IDeM: an identity-driven middleware for interoperable and heterogeneous systems

Pós-Graduação em Ciência da Computação

FELIPE SILVA FERRAZ

IDeM: An Identity-Driven Middleware for Interoperable

and Heterogeneous Systems

Universidade Federal de Pernambuco [email protected] www.cin.ufpe.br/~posgraduacao

RECIFE 2016

Felipe Silva Ferraz

IDeM: An Identity-Driven Middleware for Interoperable and Heterogeneous Systems

ORIENTADOR: Prof. Carlos André Guimarães Ferraz

RECIFE

2016

Este trabalho foi apresentado à Pós-Graduação em Ciência da Computação do Centro de Informática da Universidade Federal de Pernambuco como requisito parcial para obtenção do grau de Doutor em Ciência da Computação.

Catalogação na fonte

Bibliotecária Monick Raquel Silvestre da S. Portes, CRB4-1217

F381i Ferraz, Felipe Silva

IDeM: an identity-driven middleware for interoperable and heterogeneous systems / Felipe Silva Ferraz. – 2016.

168 f.: il., fig., tab.

Orientador: Carlos André Guimarães Ferraz.

Tese (Doutorado) – Universidade Federal de Pernambuco. CIn, Ciência da Computação, Recife, 2016.

Inclui referências e anexo.

1. Sistemas distribuídos. 2. Privacidade. I. Ferraz, Carlos André Guimarães (orientador). II. Título.

004.36 CDD (23. ed.) UFPE- MEI 2017-29

Felipe Silva Ferraz

IDeM: an Identity-Driven Middleware for Interoperable and

Heterogeneous Systems

Tese de Doutorado apresentada ao Programa de Pós-Graduação em Ciência da Computação da Universidade Federal de Pernambuco, como requisito parcial para a obtenção do título de Doutora em Ciência da Computação.

Aprovado em: 09/09/2016.

____________________________________________

Orientador: Prof. Dr. Carlos André Guimarães Ferraz

BANCA EXAMINADORA

_____________________________________________ Prof. Dr. Kelvin Lopes Dias

Centro de Informática / UFPE

______________________________________________ Prof. Dr. Divanilson Rodrigo de Sousa Campelo

Centro de Informática / UFPE

_____________________________________________ Prof. Dr. Jones Oliveira de Albuquerque

Departamento de Estatística e Informática / UFRPE

______________________________________________ Profa. Dra.Rossana Maria de Castro Andrade

Departamento de Computação / UFC

______________________________________________ Profa. Dra. Thais Andrade Batista

À Mãe, Pai, Fofucha, ao Cara lá de cima, Ao Rock and roll e aos amigos!

ACKNOWLEDGEMENTS

Eu primeiro pensei em escrever essa sessão em inglês seguindo o ritmo do restante do trabalho, mas depois me lembrei que eu escrevi a tese em inglês por mero reuso de muita coisa que já tinha sido feita, teria sido muito mais fácil escrever em português, então para não me faltarem palavras dentro do nosso rico vocabulário, essa parte aqui vai em português mesmo.

Escrever, corrigir, escrever de novo e apresentar esse trabalho é uma conquista que eu não consigo expressar em palavras de dois ou três idiomas, acho que só quem tem passado alguns anos vivendo na ansiedade desse momento pode compartilhar um pouco do que eu estou sentindo, e em sendo esse caminho tão tortuoso e no mínimo incerto, não há como dizer que se chega aqui sozinho e sem um empurrão, e não estamos falando de uma ajuda qualquer, é, de fato, um empurrão quase que como um imposição e investimento de uma força necessária para seguir em frente. Seguir em frente, nas palavras do grande Rocky “the italian stalian” Balboa, “… it is not about how hard you hit, it is about how hard you can get hit and keep moving forward…” e completado pelas palavras do, não tão grande, King Leonidas, “Never to retreat, never to surrender…”. Seguir em frente, com o que quer q esteja pela frente, sem recuar, sem desistir. É fácil. Basta ter a quem agradecer. E essa sessão é para você meu amigo e minha amiga que tem dado esse empurrãozinho consciente ou inconsciente.

Primeiramente ao cara lá de cima, a quem no escuro dessa madrugada é o único a me escutar falando sozinho, “Tu é o cara!”.

Depois a Carlos André Guimarães Ferraz, todas as sistemáticas “porradas no lombo” e as horas investidas em me ajudar a entender, pensar e escrever esse trabalho, necessariamente nessa orde.

Seguido bem de perto por mainha e painho, que dispensam qualquer tipo de apresentação. Em um paragrafo separado, minha fofucha linda, amor da minha vida, companheira de viagens, jantares, de uma vida inteira, a quem eu tenho imensamente que agradecer por ajudar, ter tido paciência, traduzir, revisar, codificar, me amar pura e verdadeiramente… ahhhh sim, e por ter aceitado passar o resto da vida comigo.

E agora, como não podia deixar de ser, aos amigos, até por que se eu continuar com melosidade eu choro, então, Professores Francisco Icaro e Diego “The meteor” Souza, obrigado por todos os almoços falando besteira e eguagem tirando um pouco do peso das costas. Eugs e

Mister Potter pelas calórias extras e bem gastas e todas as sessões de cinema, professooora MCTS e Alan de Alagoas duas figuras ilustres e a quem tenho um bem-querer sem tamanho! Neu reitor(vulgo Carlos Sampaio) e Tresso, por ser um ponto de conversa nerd e inútil diários, as éguas (Dr. Pedim, Abrantes-El Ratón e Dr. Xandão) obrigado pelo eguagem, ah sim, sem esquecer da grande família Cabral em especial Dona Sandra Cabral, por fim, Rafael “Cabeção” Ribeiro, da mesma forma que eu escrevi em 2010 no meu mestrado, eu não sei nem por onde começar a te xingar.. por tanto ei de silenciar-me.

Beto Macedo e Super Sérgio pelas constantes cobranças, Allan Bahia, TRI!!!!. Crix, Peru, Rachel e toda mundiça… digo… povo do suporte e agregados (Sim, Sarah, vc tb está aqui!), por fornecer o café nosso de cada dia “Amem!”. Lendários, Acabou o Social Futebol Clube, Nobreguenses, Octeto do Amor e demais grupos do whatsapp, um xero enorme no coração de todos vocês

Tarciana, Seu Urbano, Leo Macedo, Todos dos projetos da HP, FIAT, Motorola, Sonae, aos amigos da FBV ( Diegão-Patativa, Ronaldão, Hubert, Ricardo Ciriaco, Emilia e Álvaro, Sophia e Antonio, Bella, Cecilia, Jana, Rafael, Pedrão, Iara e demais coordenadores de engenharia) meu muito obrigado. Gusta, Furtado, Wal, Val, Fábio e Marie, meu muito obrigado em dobro!

