Related papers: Towards an Improved Taxonomy of Attacks related to Digital Identities and Identity Management Systems

Towards an Improved Taxonomy of Attacks related to Digital Identities and Identity Management Systems

URL: http://arxiv.org/abs/2407.16718v1
Date: Tue, 23 Jul 2024 07:46:40 GMT
Title: Towards an Improved Taxonomy of Attacks related to Digital Identities and Identity Management Systems
Authors: Daniela Pöhn, Wolfgang Hommel,
Abstract summary: We propose the improved framework taxonomy for Identity Management related to Attacks (TaxIdMA) The purpose of TaxIdMA is to classify existing attacks, attack vectors, and vulnerabilities associated with system identities, identity management systems, and end-user identities. The combination of TaxIdMA, which allows a structured way to outline attacks and is applicable to different scenarios, and a description language for threat intelligence help to improve the security identity management systems and processes.
Score: 0.0
License: http://creativecommons.org/licenses/by/4.0/
Abstract: Digital transformation with the adoption of cloud technologies, outsourcing, and working-from-home possibilities permits flexibility for organizations and persons. At the same time, it makes it more difficult to secure the IT infrastructure as the IT team needs to keep track of who is accessing what data from where and when on which device. With these changes, identity management as a key element of security becomes more important. Identity management relates to the technologies and policies for the identification, authentication, and authorization of users (humans, devices) in computer networks. Due to the diversity of identity management (i.e., models, protocols, and implementations), different requirements, problems, and attack vectors need to be taken into account. In order to secure identity management systems with their identities, a systematic approach is required. In this article, we propose the improved framework Taxonomy for Identity Management related to Attacks (TaxIdMA). The purpose of TaxIdMA is to classify existing attacks, attack vectors, and vulnerabilities associated with system identities, identity management systems, and end-user identities. In addition, the background of these attacks can be described in a structured and systematic way. The taxonomy is applied to the Internet of Things and self-sovereign identities. It is enhanced by a description language for threat intelligence sharing. Last but not least, TaxIdMA is evaluated and improved based on expert interviews, statistics, and discussions. This step enables broader applicability and level of detail at the same time. The combination of TaxIdMA, which allows a structured way to outline attacks and is applicable to different scenarios, and a description language for threat intelligence help to improve the security identity management systems and processes.

Related papers

Systematically Searching for Identity-Related Information in the Internet with OSINT Tools [0.0]
This paper proposes a classification of data and open-source intelligence (OSINT) tools related to identities. In the next step, the data can be analyzed and countermeasures can be taken.
arXiv Detail & Related papers (2024-07-23T07:40:25Z)
SSI4IoT: Unlocking the Potential of IoT Tailored Self-Sovereign Identity [5.025528181278946]
Self-Sovereign Identity (SSI) techniques move control of digital identity from conventional identity providers to individuals. Existing applications of SSI mainly focus on creating person-to-person and person-to-service relationships.
arXiv Detail & Related papers (2024-05-03T20:31:52Z)
A Dual-Tier Adaptive One-Class Classification IDS for Emerging Cyberthreats [3.560574387648533]
We propose a one-class classification-driven IDS system structured on two tiers. The first tier distinguishes between normal activities and attacks/threats, while the second tier determines if the detected attack is known or unknown. This model not only identifies unseen attacks but also uses them for retraining them by clustering unseen attacks.
arXiv Detail & Related papers (2024-03-17T12:26:30Z)
AI and Democracy's Digital Identity Crisis [0.0]
Privacy-preserving identity attestations can drastically reduce instances of impersonation and make disinformation easy to identify and potentially hinder. In this paper, we discuss attestation types, including governmental, biometric, federated, and web of trust-based. We believe these systems could be the best approach to authenticating identity and protecting against some of the threats to democracy that AI can pose in the hands of malicious actors.
arXiv Detail & Related papers (2023-09-25T14:15:18Z)
Camera-Incremental Object Re-Identification with Identity Knowledge Evolution [82.64836424135886]
Object Re-identification (ReID) aims to retrieve the probe object from many gallery images by associating and collecting the identities across all camera views. When deploying the ReID algorithm in real-world scenarios, the aspect of storage, privacy constraints, and dynamic changes of cameras would degrade its generalizability and applicability. Treating each camera's data independently, we introduce a novel ReID task named Camera-Incremental Object Re-identification (CIOR) by continually optimizing the ReID mode from the incoming stream of the camera dataset.
arXiv Detail & Related papers (2023-05-25T10:15:29Z)
ThreatKG: An AI-Powered System for Automated Open-Source Cyber Threat Intelligence Gathering and Management [65.0114141380651]
ThreatKG is an automated system for OSCTI gathering and management. It efficiently collects a large number of OSCTI reports from multiple sources. It uses specialized AI-based techniques to extract high-quality knowledge about various threat entities.
arXiv Detail & Related papers (2022-12-20T16:13:59Z)
Resilient Risk based Adaptive Authentication and Authorization (RAD-AA) Framework [3.9858496473361402]
We discuss the design considerations for a secure and resilient authentication and authorization framework capable of self-adapting based on the risk scores and trust profiles. We call this framework as Resilient Risk based Adaptive Authentication and Authorization (RAD-AA)
arXiv Detail & Related papers (2022-08-04T11:44:29Z)
Towards Automated Classification of Attackers' TTPs by combining NLP with ML Techniques [77.34726150561087]
We evaluate and compare different Natural Language Processing (NLP) and machine learning techniques used for security information extraction in research. Based on our investigations we propose a data processing pipeline that automatically classifies unstructured text according to attackers' tactics and techniques.
arXiv Detail & Related papers (2022-07-18T09:59:21Z)
Realistic simulation of users for IT systems in cyber ranges [63.20765930558542]
We instrument each machine by means of an external agent to generate user activity. This agent combines both deterministic and deep learning based methods to adapt to different environment. We also propose conditional text generation models to facilitate the creation of conversations and documents.
arXiv Detail & Related papers (2021-11-23T10:53:29Z)
A System for Automated Open-Source Threat Intelligence Gathering and Management [53.65687495231605]
SecurityKG is a system for automated OSCTI gathering and management. It uses a combination of AI and NLP techniques to extract high-fidelity knowledge about threat behaviors.
arXiv Detail & Related papers (2021-01-19T18:31:35Z)
Towards an Interface Description Template for AI-enabled Systems [77.34726150561087]
Reuse is a common system architecture approach that seeks to instantiate a system architecture with existing components. There is currently no framework that guides the selection of necessary information to assess their portability to operate in a system different than the one for which the component was originally purposed. We present ongoing work on establishing an interface description template that captures the main information of an AI-enabled component.
arXiv Detail & Related papers (2020-07-13T20:30:26Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.