Identity management has been ripe for disruption over the past few years due to recurring incidents of data breaches that have led to personal information leaks and identity theft.The rise of blockchain technology has...Identity management has been ripe for disruption over the past few years due to recurring incidents of data breaches that have led to personal information leaks and identity theft.The rise of blockchain technology has paved the way for the development of self-sovereign identity(SSI)—a new class of user-controlled resilient identity management systems that are enabled by distributed ledger technology.This paper examines how SSI management can be used in a public transportation sector that spans different operators in multiple countries.Specifically,the paper explores how a blockchain-based decentralized identity management system can draw on the SSI framework to provide high-level security and transparency for all involved parties in public transportation ecosystems.Accordingly,building on analyses of the existing public transportation ticketing solutions,we elicited requirements of a comparable system based on the SSI principles.Next,we developed a low-fidelity prototype to showcase how passengers can utilize standardized travel credentials that are valid across different transportation networks in Europe.The proposed system eliminates the need for multiple travel cards(i.e.,one for each transportation provider)and empowers individuals to have better control over the use of their identities while they utilize interoperable ticketing systems across Europe.Overall,building on the public transportation case,we offer a proof-of-concept that shows how individuals can better manage their identity credentials via the SSI framework.展开更多
Reliable identity management and authentication are significant for network security.In recent years,as traditional centralized identity management systems suffer from security and scalability problems,decentralized i...Reliable identity management and authentication are significant for network security.In recent years,as traditional centralized identity management systems suffer from security and scalability problems,decentralized identity management has received considerable attention in academia and industry.However,with the increasing sharing interaction among each domain,management and authentication of decentralized identity has raised higher requirements for cross-domain trust and faced implementation challenges galore.To solve these problems,we propose BIdM,a decentralized crossdomain identity management system based on blockchain.We design a decentralized identifier(DID)for naming identities based on the consortium blockchain technique.Since the identity subject fully controls the life cycle and ownership of the proposed DID,it can be signed and issued without a central authentication node’s intervention.Simultaneously,every node in the system can participate in identity authentication and trust establishment,thereby solving the centralized mechanism’s single point of failure problem.To further improve authentication efficiency and protect users’privacy,BIdM introduces a one-way accumulator as an identity data structure,which guarantees the validity of entity identity.We theoretically analyze the feasibility and performance of BIdM and conduct evaluations on a prototype implementation.The experimental results demonstrate that BIdM achieves excellent optimization on cross-domain authentication compared with existing identity management systems.展开更多
Identity management is based on the creation and management of useridentities for granting access to the cloud resources based on the user attributes.The cloud identity and access management (IAM) grants the authoriza...Identity management is based on the creation and management of useridentities for granting access to the cloud resources based on the user attributes.The cloud identity and access management (IAM) grants the authorization tothe end-users to perform different actions on the specified cloud resources. Theauthorizations in the IAM are grouped into roles instead of granting them directlyto the end-users. Due to the multiplicity of cloud locations where data resides anddue to the lack of a centralized user authority for granting or denying cloud userrequests, there must be several security strategies and models to overcome theseissues. Another major concern in IAM services is the excessive or the lack ofaccess level to different users with previously granted authorizations. This paperproposes a comprehensive review of security services and threats. Based on thepresented services and threats, advanced frameworks for IAM that provideauthentication mechanisms in public and private cloud platforms. A threat modelhas been applied to validate the proposed authentication frameworks with different security threats. The proposed models proved high efficiency in protectingcloud platforms from insider attacks, single sign-on failure, brute force attacks,denial of service, user privacy threats, and data privacy threats.展开更多