E como não podia deixar de ser, se o cara lá de cima é o único a me escutar, como não agradecer as únicas vozes que estão a se fazer presente em tão tardia hora?! Um agradecimento especial a Eric “slow hands” Clapton, Chico Buarque e Science, Eddie Vedder, Elton John, David Grohl, B.B King, Norah Jones, ao Led, Marvin Gaye, Nat King Cole e Ella Fritzgerald….Ao rock roll e ao blues!

“… and why do we fall, Bruce? So we can learn to pick ourselves up.”

ABSTRACT

In mid-2000s, for the first time in human history, urban cities started to harbor more than half of world's population. The concept of Smart Cities emerged in such context. Smart Cities can be defined as an urban environment where innovative services under an available infrastructure are provided to citizens with the use of information technology (IT). However, even though people use and take advantage of available information, there is a natural resistance to disclosure and expose personal data, which will get known by other citizens and businesses. This generates a sense of insecurity and privacy loss. This thesis explores information security issues related to identity and identifier management and proposes a solution that guarantees the privacy and anonymity of users within interoperable and heterogeneous environments. This thesis proposes a solution based on the creation of a multi-identity environment, in which a user has different identities, for different systems using the same identifier, that way it is possible to connect with different services, solutions and others, using the same login but having different representations within each solution, that will guarantee privacy, different level of security and interoperability. The proposed solution is demonstrated through the creation of a middleware within the context of smart cities. Finally, this thesis presents a set of experiments that use the proposed middleware to protect citizens’ sensitive data.

Keywords: Privacy. Security. Anonymity. Middleware

RESUMO

Em meados dos anos 2000, pela primeira vez na história da humanidade, as grandes cidades começaram a abrigar mais da metade da população mundial. É no contexto dessa mudança que surge o conceito de Smart Cities, tal conceito pode ser definido como um ambiente urbano onde, com uso de tecnologia da informação, serviços inovadores e com infraestrutura disponível, são fornecidos para os cidadãos. Em contra ponto a essa dinâmica está o fato de que essas mesmas pessoas, que fazem uso das informações, tem uma resistência natural relacionada a divulgação de seus dados, e que estes sejam expostos e conhecidos por demais cidadões e empresas, gerando um cenário de insegurança e perda de privacidade. Este trabalho explora problemas de segurança da informação relacionados a gerenciamento de identidade e identificadores, propõe a criação de uma solução que permita manter a privacidade e o anonimato de usuários, ainda que anônimo, dentro de ambientes interoperáveis e heterogêneos. Essa tese propõe um solução baseada na creação de um ambiente multi identidade, no qual um usuário terá diferentes identidades, para diferentes sistemas, usando o mesmo identificador, dessa forma é possivel garantir a conexão com diferentes serviços, soluções e outros componentes, usando o mesmo login, por exemplo, porém tendo diferentes representações em cada solução, isso garantirá, entre outros, privacidade, diferentes niveis de segurança e interoperabilidade. Tal solução será descrita na forma de um middleware explorado dentro do contexto de cidades inteligente. Por fim, este trabalho apresentará um conjuntos de experimentos que utilizam o middleware, para proteger dados confidenciais dos cidadãos.

ACRONYMS

AWS Amazon Web Services

EC2 Elastic Cloud Computing

FIDIS Future of Identity in Information Society

IDex ID extractor

IDrep ID repository

IDre ID resolver

IDM Identity Management

IdP Identity Provider

IDeM Identity-Driven Middleware

IoT Internet of Things

NFC Near Field Communication

OWASP Open Web Application Security Project

PKI Public Key Infrastructure

PRIME Privacy and Identity Management for Europe

RDS Relational Database Service

STORK Secure Identity Across Borders Linked

SWIFT Secure Widespread Identities for Federated Telecommunications

SM Service Manager

SP Service Provider

LIST OF ILLUSTRATIONS

Figure 1: Research steps... 20

Figure 2: General view of a smart city environment. ... 39

Figure 3: Conceptual description of the IoT architecture ... 47

Figure 4: Message format ... 48

Figure 5: Architecture of NFC in the cloud ... 48

Figure 6: Proposed architecture with context-aware capabilities ... 50

Figure 7: Architecture overview ... 52

Figure 8: General architectural overview ... 57

Figure 9: Communication flow in proposal ... 59

Figure 10: Patterns definition ... 61

Figure 11: Detailed architectural view... 62

Figure 12: General concept vision ... 65

Figure 13: Middleware Main flow ... 66

Figure 14: Request and resolve ID sequence diagram ... 67

Figure 15: ID changing sequence diagram ... 70

Figure 16: Anonymity sequence diagram ... 72

Figure 17: Scenarios Interpretation ... 74

Figure 18: AWS infrastructure, presented with IDeM and implemented systems... 87

Figure 19: Experiment flow ... 89

Figure 20: PREVENT architecture overview ... 97

Figure 21: Case Study Healthcare Security Layer Basic Flow... 99

Figure 22: Case Study Record sample ... 100

Figure 23: Patient Records Persisted in Google Cloud Datastore ... 102

Figure 24: Generated IDs for Protected Patient Record in Case Study ... 103

Figure 25: FHIR Health Record Snippet BEFORE HSL approach ... 104

Figure 26: FHIR Health Record Snippet AFTER HSL approach ... 104

Figure 27: AWS infrastructure for experiment C ... 110

Figure 28: Educational values ... 113

Figure 29: Government Tax System ... 113

Figure 30: Resource system ... 114

Figure 31: middleware main table content... 115

Figure 32: Student table after middleware ... 115

Figure 33: Grades and courses ... 116

Figure 34: Taxes spent using middleware ... 116

LIST OF TABLES

Table 1: Security Issues in the role of a smart city literature ... 37

Table 2: Compilation on Identity Issues ... 38

Table 3: Consolidated view ... 53

Table 4: IDeM comparing with others ... 78

Table 5: Issues analyses under IDeM optic (FERRAZ et al., 2015b) ... 81

Table 6: Experiment A infrastructure ... 88

Table 7: Citizens ID and Names ... 89

Table 8: Systems A, B and C data ... 90

Table 9: IDeM generated ID, citizen ID and System id ... 91

Table 10: Systems A, B, C data with identifiers changed ... 92

Table 11: 1.000 and 10.000 citizens’ simulation ... 95

Table 12: Summary of available services ... 107

Table 13: testbed random values ... 108

Table 14: Infrastructure ... 112

Table 15: Resource ranking with and without IDeM ... 118

Table 16: Taxes based on resources analysis ... 119

CONTENTS

CHAPTER 1 INTRODUCTION ... 14 1.1 CONTEXT ... 14 1.2 PROBLEM STATEMENT ... 17 1.3 OBJECTIVE ... 18 1.4 RESEARCH QUESTION ... 18 1.5 HYPOTHESES ... 19 1.6 RESEARCH METHODS ... 20

