In the last decade, digital identity frameworks have become increasingly exploited as they allow organizations to delegate user identification and authentication to dedicated, trusted parties. Such centralized or decentralized frameworks are deployed in federated environments to ease users’ access to national-level services at or in cross-country scenarios. In Europe, several government-backed national electronic identity (eID) systems are already in place to support citizens’ authentication and identification with national eID credentials, like smart cards, or mobile solutions. At the same time, widely used platforms like Google, Microsoft, Amazon, or Facebook implement digital identity technologies to support access to federated services. Lastly, the so-called self-sovereign identity or decentralized identity model leveraging blockchain and distributed ledger technology aims to provide better privacy features and put users in control of their identities via digital wallets. This identity model would allow identity holders to create and control their attributes through verifiable credentials without the intervention of an intermediate or centralized administrative authority. This course will present the main types of digital identity architectures in use across the globe and the protocols exploited, such as SAML or OpenID Connect/OAuth 2.0. Next, it will discuss the security features in such architectures, including identifiers’ definition and management, and the protection of data exchanged. Specific lectures will cover the challenges related to digital identities of “things”, proposed decentralized identity systems, and the privacy issues and techniques adopted in the eID systems. Lectures will be supported with demonstrations of real cases supporting eID technologies and regulations, such as the European eIDAS (electronic IDentification Authentication and Signature) Regulation, as well as with the principal related research papers.

Basic knowledge of computer networks and protocols, e.g. HTTP and DNS protocols Background on computer and network security concepts: - digital certificates, Public Key Infrastructures (PKIs), common security protocols (TLS protocol) - authentication and authorization - main cryptography definitions and their applications, e.g. digital signature

- Definitions: Electronic/digital identities, identifiers, and digital identity models - Architectures and Rules: Current approaches and trust models adopted in digital identity infrastructures (government-based, commercial, hybrid, etc.). The European eIDAS Regulation on electronic identities, authentication, and electronic signatures. - Protocols: Protocols for digital identity implementation - SAML 2.0 versus OpenID Connect, OAuth 2.0. Security attacks/issues. - Services: Exploitation of electronic identities in cross-sectorial and cross-border services -- models and implementations - Attributes and attribute processing: Personal vs. Sector specific, attribute linking, attribute aggregation, attribute collection, identity matching, anonymity - Trends: Decentralized (self-sovereign) identity: concepts and implementations - Privacy: Privacy issues in digital identity infrastructures and IoT networks - Digital identities for IoT devices: models, secure authentication, possible attacks

Modalità mista

Presentazione orale - Test a risposta multipla - Presentazione report scritto

P.D.2-2 - Aprile