The Experts below are selected from a list of 636 Experts worldwide ranked by ideXlab platform
Shook James - One of the best experts on this subject based on the ideXlab platform.
-
Smart Contract Federated Identity Management without Third Party Authentication Services
2019Co-Authors: Mell Peter, Dray Jim, Shook JamesAbstract:Federated identity management enables users to access multiple systems using a single Login Credential. However, to achieve this a complex privacy compromising authentication has to occur between the user, relying party (RP) (e.g., a business), and a Credential service provider (CSP) that performs the authentication. In this work, we use a smart contract on a blockchain to enable an architecture where authentication no longer involves the CSP. Authentication is performed solely through user to RP communications (eliminating fees and enhancing privacy). No third party needs to be contacted, not even the smart contract. No public key infrastructure (PKI) needs to be maintained. And no revocation lists need to be checked. In contrast to competing smart contract approaches, ours is hierarchically managed (like a PKI) enabling better validation of attribute providers and making it more useful for large entities to provide identity services for their constituents (e.g., a government) while still enabling users to maintain a level of self-sovereignty.Comment: 12 pages, Open Identity Summit 201
James Shook - One of the best experts on this subject based on the ideXlab platform.
-
smart contract federated identity management without third party authentication services
arXiv: Cryptography and Security, 2019Co-Authors: Peter Mell, Jim Dray, James ShookAbstract:Federated identity management enables users to access multiple systems using a single Login Credential. However, to achieve this a complex privacy compromising authentication has to occur between the user, relying party (RP) (e.g., a business), and a Credential service provider (CSP) that performs the authentication. In this work, we use a smart contract on a blockchain to enable an architecture where authentication no longer involves the CSP. Authentication is performed solely through user to RP communications (eliminating fees and enhancing privacy). No third party needs to be contacted, not even the smart contract. No public key infrastructure (PKI) needs to be maintained. And no revocation lists need to be checked. In contrast to competing smart contract approaches, ours is hierarchically managed (like a PKI) enabling better validation of attribute providers and making it more useful for large entities to provide identity services for their constituents (e.g., a government) while still enabling users to maintain a level of self-sovereignty.
Hatim Mohamad Tahir - One of the best experts on this subject based on the ideXlab platform.
-
Can Single Sign-on Improve Password Management? A Focus Group Study
Pattern Analysis Intelligent Security and the Internet of Things, 2015Co-Authors: Norliza Katuk, Hatim Mohamad Tahir, Nur Haryani Zakaria, Mohamad Subri HalimAbstract:This article presents a research concerning password management and single sign-on for accessing Internet applications. Many Internet applications require users to subscribe to their services and authenticate themselves through the use of Login Credentials. The number of such applications is increasing exponentially, which caused ineffective Login Credential management among users. This study was conducted with two objectives (i) to identify how users manage their usernames and passwords and (ii) to examine whether users see the benefits of single sign-on. To achieve these objectives, a focus group interview was conducted on students from a local university. The results of the study suggested that the students did not practise proper password management. Further, it suggested that single sign-on may not be the immediate solution to improve the students’ password management.
-
Security and privacy of Single-Sign-On (SSO) in mobile environment: Students' experiences and perceptions
2014Co-Authors: Norliza Katuk, Hatim Mohamad TahirAbstract:The number of password-protected Internet-based applications is increasing significantly compared to a decade ago.Many Internet applications require users to subscribe to their services and authenticate themselves through the use of Login Credentials.The number of such applications is increasing exponentially.Consequently, it causes an increase in the number of Login Credentials that users have to manage for both Internet and mobile environments.Due to the limitation in human memory, users usually forget their Credentials (i.e., user names/IDs and passwords) and they tend to write down the passwords or replicate single password for many different applications. This practice could expose users to variety of security threats and attacks.A recent technological development on user authentication has introduced single-sign-on (SSO) that intends to help users with their Credentials management.This research aims to investigate password management and SSO for accessing Internet applications especially through the use of mobile devices.The research was carried out in two phases: (i) a focus group study and (ii) survey.The researchers interviewed 11 students from School of Computing (SOC), Universiti Utara Malaysia (UUM).The results of the study found that the students did not practice proper password management. Further, it suggested that SSO may not be the immediate solution to improve the students’ password management.A behavioral study was conducted on 250 students from Universiti Utara Malaysia to understand how they managed their Login Credentials while accessing the Internet via their mobile devices, and their perceptions and awareness towards SSO.The results suggested that students practiced poor Login Credential management, however, the students are concerned about the security and privacy of their Credentials.Security and privacy in mobile environment are important and need to be addressed through the use of technology and policy.The findings of this research imply system developers and policy makers on the aspect of users’ security and privacy.The findings are also useful for the purpose of training and educating students on the importance of security and privacy in mobile environment.