1.7 STRUCTURE OF THE THESIS ... 21

CHAPTER 2 IDENTITY MANAGEMENT AND SMART CITIES:CONCEPTS AND DEFINITIONS ... 23

2.1 ENTITY,IDENTITY AND IDENTIFIERS ... 23

2.2 IDENTITY MANAGEMENT REQUIREMENTS ... 25

2.3 IDENTITY MANAGEMENT MODELS ... 27

2.4 IDENTITY MANAGEMENT PARADIGMS ... 29

2.5 ABOUT SMART CITIES AND ITS COMPONENTS ... 31

2.6 SECURITY UNDER THE SMART CITIES PERSPECTIVE... 36

CHAPTER 3 EXISTING ARCHITECTURES AND PROJECTS ... 40

3.1 IDENTITY RELATED PROJECTS AND SOLUTIONS ... 40

3.1.1. ABOUT IDM TECHNOLOGIES ... 42

3.2 SECURITY RELATED PROJECTS AND ARCHITECTURES ... 45

3.2.1. IMPROVING SECURITY AND PRIVACY IN IOTAPPLICATIONS ... 46

3.2.2. CLOUD ARCHITECTURE BASED ON NFC IN A SMART CITY ... 47

3.2.3. CLOUD-BASED ARCHITECTURE FOR CITIZEN SERVICES IN SMART CITIES ... 50

3.2.4. SEPARATION OF IDENTIFIER AND LOCATOR... 51

3.3 ANALYSIS ... 52

CHAPTER 4 IDEM: AN IDENTITY-DRIVEN MIDDLEWARE FOR INTEROPERABLE AND HETEROGENEOUS SYSTEMS ... 56

4.1 MIDDLEWARE:CONCEPTS AND COMPONENTS ... 56

4.2 IDEM:HOW IT WORKS ... 64

4.3 GENERAL DYNAMICS ... 65

4.3.1. REQUEST AND RESOLVE ID ... 67

4.3.2. ID CHANGING ... 70

4.3.3. ANONYMITY ... 72

4.4 IMPACTS AND CONSEQUENCES OF IDEM ADOPTION ... 73

CHAPTER 5 EXPERIMENTS AND VALIDATION ... 85

5.1 VALIDATION PLANNING ... 85

5.2 EXPERIMENT A:GENERIC ... 86

5.3 EXPERIMENT B:IDENTITY MANAGEMENT IN HEALTHCARE SYSTEMS ... 96

5.4 EXPERIMENT C: MULTI INTEROPERABLE ... 106

5.5 FINAL ANALYSIS ... 123

CHAPTER 6 CONCLUSION ... 125

6.1 CONTRIBUTION... 126

6.2 LIMITATIONS AND FUTURE WORKS ... 128

REFERENCES ... 129

Chapter 1 Introduction

This Chapter explains why this study was undertaken; what problem it seeks to address; what the hypotheses are that underpin the decisions made and which are based on an extensive review of the literature; the general and specific objectives are; and finally, what the methodological approach used to conduct the research is.

1.1 Context

The term “city”, in general, means a place or urban area which is demographically enclosed and which operates under an economic and political understanding (JOHNSTON; GREGORY, 1981). Operationally, cities are organized based on a number of core systems comprising different networks, infrastructures, and environments related to their key functions, including services for citizens, and for businesses, such as: transport, water, energy and others (DIRKS; GURDGIEV; KEELING, 2010). Those systems are to be connected using different means and the Internet, diverse components and parts to ensure that connection. One of those components is responsible for defining permissions and identities of both isolated and interconnected environments, this component is known as Identity Management System.

An Identity Management (IdM) system represents a system responsible for providing information about users, services, systems, any other entity, and the identities of those involved in an identification-based relation (TORRES; NOGUEIRA; PUJOLLE, 2013). IdM systems are the core mechanisms that are responsible for establishing trust between the system, the entity and the identity of that entity. At a second moment, the IdM also provides the identity permissions needed to perform actions in the requested system (HANSEN; SCHWARTZ; COOPER, 2008). Moreover, a typical IdM system is composed of processes and technologies to manage and secure data, information and information assets of an organization and, at the same time, protect the user and customer profiles (MPOFU; VAN STADEN, 2014).

Nevertheless, new identity-based models have been proposed, some of which are optimized to meet user’s goals (MARTINEZ-BALLESTE; PEREZ-MARTINEZ; SOLANAS, 2013; TORRES; NOGUEIRA; PUJOLLE, 2013), while others are optimized

so as to address issues related to the infrastructure of the network or the requirements of the application and the services (ADDO et al., 2014; TORRES; NOGUEIRA; PUJOLLE, 2013) and finally, in some previous work, we have presented problems related to city services in the context of a “smart city”, security and identity (FERRAZ; SAMPAIO; FERRAZ, 2013).

A Smart City can be defined as an intelligent environment, which embeds information and communication technologies (ICT), creating digital environments for physical consequences. From this perspective, a Smart City refers to a physical environment where the information and communication technologies, including sensor systems, disappear as long as they become ubiquitous (HARRISON et al., 2010). Smart cities are evolving towards a strong integration of all dimensions of intelligence available in a city: individual, collective, and artificial. They are built as multi-dimensional agglomerate, combining those three main dimensions (SCHAFFERS et al., 2011) (CHOURABI et al., 2012).

There is still no consensus when it comes to the concept of Smart City. Chourabi et. al (CHOURABI et al., 2012) list some concepts presented in practical and academic use. Among them, it is possible to quote: A more efficient and sustainable city, in constant progress to become more equal and livable; A city that uses computational intelligence to enable critical components and services – including its management, education, health, public safety, real estate, transportation and utilities – more intelligent, interconnected and efficient.

The increasing interest on smart environments from academia and industry is promoting the emergence of new value-added services for societies, and enabling unprecedented economic and social opportunities for government and private organizations. However, the enormous potential derived from this increasing data exchange raises serious privacy concerns, since collecting and processing of sensitive information (e.g. related to health, physical location or power consumption and others) will be common in these scenarios. Furthermore, unlike current explored concepts of smart scenarios, smart city ecosystems are expected to be made of a potentially huge amount of heterogeneous smart services and data that consume and/or generate entities capable of exchanging information and data in order to improve the city performance in general. Therefore, privacy, security and identity management solutions have to deal with

new challenges due to intrinsic nature and requirements of a Smart City which is being extended as part of our personal data (RAMOS; BERNABE; SKARMETA, 2014). Through an ideal IdM system, each user and/or citizen can choose how much control it may have on their information, and how much of that information is to be released or used by third parties. Also, anonymity and pseudonymity concepts have been under development in order to control information disclosure (TORRES; NOGUEIRA; PUJOLLE, 2013).

Going even further, also cities will be affected by such scenarios since the planet has passed through a process of rapid urbanization over the last few years. In the 1950s, more than 70% of people worldwide lived in rural areas, while the other 30% could be found in urban areas. In a change of context, in the years of 2013–2014, 54% of the world’s population was living in urban places. This urban population is expected to continue to grow, so that near to the year 2050, 34% of the world’s citizens will be living in rural areas and the other two-thirds (66%) (MORVAJ; LUGARIC; KRAJCAR, 2011) will live in big cities, roughly the reverse of the global rural–urban population distribution of the mid-twentieth century (UNIES, 1995).

