Capability-Based Multi-Tenant Access Management in Crowdsourced Drone Services

• URL: http://arxiv.org/abs/2505.01048v1
• Date: Fri, 02 May 2025 06:46:47 GMT
• Title: Capability-Based Multi-Tenant Access Management in Crowdsourced Drone Services
• Authors: Junaid Akram, Ali Anaissi, Awais Akram, Youcef Djenouri, Palash Ingle, Rutvij H. Jhaveri,
• Abstract summary: Verifiable Credentials (VCs) securely encode claims about entities.<n> standardized protocols for VCs are lacking, limiting their adoption.<n>We integrate VCs into OAuth 2.0, creating a novel access token.
• Score: 6.395706521671925
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: We propose a capability-based access control method that leverages OAuth 2.0 and Verifiable Credentials (VCs) to share resources in crowdsourced drone services. VCs securely encode claims about entities, offering flexibility. However, standardized protocols for VCs are lacking, limiting their adoption. To address this, we integrate VCs into OAuth 2.0, creating a novel access token. This token encapsulates VCs using JSON Web Tokens (JWT) and employs JWT-based methods for proof of possession. Our method streamlines VC verification with JSON Web Signatures (JWS) requires only minor adjustments to current OAuth 2.0 systems. Furthermore, in order to increase security and efficiency in multi-tenant environments, we provide a novel protocol for VC creation that makes use of the OAuth 2.0 client credentials grant. Using VCs as access tokens enhances OAuth 2.0, supporting long-term use and efficient data management. This system aids bushfire management authorities by ensuring high availability, enhanced privacy, and improved data portability. It supports multi-tenancy, allowing drone operators to control data access policies in a decentralized environment.

Related papers

• Building a robust OAuth token based API Security: A High level Overview [0.0]
  This paper presents the fundamentals necessary for building a such a token-based API security system.<n>The intent is to equip developers with the foundational knowledge necessary to build secure, scalable token-based API security systems.
  arXiv  Detail & Related papers  (2025-07-22T06:14:14Z)
• Decoupling Identity from Access: Credential Broker Patterns for Secure CI/CD [0.0]
  Credential brokers offer a way to separate identity from access in CI/CD systems.<n>This paper shows how verifiable identities issued at runtime, such as those from SPE, can be used with brokers to enable short-lived, policy-driven credentials for pipelines and workloads.
  arXiv  Detail & Related papers  (2025-04-20T23:08:17Z)
• 2FA: Navigating the Challenges and Solutions for Inclusive Access [55.2480439325792]
  Two-Factor Authentication (2FA) has emerged as a critical solution to protect online activities.<n>This paper examines the intricacies of deploying 2FA in a way that is secure and accessible to all users.<n>An analysis was conducted to examine the implementation and availability of various 2FA methods across popular online platforms.
  arXiv  Detail & Related papers  (2025-02-17T12:23:53Z)
• SLVC-DIDA: Signature-less Verifiable Credential-based Issuer-hiding and Multi-party Authentication for Decentralized Identity [21.498265818902464]
  Verifiable Credential techniques are used to facilitate decentralized DID-based access control across multiple entities.<n>Existing DID schemes generally rely on a distributed public key infrastructure that also causes challenges.<n>This paper proposes a Permanent-Hiding (PIH)-based DID-based multi-party authentication framework with a signature-less VC model, named SLVC-DIDA.
  arXiv  Detail & Related papers  (2025-01-19T13:58:01Z)
• FANTAstic SEquences and Where to Find Them: Faithful and Efficient API Call Generation through State-tracked Constrained Decoding and Reranking [57.53742155914176]
  API call generation is the cornerstone of large language models' tool-using ability. Existing supervised and in-context learning approaches suffer from high training costs, poor data efficiency, and generated API calls that can be unfaithful to the API documentation and the user's request. We propose an output-side optimization approach called FANTASE to address these limitations.
  arXiv  Detail & Related papers  (2024-07-18T23:44:02Z)
• Lifecycle Management of Resumés with Decentralized Identifiers and Verifiable Credentials [0.0]
  This paper introduces a trust framework for managing digital resum'e credentials. We propose a framework for real-time issuance, storage and verification of Verifiable Credentials without intermediaries.
  arXiv  Detail & Related papers  (2024-06-17T13:37:44Z)
• A Novel Protocol Using Captive Portals for FIDO2 Network Authentication [45.84205238554709]
  We introduce FIDO2CAP: FIDO2 Captive-portal Authentication Protocol. We develop a prototype of FIDO2CAP authentication in a mock scenario. This work makes the first systematic approach for adapting network authentication to the new authentication paradigm relying on FIDO2 authentication.
  arXiv  Detail & Related papers  (2024-02-20T09:55:20Z)
• A Universal System for OpenID Connect Sign-ins with Verifiable Credentials and Cross-Device Flow [4.006745047019997]
  Self-Sovereign Identity (SSI) is a new and promising identity management paradigm. We propose a comparatively simple system that enables SSI-based sign-ins for services that support the widespread OpenID Connect or OAuth 2.0 protocols.
  arXiv  Detail & Related papers  (2024-01-16T16:44:30Z)
• Unified Singular Protocol Flow for OAuth (USPFO) Ecosystem [2.3526458707956643]
  We propose a new approach for OAuth ecosystem that combines different client and grant types into a unified singular protocol flow for OAuth (USPFO) USPFO aims to reduce the vulnerabilities associated with implementing and configuring different client types and grant types. It provides built-in protections against known OAuth 2.0 vulnerabilities such as client impersonation, token (or code) thefts and replay attacks through integrity, authenticity, and binding audience.
  arXiv  Detail & Related papers  (2023-01-29T17:22:02Z)
• REaaS: Enabling Adversarially Robust Downstream Classifiers via Robust Encoder as a Service [67.0982378001551]
  We show how a service provider pre-trains an encoder and then deploys it as a cloud service API. A client queries the cloud service API to obtain feature vectors for its training/testing inputs. We show that the cloud service only needs to provide two APIs to enable a client to certify the robustness of its downstream classifier.
  arXiv  Detail & Related papers  (2023-01-07T17:40:11Z)
• Federated Learning-based Active Authentication on Mobile Devices [98.23904302910022]
  User active authentication on mobile devices aims to learn a model that can correctly recognize the enrolled user based on device sensor information. We propose a novel user active authentication training, termed as Federated Active Authentication (FAA) We show that existing FL/SL methods are suboptimal for FAA as they rely on the data to be distributed homogeneously.
  arXiv  Detail & Related papers  (2021-04-14T22:59:08Z)
• Federated Learning of User Authentication Models [69.93965074814292]
  We propose Federated User Authentication (FedUA), a framework for privacy-preserving training of machine learning models. FedUA adopts federated learning framework to enable a group of users to jointly train a model without sharing the raw inputs. We show our method is privacy-preserving, scalable with number of users, and allows new users to be added to training without changing the output layer.
  arXiv  Detail & Related papers  (2020-07-09T08:04:38Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.