Skip to main content

From Real-world Identities to Privacy-preserving and Attribute-based CREDentials for Device-centric Access Control

Deliverables

Reference architecture (revised)

Report on system architecture, components and interfaces; D2.7 will revise D2.3.

Business and technical requirements

A detailed documentation of all business and technical needs and requirements.

Description of device-centric authentication (DCA) protocols and technology support (revised and extended)

The deliverable will describe DCA protocols, user/device and device/server interfaces and APIs, including description of needed extensions to FIDO standards with multi-level authentication and recovery mechanisms. Moreover, it will document how the trusted device execution environment can be exploited for human-to-device authentication, and it will document the implementation of TPM- and Telco-signed behavioral certificates. First DCA prototype implemented. D3.3 will revise and extend D3.1.

HCI concept testing on user groups

Initial test of HCI concept design on user groups, and design revision using users from first pilot.

Advanced extensions: cryptographic attribute management, learning algorithms for complex ABAC reasoning, and privacy awareness tool

Implementation and integration of cryptographic attribute-based authentication protocol to be used in conjunction with device-centric authentication. Implementation and integration of machine learning algorithms for complex policy creation and end user tool for privacy awareness and consent management.

Specification and initial design of the ABAC infrastructure

This deliverable documents the first stage of the design and components prototyping of the attribute-based access-control framework.

Final Dissemination report

Final release of accounting for all the dissemination activities and results during the project.

Business and technical requirements (revised)

A detailed documentation of all business and technical needs and requirements; D2.6 will revise D2.2.

Identity consolidator baseline platform

Initial setup of identity consolidator web service and the web-based utility for user-assisted identity collection, and report on identity crawling and matching approaches.

Reference architecture

Report on system architecture, components and interfaces.

Online identity and profile management

Formal description of a standard for the representation of user identity attributes emphasizing on the reputation use case. Open-sourced implementation of network application for secure and reliable ID information transfer. Implementation of a web application that helps users manage their identity profiles across sites. The application will include features for managing partial verifiable profiles and tools to assess privacy and de-anonymization risks.

Second Dissemination report

Second release of accounting for all the dissemination activities and results during the project.

First dissemination report

First release of accounting for all the dissemination activities and results during the project.

Market research report

Report on the potential market opportunity across Europe.

HCI concept testing on user groups (revised)

Design revision of D7.1 using users from first pilot.

Multifactor authentication for DCA: user to device and device to network support

Implementation of failover authentication mechanisms for human-to-device and device-to-service access based on behavioral and physiological biometrics. Implementation of locking out and log off mechanism in case the behavioral and physiological signatures of the user do not match the one of the legitimate user.

Campus-wide Wi-Fi and web services access control pilot set up

First running of pilot at month 12, supporting initial DCA and attribute-based device-centric Wi-Fi and web services’ access control solution in university campuses.

Description of device-centric authentication (DCA) protocols and technology support

The deliverable will describe DCA protocols, user/device and device/server interfaces and APIs, including description of needed extensions to FIDO standards with multi-level authentication and recovery mechanisms. Moreover, it will document how the trusted device execution environment can be exploited for human-to-device authentication, and it will document the implementation of TPM- and Telco-signed behavioral certificates. First DCA prototype implemented.

Multifactor authentication for DCA: user to device and device to network support (revised and extended)

Implementation of failover authentication mechanisms for human-to-device and device-to-service access based on behavioral and physiological biometrics. Implementation of locking out and log off mechanism in case the behavioral and physiological signatures of the user do not match the one of the legitimate user. D3.4 will revise and extend D3.2.

Full design and prototype of the ABAC infrastructure

Final design, implementation and integration of the attribute-based access-control framework.

All four pilots initial set up and progressing

Extended version of Campus-wide Wi-Fi and web services pilot, and initial setup of the three remaining pilots (ISIC student authentication and offers, age verification online gateway, microloan origination).

All pilots in operation and end user assessment report (campus, ISIC student authentication and offers, Age verification online gateway, Microloan origination)

Large scale demonstration of the four pilots, including final report on end users experience with detailed assessment for each pilot’s user group.

Full identity consolidator and attributes acquisition

Identity consolidator portal operative; automatic identity crawler with plug-ins for the major social network sites, and the probabilistic identity matching algorithms; smartphone and laptop application for the acquisition of physical identities attributes to be stored by the identity consolidator.

Searching for OpenAIRE data...