This so-called city growth or emerging urban life is driving city infrastructure into a stress level never seen before, as the demand for basic services increases and also are exponentially overloaded (CARAGLIU; DEL BO; NIJKAMP, 2011).

Cities have to begin evolve without further delay as they are to meet the demands that will arise from this growth in population. They have improved the capabilities of their current service delivery and the foundations of these capabilities themselves by making their core systems (transport, public safety, government, education, health, and natural resources) “smarter” (FERRAZ; FERRAZ, 2014a). This can be further enhanced by applying Information Technology, Analytics, Design, and Systems in the right places, provided that data from the core systems can be exchanged with auxiliary systems in order to create new information that is more useful for the city, so that it can drive a thriving, knowledge economy in a fast-forward gear (DIRKS; KEELING, 2009).

1.2 Problem Statement

The concept of smart city is based on an environment that is instrumented, interconnected, and intelligent (HARRISON et al., 2010), (FERRAZ; SAMPAIO; FERRAZ, 2013). ‘Instrumented’ refers to a city covered by a set of sensors that could be both physical and social. By using such sensors, the core systems of cities can have access to real-time and consistent data. ‘Interconnected’ refers to a vast set of systems working together to offer information from different sources and origins. A combination of interconnected and instrumented systems creates a connection between the physical world and the virtual world by transmitting data collected from sensors to systems. ‘Intelligent’ refers to an instrumented and interconnected environment that makes the best use of data obtained from different sensors and systems in order to offer a better life to citizens (FERRAZ; SAMPAIO; FERRAZ, 2013), (DIRKS; KEELING, 2009).

However, by providing an environment which is so widely interconnected could have the side effect of creating a different set of scenarios where flaws in information security could be created and adversely exploited. Nonetheless, to ensure interoperability and to create a system of systems, it is important to make use of citizens’ data, despite the fact that some or even much of them are confidential in the sense that legal safeguards with respect to a citizen´s privacy must be met (FERRAZ; SAMPAIO; FERRAZ, 2013). On the other hand, the impact of citizens participating in the process is a sensitive issue because data will be openly and widely used. Therefore, Dirks et al, states that the importance on creating an integrative solution in which the parties involved have and retain a high level of confidence in each other. When this confidence cannot be established directly, it is necessary to go through an intermediary that is trusted by both parties (DIRKS; KEELING, 2009).

In order to address the challenges of privacy and security preserving in data sharing solutions, this work presents an Identity-based solution that uses concepts of multi-identity and the separation of identifiers from its data, in order to increase security, anonymity and privacy, while still enforcing interoperability. The proposed solution will be validated in the form of a middleware, applied in an interoperable paradigm of a smart environment, such as a smart city, and it may represent any entity able to generate and consume data and information. It is assumed that a smart object possesses a real identifier

that in a specific context represents its identity. Based on this, the proposed design allows managing identity and identifiers to increase citizens’ privacy and preserve their anonymity by adding new layers of security related to how smart systems hold citizens’ data. The designed depicted in this work represents a step forward in order to achieve an integral, flexible and privacy-preserving shared model to be used in the upcoming generation of smart cities.

1.3 Objective

The main objective of this thesis is to design an identity-based solution for an interoperable environment which is able to increase the security of how information about users is held by and exchanged by systems through managing identity and identifiers.

In order to do so, the specific objectives are:

a. To define fundamental characteristics of identity and identifier approach; b. To analyze security gaps and failures within an identity based techniques; c. To define specific security issues applied to a scenario of a smart city;

d. To propose a validation for the identity-based solution in the form of a middleware in order to verify which and how security issues of interoperable environments are addressed;

e. To stablish an experiment based on a set of prototypes using the aforementioned environment, applying the proposed middleware so as to demonstrate the validity and applicability of this concept.

1.4 Research question

Nonetheless, one of the most critical restrictions for mainstream users (or citizens) in adopting the solution of smart cities is the concern over how their data will be kept safe in, and among, all the various collaborative systems that are part of the set of solutions for solving urban environment problems (FERRAZ; FERRAZ, 2014a).

More than simply providing an environment with authentication and authorization, it is important to provide city systems with a reference infrastructure with the capability to manage data and identities throughout heterogeneous environments (HARRISON et al., 2010; MARTINEZ-BALLESTE; PEREZ-MARTINEZ; SOLANAS, 2013; WANG; ZHOU, 2012) without compromising the interoperability of the environment and citizens’ privacy and anonymity. Hence, identity management is a fundamental part for evolving and maintaining smart cities (FERRAZ; SAMPAIO; FERRAZ, 2013).

In this context, this thesis seeks to answer the following questions:

a. Among the classical characteristics of IdM solutions, which ones are suitable and needed for an IdM-based system for smart cities?

b. In the context of smart city security issues, how does the management of identity and identifier increase an entity’s privacy and security?

c. How can a solution be proposed to improve information security without changing the city system in a deep way?

1.5 Hypotheses

Based on the problem and main objectives, this thesis raises the following set of hypotheses with regard to adopting a specific solution for interoperable environments:

• By adopting a multi-identity based solutions it is possible to increase security, anonymity and privacy, while still enforcing interoperability and data exchange in heterogeneous systems;

• By adopting the proposed approach, security issues specific to a smart city will be addressed; and

• By implementing software artifacts, in this case in the form of a middleware, it is possible to enhance security and generate minimum changes in the addressed systems.

1.6 Research methods

The method used to develop the proposed solution is based on a segmented research, in which specific differences of Information Security in smart cities are highlighted. A model and a middleware are proposed and discussed.

In order to validate the proposed solution, an analysis of security issues and concerns over creating a smart city is defined and performed. Finally, a set of prototypes is developed in order to check performance and security impacts. Figure 1 depicts the process and steps.

Figure 1: Research steps

Source: The author.

The first phase is when the problem in this thesis was defined and explored. In this step, the main and specific objectives were proposed.

Based on the definition of the problem, some solutions related to the main topics of this thesis are analyzed, the results of which are used as the foundations defined in the steps that follow.

The Security Specific Aspects phase tackles defining and analyzing a series of security technologies and issues having specifically to do with identity management

Problem

Definition

Analyse

Solutions

Research Specific

Aspects

Solution

Proposal

Experiments and

applications

definition

Development,

and Evaluation

4

5

6

3

2

1

under the scope of a smart city environment. This step is particularly important for defining the grounds for affirming that Information Security in Smart Cities is different from that of other areas, such as mobile phone development or cloud computing security (FERRAZ; FERRAZ, 2014a).

After defining what role security issues play in a smart city, the next step is to set out an identity-based solution that takes into account the characteristics of an urban interoperable environment.

