User-controlled Identity Management Systems using mobile devices

Ferdous, Md. Sadek (2015) User-controlled Identity Management Systems using mobile devices. PhD thesis, University of Glasgow.

Full text available as:
[thumbnail of 2015sadekphd.pdf] PDF
Download (19MB)
Printed Thesis Information:


Thousands of websites providing an array of diversified online services have been the crucial factor for popularising the Internet around the world during last 15 years. The current model of accessing the majority of those services requires users to register with a Service Provider - an administrative body that offers and provides online services. The registration procedure involves users providing a number of pieces of data about themselves which are then stored at the provider. This data provides a digital image of the user and is commonly known as the Identity of the user in that provider. To access different online services, users register at different providers and ultimately end up with a number of scattered identities which become increasingly difficult to manage. It is one of the major problems of the current setting of online services. What is even worse is that users have less control over the data stored in these providers and have no knowledge how their data is treated by providers. The concept of Identity Management has been introduced to help users facilitate the management of their identities in a user-friendly, secure and privacy-friendly way and thus, to tackle the stated problems. There exists a number of Identity Management models and systems, unfortunately, none of them has played a pivotal role in tackling the problems effectively and comprehensively.

Simultaneously, we have experienced another trend expanding at a remarkable rate: the consumption and the usage of smart mobile devices. These mobile devices are not only growing in numbers but also in capability and capacity in terms of processing power and memory. Most are equipped with powerful hardware and highly-dynamic mobile operating systems offering touch-sensitive intuitive user-interfaces. In many ways, these mobile devices have become an integrated part of our day-to-day life and accompany us everywhere we go. The capability, portability and ubiquitous presence of such mobile devices lead to the core objective of this research: the investigation of how such mobile devices can be used to overcome the limitations of the current Identity Management Systems as well as to provide innovative online services.

In short, this research investigates the need for a novel Identity Management System and the role the current generation of smart mobile devices can play in realising such a system.

In this research it has been found that there exist different inconsistent notions of many central topics in Identity Management which are mostly defined in textual forms. To tackle this problem, a comprehensive mathematical model of Identity and Identity Management has been developed. The model has been used to analyse several phenomenons of Identity Management and to characterise different Identity Management models.

Next, three popular Identity Management Systems have been compared using a taxonomy of requirements to identify the strength and weakness of each system. One of the major findings is that how different privacy requirements are satisfied in these systems is not standardised and depends on a specific implementation. Many systems even do not satisfy many of those requirements which can drastically affect the privacy of a user.

To tackle the identified problems, the concept of a novel Identity Management System, called User-controlled Identity Management System, has been proposed. This system offers better privacy and allows users to exert more control over their data from a central location using a novel type of provider, called Portable Personal Identity Provider, hosted inside a smart mobile device of the user. It has been analysed how the proposed system can tackle the stated problems effectively and how it opens up new doors of opportunities for online services.

In addition, it has been investigated how contextual information such as a location can be utilised to provide online services using the proposed provider. One problem in the existing Identity Management Systems is that providers cannot provide any contextual information such as the location of a user. Hosting a provider in a mobile device allows it to access different sensors of the device, retrieve contextual information from them and then to provide such information. A framework has been proposed to harness this capability in order to offer innovative services.

Another major issue of the current Identity Management Systems is the lack of an effective mechanism to combine attributes from multiple providers. To overcome this problem, an architecture has been proposed and it has been discussed how this architecture can be utilised to offer innovative services. Furthermore, it has been analysed how the privacy of a user can be improved using the proposed provider while accessing such services.

Realising these proposals require that several technical barriers are overcome. For each proposal, these barriers have been identified and addressed appropriately along with the respective proof of concept prototype implementation. These prototypes have been utilised to illustrate the applicability of the proposals using different use-cases. Furthermore, different functional, security and privacy requirements suitable for each proposal have been formulated and it has been analysed how the design choices and implementations have satisfied these requirements. Also, no discussion in Identity Management can be complete without analysing the underlying trust assumptions. Therefore, different trust issues have been explored in greater details throughout the thesis.

Item Type: Thesis (PhD)
Qualification Level: Doctoral
Keywords: Identity Management, Federated Identity Management, Identity Management Systems, Trust, Security, Privacy
Subjects: Q Science > QA Mathematics > QA75 Electronic computers. Computer science
Colleges/Schools: College of Science and Engineering > School of Computing Science
Supervisor's Name: Poet, Dr. Ron
Date of Award: 2015
Depositing User: Mr Md Sadek Ferdous
Unique ID: glathesis:2015-6621
Copyright: Copyright of this thesis is held by the author.
Date Deposited: 17 Aug 2015 09:41
Last Modified: 02 Sep 2015 07:39

Actions (login required)

View Item View Item


Downloads per month over past year