-
Behavioral analysis of students’ Login Credentials management in mobile environment
Journal of Industrial and Intelligent Information, 2013Co-Authors: Norliza Katuk, Mohamad Subri Halim, Hatim Mohamad Tahir, Amran Ahmad, Sharmila Mat YusofAbstract:The number of password-protected Internet- based applications is increasing significantly compared to a decade ago. Consequently, it causes an increase in the number of Login Credentials that users have to manage, for both Internet ad mobile environments. This paper presents a study that specifically focused on students' Login Credential management for mobile computing users. A behavioral study was conducted on 250 students from Universiti Utara Malaysia to understand how they managed their Login Credential while accessing the Internet via their mobile devices. The results suggested that students practiced poor Login Credential management. The paper recommends approaches that can be taken to improve Login Credential management for users with mobile devices.
Norliza Katuk - One of the best experts on this subject based on the ideXlab platform.
-
Can Single Sign-on Improve Password Management? A Focus Group Study
Pattern Analysis Intelligent Security and the Internet of Things, 2015Co-Authors: Norliza Katuk, Hatim Mohamad Tahir, Nur Haryani Zakaria, Mohamad Subri HalimAbstract:This article presents a research concerning password management and single sign-on for accessing Internet applications. Many Internet applications require users to subscribe to their services and authenticate themselves through the use of Login Credentials. The number of such applications is increasing exponentially, which caused ineffective Login Credential management among users. This study was conducted with two objectives (i) to identify how users manage their usernames and passwords and (ii) to examine whether users see the benefits of single sign-on. To achieve these objectives, a focus group interview was conducted on students from a local university. The results of the study suggested that the students did not practise proper password management. Further, it suggested that single sign-on may not be the immediate solution to improve the students’ password management.
-
Security and privacy of Single-Sign-On (SSO) in mobile environment: Students' experiences and perceptions
2014Co-Authors: Norliza Katuk, Hatim Mohamad TahirAbstract:The number of password-protected Internet-based applications is increasing significantly compared to a decade ago.Many Internet applications require users to subscribe to their services and authenticate themselves through the use of Login Credentials.The number of such applications is increasing exponentially.Consequently, it causes an increase in the number of Login Credentials that users have to manage for both Internet and mobile environments.Due to the limitation in human memory, users usually forget their Credentials (i.e., user names/IDs and passwords) and they tend to write down the passwords or replicate single password for many different applications. This practice could expose users to variety of security threats and attacks.A recent technological development on user authentication has introduced single-sign-on (SSO) that intends to help users with their Credentials management.This research aims to investigate password management and SSO for accessing Internet applications especially through the use of mobile devices.The research was carried out in two phases: (i) a focus group study and (ii) survey.The researchers interviewed 11 students from School of Computing (SOC), Universiti Utara Malaysia (UUM).The results of the study found that the students did not practice proper password management. Further, it suggested that SSO may not be the immediate solution to improve the students’ password management.A behavioral study was conducted on 250 students from Universiti Utara Malaysia to understand how they managed their Login Credentials while accessing the Internet via their mobile devices, and their perceptions and awareness towards SSO.The results suggested that students practiced poor Login Credential management, however, the students are concerned about the security and privacy of their Credentials.Security and privacy in mobile environment are important and need to be addressed through the use of technology and policy.The findings of this research imply system developers and policy makers on the aspect of users’ security and privacy.The findings are also useful for the purpose of training and educating students on the importance of security and privacy in mobile environment.
-
Behavioral analysis of students’ Login Credentials management in mobile environment
Journal of Industrial and Intelligent Information, 2013Co-Authors: Norliza Katuk, Mohamad Subri Halim, Hatim Mohamad Tahir, Amran Ahmad, Sharmila Mat YusofAbstract:The number of password-protected Internet- based applications is increasing significantly compared to a decade ago. Consequently, it causes an increase in the number of Login Credentials that users have to manage, for both Internet ad mobile environments. This paper presents a study that specifically focused on students' Login Credential management for mobile computing users. A behavioral study was conducted on 250 students from Universiti Utara Malaysia to understand how they managed their Login Credential while accessing the Internet via their mobile devices. The results suggested that students practiced poor Login Credential management. The paper recommends approaches that can be taken to improve Login Credential management for users with mobile devices.
Mell Peter - One of the best experts on this subject based on the ideXlab platform.
-
Smart Contract Federated Identity Management without Third Party Authentication Services
2019Co-Authors: Mell Peter, Dray Jim, Shook JamesAbstract:Federated identity management enables users to access multiple systems using a single Login Credential. However, to achieve this a complex privacy compromising authentication has to occur between the user, relying party (RP) (e.g., a business), and a Credential service provider (CSP) that performs the authentication. In this work, we use a smart contract on a blockchain to enable an architecture where authentication no longer involves the CSP. Authentication is performed solely through user to RP communications (eliminating fees and enhancing privacy). No third party needs to be contacted, not even the smart contract. No public key infrastructure (PKI) needs to be maintained. And no revocation lists need to be checked. In contrast to competing smart contract approaches, ours is hierarchically managed (like a PKI) enabling better validation of attribute providers and making it more useful for large entities to provide identity services for their constituents (e.g., a government) while still enabling users to maintain a level of self-sovereignty.Comment: 12 pages, Open Identity Summit 201