Information technology companies have grown in size and recognized the need to protect their valuable assets.As a result,each IT application has its authentication mechanism,and an employee needs a username and passwo...Information technology companies have grown in size and recognized the need to protect their valuable assets.As a result,each IT application has its authentication mechanism,and an employee needs a username and password.As the number of applications increased,as a result,it became increasingly complex to manage all identities like the number of usernames and passwords of an employee.All identities had to be retrieved by users.Both the identities and the access rights associated with those identities had to be protected by an administrator.Management couldn’t even capture such access rights because they couldn’t verify things like privacy and security.Identity management can help solve this problem.The concept behind identity management is to centralize identity management and manage access identity centrally rather than multiple applications with their authentication and authorization mechanisms.In this research work,we develop governance and an identity management framework for information and technology infrastructures with privileged access management,consisting of cybersecurity policies and strategies.The results show the efficiency of the framework compared to the existing information security components.The integrated identity and access management and privileged access management enable organizations to respond to incidents and facilitate compliance.It can automate use cases that manage privileged accounts in the real world.展开更多
Organizations may increase data security and operational efficiency by connecting Salesforce with Identity and Access Management (IAM) systems like Saviynt. This study delves deeply into the details of this revolution...Organizations may increase data security and operational efficiency by connecting Salesforce with Identity and Access Management (IAM) systems like Saviynt. This study delves deeply into the details of this revolution that is being encouraged to shift towards IAM software and potential drawbacks such as excessive provisioning and implementation issues. The study illuminated excellent practices and emphasized the importance of constant monitoring by using secondary theme analysis and qualitative research as proof. The findings indicate Saviynt as a viable solution and provide detailed information for firms seeking a smooth and secure integration path.展开更多
The Google Cloud Platform (GCP) is a popular choice for companies seeking a comprehensive cloud computing solution because it provides everything from essential computing resources to powerful data analytics and machi...The Google Cloud Platform (GCP) is a popular choice for companies seeking a comprehensive cloud computing solution because it provides everything from essential computing resources to powerful data analytics and machine learning capabilities. Saviynt is a cloud-based Identity and Access Management (IAM) system that integrates with Google Cloud Platform (GCP) and other services for additional functionality. However, other problems are associated with the transition, such as the requirement to correctly integrate IAM Saviynt into current IT infrastructures and provide comprehensive training to users on the new system. The paper will give a detailed review of the advantages, disadvantages, and best practices related to this transition.展开更多
This paper proposes a scheme for password management by storing password encryptions on a server. The method involves having the encryption key split into a share for the user and one for the server. The user’s share...This paper proposes a scheme for password management by storing password encryptions on a server. The method involves having the encryption key split into a share for the user and one for the server. The user’s share shall be based solely on a selected passphrase. The server’s share shall be generated from the user’s share and the encryption key. The security and trust are achieved by performing both encryption and decryption on the client side. We also address the issue of countering dictionary attack by providing a further enhancement of the scheme.展开更多
Internet of Things(IoT)devices facilitate intelligent service delivery in a broad range of settings,such as smart offices,homes and cities.However,the existing IoT access control solutions are mainly based on conventi...Internet of Things(IoT)devices facilitate intelligent service delivery in a broad range of settings,such as smart offices,homes and cities.However,the existing IoT access control solutions are mainly based on conventional identity management schemes and use centralized architectures.There are knowm security and privacy limitations with such schemes and architectures,such as the single-point failure or surveillance(e.g.,device tracking).Hence,in this paper,we present an architecture for capability-based IoT access control utilizing the blockchain and decentralized identifiers to manage the identity and access control for IoT devices.Then,we propose a protocol to provide a systematic view of system interactions,to improve security.We also implement a proof-of-concept prototype of the proposed approach and evaluate the prototype using a real-world use case.Our evaluation results show that the proposed solution is feasible,secure,and scalable.展开更多
