Identity Management (IdM) systems have traditionally relied on a centralized model prone to privacy, trust, and security problems, like potential massive data breaches or identity spoofing. Identity ...providers accumulate excessive power that might allow them to become a big brother, analyzing and storing as much data as possible. Users should be able to trust identity providers and manage their personal information straightforwardly without compromising their privacy. The European OLYMPUS project introduces a distributed approach for IdM based on enhanced Attribute-Based Credentials (ABC) that splits the role of Identity Provider to limit their influence and chances to become a unique point of failure. However, the trust relationship between service providers, users, and identity providers is still a gap in those kinds of privacy-preserving ABC systems. Decentralized technologies are an opportunity to break away from the centralized model and propose systems that respect privacy while increasing users' trust. This paper presents an evolution of the OLYMPUS architecture, maintaining all the privacy features and incorporating distributed ledger technologies to enhance trust and security in online transactions and IdM systems. The proposed system has been implemented, tested, and validated, showing its performance and feasibility to manage user's identity in a fully privacy-preserving, distributed and reliable way.
Internet of Things (IoT) is a key business driver for the upcoming fifth-generation (5G) mobile networks, which in turn will enable numerous innovative IoT applications such as smart city, mobile ...health, and other massive IoT use cases being defined in 5G standards. To truly unlock the hidden value of such mission-critical IoT applications in a large scale in the 5G era, advanced self-protection capabilities are entailed in 5G-based Narrowband IoT (NB-IoT) networks to efficiently fight off cyber-attacks such as widespread Distributed Denial of Service (DDoS) attacks. However, insufficient research has been conducted in this crucial area, in particular, few if any solutions are capable of dealing with the multiple encapsulated 5G traffic for IoT security management. This paper proposes and prototypes a new security framework to achieve the highly desirable self-organizing networking capabilities to secure virtualized, multitenant 5G-based IoT traffic through an autonomic control loop featured with efficient 5G-aware traffic filtering. Empirical results have validated the design and implementation and demonstrated the efficiency of the proposed system, which is capable of processing thousands of 5G-aware traffic filtering rules and thus enables timely protection against large-scale attacks.
Security and privacy concerns are becoming an important barrier for large scale adoption and deployment of the Internet of Things. To address this issue, the identity management system defined herein ...provides a novel holistic and privacy-preserving solution aiming to cope with heterogeneous scenarios that requires both traditional online access control and authentication, along with claim-based approach for M2M (machine to machine) interactions required in IoT. It combines a cryptographic approach for claim-based authentication using the Idemix anonymous credential system, together with classic IdM mechanisms by relying on the FIWARE IdM (Keyrock). This symbiosis endows the IdM system with advanced features such as privacy-preserving, minimal disclosure, zero-knowledge proofs, unlikability, confidentiality, pseudonymity, strong authentication, user consent, and offline M2M transactions. The IdM system has been specially tailored for the Internet of Things bearing in mind the management of both users’ and smart objects’ identity. Moreover, the IdM system has been successfully implemented, deployed, and tested in the scope of SocIoTal European research project.
Blockchains offer a decentralized, immutable and verifiable ledger that can record transactions of digital assets, provoking a radical change in several innovative scenarios, such as smart cities, ...eHealth or eGovernment. However, blockchains are subject to different scalability, security and potential privacy issues, such as transaction linkability, crypto-keys management (e.g. recovery), on-chain data privacy, or compliance with privacy regulations (e.g. GDPR). To deal with these challenges, novel privacy-preserving solutions for blockchain based on crypto-privacy techniques are emerging to empower users with mechanisms to become anonymous and take control of their personal data during their digital transactions of any kind in the ledger, following a Self-Sovereign Identity (SSI) model. In this sense, this paper performs a systematic review of the current state of the art on privacy-preserving research solutions and mechanisms in blockchain, as well as the main associated privacy challenges in this promising and disrupting technology. The survey covers privacy techniques in public and permissionless blockchains, e.g. Bitcoin and Ethereum, as well as privacy-preserving research proposals and solutions in permissioned and private blockchains. Diverse blockchain scenarios are analyzed, encompassing, eGovernment, eHealth, cryptocurrencies, Smart cities, and Cooperative ITS.
