Research Directions in Identity ManagementOutlineIdentity ManagementTechnologies: BiometricsTechnologies: RFIDOur ApproachPolicy FrameworkLife Cycle Management PoliciesAccess Control PoliciesAdditional Elements of the PoliciesIdentity Management for Front-end SystemIdentity Management for Back-end System: Risk ManagementIdentity Management for Back-end System: Data ManagementInteroperabilityIdentity Management in a Coalition EnvironmentSurveillance Problem AddressedThe Semantic GapOur ApproachLabeled Video EventsSlide 20Experiment #1Slide 22Slide 23Classifying Disguised EventsSlide 25Slide 26Slide 27Privacy Preserving SurveillanceOur Biometrics and RFID ResearchResearch Directions in Identity ManagementDr. Bhavani ThuraisinghamThe University of Texas at DallasCollaborators and co-authors of the presentation: Prof. Latifur Khan and Prof. Murat KantarciogluStudents: Parveen Pallabi and Abin ChandrasekaranThe University of Texas at DallasProf. Elisa BertinoPurdue UniversityFebruary 2007Outline Identity ManagementTechnologiesOur Research on Identity Assurance-Policy Framework-Data Management Framework-Interoperability-Coalition Data SharingOur Research in SurveillanceOur research in Biometrics and RFIDIdentity Management Biometric systems, RFID chips and other advanced identification systems have provided tools for organizations to identify and track supply chain and personnel. Biometric identification/authentication is finding new applications such as e-passports. Identification technologies creates unique challenges and opportunities for businesses, governments and the society with respect to security and privacyNeed better, more reliable biometric systems, fail-safe mechanisms for credential assignments and common set of best practices and standards. Organizations using identification systems should devise systematic ways to handle associated risksTechnologies: BiometricsBiometrics are automated methods of recognizing a person based on a physiological or behavioral characteristic-Features measured: Face, Fingerprints, Hand geometry, handwriting, Iris, Retina and VoiceThree-steps: Capture-Process-VerificationCapture: A raw biometric is captured by a sensing device such as fingerprint scanner or video cameraProcess: The distinguishing characteristics are extracted from the raw biometrics sample and converted into a processed biometric identifier recordVerification and Identification-Matching the enrolled biometric sample against a single record; is the person really what he claims to be?-Matching a biometric sample against a database of identifiersTechnologies: RFID RFID (Radio Frequency Identifier) tags are transponders that can be used for identification purposes of various entities like passports, product tracking, automotive parts identification and transport payments like in highway toll tags They are basically devices that can emit and receive radio waves within a specified region and enable the position identification of a target object. Recent research in RFID includes -security and privacy-RFID data management and warehousingOur Approach In an RFID or biometric system, data is collected from different applications and processed, in part, in the front-end system and in-part at the back-end system (server)The back-end access can occur over the Internet. This gives rise to a challenging end-to-end identity management problem. We need to provide identity assurance both for the front-end and back-end subsystem as well as the network. We envisage a system that we call an Identity Life Cycle Management System that manages information about the credential and the credential issuers. We are focusing on Life Cycle Management System as well as the front-end and back-end systems of an RFID and/or biometrics system.Policy Framework Need appropriate policies that would allow administrators to set up and tailor identity assurance processes. We are devising the required policies and developing languages to specify such policies. We have identified two types of policies: Life Cycle management policies and Access control policies.Life cycle management policies govern the entire identity management processesAccess control policies control the entities that access the information collected for identity purposes. We will discuss both policies.Life Cycle Management Policies Issuer Certification & Accreditation; What level of trust can be placed in various issuers? What level of trust can be placed in various identity credentials? Identity Proofing & Registration: What procedures should exist to vet and issue the credential? How should individuals enroll? Credential Creation & Issuance: Who should create electronic ID credentials? What data elements should be contained on credentials? Credential Lifecycle Management: What if the device containing the credential is lost or stolen? What mechanisms can be used to validate the identification credential over time?Access Control Policies The subjects who are the users and processes that access the identity data The objects that are the data to be protected (e.g., biometric data and RFID data). Subject’s access to the objects is controlled by the access control policies. These policies include policies for confidentiality, privacy, trust, data provenance and integrity.Additional Elements of the Policies Identification of the classes of policies relevant in the context of identity assurance and development of the corresponding policy languages. Two relevant classes include life cycle management policies and access control policies.Development of interoperability techniques for multi-domain systems, including sharing of identity policies and information.Development of a notion of “identity management process” that would encompass all the steps in assuring identity information flow, from policy formation and deployment, data gathering and analysis, forensics.Identity Management for Front-end System The front-end system reads the data, performs some processing and sends it to the backend. One issue to be considered is the quality of data collected for identity assurance. While techniques to support the desired level of quality of data and transactions in real-time applications have been studied, quality of data for identity management has not been
View Full Document