O Futuro da Gestão de Identidades Digitais
Resumo
Este artigo apresenta uma visão de futuro sobre temas com potencial para pesquisas e desenvolvimento em Gestão de Identidades de acordo com pesquisadores que têm atuado na área e colaborado no Comitê Técnico de Gestão de Identidades (CT-GId), vinculado à Rede Nacional de Ensino e Pesquisa (RNP). Os resultados apontam para a existência de muitos desafios e oportunidades nesta área, a qual está ganhando uma importância cada vez maior nos cenários nacional e internacional. A atenção da RNP para os novos desafios que se assomam no horizonte, conforme descrito neste documento, permitirá que a instituição e os serviços providos por esta se mantenham na vanguarda tecnológica e operacional.
Referências
Alfieri, R., Cecchini, R., Ciaschini, V., dell’Agnello, L., Gianoli, A., Spataro, F., Bonnassieux, F., Broadfoot, P. J., Lowe, G., Cornwall, L., Jensen, J., Kelsey, D. P., Frohner, Á., Groep, D. L., de Cerff, W. S., Steenbakkers, M., Venekamp, G., Kouril, D., McNab, A., Mulmo, O., Silander, M., Hahkala, J., and Lörentey, K. (2003). Managing dynamic user communities in a grid of autonomous resources. CoRR, cs.DC/0306004.
Aranha, D. F., Oliveira, L. B., López, J., and Dahab, R. (2009). NanoPBC: implementing cryptographic pairings on an 8-bit platform. In Conference on Hyperelliptic curves, discrete Logarithms, Encryption, etc (CHiLE 2009).
Blobel, B. (2010). Architectural Approach to eHealth for Enabling Paradigm Changes in Health. Methods of Information in Medicine, 49(2):123–134.
Boneh, D. and Franklin, M. (2001). Identity-based encryption from the weil pairing. In Advances in Cryptology—CRYPTO 2001.
Brainard, J., Juels, A., Rivest, R. L., Szydlo, M., and Yung, M. (2006). Fourth-factor authentication: somebody you know. In Proceedings of the 13th ACM conference on Computer and communications security, pages 168–178. ACM.
Brown, D. R. L., Gallant, R. P., and Vanstone, S. A. (2002). Provably secure implicit certificate schemes. In Proceedings of the 5th International Conference on Financial Cryptography.
Cantor (2015). Authentication flow selection. [link].
da Silva, S. N. and de Mello, E. R. (2015). O uso de um segundo fator e autenticação contínua em provedores de serviços críticos. Programa de gestão de identidade (PGID) da Rede Nacional de Ensino e Pesquisa (RNP).
De Luca, A., Hang, A., Brudy, F., Lindner, C., and Hussmann, H. (2012). Touch Me Once and I Know It’s You!: Implicit Authentication Based on Touch Screen Patterns. In CHI.
de Mello, E. R., Wangham, M. S., Loli, S. B., da Silva, C. E., and da Silva, G. C. (2018). Autenticação multi-fator em provedores de identidade shibboleth. In Simpósio Brasileiro em Segurança da Informação e de Sistemas Computacionais (SBSeg).
Diniz, T., d. Felippe, A. C., Medeiros, T., d. Silva, C. E., and Araujo, R. (2015). Managing access to service providers in federated identity environments: A case study in a cloud storage service. In 2015 XXXIII Brazilian Symposium on Computer Networks and Distributed Systems, pages 199–207.
Fernández-Alemán, J. L., Señor, I. C., Lozoya, P. Á. O., and Toval, A. (2013). Security and privacy in electronic health records: A systematic literature review. Journal of Biomedical Informatics, 46(3):541–562.
Foster, I., Kesselman, C., and Tuecke, S. (2001). The anatomy of the grid: Enabling scalable virtual organizations. International Journal of High Performance Computing Applications, 15(3):200–222.
Garg, R., Hajj-Ahmad, A., and Wu, M. (2013). Geo-location estimation from electrical network frequency signals. In International Conference on Acoustics, Speech, and Signal Processing (ICASSP).
GovBR (1990). L8078compilado. [link]. Accessed: 2016-11-28.
GovBR (2001). 2200-2. [link]. Accessed: 2016-11-28.
Haller, N., Metz, C., Nesser, P., and Straw, M. (1998). Rfc 2289: A one-time password system. Technical report, Technical report, IETF.
Howlett, J., Hartman, S., Tschofenig, H., and Schaad, J. (2016). Rfc 7831: Application bridging for federated access beyond web (abfab) architecture. Technical report, IETF.
Hu, V. C., Ferraiolo, D., Kuhn, R., Friedman, A. R., Lang, A. J., Cogdell, M. M., Schnitzer, A., Sandlin, K., Miller, R., Scarfone, K., et al. (2013). Guide to attribute based access control (abac) definition and considerations (draft). NIST Special Publication, 800(162).
Internet2 (2016). Grouper internet2. [link]. Accessed: 2016-07-15.
ITU (2009). Ngn identity management framework. Recommendation Y.2720.
Jakobsson, M., Shi, E., Golle, P., and Chow, R. (2009). Implicit Authentication for Mobile Devices. In HotSec.
Koopman, R. J., Steege, L. M. B., Moore, J. L., Clarke, M. A., Canfield, S. M., Kim, M. S., and Belden, J. L. (2015). Physician Information Needs and Electronic Health Records (EHRs): Time to Reengineer the Clinic Note. Journal of the American Board of Family Medicine : JABFM, 28(3):316–23.
Lake, D., Milito, R., Morrow, M., and Vargheese, R. (2014). Internet of Things: Architectural Framework for eHealth Security. Journal of ICT Standardization, 1(3):301–328.
