between the data source and CAP. This method provides a way to collect context from some of such data sources in ZTF. Then, we implemented our method using RADIUS and MDM as data sources and confirmed that their contexts could be collected and used.","PeriodicalId":390980,"journal":{"name":"International Workshop Emerging Technologies for Authorization and Authentication","volume":"16 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115987031","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2022-09-01DOI: 10.48550/arXiv.2209.00586
N. Fotiou, Iakovos Pittaras, Spiros Chadoulos, V. Siris, G.C. Polyzos, Nikolaos Ipiotis, Stratos Keranidis
As IoT becomes omnipresent vast amounts of data are generated, which can be used for building innovative applications. However,interoperability issues and security concerns, prevent harvesting the full potentials of these data. In this paper we consider the use case of data generated by smart buildings. Buildings are becoming ever"smarter"by integrating IoT devices that improve comfort through sensing and automation. However, these devices and their data are usually siloed in specific applications or manufacturers, even though they can be valuable for various interested stakeholders who provide different types of"over the top"services, e.g., energy management. Most data sharing techniques follow an"all or nothing"approach, creating significant security and privacy threats, when even partially revealed, privacy-preserving, data subsets can fuel innovative applications. With these in mind we develop a platform that enables controlled, privacy-preserving sharing of data items. Our system innovates in two directions: Firstly, it provides a framework for allowing discovery and selective disclosure of IoT data without violating their integrity. Secondly, it provides a user-friendly, intuitive mechanisms allowing efficient, fine-grained access control over the shared data. Our solution leverages recent advances in the areas of Self-Sovereign Identities, Verifiable Credentials, and Zero-Knowledge Proofs, and it integrates them in a platform that combines the industry-standard authorization framework OAuth 2.0 and the Web of Things specifications.
{"title":"Authentication, Authorization, and Selective Disclosure for IoT data sharing using Verifiable Credentials and Zero-Knowledge Proofs","authors":"N. Fotiou, Iakovos Pittaras, Spiros Chadoulos, V. Siris, G.C. Polyzos, Nikolaos Ipiotis, Stratos Keranidis","doi":"10.48550/arXiv.2209.00586","DOIUrl":"https://doi.org/10.48550/arXiv.2209.00586","url":null,"abstract":"As IoT becomes omnipresent vast amounts of data are generated, which can be used for building innovative applications. However,interoperability issues and security concerns, prevent harvesting the full potentials of these data. In this paper we consider the use case of data generated by smart buildings. Buildings are becoming ever\"smarter\"by integrating IoT devices that improve comfort through sensing and automation. However, these devices and their data are usually siloed in specific applications or manufacturers, even though they can be valuable for various interested stakeholders who provide different types of\"over the top\"services, e.g., energy management. Most data sharing techniques follow an\"all or nothing\"approach, creating significant security and privacy threats, when even partially revealed, privacy-preserving, data subsets can fuel innovative applications. With these in mind we develop a platform that enables controlled, privacy-preserving sharing of data items. Our system innovates in two directions: Firstly, it provides a framework for allowing discovery and selective disclosure of IoT data without violating their integrity. Secondly, it provides a user-friendly, intuitive mechanisms allowing efficient, fine-grained access control over the shared data. Our solution leverages recent advances in the areas of Self-Sovereign Identities, Verifiable Credentials, and Zero-Knowledge Proofs, and it integrates them in a platform that combines the industry-standard authorization framework OAuth 2.0 and the Web of Things specifications.","PeriodicalId":390980,"journal":{"name":"International Workshop Emerging Technologies for Authorization and Authentication","volume":"39 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124992029","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2021-12-10DOI: 10.1007/978-3-030-93747-8_5