The "sediment" formed in the process of long-term development of the resource-based cities not only restricts the economic structure trans/brmation, but also increases the difficulties for restructuring the state-ow...The "sediment" formed in the process of long-term development of the resource-based cities not only restricts the economic structure trans/brmation, but also increases the difficulties for restructuring the state-owned enterprises. Furthermore, it makes current ways of reforming staffs' identity replacement and managers' shareholding mode inefficient in state-owned enterprises reformation in resource-based cities. According to the characteristics of resource-based cities and property right reform theory, cash and share right compensation for the different staffs in the process of staffs' identity replacement have been identified. In addition, different profitable investment policies have also been suggested. For managers' share holding, the stimulant share ownership should be adopted principally, at the same time corresponding restrictions should be set up for managers' investment share ownership due to share ownership structure.展开更多
When employees identify with the groups and organizations they work for, this typically has positive implications for work-related attitudes and behaviors. The present paper provides a focused overview of the social i...When employees identify with the groups and organizations they work for, this typically has positive implications for work-related attitudes and behaviors. The present paper provides a focused overview of the social identity approach to leadership and some ideas on its cross-cultural generalizability. To this end, we will first outline the basic tenets of the social identity approach and summarize the relations of organizational identification with work-related variables. Then, we will discuss the role of social identity-related concepts for effective leadership. In particular, we will present empirical studies on the following three aspects: (1) the transfer of leader identification onto their followers, (2) the role of leader prototypicality, and (3) the ways for leaders to actively manage the identities of the groups they lead. Finally, we will provide some suggestions on how to implement the principles of identity management into practice and offer suggestions for future research, with a special focus on China.展开更多
Despite the various attractive features that Cloud has to offer, the rate of Cloud migration is rather slow, pri- marily due to the serious security and privacy issues that exist in the paradigm. One of the main probl...Despite the various attractive features that Cloud has to offer, the rate of Cloud migration is rather slow, pri- marily due to the serious security and privacy issues that exist in the paradigm. One of the main problems in this regard is that of authorization in the Cloud environment, which is the focus of our research. In this paper, we present a systematic analysis of the existing authorization solutions in Cloud and evaluate their effectiveness against well-established industrial standards that conform to the unique access control require- ments in the domain. Our analysis can benefit organizations by helping them decide the best authorization technique for deployment in Cloud; a case study along with simulation re- sults is also presented to illustrate the procedure of using our qualitative analysis for the selection of an appropriate tech- nique, as per Cloud consumer requirements. From the results of this evaluation, we derive the general shortcomings of the extant access control techniques that are keeping them from providing successful authorization and, therefore, widely adopted by the Cloud community. To that end, we enumer- ate the features an ideal access control mechanisms for the Cloud should have, and combine them to suggest the ultimate solution to this major security challenge - access control as a service (ACaaS) for the software as a service (SaaS) layer. We conclude that a meticulous research is needed to incorpo- rate the identified authorization features into a generic ACaaS framework that should be adequate for providing high level of extensibility and security by integrating multiple accesscontrol models.展开更多
文摘Identity management has been ripe for disruption over the past few years due to recurring incidents of data breaches that have led to personal information leaks and identity theft.The rise of blockchain technology has paved the way for the development of self-sovereign identity(SSI)—a new class of user-controlled resilient identity management systems that are enabled by distributed ledger technology.This paper examines how SSI management can be used in a public transportation sector that spans different operators in multiple countries.Specifically,the paper explores how a blockchain-based decentralized identity management system can draw on the SSI framework to provide high-level security and transparency for all involved parties in public transportation ecosystems.Accordingly,building on analyses of the existing public transportation ticketing solutions,we elicited requirements of a comparable system based on the SSI principles.Next,we developed a low-fidelity prototype to showcase how passengers can utilize standardized travel credentials that are valid across different transportation networks in Europe.The proposed system eliminates the need for multiple travel cards(i.e.,one for each transportation provider)and empowers individuals to have better control over the use of their identities while they utilize interoperable ticketing systems across Europe.Overall,building on the public transportation case,we offer a proof-of-concept that shows how individuals can better manage their identity credentials via the SSI framework.
基金Key-Area Research and Development Program of Guangdong Province(2020B0101090003)National Natural Science Foundation of China(62072012)+2 种基金Shenzhen Research Project(JSGG20191129110603831)Shenzhen Key Laboratory Project(ZDSYS201802051831427)the project PCL Future Regional Network Facilities for Large Scale Experiments and Applications。
文摘Reliable identity management and authentication are significant for network security.In recent years,as traditional centralized identity management systems suffer from security and scalability problems,decentralized identity management has received considerable attention in academia and industry.However,with the increasing sharing interaction among each domain,management and authentication of decentralized identity has raised higher requirements for cross-domain trust and faced implementation challenges galore.To solve these problems,we propose BIdM,a decentralized crossdomain identity management system based on blockchain.We design a decentralized identifier(DID)for naming identities based on the consortium blockchain technique.Since the identity subject fully controls the life cycle and ownership of the proposed DID,it can be signed and issued without a central authentication node’s intervention.Simultaneously,every node in the system can participate in identity authentication and trust establishment,thereby solving the centralized mechanism’s single point of failure problem.To further improve authentication efficiency and protect users’privacy,BIdM introduces a one-way accumulator as an identity data structure,which guarantees the validity of entity identity.We theoretically analyze the feasibility and performance of BIdM and conduct evaluations on a prototype implementation.The experimental results demonstrate that BIdM achieves excellent optimization on cross-domain authentication compared with existing identity management systems.
基金funded by the Deanship of Scientific Research at Jouf University under Grant No.(DSR-2021-02-0303).
文摘Identity management is based on the creation and management of useridentities for granting access to the cloud resources based on the user attributes.The cloud identity and access management (IAM) grants the authorization tothe end-users to perform different actions on the specified cloud resources. Theauthorizations in the IAM are grouped into roles instead of granting them directlyto the end-users. Due to the multiplicity of cloud locations where data resides anddue to the lack of a centralized user authority for granting or denying cloud userrequests, there must be several security strategies and models to overcome theseissues. Another major concern in IAM services is the excessive or the lack ofaccess level to different users with previously granted authorizations. This paperproposes a comprehensive review of security services and threats. Based on thepresented services and threats, advanced frameworks for IAM that provideauthentication mechanisms in public and private cloud platforms. A threat modelhas been applied to validate the proposed authentication frameworks with different security threats. The proposed models proved high efficiency in protectingcloud platforms from insider attacks, single sign-on failure, brute force attacks,denial of service, user privacy threats, and data privacy threats.
基金the Deanship of Scientific Research at Majmaah University for supporting this work under Project Number No.R-2021-150.
文摘Information technology companies have grown in size and recognized the need to protect their valuable assets.As a result,each IT application has its authentication mechanism,and an employee needs a username and password.As the number of applications increased,as a result,it became increasingly complex to manage all identities like the number of usernames and passwords of an employee.All identities had to be retrieved by users.Both the identities and the access rights associated with those identities had to be protected by an administrator.Management couldn’t even capture such access rights because they couldn’t verify things like privacy and security.Identity management can help solve this problem.The concept behind identity management is to centralize identity management and manage access identity centrally rather than multiple applications with their authentication and authorization mechanisms.In this research work,we develop governance and an identity management framework for information and technology infrastructures with privileged access management,consisting of cybersecurity policies and strategies.The results show the efficiency of the framework compared to the existing information security components.The integrated identity and access management and privileged access management enable organizations to respond to incidents and facilitate compliance.It can automate use cases that manage privileged accounts in the real world.
文摘Organizations may increase data security and operational efficiency by connecting Salesforce with Identity and Access Management (IAM) systems like Saviynt. This study delves deeply into the details of this revolution that is being encouraged to shift towards IAM software and potential drawbacks such as excessive provisioning and implementation issues. The study illuminated excellent practices and emphasized the importance of constant monitoring by using secondary theme analysis and qualitative research as proof. The findings indicate Saviynt as a viable solution and provide detailed information for firms seeking a smooth and secure integration path.
文摘The Google Cloud Platform (GCP) is a popular choice for companies seeking a comprehensive cloud computing solution because it provides everything from essential computing resources to powerful data analytics and machine learning capabilities. Saviynt is a cloud-based Identity and Access Management (IAM) system that integrates with Google Cloud Platform (GCP) and other services for additional functionality. However, other problems are associated with the transition, such as the requirement to correctly integrate IAM Saviynt into current IT infrastructures and provide comprehensive training to users on the new system. The paper will give a detailed review of the advantages, disadvantages, and best practices related to this transition.
文摘This paper proposes a scheme for password management by storing password encryptions on a server. The method involves having the encryption key split into a share for the user and one for the server. The user’s share shall be based solely on a selected passphrase. The server’s share shall be generated from the user’s share and the encryption key. The security and trust are achieved by performing both encryption and decryption on the client side. We also address the issue of countering dictionary attack by providing a further enhancement of the scheme.
文摘Internet of Things(IoT)devices facilitate intelligent service delivery in a broad range of settings,such as smart offices,homes and cities.However,the existing IoT access control solutions are mainly based on conventional identity management schemes and use centralized architectures.There are knowm security and privacy limitations with such schemes and architectures,such as the single-point failure or surveillance(e.g.,device tracking).Hence,in this paper,we present an architecture for capability-based IoT access control utilizing the blockchain and decentralized identifiers to manage the identity and access control for IoT devices.Then,we propose a protocol to provide a systematic view of system interactions,to improve security.We also implement a proof-of-concept prototype of the proposed approach and evaluate the prototype using a real-world use case.Our evaluation results show that the proposed solution is feasible,secure,and scalable.
文摘The "sediment" formed in the process of long-term development of the resource-based cities not only restricts the economic structure trans/brmation, but also increases the difficulties for restructuring the state-owned enterprises. Furthermore, it makes current ways of reforming staffs' identity replacement and managers' shareholding mode inefficient in state-owned enterprises reformation in resource-based cities. According to the characteristics of resource-based cities and property right reform theory, cash and share right compensation for the different staffs in the process of staffs' identity replacement have been identified. In addition, different profitable investment policies have also been suggested. For managers' share holding, the stimulant share ownership should be adopted principally, at the same time corresponding restrictions should be set up for managers' investment share ownership due to share ownership structure.
文摘When employees identify with the groups and organizations they work for, this typically has positive implications for work-related attitudes and behaviors. The present paper provides a focused overview of the social identity approach to leadership and some ideas on its cross-cultural generalizability. To this end, we will first outline the basic tenets of the social identity approach and summarize the relations of organizational identification with work-related variables. Then, we will discuss the role of social identity-related concepts for effective leadership. In particular, we will present empirical studies on the following three aspects: (1) the transfer of leader identification onto their followers, (2) the role of leader prototypicality, and (3) the ways for leaders to actively manage the identities of the groups they lead. Finally, we will provide some suggestions on how to implement the principles of identity management into practice and offer suggestions for future research, with a special focus on China.
文摘Despite the various attractive features that Cloud has to offer, the rate of Cloud migration is rather slow, pri- marily due to the serious security and privacy issues that exist in the paradigm. One of the main problems in this regard is that of authorization in the Cloud environment, which is the focus of our research. In this paper, we present a systematic analysis of the existing authorization solutions in Cloud and evaluate their effectiveness against well-established industrial standards that conform to the unique access control require- ments in the domain. Our analysis can benefit organizations by helping them decide the best authorization technique for deployment in Cloud; a case study along with simulation re- sults is also presented to illustrate the procedure of using our qualitative analysis for the selection of an appropriate tech- nique, as per Cloud consumer requirements. From the results of this evaluation, we derive the general shortcomings of the extant access control techniques that are keeping them from providing successful authorization and, therefore, widely adopted by the Cloud community. To that end, we enumer- ate the features an ideal access control mechanisms for the Cloud should have, and combine them to suggest the ultimate solution to this major security challenge - access control as a service (ACaaS) for the software as a service (SaaS) layer. We conclude that a meticulous research is needed to incorpo- rate the identified authorization features into a generic ACaaS framework that should be adequate for providing high level of extensibility and security by integrating multiple accesscontrol models.