Langenberg, D. (2015). Multi context broker. [link].
Liu, J., Wang, Z., Zhong, L., Wickramasuriya, J., and Vasudevan, V. (2009). uWave: Accelerometer-based Personalized Gesture Recognition and Its Applications. In PerCom.
Mao, Y. and Wu, M. (2007). Tracing malicious relays in cooperative wireless communications. IEEE Transactions on Information Forensics and Security, 2(2):198–212.
Martínez-Pérez, B., de la Torre-Díez, I., López-Coronado, M., Sainz-de Abajo, B., Robles, M., and García-Gómez, J. M. (2014). Mobile Clinical Decision Support Systems and Applications: A Literature and Commercial Review. Journal of Medical Systems, 38(1):4.
Martino, L. D., Qun Ni, Lin, D., and Bertino, E. (2008). Multi-domain and privacy-aware role based access control in eHealth. In 2008 Second International Conference on Pervasive Computing Technologies for Healthcare, pages 131–134. IEEE.
McGuire, M. J., Noronha, G., Samal, L., Yeh, H.-C., Crocetti, S., and Kravet, S. (2013). Patient Safety Perceptions of Primary Care Providers after Implementation of an Electronic Medical Record System. Journal of General Internal Medicine, 28(2):184–192.
Mehrnezhad, M., Toreini, E., Shahandashti, S. F., and Hao, F. (2016). Touchsignatures: identification of user touch actions and pins based on mobile sensor data via javascript. Journal of Information Security and Applications, 26:23–38.
Mortimore, C., Ansari, M., Grizzle, K., Hunt, P., and Wahlstroem, E. (2015). System for Cross-domain Identity Management: Protocol. RFC 7644.
Musen, M. A., Middleton, B., and Greenes, R. A. (2014). Clinical Decision-Support Systems. In Biomedical Informatics, pages 643–674. Springer London, London.
Nakamoto, S. (2008). Bitcoin: A peer-to-peer electronic cash system.
Nelson, R. and Staggers, N. (2016). Health informatics : an interprofessional approach. Elsevier.
Neto, A. L. M., Souza, A. L., Cunha, I., Nogueira, M., Nunes, I. O., Cotta, L., Gentille, N., Loureiro, A. A., Aranha, D. F., Patil, H. K., and Oliveira, L. B. (2016). AoT: Authentication and Access Control for the Entire IoT Device Life-Cycle. In SenSys.
NIST (2017). Digital Authentication Guideline. DRAFT NIST Special Publication 800-63. [link].
Oladimeji, E. A., Chung, L., Jung, H. T., and Kim, J. (2011). Managing security and privacy in ubiquitous eHealth information interchange. In Proceedings of the 5th International Confernece on Ubiquitous Information Management and Communication - ICUIMC ’11, page 1, New York, New York, USA. ACM Press.
Oliveira, L. B., Aranha, D. F., Gouvêa, C. P., Scott, M., Câmara, D. F., López, J., and Dahab, R. (2011). Tinypbc: Pairings for authenticated identity based non-interactive key distribution in sensor networks. Computer Communications, 34(3):485–493.
Oliveira, L. B., Pereira, F. M. Q., Misoczki, R., Aranha, D. F., Borges, F., and Liu, J. (2017). The computer for the 21st century: Security & privacy challenges after 25 years. In ICCCN, pages 1–10. IEEE.
Sanchez-Guerrero, R., Mendoza, F. A., Diaz-Sanchez, D., Cabarcos, P. A., and Lopez, A. M. (2017). Collaborative eHealth Meets Security: Privacy-Enhancing Patient Profile Management. IEEE Journal of Biomedical and Health Informatics, 21(6):1741–1749.
Sette, I. S. (2016). Access Control in IaaS Multi-cloud Heterogeneous Environments. PhD thesis, Universidade Federal de Pernambuco.
Sette, I. S., Chadwick, D. W., and Ferraz, C. A. G. (2017). Authorization policy federation in heterogeneous multicloud environments. IEEE Cloud Computing, 4(4):38–47.
Shepherd, S. (1995). Continuous authentication by analysis of keyboard typing characteristics. In European Convention on Security and Detection. IET.
Silva, E. F., Muchaluat-Saade, D. C., and Fernandes, N. C. (2018). Across: A generic framework for attribute-based access control with distributed policies for virtual organizations. Future Generation Computer Systems, 78(Part 1):1 – 17.
Souza, A., Cunha, Í., and B Oliveira, L. (2018). Nomadikey: User authentication for smart devices based on nomadic keys. International Journal of Network Management, 28(1):e1998.
Souza, E., Wong, H. C., Cunha, I., Cunha, I., Vieira, L. F. M., and Oliveira, L. B. (2013). End-to-end authentication in under-water sensor networks. In 2013 IEEE Symposium on Computers and Communications (ISCC), pages 000299–000304.
Sujansky, W. and Kunz, D. (2015). A standard-based model for the sharing of patient-generated health information with electronic health records. Personal and Ubiquitous Computing, 19(1):9–25.
Weiser, M. (1991). The computer for the 21st century. Scientific american, 265(3):94–104.
Wu, M., Quintão Pereira, F., Liu, J., Ramos, H., Alvim, M., and Oliveira, L. (2017). New directions: Proof-carrying sensing — towards real-world authentication in cyber-physical systems. In Conference on Embedded Networked Sensor Systems (SenSys).
Zyskind, G., Nathan, O., et al. (2015). Decentralizing privacy: Using blockchain to protect personal data. In Security and Privacy Workshops (SPW), 2015 IEEE, pages 180–184. IEEE.