Defining the experiment and application follows on from that. In this step, a simulated environment of a city and other scenarios are created; at the same time, a set of three experiments are defined. The three samples serve to demonstrate how the proposed solution will be used and how it will behave while the proposed experiment is being developed and implemented.

The last phase is that of defining, developing and evaluating the experiments; in other words, experiments will be developed and conducted using the proposed IdM middleware evaluating its impacts such as security and privacy increasing.

1.7 Structure of the Thesis

This thesis is structured as follows:

Chapter 1 - This first chapter has introduced the context of this thesis and discussed the research problems, methodologies and hypotheses.

Chapter 2 – Theoretical underpinning. The main definitions used in this thesis are explored in this chapter. This chapter explores concepts, challenges, and definitions regarding the topic of Smart Cities under the identity management perspective.

Chapter 3 – Architecture and Security Technologies. This chapter will describe a series of frameworks and architectures, used in co-related areas such as IoT (Internet of Things) and distributed systems, as well as those in related and similar works.

Chapter 4 – Chapter 4 will put forward a middleware that increases information security. The main objective of the proposed solution is to act as an Identifier and Identity manager that keeps Entities, Identities, and Identifiers separate from the associated Data.

Finally, this chapter conducts an architectural analysis on the aforementioned Security Issues, under the scope of architectures and frameworks presented in Chapter 3.

Chapter 5 - Validations. This chapter explores a set of experiments conducted by describing the infrastructure used, the number of servers, the tools, the behavior of applications being tested and the benefits from using the proposed solution. It serves to validate the problem solution proposed in this thesis.

Chapter 6 – Conclusion. Finally, Chapter 6 draws conclusions, presents this thesis results and contributions, and recommends topics for future research.

Chapter 2 Identity Management and Smart Cities: Concepts and

Definitions

This chapter introduces and discusses concepts and themes related to Identity Management (IdM) and components of a smart city. It presents definitions and characteristics of Identity Management systems based on a systematic review published by Nogueira et al (TORRES; NOGUEIRA; PUJOLLE, 2013) and it also presents characteristics and components of smart cities based on another work previously published (FERRAZ; SAMPAIO; FERRAZ, 2013). By the end of the chapter, an analysis on the depicted components of a smart city and IdM is made. The focus for this analysis is to define specific needs related to security in the context of interoperable smart cities.

2.1 Entity, Identity and Identifiers

An entity can be a person, a network service, a computing device or a mobile device, a sensor, a citizen, an actuator or a system. They use credentials and have a lifecycle which is separate from any identity or identifier associated with it. On the other hand, an identity is not absolute. An identity describes an entity within a specific scope (BOSWORTH et al., 2005).

The identity of an entity, within a scope, is the set of all characteristics attributed to this entity within that scope. For example, an identity could be related to an educational system that contains information about one’s educational record, courses taken, and/or grades received. Another possible example in an identity related to natural resource consumptions, or it could even be related to the money and any other funds that someone holds in bank accounts or in an investment portfolio. Therefore, any identity is only valid within one specific field and represents more than simple information used to distinguish one entity from another; it also represents who such entities are, along with their individual characteristics (BOSWORTH et al., 2005)(TORRES; NOGUEIRA; PUJOLLE, 2013).

To identify a unique entity, it is necessary to rely on identifiers, not only on identities. This distinction between identity and identifier is essential, and not always properly stated. In this thesis it is assumed that, an identity is related to personal data or information used to identify an entity. An entity is considered to be components of a unique identifier. Note that identifiers (such as a user name, sensor UIDs, social number, passport number, serial number, or serial ID) are also only valid and guaranteed to be unique within a given scope. Instead of regarding an entity with one single identifier as representing a single identity across different systems, it is more natural to view an entity as a collection of multiple identifiers (a set of sets). Each set has its own scope which can represent different identities of the same entity because this entity is identified differently within different possibilities.

2.1.1. Credentials and Identity Lifecycle

The core concept of an IdM includes three entities: the user, the service provider and the identity provider. A user, or an entity, is an actor that that uses services that are provided by the service provider (SP), i.e., a user is a client of a service. Users need to use IdM systems when the services that they demand require a third party to certify the user´s attributes. Users, who can be a public organization, a human, a virtual entity such as software, etc., must have an identity in order to have access to the services. Identity Providers (IdPs) are the core of IdM systems. An identity provider controls the credentials of the entity and provides authentication services. Thus, it provides different levels of trust and access to different types of user. For example, a common user and an administrator user in the same company should have different privileges when accessing the company’s services.

The main two functions of an IdP are 1) to provide some services to the user such as registration, verification; 2) to process the requests from the services and users for authentication. An identity provider can be classified by functionality as being one of four kinds (BOSWORTH et al., 2005)(TORRES; NOGUEIRA; PUJOLLE, 2013), as depicted:



Credential Identity Service: this kind of identity provider uses credentials, such as user identity for authentication.



Identifier Identity Service: An identifier is the representation of a user, such as a name, an email account or ID-card number assigned to a user.



Attribute Identity Service: An attribute is information that can be used to define user identity, such as part of the credential or the process of assigning the identifier e.g., name, address, contact information etc. This kind of IdP should provide a mechanism so that the user identity attribute can be verified.

 Pattern Identity Service: Uses patterns, reputation, honor, trust records and history access records to describe or verify user identity. Regarding security, some patterns can help to find possible hackers/attackers by using a model that matches the characteristics of an attacker.

2.2 Identity Management Requirements

In an interoperable environment, i.e., one in which several systems communicate with each other, an IdM has an important role, namely it provides identities, credentials and a lifecycle for the credentials provided, this being its main role within that environment. To do these, it is vital that certain requirements must be in place so that an IdM can adequately offer the aforementioned characteristics. This section will discuss some of these requirements.

2.2.1. Privacy, Integrity and Availability

In a common definition, privacy is a term used in Information Security to describe one of its goals. Integrity is the ability to maintain a piece of information or data without changes; Availability is the characteristic of keeping a piece of information or data available, when needed; and, Privacy is a characteristic of keeping information or data private and therefore not subject to undesired access (SCHUMACHER et al., 2006).

In its main context, privacy is about the importance of preventing a piece of information from being accessed, changed and used by non-authorized personal. In an IdM, the privacy debate is about discussing the importance of ensuring that the data that

an IdM uses remains private, in the context of Identity Providers, and therefore that intruders do not have access to sensitive information. Moreover, discussion about user privacy in general must include how to keep a user’s identity private. This is an important characteristic of IdM systems, as this entails ensuring that information about the user remains private and is held as securely as possible (BOSWORTH et al., 2005).

Privacy will be one of the main focus of this thesis approach, and will be further explored in the following chapters

2.2.2. Usability

In general, making IdM systems simple and easy to use reduces barriers to adopting them. Usability refers to the effectiveness, efficiency, and satisfaction with which specified users achieve specified goals in particular environments (DHAMIJA; DUSSEAULT, 2008).

