Facing the password dilemma

A digital identity comprises a limited set of attributes of a ”real-life identity” that characterizes a person or organization. Such an attribute can be a name, an affiliation or a credit card number. In decentralized environments such as service-oriented architectures or the Internet, a person often holds a multitude of digital identities, one with each system it interacts with.

As this number is increasing, the management of digital identities and associated authentication credentials is cumbersome for most computer users and bears significant security risks. Users do not only have difficulties to remember their passwords, they also bear a great burden to keep their account information up-to-date.

In our research, we are investigating on approaches for identity management that overcome these limitations. In particular, we are focussing on open identity management models, which can incorporate identity attributes not only from one source, as a local LDAP directory, but from many sources and even across domains.

Identity Management for SOA and the Internet

Open Identity Management Models as the federated or the user-centric model are based on the idea of having not only one central provider of identity information, but integrating several independent identity management systems. The basic principle is the controlled sharing of identity information among independent participants. Hereby the existence of trust between the provider of identity information (=identity provider) and the one requiring identity information (=relying party) is crucial.

Research

Verified and Unverified Digital Idenities

In todays online world, a digital identity often holds data that the user entered himself. For many applications this is sufficient. However, in order to perform critical transactions, as ordering an item or paying for a service, strong and verified digital identities are required to hold the user liable in case anything bad happens. An identity management needs to deal with verified and trustworthy identity data beneath user-managed attributes.

A trust level for Identities

Depending on the registration of a digital identity and associated verification steps, identity attributes can have different qualities. In order for another party to rely on provided attributes, it needs to know the quality of an identity attribute. In our research, we aim at providing means to state and communicate a trust level between identity providers and relying parties.

Integrating Digital Idenities from different sources

In order to provide verified identity data for online transactions, different countries started initiatives to provide an electronic identity card such as the e-Pass, which is only issued by the government or selected certified organizations. How to facilitate such data with open identity technologies as OpenID and Information Cards is one of the research topics we investigate in our chair.

Publications

Ivonne Thomas, Robert Warschofsky and Christoph Meinel: Whom to trust? - Generating WS-Security Policies based on Assurance Information In Proceedings of the 2011 IEEE European Conference on Web Services, Lugano, Switzerland, Sept. 2011.
Ivonne Thomas and Christoph Meinel: An attribute assurance framework to define and match trust in identity attributes In Proceedings of the 2011 IEEE International Conference on Web Services (ICWS 2011), Washington, USA, July 2011.
Ivonne Thomas, Christoph Meinel: Enhancing Claim-Based Identity Management by Adding a Credibility Level to the Notion of Claims. Proceedings of the IEEE Conference on Service Computing (SCC 2009), Bangalore, India, September 2009.
Uwe Kylau, Ivonne Thomas, Michael Menzel, and Christoph Meinel: Trust Requirements in Identity Federation TopologiesIn Proceedings of the 2009 IEEE International Conference on Advanced Information Networking and Applications (AINA-09)(Bradford, UK, May 26 - 29, 2009).
Ivonne Thomas, Michael Menzel, and Christoph Meinel: Using Quantified Trust Levels to describe Authentication Requirements in Federated Identity Management In Proceedings of the 2008 ACM Workshop on Secure Web Services (Alexandria, Virginia, USA, October 31 - 31, 2008). SWS '08. pp. 71 - 80, ISBN:978-1-60558-292-4

Ivonne Thomas, Michael Menzel, Christoph Meinel: "SOA, aber sicher", In: "<kes> Die Zeitschrift für Informations-Sicherheit", 1/2009, S.38, ISSN 1611-440X. Download. (Mit freundlicher Genehmigung von www.kes.info)
Ivonne Thomas, Michael Menzel, Christoph Meinel: "Ein Weg aus dem Passwortdilemma? Von domänen-basierten zu offenen Identitätsmanagementmodellen", FAZ Sonderteil vom 24.09.09.

Questions, Ideas, Feedback? Please contact:

identityprovider(at)hpi.uni-potsdam.de

Kontakt

Du möchtest mit uns in Austausch treten, oder hast andere Fragen? Schicke uns gern eine Mail an sec-eng-webadmin(at)hpi.de

News!

Juli 2022

HPI Cybersicherheitskurse für deutsch-chinesische Sommerschule der Universität Nanjing

Das HPI unterhält seit mehr als zwei Jahrzehnten enge Beziehungen zu bekannten chinesischen Universitäten und hat bereits 2011 eine eigene HPI Research School an der Universität Nanjing eröffnet. Im Rahmen einer interdisziplinären Sommerschule der Universität Nanjng bot das HPI vom 5. bis 7. Juli 2022 speziell eine Lecture Series zum Thema Cybersicherheit an.

Juni 2022

Ankündigung: Kostenloser Onlinekurs "Tatort Internet: Auflage 2022" startet im Oktober! im Kurs stellen Prof. Dr. Ch. Meinel und das Security-Team aktuelle und grundlegende Themen der Internetsicherheit vor! Melden Sie sich bereits heute an, um den Kursstart nicht zu verpassen!

Mai 2022

openHPI-Kurs: Cloud Computing durchgeführt von Prof. Meinel, Hendrik Steinbeck und Daniel Köhler. Neben der grundlegenden Funktionsweise des Cloud-Computings und der Enabler-Technologien steigt der Kurs auch in Risiken und Verantwortungen beim CC ein.

Nachtrag: Der Kurs ist abgeschlossen, aber die Lehrinhalte sind weiterhin im Selbststudium verfügbar!

März 2022

DDoS-Angriffe: Was sie sind und wie sie funktionieren

Der Krieg zwischen Russland und der Ukraine findet nicht mehr nur im physischen Raum statt. Die Cyberkriegsführung mit Angriffen auf gegnerische Systeme spielt für beide Seiten eine wichtige Rolle. Um der Ukraine zu helfen, startete die Online-Aktivisten-Gruppe Anonymous im Februar 2022 einen Aufruf, sich an DDos-Attacken gegen Russland zu beteiligen. Im Interview erklärt Daniel Köhler, was DDoS-Attacken sind, was ihr Ziel ist und ob man gegen sie vorgehen kann.

Januar 2022

Im Januar ist eine Wiederholung unserer englischsprachigen Cybersicherheits-Reihe auf openHPI mit dem Kurs Confidential Communication in the Internet gestartet.

Werde Teil unseres Teams!

Lehre

Sommersemester 2022

Bachelor Seminar: Cops and Robbers
Master Seminar: Behavioral Authentication and Physical Access Management
Master Project
- Schwachstellen-Datenbank für Cyber Threat Intelligence

Team

Supervisor: Prof. Dr. sc. nat., Dr. rer. nat. Christoph Meinel
Senior Researcher: Dr. rer. nat. Feng Cheng
PostDoc/PhD Students/Research Assistants:
- Eric Klieme, M.Sc.
- Alexander Mühle, M.Sc.
- Dr.-Ing. Pejman Najafi
- Daniel Köhler, M.Eng.
- Mehryar Majd, M.Sc.
- Farzad Motlagh, M.Sc.
- Jonas Schmitz, B.Sc. (Master Student)
External PhD Students:
- Kennedy Torkura, M.Sc. (with Resility GmbH)
- Hendrik Graupner M.Sc. (with Bundesdruckerei GmbH)
- Kaja Schmidt, M.Sc. (with European Commision)
Former Team Members