aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--gnunetbib.bib34
1 files changed, 4 insertions, 30 deletions
diff --git a/gnunetbib.bib b/gnunetbib.bib
index 6eaed79..98d930f 100644
--- a/gnunetbib.bib
+++ b/gnunetbib.bib
@@ -48,33 +48,7 @@
48 www_tags = selected, 48 www_tags = selected,
49 www_pdf_url = {http://mediatum.ub.tum.de/?id=1545514}, 49 www_pdf_url = {http://mediatum.ub.tum.de/?id=1545514},
50 url = {https://bibliography.gnunet.org}, 50 url = {https://bibliography.gnunet.org},
51 abstract = {Today, identity management is a key element for commercial and private services on 51 abstract = {Today, identity management is a key element for commercial and private services on the Internet. Over the past decade, digital identities evolved away from decentralized, pseudonymous, user-controlled personas towards centralized, unabiguous identities managed at and provided through service providers. This development was sparked by the requirement of real identities in the context of electronic commerce. However, it was particularly fuelled later by the emergence of social media and the possibilities it provides to people in order to establish social connections. The following centralization of identities at a handful of service providers significantly improved usability and reliability of identity services. Those benefits come at the expense of other, arguably equally important areas. For users, it is privacy and the permanent threat of being tracked and analyzed. For service providers, it is liability and the risk of facing significant punishment caused by strict privacy regulations which try to counteract the former. In this thesis, we investigate state-of-the-art approaches to modern identity management. We take a look at existing standards and recent research in order to understand the status quo and how it can be improved. As a result from our research, we present the following contributions: In order to allow users to reclaim control over their identities and personal data, we propose a design for a decentralized, self-sovereign directory service. This service allows users to share personal data with services without the need of a trusted third party. Unlike existing research in this area, we propose mechanisms which allow users to efficiently enforce access control on their data. Further, we investigate how trust can be established in user-managed, self-sovereign identities. We propose a trust establishment mechanism through the use of secure name systems. It allows users and organizations to establish trust relationships and identity assertions without the need of centralized public key infrastructures (PKIs). Additionally, we show how recent advancements in the area of non-interactive zero-knowledge (NIZK) protocols can be leveraged in order to create privacy-preserving attribute-based credentials (PP-ABCs) suitable for use in self-sovereign identity systems including our proposed directory service. We provide proof of concept implementations of our designs and evaluate them to show that they are suitable for practical applications.}
52the Internet. Over the past decade, digital identities evolved away from decentralized,
53pseudonymous, user-controlled personas towards centralized, unabiguous identities
54managed at and provided through service providers. This development was sparked
55by the requirement of real identities in the context of electronic commerce. However, it
56was particularly fuelled later by the emergence of social media and the possibilities it
57provides to people in order to establish social connections. The following centralization
58of identities at a handful of service providers significantly improved usability and
59reliability of identity services. Those benefits come at the expense of other, arguably
60equally important areas. For users, it is privacy and the permanent threat of being
61tracked and analyzed. For service providers, it is liability and the risk of facing significant
62punishment caused by strict privacy regulations which try to counteract the former.
63In this thesis, we investigate state-of-the-art approaches to modern identity management. We take a look at existing standards and recent research in order to understand
64the status quo and how it can be improved. As a result from our research, we present the
65following contributions: In order to allow users to reclaim control over their identities
66and personal data, we propose a design for a decentralized, self-sovereign directory service. This service allows users to share personal data with services without the need of a
67trusted third party. Unlike existing research in this area, we propose mechanisms which
68allow users to efficiently enforce access control on their data. Further, we investigate
69how trust can be established in user-managed, self-sovereign identities. We propose a
70trust establishment mechanism through the use of secure name systems. It allows users
71and organizations to establish trust relationships and identity assertions without the
72need of centralized public key infrastructures (PKIs). Additionally, we show how recent
73advancements in the area of non-interactive zero-knowledge (NIZK) protocols can be
74leveraged in order to create privacy-preserving attribute-based credentials (PP-ABCs)
75suitable for use in self-sovereign identity systems including our proposed directory
76service. We provide proof of concept implementations of our designs and evaluate them
77to show that they are suitable for practical applications.},
78} 52}
79 53
80@mastersthesis {mteich-2017, 54@mastersthesis {mteich-2017,
@@ -543,9 +517,9 @@ as an evaluation of its performance},
543 www_tags = selected, 517 www_tags = selected,
544 author = {Christian Grothoff and Matthias Wachs and Monika Ermert and Jacob Appelbaum} 518 author = {Christian Grothoff and Matthias Wachs and Monika Ermert and Jacob Appelbaum}
545} 519}
546@conference {2018_1, 520@inproceedings {2018_1,
547 title = {reclaimID: Secure, Self-Sovereign Identities using Name Systems and Attribute-Based Encryption}, 521 title = {reclaimID: Secure, Self-Sovereign Identities using Name Systems and Attribute-Based Encryption},
548 booktitle = {ArXiv e-prints}, 522 booktitle={Proceedings of 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)},
549 year = {2018}, 523 year = {2018},
550 abstract = {In this paper we present reclaimID: An architecture that allows users to reclaim their digital identities by securely sharing identity attributes without the need for a centralised service provider. We propose a design where user attributes are stored in and shared over a name system under user-owned namespaces. Attributes are encrypted using attribute-based encryption (ABE), allowing the user to selectively authorize and revoke access of requesting parties to subsets of his attributes. We present an implementation based on the decentralised GNU Name System (GNS) in combination with ciphertext-policy ABE using type-1 pairings. To show the practicality of our implementation, we carried out experimental evaluations of selected implementation aspects including attribute resolution performance. Finally, we show that our design can be used as a standard OpenID Connect Identity Provider allowing our implementation to be integrated into standard-compliant services}, 524 abstract = {In this paper we present reclaimID: An architecture that allows users to reclaim their digital identities by securely sharing identity attributes without the need for a centralised service provider. We propose a design where user attributes are stored in and shared over a name system under user-owned namespaces. Attributes are encrypted using attribute-based encryption (ABE), allowing the user to selectively authorize and revoke access of requesting parties to subsets of his attributes. We present an implementation based on the decentralised GNU Name System (GNS) in combination with ciphertext-policy ABE using type-1 pairings. To show the practicality of our implementation, we carried out experimental evaluations of selected implementation aspects including attribute resolution performance. Finally, we show that our design can be used as a standard OpenID Connect Identity Provider allowing our implementation to be integrated into standard-compliant services},
551 keywords = {Computer Science - Cryptography and Security}, 525 keywords = {Computer Science - Cryptography and Security},