In order to support emerging online activities within the digital information infrastructure, such as commerce, healthcare, entertainment and scientific collaboration, it is increasingly important to verify and protect the digital identity of the individuals involved. Identity management systems manage the digital identity life cycle of individuals that includes issuance, usage and revocation of digital identifiers.
Identity management systems have improved the management of identity information and user convenience; however they do not provide specific solutions to address protection of identity from threats such as identity theft and privacy violation. One major shortcoming of current approaches is the lack of strong verification techniques for issuance and usage of digital identifiers. Moreover current identity management systems do not consider biometric and history-based identifiers. Such identifiers are increasingly becoming an integral part of an individuals’ identity. Such types of identity data also need to be used with other digital identifiers and protected against misuse.
In this thesis we introduce a number of techniques that address the above problems. Our approach is based on the concept of privacy preserving multi-factor identity verification. The technique consists of verifying multiple identifier claims of an individual, without revealing extraneous identity information. A distinguishing feature of our approach is that we employ identity protection and verification techniques at all stages of the identity life cycle. We also enhance our approach with the use of biometric and history-based identifiers.
In open distributed systems, the verification of properties of subjects is a crucial task for authorization. Very often access to resources is based on policies that express (possibly complex) requirements in terms of what are referred to variously as identity properties, attributes, or characteristics of the subject. Example characteristics include whether the subject is (operating on behalf of) a user of a certain age or having a certain credit rating, or is an organization having certain accreditation, to name just a few. In a distributed system having no central authority on subject characteristics, evaluation of such policy requirements is a challenging task. In this paper we provide an approach according to which an entity, referred to as verifier, can evaluate a query concerning properties related to the identity of a subject, which may be required for the purpose of authorizing some action. The present contribution concerns the reuse of query results. We consider issues related to temporal validity (i.e., expiration and revocation of identity properties) as well as issues related to confidentiality when one entity reuses query results computed by another entity. We employ constraint logic programming as the foundation of our policy rules and query evaluation. This provides a very general, flexible basis, and enable our work to be applied more or less directly to several existing policy frameworks. The process of evaluation of a query against a subject identity is traced through a structure, referred to as identity proof tree, that carries all information proving that a policy requirement is met.
In this paper, we present for the first time efficient explicit formulas for arithmetic in the degree 0 divisor class group of a real hyperelliptic curve. Hereby, we consider real hyperelliptic curves of genus 2 given in affine coordinates for which the underlying finite field has characteristic > 3. These formulas are much faster than the optimized generic algorithms for real hyperelliptic curves and the cryptographic protocols in the real setting perform almost as well as those in the imaginary case. We provide the idea for the improvements and the correctness together with a comprehensive analysis of the number of field operations. Finally, we perform a direct comparison of cryptographic protocols using explicit formulas for real hyperelliptic curves with the corresponding protocols presented in the imaginary model.
This paper investigates whether information security related disclosures in financial reports can mitigate the impact of information security incidents. First, stock price reactions from a number of information security related incidents from 1997 to 2006 are regressed on the number of disclosures along with control variables. Two different types of disclosures are considered: the disclosure of internal control and procedures and the disclosure of information security risk factors. Our analysis does not show significant relationship between the disclosures of internal controls and cumulative abnormal return (CAR). However, our findings demonstrate that new information security risk factor disclosure can mitigate the effect of information security incidents in terms of CAR. If those factors have been disclosed previously, the effect becomes smaller. Although the match between disclosures and the incident does not have any impacts on stock price reactions, our result shows that for the matched companies, other business risk factors can adversely increase CAR. Second, a clustering analysis is performed on the contents of information security risk disclosures and the media announcements of the incidents by using text mining techniques. The clustering results demonstrate that the titles and contents of the disclosures point out possible impacts and subjects that might be affected. The results also show that breached companies gradually increase the number of disclosures than non-breached firms. For media announcements, site attacks and virus attacks are the two most popular incidents in our sample from the clustering analysis. This paper not only contributes to the literature in information security and accounting but also sheds light on how managers can evaluate their information security policies and convey information security practices more effectively to the investors. By properly reflecting information security risk factors causing directly by information security incidents and indirectly by other companies, investors might discount the impacts of such events through expectation formulation.
Recent work on graphical models for relational data has demonstrated significant improvements in classification and inference when models represent the dependen- cies among instances. Despite its use in conventional statistical models, the as- sumption of instance independence is contradicted by most relational datasets. For example, in citation data there are dependencies among the topics of a paper’s references, and in genomic data there are dependencies among the functions of interacting proteins. In this chapter we present relational dependency networks (RDNs), a graphical model that is capable of expressing and reasoning with such dependencies in a relational setting. We discuss RDNs in the context of relational Bayes networks and relational Markov networks and outline the relative strengths of RDNs—namely, the ability to represent cyclic dependencies, simple methods for parameter estimation, and efficient structure learning techniques. The strengths of RDNs are due to the use of pseudolikelihood learning techniques, which estimate an efficient approximation of the full joint distribution. We present learned RDNs for a number of real-world datasets and evaluate the models in a prediction context, showing that RDNs identify and exploit cyclic relational dependencies to achieve significant performance gains over conventional conditional models.