A lack of usability can have a negative impact on functionality, security and privacy. Although many IdM systems claim to be designed with the user in mind, most still present important usability issues (ALPÁR; HOEPMAN; SILJEE, 2011)(DHAMIJA; DUSSEAULT, 2008).

2.2.3. Trustworthiness

Trustworthiness is a requirement for all transactions defined and maintained by an IdM in order that a user trusts the service provider (SP) or the system. Therefore, the good reputation of software and hardware providers and SPs is an asset in the market. Although the notion of trust may depend on many factors, it is clear that privacy, security and usability are preconditions for trustworthiness (BOSWORTH et al., 2005)(TORRES; NOGUEIRA; PUJOLLE, 2013).

Any IdM system has to take full account of the legal requirements with regard to law enforcement in the countries in which it will be used. However, these requirements are sometimes contradictory between different countries, and even regions within a given country, as the result of there being different cultures and realities. For example, in the

USA, different states can have different laws that govern certain activities that are conducted in all or most other states. However, in some parts of the world, the rule of law set by central government is not necessarily respected or upheld in remoter regions which engage on the same activities as areas of the country fully under the control of central government (BOSWORTH et al., 2005)(TORRES; NOGUEIRA; PUJOLLE, 2013).

2.2.4. Interoperability

Interoperability among existing systems is a basic requirement for an IdM system. IdM systems should implement interfaces compatible with international and ubiquitous standards. In order to ensure that users are willing to accept these interfaces, it is important that the dominant players in the respective markets for IdM systems declare their support for them and advertise them. It is possible that certain players may resist making their products compatible with these interfaces in order to protect their national market and overall systems. Should this happen, it may be more difficult for IdM systems to acquire a critical mass in regions of the world where such resistance is extensive.

Achieving interoperability across different contexts is impossible without a comprehensive and broad adopted protocol or specification that defines the interfaces to communicate with one another (TORRES; NOGUEIRA; PUJOLLE, 2013)(BEN AYED; GHERNAOUTI-HÉLIE, 2012).

2.3 Identity Management models

As discussed in the previous section, Identity Management has its own characteristics and crucial requirements which must be met in order to offer interoperable systems. Based on these initial characteristics, different models for IdM systems could be provided. This section will discuss the following approaches: an isolated, a centralized and a federated model.

2.3.1. Isolated Models

An isolated model is the simplest IdM model. The service provider acts both as a service provider and as an Identity Provider (IdP). The functionalities of SP and IdP are integrated with each other. So, a single server is responsible for performing all the identity storage and user operations such, as allocating, deleting, modifying, authenticating and authorizing unique identities.

Although this is a simple model, users need to manage a very large amount of information and credentials, such as usernames and passwords. If credentials are lost or passwords forgotten, this creates a huge obstacle to usage, and this will entail that many services cannot be guaranteed to be fully functional. Thus, the cost of password recovery will increase the cost of SP especially if the services offered need to be at a high level of security (TORRES; NOGUEIRA; PUJOLLE, 2013).

2.3.2. Centralized Models

On the other hand, a centralized model is implemented in a client-server strategy. Unlike in isolated models, there are separate components that are needed for a centralized model to act as either an SP or an IdP. In this situation, all SPs use a unique IdP which is responsible for managing the storage of user identities and authentication. When the SP needs to authenticate a user, it will send the user’s information to the IdP to finish the process.

This model is suitable for scenarios in which there are requirements for managing a large number of users. However, several disadvantages are to be found in such a model. For example, the fact that it stores all identities in a single IdP may cause privacy protection problems. Also, delegation of user privilege and crossing domains are not well supported (KIM; JIN; LIM, 2010)(DHAMIJA; DUSSEAULT, 2008).

An example of an IdM network-centric paradigm is a Microsoft Windows domain governed by a set of predefined administrator and domain controller (DC) servers (JIN et al., 2010).

2.3.3. Federated Models

A federation is composed of an association of different service providers in order to enable users to interact with different domains without having to re-authenticate every time that a server or service is accessed. It integrates different domains and creates a global unique domain, so, a federation can be described as the set of agreements, patterns, methodologies and technologies that let a group of service providers recognize user identities from other SPs in the domain of a federated trust.

The model enables users from a specific domain to access services in another domain without requiring re-authentication. In this case, if the user wants to access many services in the federated domain, only a single identifier and credential is needed. Also, this whole IdM system is transparent to the user and acts as a unique SP (KIM; JIN; LIM, 2010)(DHAMIJA; DUSSEAULT, 2008).

2.4 Identity Management Paradigms

Besides having a model and characteristics, an IdM solution has different kinds of branches of action; in other words, a federated IdM solution may focus on the network used by that federation or may focus on the user who uses that solution or even on the services offered in that environment. This section discusses these areas of focus for IdM.

2.4.1. Network-centric

The ease with which software can be deployed over a network has given rise to network-centric software systems. A network-centric perspective is concerned with the hardware and circumstances of a network, such as managing and configuring the elements within and managing the security of its infrastructure, controlling access to it, etc. This paradigm is intended to cover the needs of Identity Management for networks and network providers. The advantages of this architecture are (JIN et al., 2010):

 It reduces the financial costs to a remarkable extent in comparison to the existing infrastructure;

 It maximizes the reuse of resources;

 It controls the interaction of information exchange within the system;

 It ensures that the system is secure on the transfer layer. One of its main characteristics is the focus on solving specific problems of these environments such as, for example, fraud or theft of services.

2.4.2. Service-centric

Services from different providers across multiple domains comprise the service-centric paradigm. The major point of this paradigm is to be able to choose between services in a dynamic way. As the number of services provided for users on the Internet or locally has arisen, SPs may need to have the ability to choose, dynamically, the services that the user should use (JIN et al., 2010).

One example of this situation is a cloud storage service. The selected storage service depends on the user´s preferences. They may choose between iCloud, Dropbox, Google drive, etc. If a new storage service enters the market, the IdM service-centric paradigm has to adapt to this new service at runtime. Also, it should provide a way for the user to be able to dynamically and explicitly delegate their access rights to the new storage service.

There are two main challenges in implementing a system according to the IdM service-centric paradigm: It is not easy to combine and store services from different SPs and domains since each service may have a different access control mechanism and trust level and that Delegating the users’ access rights from one service to another is not simple. Also, users behavior is not easy to track and control (JIN et al., 2010).

2.4.3. User-centric

The main principle relates to a user controling their identity throughout the whole life-cycle of the identity. So, responsibility for and control over user’s information falls to users themselves, and not to an external entity. This notion has been implemented in many

technologies, such as Security Assertion Markup Language (SAML 2.0), the UAC (User Access Control) of Windows and SUDO of Linux.

