200708 User based policy control of attribute authorities

Door H.M.F. Lohstroh 3 jan 2017

Identity fraud has become an increasingly large problem, since people began to use the Internet in order to manage and exchange information with exceedingly greater real-life value. Therefore, the social, legal, or financial consequences that are concerned with the (ab)use of such information became more serious. Since there is yet no mechanism present to verify the genuinity or valid ownership of identity attributes, it is relatively easy for fraudsters to impersonate others. Despite the urge for such mechanism, it will most likely be rejected if it doesn’t also protect against privacy violation. In order to better comprehend the problem, we researched the concepts of identity, interest, trust, authority, reputation, privacy and security — which led to a set of definitions that raised
a model for the development of a possible solution. After translating our envisioned solution into a set of requirements, we accordingly specified a secure protocol for attribute verification and privacy preservation. Although the protocol partly relies on infrastructure that still needs
to be researched and developed, it has the potential of becoming a significant improvement of the Internet’s security.