Lin Yao,Xiangwei Kong,Guowei Wu,Qingna Fan,Chi Lin

DOI: https://doi.org/10.1007/s11767-008-0089-5

2010-01-01

Abstract:In pervasive computing environments, users can get services anytime and anywhere, but the ubiquity and mobility of the environments bring new security challenges. The user and the service provider do not know each other in advance, they should mutually authenticate each other. The service provider prefers to authenticate the user based on his identity while the user tends to stay anonymous. Privacy and security are two important but seemingly contradictory objectives. As a result, a user prefers not to expose any sensitive information to the service provider such as his physical location, ID and so on when being authenticated. In this paper, a highly flexible mutual authentication and key establishment protocol scheme based on biometric encryption and Diffie-Hellman key exchange to secure interactions between a user and a service provider is proposed. Not only can a user’s anonymous authentication be achieved, but also the public key cryptography operations can be reduced by adopting this scheme. Different access control policies for different services are enabled by using biometric encryption technique. The correctness of the proposed authentication and key establishment protocol is formally verified based on SVO logic.

Abhilasha Bhargav-Spantzel,Anna Squicciarini,Elisa Bertino,Xiangwei Kong,Weike Zhang

DOI: https://doi.org/10.1145/1750389.1750401

2010-01-01

Abstract:We present algorithms to reliably generate biometric identifiers from a user's biometric image which in turn is used for identity verification possibly in conjunction with cryptographic keys. The biometric identifier generation algorithms employ image hashing functions using singular value decomposition and support vector classification techniques. Our algorithms capture generic biometric features that ensure unique and repeatable biometric identifiers. We provide an empirical evaluation of our techniques using 2569 images of 488 different individuals for three types of biometric images; namely fingerprint, iris and face. Based on the biometric type and the classification models, as a result of the empirical evaluation we can generate biometric identifiers ranging from 64 bits up to 214 bits. We provide an example use of the biometric identifiers in privacy preserving multi-factor identity verification based on zero knowledge proofs. Therefore several identity verification factors, including various traditional identity attributes, can be used in conjunction with one or more biometrics of the individual to provide strong identity verification. We also ensure security and privacy of the biometric data. More specifically, we analyze several attack scenarios. We assure privacy of the biometric using the one-way hashing property, in that no information about the original biometric image is revealed from the biometric identifier.

Abdelrahman Ahmed Alhammadi,Saadat M. Alhashmi,Mohammad Lataifeh,John Lewis Rice

DOI: https://doi.org/10.3390/computers13090243

2024-09-23

Computers

Abstract:The United Arab Emirates (UAE) is a frontrunner in digitalising government services, demonstrating the successful implementation of National Digital Identity (NDI) systems. Unlike many developing nations with varying levels of success with electronic ID systems due to legal, socio-cultural, and ethical concerns, the UAE has seamlessly integrated digital identities into various sectors, including security, transportation, and more, through initiatives like UAE Pass. This study draws on the UAE’s functional digital ID systems, such as those utilised in the Dubai Smart City project, to highlight the potential efficiencies and productivity gains in public services while addressing the associated risks of cybersecurity and privacy. This paper provides a comprehensive understanding of the UAE’s NDI and its impact on the nation’s digital transformation agenda, offering a thorough analysis of the effectiveness and challenges of NDIs, explicitly focusing on the UAE’s approach.

Ali M. Al-Khouri

DOI: https://doi.org/10.48550/arXiv.1105.6361

2011-06-01

Abstract:Many countries around the world have initiated national ID card programs in the last decade. These programs are considered of strategic value to governments due to its contribution in enhancing existing identity management systems. Considering the total cost of such programs which goes up to billions of dollars, the success in attaining their objectives is a crucial element in the agendas of political systems in countries worldwide. Our experience in the field shows that many of such projects have been challenged to deliver their primary objectives of population enrolment, and therefore resulted in failing to meet deadlines and keeping up with budgetary constraints. The purpose of this paper is to explain the finding of a case study action research aimed to introduce a new approach to how population are enrolled in national ID programs. This is achieved through presenting a case study of a business process reengineering initiative undertaken in the UAE national ID program. The scope of this research is limited to the enrolment process within the program. This article also intends to explore the possibilities of significant results with the new proposed enrolment approach with the application of BPR. An overview of the ROI study has been developed to illustrate such efficiencies.

Other Computer Science

Jason Chia,Swee-Huay Heng,Ji-Jian Chin,Syh-Yuan Tan,Wei-Chuen Yau

DOI: https://doi.org/10.3390/sym13081535

2021-08-20

Symmetry

Abstract:Public key infrastructure (PKI) plays a fundamental role in securing the infrastructure of the Internet through the certification of public keys used in asymmetric encryption. It is an industry standard used by both public and private entities that costs a lot of resources to maintain and secure. On the other hand, identity-based cryptography removes the need for certificates, which in turn lowers the cost. In this work, we present a practical implementation of a hybrid PKI that can issue new identity-based cryptographic keys for authentication purposes while bootstrapping trust with existing certificate authorities. We provide a set of utilities to generate and use such keys within the context of an identity-based environment as well as an external environment (i.e., without root trust to the private key generator). Key revocation is solved through our custom naming design which currently supports a few scenarios (e.g., expire by date, expire by year and valid for year). Our implementation offers a high degree of interoperability by incorporating X.509 standards into identity-based cryptography (IBC) compared to existing works on hybrid PKI–IBC systems. The utilities provided are minimalist and can be integrated with existing tools such as the Enterprise Java Bean Certified Authority (EJBCA).

Ali M. Al-Khouri

DOI: https://doi.org/10.48550/arXiv.1105.6358

2011-05-31

Computers and Society

Abstract:Despite the immeasurable investment in e-government initiatives throughout the world, such initiatives have yet to succeed in fully meeting expectations and desired outcomes. A key objective of this research article is to support the government of the UAE in realizing its vision of e-government transformation. It presents an innovative framework to support e-government implementation, which was developed from a practitioner's perspective and based on learnings from numerous e-government practices around the globe. The framework presents an approach to guide governments worldwide, and UAE in particular, to develop a top down strategy and leverage technology in order realize its long term goal of e-government transformation. The study also outlines the potential role of modern national identity schemes in enabling the transformation of traditional identities into digital identities. The work presented in this study is envisaged to help bridge the gap between policy makers and implementers, by providing greater clarity and reducing misalignment on key elements of e-government transformation. In the hands of leaders that have a strong will to invest in e-government transformation, the work presented in this study is envisaged to become a powerful tool to communicate and coordinate initiatives, and provide a clear visualization of an integrated approach to e-government transformation.

Oleksandr Dulia,Dmytro Minochkin

DOI: https://doi.org/10.20535/2411-1031.2023.11.2.293496

2023-12-28

Abstract:This article delves into the vital role of Public Key Infrastructure (PKI) in securing and authenticating communications across a multitude of fields. PKI has evolved from a mere technical concept into a cornerstone of secure digital communications, playing a central role in various domains such as web security, healthcare, finance, the Internet of Things (IoT), and government services. PKI employs cryptographic techniques and digital certificates to establish trust, ensure data integrity, and enable secure communications, thus acting as the backbone of digital security. In the wake of the digital revolution, the demand for reliable and robust security solutions has skyrocketed. The diversity and scale of modern digital platforms necessitate adaptable security solutions, a challenge which PKI tackles through its flexible implementation. Despite sharing core principles, the implementation of PKI demonstrates divergences influenced by factors such as scale, complexity, resource constraints, regulatory environments, and trust models. This article offers an extensive comparison of PKI's utilization across various domains, highlighting the commonalities and divergences. It explores how PKI is tailored to meet the unique requirements and challenges of each sector and discusses the certificate lifecycle management in varying contexts. Moreover, it provides an analysis of the current state of PKI applications and challenges, offering insights into the evolving landscape of threats and technologies. Not only does the article address the current state of PKI, but it also presents a forward-looking perspective on its potential future developments. As the digital landscape continues to evolve and expand, it is crucial to anticipate the emerging challenges and devise strategies for proactive adaptation. This article thus serves as a comprehensive resource for understanding the role and impact of PKI in the contemporary digital infrastructure. Ultimately, the article seeks to underline the importance of PKI and highlight the need for continued research and development in this area. As our reliance on digital communications and transactions continues to grow, the role of PKI in safeguarding these interactions becomes increasingly significant. This comprehensive review serves as a valuable resource for researchers, practitioners, and policymakers in understanding the diverse applications of PKI and its critical role in securing the digital world.

Aida Habul,Amila Pilav-Velić,Mirza Teftedarija

DOI: https://doi.org/10.1007/978-3-319-39919-5_23

2016-08-17

Abstract:The use of public key infrastructure in administration has great potential, given that a large number of services are performed in a traditional manner, including long waiting lines and the waste of time, human, and financial resources. This paper is aimed at investigating whether the PKI implementation in public institution such as the Federation BiH Tax Administration contributes to improving its process, enhancing performance and quality of public services, including the end-user satisfaction. The research focuses on the two most extensive and basic processes of Tax Administration (TA): the tax form submission and the issuance of tax payment certificates. The methodology includes comparison between the existing “AS IS model,” based on the manual authentication and the new “TO BE model,” which includes the PKI implementation. The research findings indicate that TO BE model has contributed to the process optimization, including a complete automation of the user authentication and authorization processes. Therefore, the filling of tax return process is carried out in 5, instead of previous 14 different processes, resulting in significant costs in savings and time. On the other hand, a successful PKI implementation depends on the understanding and commitment of staff, including their readiness to change. To that end, they were asked to respond to a questionnaire on their experiences with the PKI. The sample included 37 respondents, who work in different tax offices. It is encouraging that 89 % of them are convinced that the PKI implementation in their institution would significantly improve their tasks and processes, enabling them to develop partnerships with taxpayers.

Adrian-Tudor Dumitrescu,Johan Pouwelse

2024-01-11

Abstract:The Public Key Infrastructure existed in critical infrastructure systems since the expansion of the World Wide Web, but to this day its limitations have not been completely solved. With the rise of government-driven digital identity in Europe, it is more important than ever to understand how PKI can be an efficient frame for eID and to learn from mistakes encountered by other countries in such critical systems. This survey aims to analyze the literature on the problems and risks that PKI exhibits, establish a brief timeline of its evolution in the last decades and study how it was implemented in digital identity projects.

Distributed, Parallel, and Cluster Computing,Cryptography and Security

KY Lam,SL Chung,M Gu,JG Sun

DOI: https://doi.org/10.1016/s0167-4048(03)00615-1

IF: 5.105

2003-01-01

Computers & Security

Abstract:This paper describes a security middleware for enhancing the interoperability of public key infrastructure (PKI). Security is a key concern in e-commerce and is especially critical in cross-enterprise transactions. Public key cryptography is widely accepted as an important mechanism for addressing the security needs of e-commerce transactions because of its ability to implement non-repudiation. The deployment of public key cryptography is facilitated by the provision of PKI which assures the integrity of cryptographic keys. Nevertheless, industry experiences have shown that the task of implementing PKI-based e-commerce applications is challenging. Prior studies have identified interoperability as a major issue that hinders the adoption of PKI in spite of its effectiveness in implementing strong security mechanisms and protocols. In this paper, we discuss the interoperability issue of PKI applications. This research is part of our effort in designing security infrastructure for e-commerce systems. A middleware architecture was designed to enhance interoperability of PKI applications. The security middleware aims to promote cross-enterprise cross-border e-commerce transactions. The proposed mechanism is proven to be practical in real deployment environment.

Riyad Eid,Hassan Selim,Yasser El-Kassrawy

DOI: https://doi.org/10.1108/tg-10-2019-0100

2020-06-10

Transforming Government: People, Process and Policy

Abstract:Purpose The growing popularity of mobile technology has led governments across the world to develop mobile business models and encouraged the transition from the electronic government (e-government) to the mobile government (m-government). However, only a small amount of data is available regarding m-government implementation in developing countries and users’ behavioural intentions (BIs) with respect to the utilization of such services. To address this issue, this study attempts to identify factors that affect m-government acceptance among citizens of the United Arab Emirates (UAE). This study aims to examine the relationships between m-government service characteristics and m-government technology characteristics by analysing their perceived ease-of-use, perceived usefulness, user attitudes towards m-government usage and corresponding BIs with respect to utilization of m-government services. Design/methodology/approach This study is based on a quantitative survey conducted among 326 users of m-government services in the UAE. The responses were tabulated on a five-point Likert scale. Structural equation modelling was used to evaluate the performance of the proposed model and verify the hypothesized relationships between its constructs. Findings Overall, the research findings indicate that: users’ intention to use m-government applications has three determinants – attitude towards m-government use, m-government ease of use and m-government usefulness; m-government usefulness and ease of use have a significant influence on user attitudes towards m-government; and perceived ease of use of the service, currency of the services, the accuracy of the provided information, the security concerns associated with the utilization of the m-government services, trust in the m-government services and the risks perceived in using the m-Government service are antecedents of users’ perceptions of the m-government services. Originality/value This study has improved our understanding of the critical mobile technology factors that are needed to improve user acceptance of m-government services. The study presents important implications for both theory and practice.

ZHAO Yang

DOI: https://doi.org/10.3969/j.issn.1672-4844.2012.09.018

2012-01-01

Abstract:To reduce security risks of business application systems at a maximum extent, and fully ensure them security, this paper describes the construction of a unified PKI/CA digital identity certification system with the Public Key Infrastructure (PKI) technology as the core. The system uses a unified identity certification method for information system accesses, effectively integrates the PKI/CA system with information application systems, and solves complex security management problems for business systems. The system has been put into operation in Kunming power supply bureau, which builds an information security basis platform for enterprise’s applications, and provides a reliable security standard for enterprise informatization construction and application system development.

Zhu Zhenfang

Abstract:These PKI is a kind of follow the standard use of public key encryption technology for the development of e-commerce to provide a secure foundation platform technology and specifications. The application of digital certificates is under the network environment to solve the problem such as identity authentication, access control, and information protection. This thesis mainly studied the part of the problem, this paper introduced the basic knowledge of cryptography and PKI theory foundation and basic system, of several common PKI trust model had carried on the detailed introduction, designed the distributed network environment, interconnection security platform of authentication and information encryption module.

Computer Science,Engineering

Mohammed Rashed Mohamed Al Humaid Alneyadi,Md Kassim Normalini

DOI: https://doi.org/10.28945/5166

2023-01-01

Abstract:Aim/Purpose: The UAE and other Middle Eastern countries suffer from various cybersecurity vulnerabilities that are widespread and go undetected. Still, many UAE government organizations rely on human-centric approaches to combat the growing cybersecurity threats. These approaches are ineffective due to the rapid increase in the amount of data in cyberspace, hence necessitating the employment of intelligent technologies such as AI cybersecurity systems. In this regard, this study investigates factors influencing users’ intention to adopt AI-based cybersecurity systems in the UAE. Background: Even though UAE is ranked among the top countries in embracing emerging technologies such as digital identity, robotic process automation (RPA), intelligent automation, and blockchain technologies, among others, it has experienced sluggish adoption of AI cybersecurity systems. This selectiveness in adopting technology begs the question of what factors could make the UAE embrace or accept new technologies, including AI-based cybersecurity systems. One of the probable reasons for the slow adoption and use of AI in cybersecurity systems in UAE organizations is the employee’s perception and attitudes towards such intelligent technologies. Methodology: The study utilized a quantitative approach whereby web-based questionnaires were used to collect data from 370 participants working in UAE government organizations considering or intending to adopt AI-based cybersecurity systems. The data was analyzed using the PLS-SEM approach. Contribution: The study is based on the Protection Motivation Theory (PMT) framework, widely used in information security research. However, it extends this model by including two more variables, job insecurity and resistance to change, to enhance its predictive/exploratory power. Thus, this research improves PMT and contributes to the body of knowledge on technology acceptance, especially in intelligent cybersecurity technology. Findings: This paper’s findings provide the basis from which further studies can be conducted while at the same time offering critical insights into the measures that can boost the acceptability and use of cybersecurity systems in the UAE. All the hypotheses were accepted. The relationship between the six constructs (perceived vulnerability (PV), perceived severity (PS), perceived response efficacy (PRE), perceived self-efficacy (PSE), job insecurity (JI), and resistance to change (RC)) and the intention to adopt AI cybersecurity systems in the UAE was found to be statistically significant. This paper’s findings provide the basis from which further studies can be conducted while at the same time offering critical insights into the measures that can boost the acceptability and use of cybersecurity systems in the UAE. Recommendations for Practitioners: All practitioners must be able to take steps and strategies that focus on factors that have a significant impact on increasing usage intentions. PSE and PRE were found to be positively related to the intention to adopt AI-based cybersecurity systems, suggesting the need for practitioners to focus on them. The government can enact legislation that emphasizes the simplicity and awareness of the benefits of cybersecurity systems in organizations. Recommendation for Researchers: Further research is needed to include other variables such as facilitating conditions, AI knowledge, social influence, and effort efficacy as well as other frameworks such as UTAUT, to better explain individuals’ behavioral intentions to use cybersecurity systems in the UAE. Impact on Society: This study can help all stakeholders understand what factors can increase users’ interest in investing in the applications that are embedded with security. As a result, they have an impact on economic recovery following the COVID-19 pandemic. Future Research: Future research is expected to investigate additional factors that can influence individuals’ behavioral intention to use cybersecurity systems such as facilitating conditions, AI knowledge, social influence, effort efficacy, as well other variables from UTAUT. International research across nations is also required to build a larger sample size to examine the behavior of users.

English Else

Yajie Li,Qiufeng Wu,Meng Yuan

DOI: https://doi.org/10.3321/j.issn:1002-8331.2001.10.015

2001-01-01

Abstract:The development of electronic commerce requires the high security of network communication,PKI is an effective solution. This paper introduces basic structure,evaluation standard and major design problems of PKI.

P. Gutmann

DOI: https://doi.org/10.1109/MC.2002.1023787

2002-08-01

Computer

Abstract:Like other flexible objects, the public key infrastructure sacrifices some utility in trying to be all things to all people. Mainly, PKI's generic, all-purpose identity certificates fall short of what the marketplace demands, forcing vendors to develop more economically efficient, useful, and imaginative business models. Thus, we must adapt the PKI design to the real world rather than trying to constrain the real world to match the PKI. A variety of alternative approaches, ranging from simple workarounds to designing the application to sidestep PKI's shortcomings entirely, can help solve the problems inherent in the standard X.509 model. Despite an original design that failed to address the marketplace's needs, the use of innovative public key infrastructure models can make the technology meet today's requirements.

Computer Science,Philosophy

Paul Balanoiu

DOI: https://doi.org/10.48550/arXiv.1002.3475

2010-02-18

Abstract:Most developed countries have started the implementation of biometric electronic identification cards, especially passports. The European Union and the United States of America struggle to introduce and standardize these electronic documents. Due to the personal nature of the biometric elements used for the generation of these cards, privacy issues were raised on both sides of the Atlantic Ocean, leading to civilian protests and concerns. The lack of transparency from the public authorities responsible with the implementation of such identification systems, and the poor technological approaches chosen by these authorities, are the main reasons for the negative popularity of the new identification methods. The following article shows an approach that provides all the benefits of modern technological advances in the fields of biometrics and cryptography, without sacrificing the privacy of those that will be the beneficiaries of the new system.

Cryptography and Security

Christos Patsonakis,Katerina Samari,Aggelos Kiayias,Mema Roussopoulos

DOI: https://doi.org/10.1109/DAPPCON.2019.00022

2019-02-03

Abstract:Public key infrastructures (PKIs) are one of the main building blocks for securing communications over the Internet. Currently, PKIs are under the control of centralized authorities, which is problematic as evidenced by numerous incidents where they have been compromised. The distributed, fault tolerant log of transactions provided by blockchains and more recently, smart contract platforms, constitutes a powerful tool for the decentralization of PKIs. To verify the validity of identity records, blockchain-based identity systems store on chain either all identity records, or, a small (or even constant) sized amount of data to verify identity records stored off chain. However, as most of these systems have never been implemented, there is little information regarding the practical implications of each design's tradeoffs. In this work, we first implement and evaluate the only provably secure, smart contract based PKI of [1] on top of Ethereum. This construction incurs constant-sized storage at the expense of computational complexity. To explore this tradeoff, we propose and implement a second construction which, eliminates the need for trusted setup, preserves the security properties of [1] and, as illustrated through our evaluation, is the only version with constant-sized state that can be deployed on the live chain of Ethereum. Furthermore, we compare these two systems with the simple approach of most prior works, e.g., the Ethereum Name Service, where all identity records are stored on the smart contract's state, to illustrate several shortcomings of Ethereum and its cost model. We propose several modifications for fine tuning the model, which would be useful to be considered for any smart contract platform like Ethereum so that it reaches its full potential to support arbitrary distributed applications.

Distributed, Parallel, and Cluster Computing

Durgesh Kumar Mishra,Samiksha Shukla

DOI: https://doi.org/10.48550/arXiv.0912.3984

2009-12-20

Abstract:Information management and retrieval of all the citizen occurs in almost all the public service functions. Electronic Government system is an emerging trend in India through which efforts are made to strive maximum safety and security. Various solutions for this have been proposed like Shibboleth, Public Key Infrastructure, Smart Cards and Light Weight Directory Access Protocols. Still, none of these guarantee 100 percent security. Efforts are being made to provide common national identity solution to various diverse Government identity cards. In this paper, we discuss issues related to these solutions.

Multiagent Systems

Abba Garba,Qinwen Hu,Zhong Chen,Muhammad Rizwan Asghar

DOI: https://doi.org/10.1109/hpcc-smartcity-dss50907.2020.00108

2020-01-01

Abstract:Recently, real-world attacks against the web Public Key Infrastructure (PKI) have arisen more frequently. The current PKI that use Registration Authorities/Certificate Authorities (RAs/CAs) model suffer from notorious security vulnerabilities. Most of these vulnerabilities are due to compromises of RAs, which lead to impersonation attacks resulting in CAs misbehaving to issue bogus certificates. To counter this problem, many approaches, such as Certificate Transparency (CT), ARPKI, and PoliCert, have been proposed. Nonetheless, no solution has yet gained widespread acceptance as a result of complexity and deployability issues. Moreover, existing approaches still require to satisfy complicated interactions and synchronisation among the entities that are involved during certificate issuance, updates, and revocations. In this paper, we propose a new Blockchain-Based PKI (BB-PKI) to address these vulnerabilities of CA misbehaviour caused by impersonation attacks against RAs. Certificate Issuance Request (CIR) should be vouched by manifold RAs. Multiple CAs shall sign and issue the certificate using an out-of-band secure communication channel. Any RA that contributes to the verification process of a user's request can publish the certificate in the blockchain by creating a smart contract certificate transaction. BB-PKI offers strong security guarantees, compromising $n - 1$ of the RAs or CAs is not enough to launch impersonation attacks, meaning that attackers cannot compromise more than the threshold of the latter signatures to launch an attack.