Another important point of the user-centric perspective is that the user has to choose which one from among multiple identity providers to use. Currently, this perspective is the most popular in the Internet world, and there are many solutions. Some specific examples are: Liberty Alliance, OpenID (SINGH; CHATTERJEE, 2015), Higgins (TORRES; NOGUEIRA; PUJOLLE, 2013) and WS-Federation. However, this perspective also has disadvantages. Since the users are in control, they also need to configure the complicated security settings and this makes it difficult to share decisions. It also raises maintenance problems since the organization first needs to obtain the user’s consent of this (KIM; JIN; LIM, 2010)(JIN et al., 2010)(TORRES; NOGUEIRA; PUJOLLE, 2013).

2.5 About Smart Cities and its components

The integration of the identity of a citizen across multiple systems and services, and the ability to provide a joint response to the needs of daily events, comprise the goal of allowing citizens to manage their own identities. This also includes the type of information on the citizen that is released to whom or when, whereas anonymously aggregated data are made more widely available (HARRISON et al., 2010)(BOSWORTH et al., 2005).

Thus, IdM is a key enabler for future cities. A unified identity system, while it can integrate itself to multiple Identity Providers (IdPs) and different ways of authentication and identification, is necessary for managing the extensively “wired” nature of the city and density of data transaction, and the diversity of possible solutions (HARRISON et al., 2010).

Citizens or entities can use their identities to gain access to services and systems, and to the benefits that they offer. This is a way of integrating several solutions (systems and services). Entities and services eventually repeat their identification artifact at different points in time and in different situations.

Ideally, every citizen and/or entity should have a number of identifiers related to a number of identities, each of which consists of the scope combined with several attributes that are either exposed or used to validate a claim without exposing information. The use of multiple identifiers and identities limits the exposure of truly important credentials, thus minimizing the risk of abuse and identity theft, while allowing the exposure of less critical information that is helpful for participants in the city’s ecosystem, such as retailers, building operators, service providers, and governments (HARRISON et al., 2010).

Not only are citizens responsible for their identities, but also for the information that constitutes such identities and when this information can be exposed. This thesis explores the impact in security of identity management in smart cities.

While the previous sections explored concepts and components related to IdM. The next section will depict some of those items related to smart cities.

2.5.1. Smart Cities: Components

The composition of smart city concepts is related to urban systems and services, which offer utilities to ordinary citizens for their daily needs. In a given system, we discuss different systems types that are involved in Smart City areas. They are: Education, Public Safety, Transportation, Energy and Water, Healthcare and Government Services (FERRAZ; SAMPAIO; FERRAZ, 2013):

Education Systems: Represent every system that is, directly or indirectly, related to educational services.

Public Safety: Represents every system that aims to help public areas and citizens to guarantee city safety. Examples are, but not limited to, surveillance systems or crime report systems.

Transportation System: Represents every system that, in different ways, leads citizens to better moving around a city. The mobility could be either with or without using automotive transport.

Energy and Water System: Defines any system that acts directly focusing on the management of natural resources, more specifically on Energy or Water consumption.

Healthcare System: Every system that aims to aid health service, thereby providing a faster and accurate patient care and diagnosis, improving the patient overall experience according to the definition of healthcare information systems.

Government Services: This term depicts every system that works within government scenarios. It can vary from a justice web system that displays legal issues for each citizen, to a platform that opens governmental data to the city itself. For example, the Open Government Data1 and British Data.gov.uk2 fall under this same idea.

All these systems are interconnected. This interconnection represents challenges to the cities and how information from different systems will emerge as valuable new data for citizens and cities.

Additionally, a smart city must know how to transform its systems and optimize the use of its finances. It has the duty to provide many resources and services to its citizens and it should look at its systems and make them more efficient and effective, which means they should become more intelligent.

Within these scenarios, Smart City environments, or solutions, face three specific topics, namely: System Interoperability, Platforms and Applications (FERRAZ; SAMPAIO; FERRAZ, 2013).

2.5.2. System Interoperability

In the last few decades, major cities around the globe have emerged to a reality in which every major public and urban system is now represented in the form of a Computer System. Urban systems like the ones responsible for: Education, Public Safety, Transportation, Energy and Water, Healthcare and Services are now present and vital for the continuity of these cities. Furthermore, these systems deal with a huge amount of historical data that would be impossible to manage in any different way.

One of the problems faced by such environments is that their solutions are isolated from each other. As a result of which it is difficult to gather information from one system

1 _{Http://opengovernmentdata.org/ last accessed in July 22, 2016} 2 _{Https://data.gov.uk last accessed in July 22, 2016.}

that can be used in another system, thereby creating more valuable information (DIRKS; KEELING, 2009; NAPHADE et al., 2011)

To deal with that, research studies show that is crucial that cities open their systems so as to make it possible for other entities to interact with as many systems as possible in order to provide citizens, public and private institutions with more valuable information (CARAGLIU; DEL BO; NIJKAMP, 2011; DIRKS; KEELING, 2009; NAPHADE et al., 2011).

2.5.3. Platforms or Frameworks

Once it is understood that urban systems face problems related to their interconnection, a second approach puts forward the proposal for the creation of platforms or frameworks to connect different units, in order to interact through this environment. These units are represented in the form of a set of specific profiles that are directly related to citizens, buildings or companies and “things” (ATTWOOD et al., 2011; CHOURABI et al., 2012; LUGARIC; KRAJCAR; SIMIC, 2010).

In this option, great emphasis is placed on adopting the concept of The Internet of Things (IoT) which creates situations where sensors and different entities can and will interact with each other. Furthermore, there is the concept of social sensor, which is represented by values provided directly by citizens through social networks such as Twitter or Facebook. Even though social networks, are a well-established concept, their importance to urban life rests upon the messages, or posts, created by the user (citizen) to be taken into consideration, leading to the vision that one citizen, or their information, is as equally important as that of any other citizen (DURAVKIN, 2010; SKIBA, 2011).

Thus, Platforms and Frameworks emerge as the infrastructure in which the concept of sensor information, which could be both physical and a social sensor, emerges and such information is used as input to instantiate specific solutions for different urban environments. For instance, there is Xively3, formerly known as Cosm and Pachube, a platform for Energy connection that uses a physical sensor to monitor energy consumption on Twitter profiles that tracks traffic problems by working as a social sensor.

2.5.4. Applications

The important difference between Platform and Applications is that a platform is built with the assumption that the power to decide how it is going to be used depends upon the choices made by the user that instantiates it. For instance, it is possible to see the same platform built to serve as a dynamic panel which shows opinions or as a medical solution showing what the status of all systems in a hospital is (BLACKSTOCK et al., 2010). Hence, this is about dealing with a more abstract approach, which usually comes combined with an application in order to find a solution.

On the other hand, solutions made for urban systems that are represented by applications appear to be more dedicated, practical and less abstract. For example, Waze4

in an application that tackle problems related to traffic; Dwolla5 tackles attacks scenarios of economic behavior and Crime Reports6 _{deals with security measures.}

2.5.5. Sensors

Sensors play an important role in producing the values consumed by platforms or applications. Platforms and applications woks with the same concept; This concepts being that there are entities responsible for gathering information and these are represented as Physical Sensors and/or Social Sensors (FERRAZ; SAMPAIO; FERRAZ, 2013).

