Gerenciamento e autenticação de identidades digitais usando feições faciais

Ribeiro, Matheus Antônio Corrêa

January 2008

Em nossa vida diária, são utilizadas identidades digitais (IDDs) para acessar contas de e-mail, bancos e lojas virtuais, locais restritos, computadores compartilhados, e outros. Garantir que apenas usuários autorizados tenham o acesso permitido é um aspecto fundamental no desenvolvimento destas aplicações. Atualmente, os métodos de controle de acesso simples como senhas ou números de identificação pessoal não devem ser considerados suficientemente seguros, já que um impostor pode conseguir estas informações sem o conhecimento do usuário. Ainda, no caso de utilização de dispositivos físicos como cartões de identificação, estes podem ser roubados ou forjados. Para tornar estes sistemas mais confiáveis, técnicas de autenticação de identidades utilizando múltiplas verificações são propostas. A utilização de características biométricas surge como a alternativa mais confiável para tratar este problema, pois são, teoricamente, únicas para cada pessoa. Contudo, algumas características biométricas como a aparência facial podem variar com o tempo, implicando em um grande desafio para os sistemas de reconhecimento facial. Neste trabalho é combinado o acesso tradicional por senha com a análise da face para realizar a autenticação. Um método de aprendizagem supervisionada é apresentado e sua adaptação é baseada na melhora contínua dos modelos faciais, que são representados por misturas de gaussianas. Os resultados experimentais, obtidos sobre um conjunto de teste reduzido, são encorajadores, com 98% de identificação correta dos usuários e custo computacional relativamente baixo. Ainda, a comparação com um método apresentado na literatura indicou vantagens do método proposto quando usado como um pré-selecionador de faces. / In our daily life, we use digital identities (DIDs) to access e-mails, e-banks, e-shops, physical environments, shared computers, and so on. Guarantee that only authorized users are granted access is an important aspect in the development of such applications. Nowadays, the simple access control methods like passwords or personal identification numbers can not be considered secure enough, because an impostor can obtain and use these information without user knowledge. Also, physical devices like ID cards can be stolen. To make these systems more reliable, multimodal DID authentication techniques combining different verification steps are proposed. Biometric features appears as one of the most reliable alternatives to deal with this problem because, theoretically, they are unique for each person. Nevertheless, some biometric features like face appearances may change in time, posing a serious challenge for a face recognition system. In this thesis work, we use the traditional password access combined with human face analysis to perform the authentication task. An intuitive supervised appearance learning method is presented, and its adaptation is based on continuously improving face models represented using the Gaussian mixture modeling approach. The experimental results over a reduced test set show encouraging results, with 98% of the users correctly identified, with a relatively small computational effort. Still, the comparison with a method presented in the literature indicated advantages of the proposed method when used as a pre-selector of faces.

Biometria

Identidade digital

Processamento de imagens

Imagem digital

Access control

Biometric authentication

Biometrics

Identity management systems

Facial features

User modeling

Limiting fake accounts in large-scale distributed systems through adaptive identity management / Gerenciamento adaptativo de identidades em sistemas distribuídos de larga escala

Cordeiro, Weverton Luis da Costa

January 2014

Sistemas online como Facebook, Twitter, Digg, e comunidades BitTorrent (entre vários outros) oferecem um processo leve para a obtenção de identidades (por exemplo, confirmar um endereço de e-mail válido; os requisitos podem variar dependendo do sistema), de modo que os usuários possam cadastrar-se facilmente nos mesmos. Tal conveniência vem com um preço, no entanto: com um pequeno esforço, um atacante pode obter uma grande quantidade de contas falsas (ataque Sybil), e utilizá-las para executar atividades maliciosas (que possam prejudicar os usuários legítimos) ou obter vantagens indevidas. É extremamente desafiador (senão impossível) desenvolver uma única solução de gerenciamento de identidades que seja ao mesmo tempo capaz de oferecer suporte a uma variedade de usuários usando dispositivos heterogêneos e adequada para uma diversidade de ambientes (por exemplo, sistemas distribuídos de larga escala, Internet das Coisas, e Internet do Futuro). Como consequência, a comunidade de pesquisa tem focado no projeto de soluções de gerenciamento de identidades customizadas, em cenários com um conjunto bem definido de propósitos, requisitos e limitações. Nesta tese, abordamos o problema de contas falsas em sistemas distribuídos de larga escala. Mais especificamente, nos concentramos em sistemas baseados no paradigma para- par e que podem acomodar esquemas de gerenciamento de identidades leves e de longo prazo (ex., sistemas de compartilhamento de arquivos e de live streaming, sistemas de detecção de intrusão colaborativos, entre outros); leves porque os usuários devem obter identidades sem precisar fornecer “provas de identidade” (ex., passaporte) e/ou pagar taxas; e longo prazo porque os usuários devem ser capazes de manter suas identidades (ex., através de renovação) por um período indefinido. Nosso principal objetivo é propor um arcabouço para precificar adaptativamente as solicitações de identidades como uma abordagem para conter ataques Sybil. A ideia chave é estimar um grau de confiança para as solicitações de identidades, calculada como função do número de identidades já concedidas em um dado período, considerando a origem dessas solicitações. Nossa abordagem baseia-se em prova de trabalho e usa desafios criptográficos como um recurso para conter atacantes. Nesta tese, nós também concentramos esforços na reformulação dos desafios tradicionais, de modo a torná-los “verdes” e “´uteis”. Os resultados obtidos via simulação e experimentação mostraram a viabilidade técnica de usar desafios verdes e ´uteis para o gerenciamento de identidades. Mais importante, eles mostraram que caracterizar as solicitações de identidades com base na origem das mesmas constitui uma abordagem promissora para lidar com a redução substancial da disseminação de contas falsas. / Online systems such as Facebook, Twitter, Digg, and BitTorrent communities (among various others) offer a lightweight process for obtaining identities (e.g., confirming a valid e-mail address; the actual requirements may vary depending on the system), so that users can easily join them. Such convenience comes with a price, however: with minimum effort, an attacker can obtain a horde of fake accounts (Sybil attack), and use them to either perform malicious activities (that might harm legitimate users) or obtain unfair benefits. It is extremely challenging (if not impossible) to devise a single identity management solution at the same time able to support a variety of end-users using heterogeneous devices, and suitable for a multitude of environments (e.g., large-scale distributed systems, Internet-of-Things, and Future Internet). As a consequence, the research community has focused on the design of system-specific identity management solutions, in scenarios having a well-defined set of purposes, requirements, and constraints. In this thesis, we approach the issue of fake accounts in large-scale, distributed systems. More specifically, we target systems based on the peer-to-peer paradigm and that can accommodate lightweight, long-term identity management schemes (e.g., file sharing and live streaming networks, collaborative intrusion detection systems, among others); lightweight because users should obtain identities without being required to provide “proof of identity” (e.g., passport) and/or pay taxes; and long-term because users should be able to maintain their identities (e.g., through renewal) for an indefinite period. Our main objective is to propose a framework for adaptively pricing identity requests as an approach to limit Sybil attacks. The key idea is to estimate a trust score for identity requests, calculated as a as function of the number of identities already granted in a given period, and considering their source of origin. Our approach relies on proof of work, and uses cryptographic puzzles as a resource to restrain attackers. In this thesis, we also concentrate on reshaping traditional puzzles, in order to make them “green” and “useful”. The results obtained through simulation and experimentation have shown the feasibility of using green and useful puzzles for identity management. More importantly, they have shown that profiling identity requests based on their source of origin constitutes a promising approach to tackle the dissemination of fake accounts.

Redes : Computadores

Tolerancia : Falhas

Redes P2P

Identity management

Peer-to-peer systems

Sybil attack

Fake accounts

Collusion attacks

Proof of work

MODELO DE AUTENTICAÇÃO PARA SISTEMAS DE COMPUTAÇÃO EM NUVEM / MODEL OF AUTHENTICATION FOR COMPUTING SYSTEMS IN CLOUD

MELO, Mauro Jose Araujo de

29 November 2013

Made available in DSpace on 2016-08-17T14:53:27Z (GMT). No. of bitstreams: 1 Dissertacao Mauro Jose Araujo.pdf: 1688092 bytes, checksum: 95962ac2dc98b04733201695bfc978c7 (MD5) Previous issue date: 2013-11-29 / Coordenação de Aperfeiçoamento de Pessoal de Nível Superior / The world today is moving the use of traditional systems to a computer model to offer its resources very dynamic and remotely, which is known as cloud computing. In compensation challenges arise related to security issue, which makes it clear that innovations require resources. Being an environment where there is sharing of computing resources by several organizations, it is necessary to define access to data and services, so that you keep the privacy of user identification of the environment. The first security mechanism on any computer system is the identity management through authentication. A user who has registered their identifiable information in a system will have guaranteed access to the system, if your authentication is proven. The objective of this work is to propose a model where the authentication given identity can be moved from one cloud to another to allow a registered user to access a domain to another domain. This authentication is performed through single sign that is sent encrypted via script. / O mundo atualmente encontra-se migrando a utilização dos sistemas tradicionais para um modelo computacional que oferta seus recursos de maneira bastante dinâmica e remotamente, que é conhecido como computação em nuvem. Em compensação surgem desafios relacionados à questão de segurança, o que torna notório que necessitam inovações em recursos. Por ser um ambiente onde há o compartilhamento dos recursos computacionais por diversas organizações, faz-se necessário delimitar o acesso a dados bem como aos serviços, de maneira que mantenha a privacidade de identificação dos usuários do ambiente. O primeiro mecanismo de segurança em qualquer sistema computacional é o gerenciamento de identidade, através da autenticação de acesso. Um usuário que possui suas informações de identificação cadastradas em um sistema terá o acesso garantido em sistema, caso sua autenticação seja comprovada. O objetivo deste trabalho é propor um modelo onde a autenticação de determinada identidade possa ser deslocado de uma nuvem a outra para permitir que um usuário cadastrado em um domínio possa acessar a outro domínio. Esta autenticação é realizada através de login único que é enviado através de script criptografado.

Computação em nuvem

Gerenciamento de identidade

Autenticação

Cloud Computing

Identity Management

Authentication

Enhancing Privacy for Mobile Networks : Examples of Anonymity Solutions and Their Analysis

Andersson, Christer

January 2005

Internet and mobile communications have had a profound effect on today’s society. New services are constantly being deployed, in which an increasing amount of personal data is being processed in return for personally tailored services. Further, the use of electronic surveillance is increasing. There is the risk that honest citizens will have their privacy invaded for “the greater good”. We argue that it is of uttermost importance to retain the individuals’ control over their personal spheres. One approach for enhancing the users’ privacy is to deploy technical measures for safeguarding privacy, so-called Privacy-Enhancing Technologies (PETs). This thesis examines a set of PETs for enabling anonymous communication, so-called anonymous overlay networks,which eliminate the processing of personal data altogether by allowing the users act anonymously when communicating in a networked environment. This thesis focuses mainly on mobile networks. These are of great interest because on the one hand they lay the groundwork for new innovative applications, but on the other hand they pose numerous novel challenges to privacy. This thesis describes the implementation and performance evaluation of mCrowds – an anonymous overlay network for mobile Internet that enables anonymous browsing. It also describes the ongoing investigation on how to design anonymous overlay networks in order to make them suitable for mobile ad hoc networks, a required building block for ambient intelligence.

privacy

anonymity

pseudonymity

identity management

mobile Internet

location based services

mobile ad hoc networks

Computer Sciences

Datavetenskap (datalogi)

Návrh změn systému řízení identit ve firmě / Draft of Changes Identity Management System in a Firm

Vokálek, Vojtěch

January 2016

The subject of the Master thesis is to explore the integration of Identity Management System with the Information Security Management System based on theoretical knowledge and analysis of the current situation. Notify the company to gaps and make proposals for improvement.

Netz- und Service-Infrastrukturen

Hübner, Uwe

21 May 2004

Workshop "Netz- und Service-Infrastrukturen" vom 19.-22. April 2004 in Löbsal (bei Meißen)

info:eu-repo/classification/ddc/004

ddc:004

XML

Spam-Mail

Windows XP

Service-Infrastruktur

Netz-Infrastruktur

Identity Management

Konstrukce a management identity striptýzových tanečnic / Construction and Management Identity of Exotic Dancers

Kvapilová, Lucie

January 2014

Diplomová práce "Výchova tancem. Evaluace dopadů předmětu taneční a pohybové výchovy se zabývá zhodnocením efektů předmětu taneční a pohybové výchovy, který byl před několika lety zařazen do RVP (Rámcově vzdělávací program) pro základní školy. Cílem této práce je podat přehled o oblastech, v nichž může taneční a pohybová výchova být přínosem a naopak poukázat na případné negativní nebo problematické stránky tohoto předmětu. Informace o této problematice byly získávány prostřednictvím kvalitativních výzkumných metod, tedy pomocí polostrukturovaných a skupinových interview a také metod zúčastněného a nezúčastněného pozorování v hodinách taneční a pohybové výchovy. Informátory/kami v tomto výzkumu byli lektoři/ky taneční výchovy, pedagogové/žky tříd, v nichž je tento předmět vyučován a také žáci/kyně. Největší přínosy taneční a pohybové výchovy lze shledat ve sféře sociálních vztahů, ale i v oblastech seberozvoje jedinců a rozvoje některých klíčových kompetencí. Taneční výchova například přináší potenciál pro transformaci nefunkčních kolektivních vztahů, stává se v některých případech nástrojem začlenění jedinců upozaděných nebo vyčleněných z kolektivu. Taneční a pohybová výchova také stimuluje dětskou fantazii a do určité míry může vést k rozvoji kreativních schopností u některých jedinců. Podporuje...

Drivande faktorer inom identitets- och åtkomsthantering i offentliga och privata organisationer / Driving factors in identity and access management in public and private organizations

Perlerot, Matilda, Vanjhal, Viktoria

January 2023

Vem ska ha åtkomst och vem skall ha åtkomst till vad? Identitets- och åtkomsthantering (IAM) hjälper organisationer med att hantera systemanvändare under deras livscykel till systemen inom verksamheten. Det finns flera olika faktorer som är den drivande faktorn till varför de har IAM-lösningar. Under denna uppsats kommer det att undersökas vad som är de drivande faktorer för en organisation till att ha IAM-lösningar och ifall det skiljer sig något åt mellan privat och offentlig organisation. För att ta reda på det så har sex intervjuer genomförts från tre olika verksamheter, en privat och två offentliga. Intervjuerna har skett med två personer från varje organisation med olika roller inom IAM-området för att få en djup förståelse om vad som är just den organisationens drivande faktor. Det som undersökningen resulterade i är att de drivande faktorerna inte skiljer något större åt när organisationen jämförs mellan privat och offentlig. Den drivande faktorn var huvudsakligen att förbättra IT-säkerheten inom organisationen med hjälp av IAM. Men de flesta drevs inte bara av en faktor utan en kombination av flera. Slutsatsen av undersökningen är att den drivande faktorn beror på vilken bransch organisationen tillhör samt storleken på antalet användare i deras system, inte om den tillhör privat eller offentlig organisation. / Who should have access and who should have access to what? Identity and access management (IAM) helps organizations manage system users throughout their lifecycle to the systems within the business. There are several different factors that are the driving factor why they have IAM solutions. During this essay, it will examine what are the driving factors for an organization to have IAM solutions and if there is any difference between private and public organizations. To find out, six interviews have been conducted from three different businesses, one private and two public. The interviews have taken place with two people from each organization with different roles within the IAM area in order to gain a deep understanding of what is that particular organization's driving factor. What the survey resulted in is that the driving factors do not differ much when the organization is compared between private and public. The driving factor was mainly to improve IT security within the organization using IAM. However, most were driven not by just one factor but by a combination of several. The conclusion of the survey is that the driving factor depends on the industry the organization belongs to and the size of the number of users in their system, not whether it belongs to a private or public organization.

IAM

identity

access

access management

identity management

information security

IAM

identitet

åtkomst

åtkomsthantering

identitetshantering

informationssäkerhet

Information Systems

Usable Security using GOMS: A Study to Evaluate and Compare the Usability of User Accounts on E-Government Websites

Din, Amran

01 April 2015

The term e-Government refers to providing citizens a series of services that can be conveniently conducted over the Internet. However, the potential to redefine and transform e-Government increasingly relies on citizens successfully establishing and managing a user account profile online. E-Government has not adequately addressed user-centric designs for social inclusion of all citizens on e-Government websites. There is a lack of research on the usability of user account management, and a clear lack of innovation in incorporating user-friendly authentication interfaces to accommodate a diverse user population given the wealth of existing research in web authentication techniques within Identity Management. The problem is e-Government has no standardized approach to evaluate and compare the usability of user account interfaces to accommodate a diverse user population and encourage improvements in making user account interfaces more user-friendly and accessible to citizens online. This study proposed extending a well-established usability evaluation methodology called GOMS to evaluate e-Government security interfaces for usability. GOMS, which comprises of Goals, Operations, Methods, and Selection, was used to compare the task time users took to complete similar goals on different websites. GOMS was extended to include Security Cases, which are security related goals users desire to accomplish along with the selected link and trail necessary to satisfy those goals. An observational study was conducted to capture the task time 31 users took to complete similar Security Cases on three popular e-Government websites (DMV.CA.gov, HealthCare.gov, and USPS.com). The study initially defined a catalog of six Security Cases specific to user account management and then established benchmark time predictions for each of the Security Cases using CogTool. The six Security Cases selected were as follows: Registration, Login, Change Settings, Forgot Password, Change Password, and Logout. The task time to complete each of the six Security Case on the three websites, along with statistical analysis and CogTool’s benchmark time predications, were used to quantify and compare the usability of these three websites. In order to capture demographic data and assess participant’s satisfaction using the website, the study conducted a post evaluation survey using the System Usability Scale (SUS). The survey captured age, gender, education, user satisfaction, and computer/security knowledge for each participant to assess design considerations to accommodate a diverse population. Finally, a library of Security Cases was established to compare and highlight the more effective user account interface designs on the three selected e-Government websites. This study found task time data from similar Security Cases could be categorized and used to successfully compare and highlight more effective user account interface designs. The study revealed gender and education had no distinctions in task time when performing user account management related tasks. The study also revealed seniors took significantly longer than any other age group to complete complex user account management interfaces. Additionally, CogTool did not prove to be effective in establishing reliable task time predictions to establish as benchmarks. The study concluded the GOMS method could successfully be used to establish a set of task time metrics in a catalog of Security Cases that can be used to evaluate and compare the usability of user account interfaces to accommodate a diverse user population on e-Government websites. Future usability research should be conducted to evaluate if there is a performance relationship between age and security interface complexity. Future research should also further evaluate GOMS as a viable methodology to evaluate other security interfaces not limited to e-Government and expand upon the library of Security Cases to highlight effective security interfaces designs on other websites to accommodate a diverse user population.

Information technology

Computer science

Information science

E-Government

GOMS

Identity Management

Security

Usability

User Accounts

Computer Sciences

Computer Security

Graphics and Human Computer Interfaces

Discrimination perçue au travail et (ré)aménagements identitaires de jeunes recrues d'orientation sexuelle minoritaire / Discrimination as perceived at work and identity (re)construction in young employees of a minority sexual orientation

Sahin, Poyraz

28 November 2018

L’étude conduite porte sur l’exploration de la période d’intégration des nouvelles recrues se reconnaissant une orientation sexuelle homosexuelle ou bisexuelle. A partir d’une recherche qualitative, nous posons l'hypothèse générale selon laquelle les processus d’intégration, de socialisation organisationnelle et de construction des intentions professionnelles d’avenir seraient influencés par la présence de normes hétérosexistes et d’une discrimination perçue au travail, d’une part, et par l’identité sexuelle construite antérieurement dans les différentes sphères de vie d’autre part. Nos données ont été recueilles auprès de douze jeunes se reconnaissant comme LGB, récemment intégrés dans les milieux professionnels de la justice et des transports à l’aide de deux études : l’une conduite avec des entretiens de type récit de vie pour d’étudier le sens attribué aux expériences subjectives avant et pendant la période d’intégration dans l’organisation, l’autre menée et à partir d’entretiens de type IMIS pour mieux comprendre les dynamiques identitaires en analysant les relations subjectives entre l’individu et son environnement Les résultats soulignent que les normes hétérosexistes restent dominantes et montrent la non-neutralité de la sphère professionnelle où les échanges incluent des aspects de la vie privée. Dès l’entrée dans l’organisation les jeunes LGB font face à un dilemme entre la divulgation ou la dissimulation de leur orientation sexuelle qui nécessite un aménagement de l’identité en milieu de travail. Parmi les stratégies de présentation de soi, la dissimulation fondée sur la feinte et l'évitement de l’orientation sexuelle est majoritairement utilisée pour éviter les différentes formes de discriminations et d’homophobie anticipées au travail. / The study focuses on an exploration of the integration time of recently-recruited professionals who identify themselves as homosexual or bisexual. Based on the qualitative analysis, we draw the general hypothesis that the processes of integration, organisational socialisation, and the construction of a future career path that are influenced both by the presence of heterosexist norms and perceived discrimination in the workplace as well as by sexual identity previously built in other parts of life. Our data were collected from twelve self-identified LGB young people who recently recruited in the workplace in the transportation and law using two studies: the first conducted with informal interviews to study the meaning given to subjective experience before and during the integration period in the organisation, and the second built from IMIS interviews to understand better the identity dynamics by analysing the subjective relationships between the individual and his environment. The results highlight that heterosexist norms remain dominant and show non-neutrality in the part of the professional world where the conversations include aspects of private life. From the moment of their arrival in the organisation, the young LGB people confront a dilemma between dissimulating and divulging their sexual identity, which requires identity management strategy handling to tackle different forms of discrimination and perceived homophobia. Among the identity management strategies, dissimulation based on pretending or avoiding of sexual orientation are the strategies that are used in the majority to avoid the different forms of discrimination based on sexual orientation that are anticipated in the workplace.

Orientation sexuelle minoritaire

Discrimination perçue au travail

Stratégies de présentation de soi

Socialisation organisationnelle

Diversité en milieu professionnel

Minority sexual orientation

Identity management strategies

Organisational socialisation

Diversity in the workplace