Research Directions in Identity Management Dr. Bhavani Thuraisingham The University of Texas at Dallas Collaborators and co-authors of the presentation: Prof. Latifur Khan and Prof. Murat Kantarcioglu Students: Parveen Pallabi and Abin Chandrasekaran The University of Texas at Dallas Prof. Elisa Bertino Purdue University February 2007
RFID (Radio Frequency Identifier) tags are transponders that can be used for identification purposes of various entities like passports, product tracking, automotive parts identification and transport payments like in highway toll tags
They are basically devices that can emit and receive radio waves within a specified region and enable the position identification of a target object.
Identification of the classes of policies relevant in the context of identity assurance and development of the corresponding policy languages. Two relevant classes include life cycle management policies and access control policies.
Development of interoperability techniques for multi-domain systems, including sharing of identity policies and information.
Development of a notion of “identity management process” that would encompass all the steps in assuring identity information flow, from policy formation and deployment, data gathering and analysis, forensics.
The front-end system reads the data, performs some processing and sends it to the backend.
One issue to be considered is the quality of data collected for identity assurance.
While techniques to support the desired level of quality of data and transactions in real-time applications have been studied, quality of data for identity management has not been considered.
Furthermore, for identity management, we need to examine data provenance as well. For example, where has the data come from? What is the history of the data? Since the identity data will be mostly used in the back-end for possibly real-time analysis, it is important to determine the impact of the quality of data on the effectiveness of the analysis.
Identity Management for Back-end System: Risk Management
A complete identity assurance solution must have a backend system to store/process necessary information, to manage risks associated with the underlying identification technologies and to enforce organizational policies.
Analyze the requirements and best practices for flexible and secure backend design that can be used with various identification technologies for financial, healthcare and defense sector applications.
Exploring risk management issues in identity assurance systems due to the potential pitfalls of underlying identification technologies.
How can the identification data stored in the backend system can be used without violating user privacy?
Identity Management for Back-end System: Data Management
RFID data share some common characteristics that we need to understand and subsequently develop an efficient RFID data management system for the backend.
RFID observations convey implicit meaning which have to be aggregated and mapped into a high level semantics.
RFID observations contain duplicate readings and /or missing readings that need to be eliminated. Finally, RFID data are temporal, streaming and in high volume which demand efficient query processing mechanism, and scalable representation of data.
Need a scalable and an adaptable data management system for RFID data. Furthermore, the system has to be secure so that unauthorized individuals do not get access to the data.
While standards are emerging for addressing interoperability issues for biometric systems, several features such as semantic heterogeneity have received limited attention.
Many biometric systems operate under the assumption that the data/images to be compared are obtained using the same sensor/system.
These systems may not be able to match or compare biometric data originating from different sensors.
Some progress has been made in the development of common data exchange formats to facilitate the exchange of feature sets between vendors.
Little effort has been invested in the actual development of algorithms and techniques to match these feature sets.
We are exploring the use of ontologies for specifying and reasoning about biometric data
Identity Management in a Coalition Environment Export Data/Policy Component Data/Policy for Agency A Data/Policy for Federation Export Data/Policy Component Data/Policy for Agency C Component Data/Policy for Agency B Export Data/Policy
Novel Algorithms for Face Detection and Fingerprint matching (IEEE ICTAI 2006 and ARES 2007)
Privacy and security for the deployment of RFID.
Secure management of RFID data management
XML-based Traceability of RFID data
Technical reports – submitted for publication
Privacy Preserving Surveillance
Working with Dallas NAFTA Association
Privacy Preserving Surveillance Raw video surveillance data Face Detection and Face Derecognizing system Suspicious Event Detection System Manual Inspection of video data Comprehensive security report listing suspicious events and people detected Suspicious people found Suspicious events found Report of security personnel Faces of trusted people derecognized to preserve privacy