V. Mavroudis, Chris Hicks, J. Crowcroft
{"title":"An Interface between Legacy and Modern Mobile Devices for Digital Identity","authors":"V. Mavroudis, Chris Hicks, J. Crowcroft","doi":"10.1007/978-3-030-93747-8_5","DOIUrl":"https://doi.org/10.1007/978-3-030-93747-8_5","url":null,"abstract":"","PeriodicalId":390980,"journal":{"name":"International Workshop Emerging Technologies for Authorization and Authentication","volume":"1201 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2021-12-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127432681","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.1007/978-3-030-93747-8_2
Florentin Putz, Steffen Schön, M. Hollick
{"title":"Future-Proof Web Authentication: Bring Your Own FIDO2 Extensions","authors":"Florentin Putz, Steffen Schön, M. Hollick","doi":"10.1007/978-3-030-93747-8_2","DOIUrl":"https://doi.org/10.1007/978-3-030-93747-8_2","url":null,"abstract":"","PeriodicalId":390980,"journal":{"name":"International Workshop Emerging Technologies for Authorization and Authentication","volume":"45 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"133763858","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.1007/978-3-030-93747-8_10
T. Dimitrakos, Tezcan Dilshener, A. Kravtsov, Antonio La Marra, F. Martinelli, Athanasios Rizos, A. Rosetti
{"title":"Handling Meta Attribute Information in Usage Control Policies (Short Paper)","authors":"T. Dimitrakos, Tezcan Dilshener, A. Kravtsov, Antonio La Marra, F. Martinelli, Athanasios Rizos, A. Rosetti","doi":"10.1007/978-3-030-93747-8_10","DOIUrl":"https://doi.org/10.1007/978-3-030-93747-8_10","url":null,"abstract":"","PeriodicalId":390980,"journal":{"name":"International Workshop Emerging Technologies for Authorization and Authentication","volume":"269 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115886625","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.1007/978-3-030-93747-8_11
Anzo DeGiulio, H. Lee, Eleanor Birrell
{"title":"\"Ask App Not to Track\": The Effect of Opt-In Tracking Authorization on Mobile Privacy","authors":"Anzo DeGiulio, H. Lee, Eleanor Birrell","doi":"10.1007/978-3-030-93747-8_11","DOIUrl":"https://doi.org/10.1007/978-3-030-93747-8_11","url":null,"abstract":"","PeriodicalId":390980,"journal":{"name":"International Workshop Emerging Technologies for Authorization and Authentication","volume":"12 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131320085","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.1007/978-3-030-93747-8_3
D. Progonov, Oleksandra Sokol
{"title":"Heartbeat-Based Authentication on Smartwatches in Various Usage Contexts","authors":"D. Progonov, Oleksandra Sokol","doi":"10.1007/978-3-030-93747-8_3","DOIUrl":"https://doi.org/10.1007/978-3-030-93747-8_3","url":null,"abstract":"","PeriodicalId":390980,"journal":{"name":"International Workshop Emerging Technologies for Authorization and Authentication","volume":"17 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132064159","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.1007/978-3-031-25467-3_8
Stefano Bistarelli, Bruno Lazo La Torre Montalvo, Ivan Mercanti, Francesco Santini
{"title":"An E-Voting System Based on Tornado Cash","authors":"Stefano Bistarelli, Bruno Lazo La Torre Montalvo, Ivan Mercanti, Francesco Santini","doi":"10.1007/978-3-031-25467-3_8","DOIUrl":"https://doi.org/10.1007/978-3-031-25467-3_8","url":null,"abstract":"","PeriodicalId":390980,"journal":{"name":"International Workshop Emerging Technologies for Authorization and Authentication","volume":"26 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131090744","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 1900-01-01DOI: 10.1007/978-3-031-25467-3_5
Andre Büttner, Nils Gruschka
{"title":"Protecting FIDO Extensions Against Man-in-the-Middle Attacks","authors":"Andre Büttner, Nils Gruschka","doi":"10.1007/978-3-031-25467-3_5","DOIUrl":"https://doi.org/10.1007/978-3-031-25467-3_5","url":null,"abstract":"","PeriodicalId":390980,"journal":{"name":"International Workshop Emerging Technologies for Authorization and Authentication","volume":"14 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122566884","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: