Identity Management Model Research Articles

Self-sovereign identity management in ciphertext policy attribute based encryption for IoT protocols

In the Internet of Things, access control and identity management rely on centralized platforms. However, centralized platforms will compromise user privacy with identity leakage. Self-sovereign identity (SSI) is a novel model for identity management that does not require third-party centralized authority. Thus, SSI is a potential solution to the identity management problem in IoT access control. This paper’s motivation is to address the problems of lack of identity sovereignty, centralized authorization, and high computational overhead for IoT access control. We propose a novel access control scheme for IoT that decentralizes identity management and tackles single-point-of-failure issues. This scheme leverages ciphertext policy attribute-based encryption (CP-ABE) and SSI to achieve the overall goal. Specifically, Our scheme eliminates the central authority and empowers users to manage their identity, allowing users to decide what attributes they disclose. Regarding the distribution of roles in the architecture, this paper follows the generic SSI model (ISSUER–HOLDER—VERIFIER) that allows a user to access a service from a service provider. To enable real-world deployment of our scheme, we establish an attribute authorization authority(such as the government) as a trusted identity point of entry. Users generate decentralized identifiers to enjoy services of interest in a privacy-preserving manner. The analysis demonstrates the practicality and superiority of our scheme. Our scheme requires less computation and is suitable for resource-constrained IoT scenarios.

Collaborative credentials for the Internet of Things

The Self-Sovereign Identity (SSI) paradigm has emerged as a decentralized Identity Management model with interesting capabilities for the Internet of Things (IoT). However, current standard SSI protocols and procedures only consider that individuals store their own identity, failing to provide an accurate solution for the identity management of groups where participants might use credentials from different identities and collaborate to meet a set of verifier´s requirements. The present work introduces the concept of Collaborative Credentials (CCs) to formalize identity management procedures that model the collaboration within a group of participants. CCs allow to leverage use cases requiring collaboration that cannot be solved with standard SSI verifiable credentials, increase the privacy of group participants and enable the development of a software framework that any verifier/holder could use to generate a generic application. In the paper, a generic model for CCs is presented, together with an implementation example that is subsequently evaluated in an experimental testbed.

USER CENTRIC APPROACH TO IDENTITY MANAGEMENT IN CLOUD COMPUTING ENVIRONMENT: AN EMPIRICALLY TESTED FRAMEWORK

Most of the commercial identity management models have focused on the perspective of service providers and given a preference to the challenges faced by the service providers. However, with the growing number of concerns, an identity management system with strong focus on the user’s concerns is required. A User Centric Approach for Identity Management (UCAId) for Cloud Computing in SaaS Environment has been presented in this paper. The proposed UCAId model considers user at the central position to improve their experience and increase adaptability of the cloud. Comprehensive literature review has been carried out to identify the most important parameters of the User Centric Identity management. Provisioning, privacy, security, scalability and trust have been identified as the five most parameters and further the model presents these parameters built-up on the strength of eight components each, individually. The model has been empirically tested to see its user adoption on a set Indian users with varied demographics. Data has been collected using a structured questionnaire and Principal Component Analysis has been used to analyze this primary data.

A PROPOSAL OF DIGITAL IDENTITY MANAGEMENT USING BLOCKCHAIN

Digital identity is the representation of a person in the digital environment. Nowadays, digital identity has become a very important topic when most activities are moved to the online world. To be secured and respect data privacy, this digital identity must be controlled by its owner, not any other third parties. This paper aims to propose a system for digital identity, presenting its architecture, features, and implementation specifications. This system brings advantages that will also be exposed along with real-life use case scenarios, all proving the necessity of transitioning to a modern identity management model like the Self-Sovereign Identity model. The Self-sovereign identity model is based on blockchain and is fundamental for the digital identity system conceived through research.

Blockchain-based self-sovereign identity solution for aerial base station integrated networks

Identity and access management frameworks address user access rights and data governance for organizations, vendors and users. In response to the problems associated with centralized authorities (e.g. single point of failure, limited scalability, lack of user control), new identity management models have emerged, such as Self-Sovereign Identity (SSI), which relies on verifiable data registers to validate Decentralized Identifier (DIDs) and can be achieved in many different ways, e.g. through Distributed Ledger Technology (DLT), distributed databases or other decentralized systems. The main goal of SSI is to enable users to take control of managing their data shared with different services. In this paper, we examine a possible application of the SSI concept to aerial base station (ABS)- integrated networks. The paper presents the effective use of DID implementation to provide a secure and decentralized way to create, associate and verify credentials and identities of ABSs, ensuring secure communication between Ground Base stations (GBSs) and other nodes in the network in a multi-operator scenario. In the numerical results, the average values of various metrics (namely, the average credential presentation time, the average credential offer time, the average DIDcomm connection creation time, the average DIDcomm signing time, and the average DIDcomm revoke credential time) related to credential operations in a DID management system are given for three different number of requests (50 K, 75 K, and 100 K). We have also provided the values of the different status codes that occurred in 100 K operations in the same DID management system. Towards the end of the paper, a comparison is made between SSI-based and Non-fungible token (NFT)-based blockchain solutions, also discussing the challenges and future directions of SSI solutions in the context of ABS-integrated networks.

Organizational Identity Management Policies

Effective identity management is essential for secure organizational processes, but organizations often do not approach it strategically. To break this trajectory, organizational policymakers need to define a clear and sustainable identity management strategy. This paper presents an overview and guidelines to help shape such strategy. It analyzes the key characteristics and trade-offs of today’s identity management models. Moreover, it offers practical recommendations for organizational policymakers when choosing among these models.

Analyzing the Threats to Blockchain-Based Self-Sovereign Identities by Conducting a Literature Survey

Self-sovereign identity (SSI) is a digital identity management model managed in a decentralized manner. It allows identity owners to manage and store their digital identities in a software wallet, for example, on a smartphone, without relying on centralized providers. This approach tries to enhance the security and privacy of digital identities and, thereby, their owners. With the new eIDAS regulation, elements of SSI, such as the wallet, are being pushed onto the market. However, since the model is relatively new, the security threats are still not fully known. This is shown by a brief security analysis of selected existing SSI wallets. In order to get a picture of the known threats, we systematically analyze and categorize related work in the field of SSI and elements applied by SSI. We then evaluate their application to current SSI systems and identify future work.

Blockchain distributed identity management model for cross-border data privacy protection

Cross-border data privacy protection often involves personal privacy data from different regions, where cross-border vehicle identity authentication requires a large amount of sensitive data. The cross-border movement of this sensitive data poses a significant threat to privacy. A distributed identity management blockchain model for cross-border data privacy protection is proposed to avoid the cross-border transmission of sensitive data through identity authentication. The model combines the SM2 and SM9 algorithms and blockchain technology to guarantee the security of stored data while providing a method to avoid sensitive data crossing borders and realizing cross-border identity authentication. The model was originally designed for the Northbound Travel for Macao scenario but can still be applied to other cross-border authentications. The generation speed of a Non-Fungible Token is verified through experiments, and the generation time and efficiency of Non-Fungible Tokens satisfy the actual needs of Internet of Vehicles authentication.

An identity management scheme for cloud computing: Review, challenges, and future directions

Cloud computing is a cost-effective way for organizations to access and use IT resources. However, it also exposes data to security threats. Authentication and authorization are crucial components of access control that prevent unauthorized access to cloud services. Organizations are turning to identity management solutions to help IT administrators face and mitigate security concerns. Identity management (IDM) has been recognized as a more robust solution for validating and maintaining digital identities. Identity management (IDM) is a key security mechanism for cloud computing that helps to ensure that only authorized users have access to data and resources. Traditional IDM solutions are centralized and rely on a single authority to manage user identities, which makes them vulnerable to attack. However, existing identity management solutions need to be more secure and trustworthy. Blockchain technology can create a more secure and trustworthy cloud transaction environment. Purpose: This paper investigates the security and trustworthiness of existing identity management solutions in cloud computing. Comparative results: We compared 14 traditional IDM schemes in cloud systems to explore contributions and limitations. This paper also compared 17 centralized, decentralized, and federated IDM models to explain their functions, roles, performance, contribution, primary metrics, and target attacks. About 17 IDM models have also been compared to explore their efficiency, overhead consumption, effectiveness to malicious users, trustworthiness, throughput, and privacy. Major conclusions: Blockchain technology has the potential to make cloud transactions more secure and reliable. It featured strong authentication and authorization mechanisms based on smart contracts on the Ethereum platform. As a result, it is still regarded as a reliable and immutable solution for protecting data sharing between entities in peer-to-peer networks. However, there is still a large gap between the theoretical method and its practical application. This paper also helps other scholars in the field discover issues and solutions and make suggestions for future research.

A Systematic Review of Blockchain-based Identity Management Solutions

The involvement of digital identity in almost all online services contributes to the growing reliance on Identity Management Systems (IDMS) that establish, verify, and manage digital identities. However, digital identities are still kept in central repositories. Which are controlled by a single authority that may have many vulnerabilities due to low security, leading attackers to exploit these vulnerabilities and causing various security breaches such as identity theft or disclosure of sensitive information. Additionally, powerful entities who have access to these repositories, could gather and abuse users' information without their knowledge or consent. The concept of Self-sovereign Identity (SSI) allows users to exert ownership of their identity and gain insight into how their data is being used. The development of Blockchain technology has made a breakthrough in achieving SSI by giving individuals the ability to be the final arbiter of who can access and use their own identity. This paper overviews the traditional identity management (IdM) models and presents the next generation of distributed IDMS using Blockchain technology that targets user-centricity and eliminates the identity provider as a trusted third party. Furthermore, It gives an analysis of the recent Blockchain-based IdM solutions, discussing their architecture, components, and features. It also, reveals their weaknesses to identify the gaps between these solutions for future secure IDMS.

DIdM-EIoTD: Distributed Identity Management for Edge Internet of Things (IoT) Devices.

The Internet of Things (IoT) paradigm aims to enhance human society and living standards with the vast deployment of smart and autonomous devices, which requires seamless collaboration. The number of connected devices increases daily, introducing identity management requirements for edge IoT devices. Due to IoT devices' heterogeneity and resource-constrained configuration, traditional identity management systems are not feasible. As a result, identity management for IoT devices is still an open issue. Distributed Ledger Technology (DLT) and blockchain-based security solutions are becoming popular in different application domains. This paper presents a novel DLT-based distributed identity management architecture for edge IoT devices. The model can be adapted with any IoT solution for secure and trustworthy communication between devices. We have comprehensively reviewed popular consensus mechanisms used in DLT implementations and their connection to IoT research, specifically identity management for Edge IoT devices. Our proposed location-based identity management model is generic, distributed, and decentralized. The proposed model is verified using the Scyther formal verification tool for security performance measurement. SPIN model checker is employed for different state verification of our proposed model. The open-source simulation tool FobSim is used for fog and edge/user layer DTL deployment performance analysis. The results and discussion section represents how our proposed decentralized identity management solution should enhance user data privacy and secure and trustworthy communication in IoT.

Decentralized Identity Management Using Blockchain

This article explores the usage of decentralised identity (DID) management using blockchain in global organisations to support secure usage of information resources. Blockchain as technology was initially introduced as a cryptocurrency and there have been challenges in its adoption for enterprise applications such as identity management. DID is emerging as one of the strong blockchain adoption use cases. Industry pioneers and users across domains have started exploring DID use cases, which help better protect their personal data and application access control as compared to traditional, central, or federated identity management models. In this exploratory work, the authors employ qualitative secondary case-based study research methodology to understand the challenges of the current digital identity management landscape and explore the possible benefits of DID as an emerging identity management paradigm. They propose a conceptual cube framework for analysing and studying various DID platforms thereby contributing to both the theory and practice of digitally secure identity.

Identity Management and Authentication of a UAV Swarm Based on a Blockchain

In recent years, with the continuous development of UAV technology, the application of the UAV swarm in the military has been a global focus of research. Although it can bring a series of benefits in autonomous cooperation, the traditional UAV management technology is prone to hacker attacks due to many security issues, such as a single point of failure brought by centralized management and the lack of reliable identity authentication. This paper studies the advantages and the recent advances of the blockchain in UAV swarm, proposes a blockchain-based UAV swarm identity management model (B-UIM-M), and establishes a distributed identity authentication scheme based on the distributed identity identifier (DID) under this model. Moreover, to ensure the safe transmission of UAV communication data, a secure communication architecture based on blockchain and a set of secure transmission protocols were designed, combined with cryptography. In the current military field, there is no similar application case of the UAV swarm identity management model and distributed identity authentication. The feasibility and security of the proposed scheme are proved through experiments and security analyses.

A secure and decentralized SSI authentication protocol with privacy protection and fine-grained access control based on federated blockchain.

Self-sovereign identity authentication protocol is an active research topic in the field of identity authentication and management. However, the current SSI authentication protocols pay little attention to privacy protection and the fine-grained access control. Therefore, a secure and decentralized SSI authentication protocol with privacy protection and fine-grained access control is proposed. Firstly, the formal model of SSI including the SDPP-SSI identity model and management model is presented. And then, based on the federated blockchain, the distributed identifier is used as a global identifier for users in the decentralized domain. Finally, the verifiable statement is encapsulated using a policy control signature supporting privacy protection to develop the user’s access control for identity registration in the centralized domain. Compared with the related work (Lin 2018, Zhu 2018, Stokkink 2018, Hammudoglu 2017, Othman 2017, Abraham 2018, Guan 2019, Lin 2019) from controllability, security, flexibility, privacy protection, authentication and fine-grained access control, the proposed SSI authentication protocol not only meets controllability, authentication, and flexibility, but also supports privacy protection and fine-grained access control.

Where does the heart lie? A multistage process model of entrepreneurial passion and role identity management

SummaryWith research on entrepreneurial passion booming, there is an increasing need to understand how and why that passion influences entrepreneurs' performance over time. To address this need, we develop a multistage process model, proposing that entrepreneurial passion type—harmonious or obsessive—explains how entrepreneurs modify their identity and reprioritize their roles as inventors, founders, and developers in response to feedback as the venture develops, thus giving rise to different patterns of role identity transition or persistence. The proposed feedback system advances our understanding of entrepreneurial passion by providing a dynamic view of the impact of passion and role identity management on overall entrepreneurial performance. We conclude by outlining the theoretical and practical implications of our multistage process model and by presenting an agenda for future research on entrepreneurial passion and role identity management.

Development of a sustainable brand identity model: fostering the implementation of SDGs in the Brazilian power sector

PurposeThis study aims to develop a sustainable brand identity model to help organizations align their managerial practices to sustainable development goals (SDGs) and examine its applicability for a Brazilian electrical sector company.Design/methodology/approachA systematic qualitative review of the literature was carried out to provide a theoretical basis for the attributes chosen to compose the sustainable brand identity management (SBIM) model. To apply the model, the authors collected the data from internal and public domain documents, semi-structured in-depth interviews and non-participant observation of the company's work environment.FindingsThe first SBIM model was developed. The Brazilian power sector company implemented sustainable actions related to most of the models' attributes, contributing to the SDGs. A research agenda was presented.Research limitations/implicationsThe theoretical contribution is provided toward brand identity and sustainability literature with the sustainable brand identity model development and the conceptual explanation regarding its attributes.Practical implicationsThe practical implications are provided from the model application to an electrical company leading to some managerial suggestions that might be used to companies willing to align their practices to sustainability.Originality/valueThe studies on SDG and brand identity models were analyzed in order to create the first SBIM model. This article extends the concept of the brand identity of marketing theory by linking its core to sustainability actions, so far not addressed in academic studies.

Resisting Privilege: Effects of a White Privilege Message Intervention and Conservative Media Use on Freedom Threat and Racial Attitudes

ABSTRACT Identifying ways to effectively communicate about racial/ethnic disparities is a place where communication scholars can make vital contributions. Yet, existing studies on this subject are scarce. Borrowing from reactance theory and the 3D model of White identity management, the present study tested whether exposing White adults to White privilege messaging helps them to become more aware or deny racial privilege. The results of our experiment revealed that there was a main effect for reading about racial privilege and increased awareness of privilege. However, in keeping with reactance theory, if the message stoked a perceived threat to freedom, message exposure resulted in the denial of both blatant and institutional racism. We also found a moderating role for Fox News viewing such that awareness of racial privilege was not affected by the intervention for heavy Fox News viewers, but it was for low Fox News viewers. We conclude that messages focused on explaining White privilege are promising, but there are risks.

A Survey of Self-Sovereign Identity Ecosystem

Self-sovereign identity is the next evolution of identity management models. This survey takes a journey through the origin of identity, defining digital identity and progressive iterations of digital identity models leading up to self-sovereign identity. It then states the relevant research initiatives, platforms, projects, and regulatory frameworks, as well as the building blocks including decentralized identifiers, verifiable credentials, distributed ledger, and various privacy engineering protocols. Finally, the survey provides an overview of the key challenges and research opportunities around self-sovereign identity.

Proposing a digital identity management framework: A mixed‐method approach

AbstractThis research aims to study the most critical elements of digital identity management to recognize the pattern and the requirements of their use and implementation. Further, an attempt is made to identify and prioritize the criteria and their relevant indicators of digital identity management in the form of a comprehensive framework. To this end a fuzzy multicriteria decision‐making approach was utilized. The framework focuses on a comprehensive perspective to consider digital identity and deals with compiling strategies and operational patterns based on the defined priorities. This applied research with a fundamental approach has a descriptive‐explanatory method as well. Through an in depth‐review of the extant literature and designing an instrument as well as semi‐structure interview the necessary data were collected. The research population consists of 10 experts. By reviewing the theoretical literature of the research, effective factors were identified and screened by the Fuzzy Delphi method leading to six main factors and 31 subfactors. Then, the collected data were analyzed through a hybrid technique known as FDANP (Fuzzy DEMATEL‐ANP) to determine the interactions between the factors and the subfactors and to weigh and prioritize them. The obtained results revealed that “strategic planning” is the most influential factor in digital identity management. Also, the subfactors namely “The use of the maturity model of digital identity management,” “commitment to the whole organization,” “integrity of digital identity management system with other systems,” “integrity of digital identity management program,” and “integrity of the two dimensions of identity management and access management” were ranked as the most influential subfactors of “strategic planning,” respectively. “Access management” was the most permeable factor in digital identity management. It means that this factor is the main problem and could be solved with the help of the influential factors. In addition, subfactors: “Access control to all resources only through the digital identity management system,” “Solution for access management of premium accounts,” “Multi‐factor authentication support,” “Access policy to all resources and information,” and “Determination of the manner of the user access to resources outside the organization” were ranked as the most permeable subfactors.

Entrepreneurial Social Identity Management Through Language Use

This study draws upon interview data and a grounded theoretical methodology to explore entrepreneurial social identity management. Interviews were conducted with forty-three entrepreneurs in several U.S. cities. The women and men discussed past conversations with (non)entrepreneurs, with foci on self- and other stereotyping, associated language use, prototypicality, and motivation. Open and axial coding of the interview content revealed a new model of entrepreneurial social identity management. The model’s implications for understanding entrepreneurs’ social identity and motivation were discussed.