Sensors that generate an expected format of data and non-personal information represent a Physical Sensor, i.e., Thermal Sensors, Presence Sensors, Magnetic Sensors, RFID tags and so forth.

A Social Sensor represents an entity for which data is created by a person and contains personal information attached, for example, a post on Twitter, or any other social network.

4 _{https://www.waze.com last accessed in July 22, 2016} 5 _{https://www.dwolla.com last accessed in July 22, 2016} 6 _{https://www.crimereports last accessed in July 22, 2016}

2.5.6. Actuators

A sensor, Physical or Social, represents entities responsible for gathering information from the environment. On the other hand, an actuator represents the ways that the information gathered by the Sensor components is sent back to the user. Take for example a system that collects information about traffic, combining Twitter with camera images, and then sends back to the driver's Smartphone a piece of information about which parts of the city are experiencing traffic congestion and which are not. In this case, both the application and the Smartphone are Actuators (FERRAZ; SAMPAIO; FERRAZ, 2013).

The actuators can be either Direct or Indirect; this classification will depend on whether the access to the information is directed to a specific user, e.g. on a Smartphone, or is directed to a broad audience, e.g. displayed on a smart panel.

The data generated, used, and stored by these solutions, and the system responsible for such data, each has a set of challenges of its own. Security is one of those challenges (BARTOLI, 2011; SEN et al., 2013). The entire set of solutions consists of applications, networks and infrastructure, and all of them have security concerns.

2.6 Security under the smart cities perspective

Urban Systems comprise Citizens who use Solutions. Such Solutions can be Platforms, Frameworks, and Applications, all built on Technologies that receive and use Data. Urban System Security Issues or Security Issues in the role of a smart city are situations that can pose problems to the infrastructure in its entirety (FERRAZ; FERRAZ, 2014a).

Table 1 presents a brief description of each issue in a group of nine issues, followed by the impacts that these issues produce (FERRAZ; FERRAZ, 2014b)(FERRAZ; FERRAZ, 2014a).

Table 1: Security Issues in the role of a smart city literature

Issue Description Impact

Access to Information from Application

This issue relates to capture of information flowing from a service to an application.

Privacy and Integrity

Information Tracking This is related to disclosing the source of the data.

Privacy and Interoperable Security

Citizen Tracking This issue relates to sensor data being used to track citizens, their steps, decisions, and other information about them

Privacy

User/Citizen Data Loss This issue considers the notion that applications save valuable data in devices, and if not well treated, these values could be lost.

Privacy and Availability

Crossed Access to Information in Data Centers

This issue relies on the correct restriction and boundary definitions in an interoperable environment

Privacy and Integrity

Crossed Access in Client Side

This issue considers information that has leaked from System A to System B within the client side.

Privacy and Integrity

Lack of Security in Depth

This issue relates to systems that do not validate data in different layers, and are infected by data coming from different points.

Interoperable Security

Viral Effect in Urban Environment

It relates to a cascade effect in which one system infects another system that infects other systems that continue infecting other parts of other systems, thus compromising the entire network.

Interoperable Security and Integrity

Infection Traceability and Recovery

This issue presents a consequence of the previous issue due to the amount of data and interconnected systems. It is possible for the origin of an infection to remain undetected and therefore to make data recovery impossible.

Integrity and Availability

Source: (FERRAZ; FERRAZ, 2014a, 2014b).

The issues mentioned in Table 1 present a set of generic and architectural issues discussed in some of the papers in the literature (FERRAZ; FERRAZ, 2014a, 2014b), in those papers are discussed several issues, present in different papers, and that poses as security threat to interoperable environments of smart cities.

On looking more closely into security issues, it is possible to select more specific kinds of security vulnerabilities, namely identity security issues. Table 2 presents a brief compilation on identity issues that, despite their vast use in the IdM environment, is a new subject if looked at under the perspective of smart cities.

Table 2: Compilation on Identity Issues

Issue Description

Identity management is not a primary objective

An identity management system should focus on methods to simplify daily tasks while offering the security, transparency, and privacy that a user needs. Citizens expect an Identity Management system to be secure and transparent, and privacy to be enforced in such a manner that daily tasks become easier and not more complex.

Identity trust is a sensitive matter and must be earned

No organization can guarantee a completely trustable system. Any bad actor involved in the system can create a prejudiced reputation for other users. Therefore, an identity provider must ensure that organizations act appropriately and safely, and protect the identity and privacy of the actor.

Various types of access to systems and services

Illegal access to different types of account could impact finances and the correct use of a system. In this context, the danger involved in using IdM systems will mainly affect a user, in a Smart City context; it may impact citizens and sensors. This affects an identity management system by enforcing membership, by creating different trust relations, rather than enforcing data ownership.

The paradigm of a single access point

A significant part of identity and identifier information is stored with the provider; in this scenario, entities can take no action other than simply trusting the identity server and service to preserve their privacy, identifiers, and security, and to secure their information properly. However, mistakes can occur and privacy-sensitive information can become public; a group of attackers can focus their effort on invalidating the server, or a bottleneck from entities to a service could be created, thus making the service unavailable.

An easy phish to catch even in the ocean of identity security issues

A centralized solution must be created and defined in which it is feasible to moderate the number of points in the transactions performed in order to reduce the possible locations where a phish could occur. This feature would also allow data to be updated when a system flaw or compromise occurs

To be or not to be, an identity crisis

One of the many advantages of identity management for citizens is that the entities do not need to remember every single identifier that may be used in order to access various solutions. In some scenarios, an entity requires only one identifier, e.g., a user name and password, in order to log in and receive a multisite token

Linkability across domains

To maintain privacy, it should be possible for users to keep their information and data private, or to create a scenario in which it is not possible for a domain to resolve "who" an identifier is in another domain, thus preventing the domain from maintaining records of who an entity is and what the entity has been doing.

Source: (FERRAZ; FERRAZ, 2016).

Relating the aforementioned concepts with security issues, a general framework for smart cities contemplates citizens, the focus of which is on solutions such as platforms, frameworks and applications that are powered by technologies in order to connect with

city systems. Figure 2 represents a general view of all components needed to enable solutions for smart cities.

Figure 2: General view of a smart city environment.

Source: (FERRAZ; FERRAZ, 2014b)

The concepts explored in Figure 2 present the connectivity between different solutions, components and parts involved in a smart city environment. As presented in Tables 1 and 2, all the components present in a smart city solution are subject to security issues and more specifically to identity issues. That having been said, information security must be an entity that cuts right across the rest of the environment. Even more, assuming identity as one of the pillars of information security, it brings forth the need for solutions related to IdM specifically designed for smart city environment, in order to increase security and privacy through IdM solutions.

This thesis will set out an identity-based approach to increase security in an interoperable smart city environment, the identity solution is depicted as a user-centric centralized solution. It will present an identity-based middleware. In order to posit this approach, the next chapter will put forward identity-based and security solutions.