Privacy enhancing technologies (PETs) allow to achieve user's transactions unlinkability across different online Service Providers. However, current PETs fail to guarantee unlinkability against the ...Identity Provider (IdP), which becomes a single point of failure in terms of privacy and security, and therefore, might impersonate its users. To address this issue, OLYMPUS EU project establishes an interoperable framework of technologies for a distributed privacy-preserving identity management based on cryptographic techniques that can be applied both to online and offline scenarios. Namely, distributed cryptographic techniques based on threshold cryptography are used to split up the role of the Identity Provider (IdP) into several authorities so that a single entity is not able to impersonate or track its users. The architecture leverages PET technologies, such as distributed threshold-based signatures and privacy attribute-based credentials (p-ABC), so that the signed tokens and the ABC credentials are managed in a distributed way by several IdPs. This paper describes the Olympus architecture, including its associated requirements, the main building blocks and processes, as well as the associated use cases. In addition, the paper shows how the Olympus oblivious architecture can be used to achieve privacy-preserving M2M offline transactions between IoT devices.
Despite the latest research efforts to foster mobility and roaming in heterogeneous Low Power Wide Area Networks (LP-WANs) networks, handover roaming of Internet of Things (IoT) devices is not a ...success mainly due to fragmentation and difficulties to establish trust across different network domains as well as the lack of interoperability of different LP-WANs wireless protocols. To cope with this issue, this paper proposes a novel handover roaming mechanism for Low Range Wide Area Network (LoRaWAN) protocol that relies on the trusted 5G network to perform IoT device's authentication and key management, thereby extending the mobility and roaming capabilities of LoRaWAN to global scale. The proposal enables interoperability between 5G network and LoRaWAN, whereby multi Radio Access Technologies IoT (multi-RAT IoT) devices can exploit both technologies interchangeably, thereby fostering novel IoT mobility and roaming use cases for LP-WANs not experimented so far. Two integration approaches for LoRaWAN and 5G have been proposed, either assuming 5G spectrum connectivity with standard 5G authentication or performing 5G authentication over the LoRaWAN network. The solution has been deployed, implemented and validated in a real and integrated 5G-LoRaWAN testbed, showing its feasibility and security viability.
Despite several efforts in the last years to make Identity Management Systems (IdMs) reliable, secured and privacy-respectful, identity-related cybercrimes are still continuously expanding. Current ...IdMs lack of proper security and privacy mechanisms that can holistically manage user’s privacy, strong authentication and ID-proofing mechanisms based on biometrics, usage of breeder documents, while maintaining usability for mobile, online or face-to-face scenarios. To fill this gap, the ARIES EU project aims to set up a reliable identity ecosystem, combining mature technologies for meet highest level of assurance, such as biometrics or use of secure elements, with innovative credential derivation mechanisms. ARIES has devised and implemented a privacy-preserving and user-centric Identity Management framework as well as associated management practices that ensure usability and flexibility for identity management processes. This paper presents ARIES results obtained after the successful development and validation of the ARIES IdM System in the associated use cases.
Software Defined Network (SDN) and Network Function Virtualization (NFV) are bringing many advantages to optimize and automatize security management at the network edge, enabling the deployment of ...virtual network security functions (VSFs) in MEC nodes, to strengthen the end-to-end security in IoT environments. The benefits could exploit in mobile MEC nodes on-boarded in Unmanned Aerial Vehicles (UAV), as the UAVs would carry on-demand VSFs to particular physical locations. To that aim, this paper proposes a novel NFV/SDN-based zero-touch security management framework for automatic orchestration, configuration and deployment of lightweight VSF in MEC-UAVs, that considers diverse contextual factors, related to both physical and virtual conditions, to optimize the security orchestration. Our solution aims to deploy on-demand VSFs, such as virtual Firewalls (vFirewalls), vProxies, vIDS (Intrusion Detection Systems) and vAAA, to assist during emerging situations in particular physical locations, protecting and optimizing the managed IoT network, as well as replacing or supporting compromised physical devices like IoT gateways. The proposed solution has been implemented, deployed and evaluated in a real testbed with real drones, showing its feasibility and performance.
As we get into the Internet of Things era, security and privacy concerns remain as the main obstacles in the development of innovative and valuable services to be exploited by society. Given the ...Machine-to-Machine (M2M) nature of these emerging scenarios, the application of current privacy-friendly technologies needs to be reconsidered and adapted to be deployed in such global ecosystem. This work proposes different privacy-preserving mechanisms through the application of anonymous credential systems and certificateless public key cryptography. The resulting alternatives are intended to enable an anonymous and accountable access control approach to be deployed on large-scale scenarios, such as Smart Cities. Furthermore, the proposed mechanisms have been deployed on constrained devices, in order to assess their suitability for a secure and privacy-preserving M2M-enabled Internet of Things.