Publications

(U)SimMonitor: A mobile application for security evaluation of cellular networks

Author(s): Christos Xenakis, Christoforos Ntantogian, Orestis Panos
Published in: Computers & Security, Issue 60, 2016, Page(s) 62-78, ISSN 0167-4048
DOI: 10.1016/j.cose.2016.03.005

On the Feasibility of Attribute-Based Encryption on Internet of Things Devices

Author(s): Moreno Ambrosin, Arman Anzanpour, Mauro Conti, Tooska Dargahi, Sanaz Rahimi Moosavi, Amir M. Rahmani, Pasi Liljeberg
Published in: IEEE Micro, Issue 36/6, 2016, Page(s) 25-35, ISSN 0272-1732
DOI: 10.1109/MM.2016.101

Quantifying the Economic and Cultural Biases of Social Media through Trending Topics

Author(s): Juan Miguel Carrascosa, Ruben Cuevas, Roberto Gonzalez, Arturo Azcorra, David Garcia
Published in: PLOS ONE, Issue 10/7, 2015, Page(s) e0134407, ISSN 1932-6203
DOI: 10.1371/journal.pone.0134407

Web Identity Translator - Behavioral Advertising and Identity Privacy with WIT

Author(s): Fotios Papaodyssefs, Costas Iordanou, Jeremy Blackburn, Nikolaos Laoutaris, Konstantina Papagiannaki
Published in: Proceedings of the 14th ACM Workshop on Hot Topics in Networks - HotNets-XIV, 2015, Page(s) 1-7
DOI: 10.1145/2834050.2834105

Internet Computing: Using Reputation to Select Workers from a Pool

Author(s): Evgenia Christoforou, Antonio Fernández Anta, Chryssis Georgiou, Miguel A. Mosteiro
Published in: Proceedings of the 4th International Conference on Networked Systems (NETYS 2016), Issue annual, 2016

Ensuring Authenticity and Fidelity of Captured Photos Using Trusted Execution and Mobile Application Licensing Capabilities

Author(s): Kwstantinos Papadamou, Riginos Samaras, Michael Sirivianos
Published in: FASES 2016 - Workshop on Future Access Control, Identity Management and Privacy Preserving Solutions in Internet Services, 2016

On the feasibility of attribute-based encryption for WLAN access control

Author(s): Claudio Pisa, Tooska Dargahi, Alberto Caponi, Giuseppe Bianchi, Nicola Blefari-Melazzi
Published in: 2017 IEEE 13th International Conference on Wireless and Mobile Computing, Networking and Communications (WiMob), 2017, Page(s) 1-8
DOI: 10.1109/WiMOB.2017.8115806

Evaluation of Cryptography Usage in Android Applications

Author(s): Alexia Chatzikonstantinou, Christoforos Ntantogian, Georgios Karopoulos, Christos Xenakis
Published in: 9th EAI International Conference on Bio-inspired Information and Communications Technologies, Issue December 2015, 2015
DOI: 10.5281/zenodo.46623

WI-FAB - attribute-based WLAN access control, without pre-shared keys and backend infrastructures

Author(s): Claudio Pisa, Alberto Caponi, Tooska Dargahi, Giuseppe Bianchi, Nicola Blefari-Melazzi
Published in: Proceedings of the 8th ACM International Workshop on Hot Topics in Planet-scale mObile computing and online Social neTworking - HotPOST '16, 2016, Page(s) 31-36
DOI: 10.1145/2944789.2949546

FEBA: An Action-Based Feature Extraction Framework for Behavioural Identification and Authentication

Author(s): Luigi Stammati, Claudio Pisa, Tooska Dargahi, Alberto Caponi, Giuseppe Bianchi
Published in: 2016 11th International Conference on Availability, Reliability and Security (ARES), 2016, Page(s) 715-724
DOI: 10.1109/ARES.2016.31

Killing the Password and Preserving Privacy with Device-Centric and Attribute-based Authentication

Author(s): Kostantinos Papadamou; Savvas Zannettou; Giuseppe Bianchi; Alberto Caponi; Annamaria Recupero; Steven Gevers; George Gugulea; Sorin Teican; Bogdan Chifor; Christos Xenakis; Michael Sirivianos
Published in: IEEE Transactions on Information Forensics and Security, Issue 7, 2018, ISSN 1556-6021
DOI: 10.5281/zenodo.2556599

Understanding the detection of fake-view fraud in Video Content Portal

Author(s): M. Marciel, R. Cuevas, A. Banchs, R. Gonzalez, S. Traverso, M. Ahmed, A. Azcorra
Published in: 25th International World Wide Web Conference (WWW), 2016

I Always Feel Like Somebody's Watching Me. Measuring Online Behavioural Advertising

Author(s): J. Carrascosa, J. Mikians, R. Cuevas, V. Erramilli, N. Laoutaris
Published in: 11th ACM International Conference on emerging Networking Experiments and Technologies (ACM CoNEXT)., 2015

Internet Computing: Using Reputation to Select Workers from a Pool

Author(s): Evgenia Christoforou, Antonio Fernández Anta, Chryssis Georgiou, Miguel A. Mosteiro
Published in: CoRR arXiv, Issue abs/1603.04394, 2016, ISSN 2331-8422

CoVer-ability: Consistent Versioning for Concurrent Objects

Author(s): Nicolas Nicolaou, Antonio Fernández Anta, Chryssis Georgiou
Published in: CoRR arXiv, Issue abs/1601.07352, 2016, ISSN 2331-8422