Abstract
Information protection is an integral part of the communication in a modern society. Sharing sensitive data on social networks, easy to use services, increasingly sophisticated threats and vulnerabilities, increasing number of digital identities in e-commerce and digital banking and unmanaged global digitization during pandemics require active approach to data protection and research new options to minimize the impact of security incidents. The article describes security aspects in communication between the consumer and service provider during authentication and proposes procedures that can describe these factors, categorize, measure and evaluate their impact on authentication.
The output of the article is a description of the functionality of the web application, which, based on the user's inputs, will recommend optimal authentication mechanisms sorted by risk score. The following input data is required from the user: Data classification rate; Number of application architecture layers; Type of authentication mechanism or authentication framework; Description of the network location of the consumer and the provider; Required number of authentication factors, The required form of ensuring data integrity control, The required form of securing the secrecy of transmitted data (encryption) and Description of user application role permissions. All options for input data are predefined and therefore the application is also suitable for a user who does not have a deeper awareness of the risks associated with authentication mechanisms or system integration.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Williams, J.: OWASP risk rating methodology. https://owasp.org/www-community/OWASP_Risk_Rating_Methodology. Accessed 14 Mar 2023
Czakon, W., Mania, K., Jedynak, M., et al.: Who are we? Analyzing the digital identities of organizations through the lens of micro-interactions on social media. Technol. Forecast. Soc. Change 198, 123012 (2024). https://doi.org/10.1016/J.TECHFORE.2023.123012
Balogh, Z., Koprda, S., Francisti, J.: LAN security analysis and design. In: Proceedings of the IEEE 12th International Conference on Application of Information and Communication Technologies, AICT 2018 (2018). https://doi.org/10.1109/ICAICT.2018.8746912
Sule, M.J., Zennaro, M., Thomas, G.: Cybersecurity through the lens of digital identity and data protection: issues and trends. Technol. Soc. 67, 101734 (2021). https://doi.org/10.1016/J.TECHSOC.2021.101734
Molotokienė, E.: The transformation of narrative identity into digital identity: challenges and perspectives. Colloquium, 2 (2020). https://doi.org/10.34813/18coll2020
Balogh, Z., Turcani, M.: Modeling of data security in cloud computing. In: Proceedings of the 10th Annual International Systems Conference, SysCon 2016 (2016). https://doi.org/10.1109/SYSCON.2016.7490658
Balogh, Z., Magdin, M.: The problems of data security in cloud computing and its solution using petri nets. In: Ntalianis, K., Croitoru, A. (eds.) APSAC 2017. LNEE, vol. 428, pp. 123–135. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-53934-8_15
Laurent, M., Denouël, J., Levallois-Barth, C., Waelbroeck, P.: Digital Identity. In: Digital Identity Management, pp. 1–45 (2015). https://doi.org/10.1016/B978-1-78548-004-1.50001-8
Sullivan, C.: Digital citizenship and the right to digital identity under international law. Comput. Law Secur. Rev. 32, 474–481 (2016). https://doi.org/10.1016/J.CLSR.2016.02.001
Sullivan, C.: Digital identity – from emergent legal concept to new reality. Comput. Law Secur. Rev. 34, 723–731 (2018). https://doi.org/10.1016/J.CLSR.2018.05.015
Salleras, X., Rovira, S., Daza, V.: FORT: Right-proving and attribute-blinding self-sovereign authentication. Mathematics 10, 617 (2022). https://doi.org/10.3390/MATH10040617
Schlatt, V., Sedlmeir, J., Feulner, S., Urbach, N.: Designing a framework for digital KYC processes built on blockchain-based self-sovereign identity. Inf. Manage. 59, 103553 (2022). https://doi.org/10.1016/J.IM.2021.103553
Kiennert, C., Bouzefrane, S., Thoniel, P.: Authentication systems. Digit. Identity Manage., 95–135 (2015). https://doi.org/10.1016/B978-1-78548-004-1.50003-1
Kemp, J., et al.: Authentication Context for the OASIS Security Assertion Markup Language (SAML) V2.0 (2005)
Hardt, D.: RFC 6749 - The OAuth 2.0 authorization framework (2015). https://datatracker.ietf.org/doc/html/rfc6749#section-4.2. Accessed 14 Mar 2023
Jones, M.: JSON Web Algorithms (JWA) (2015). https://doi.org/10.17487/RFC7518
Sermersheim, J.: RFC 4511 - Lightweight Directory Access Protocol (LDAP): The Protocol (2006). https://datatracker.ietf.org/doc/html/rfc4511. Accessed 14 Mar 2023
Neuman: RFC 4120 – The Kerberos Network Authentication Service (V5) (2005). https://datatracker.ietf.org/doc/html/rfc4120. Accessed 14 Mar 2023
Rigney, C.: RFC 2865 - Remote Authentication Dial In User Service (RADIUS) (2000). https://datatracker.ietf.org/doc/html/rfc2865. Accessed 14 Mar 2023
Yoe, C.: Principles of Risk Analysis: Desicion Making Under Uncertainty, 2nd edn. CRC Press LLC (2019)
Acknowledgments
This work was supported by the Scientific Grant Agency of the Ministry of Education of the Slovak Republic (ME SR) and of Slovak Academy of Sciences (SAS) under the contract No. VEGA 1/0385/23.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Balogh, Z., Francisti, J., Hrabčák, M. (2024). Security Aspects of Digital Identity. In: Nguyen, N.T., et al. Recent Challenges in Intelligent Information and Database Systems. ACIIDS 2024. Communications in Computer and Information Science, vol 2144. Springer, Singapore. https://doi.org/10.1007/978-981-97-5937-8_1
Download citation
DOI: https://doi.org/10.1007/978-981-97-5937-8_1
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-97-5936-1
Online ISBN: 978-981-97-5937-8
eBook Packages: Computer ScienceComputer Science (R0)