|Lecturer||Christos Xenakis (University of Piraeus)|
|Title||Beyond password authentication: a device centric approach|
|Date||Thursday 27/06/2017, 11.00- 12.00|
|Location||Building S4|14, Raum 5.3.01, Mornewegstraße 32, 64293 Darmstadt|
With e-commerce now exceeding 1 trillion € per annum and the emergence of Internet of Things, the need for reliable and user-friendly authentication mechanisms is more pressing than ever. A European research project entitled “ReCRED: From Real-world Identities to Privacy-preserving and Attribute-based CREDentials for Device-centric Access Control”, try to address the problems of password-based access control: a) password overload, referring to the inability of users to remember different secure passwords for each one of their accounts; b) identity fragmentation, stemming from the fact that independent identity providers (email, social networks, etc.) create disjoint identity realms, making it difficult for end users to prove joint ownership of accounts, e.g., for reputation transfer or to fend off impersonation attacks; and c) lack of support for attribute-based access control (ABAC), which facilitates account-less access through verified identity attributes (e.g., age or location).
ReCRED moves the burden of authentication from the user to the device itself, taking full advantage of smartphones’ inherent capabilities. Smartphones evolve into authentication proxies, where every user account can be securely kept and managed on the device, following the most contemporary technological standards that leverage the benefits of asymmetric cryptography (e.g., FIDO Alliance). Users can be authenticated by their mobile devices, locally, using fingerprint, face recognition, how they walk, type, move around the city, etc. ReCRED also offers two additional innovations: a) the consolidation and management of online user identities and accounts, and b) the issuance of anonymous credentials that verify specific attributes or properties of the users, while guaranteeing the latters’ anonymity.
|Prof. Christos Xenakis received his B.Sc degree in computer science in 1993 and his M.Sc degree in telecommunication and computer networks in 1996, both from the Department of Informatics and Telecommunications, University of Athens, Greece. In 2004 he received his Ph.D. from the University of Athens (Department of Informatics and Telecommunications). From 1998 – 2001 he was with a Greek telecoms system development firm, where he was involved in the design and development of advanced telecommunications subsystems. From 1996 – 2007 he was a member of the Communication Networks Laboratory of the University of Athens. Since 2007 he is a faculty member of the Department of Digital Systems of the University of Piraeus, Greece, where currently is an Associate Professor, a member of the Systems Security Laboratory and the director of the Postgraduate Degree Programme, on “Digital Systems Security”. He has participated in numerous projects realized in the context of EU Programs (ACTS, ESPRIT, IST, AAL, DGHOME, Marie Curie, Horizon2020) as well as National Programs (Greek). He is the project manager of the ReCRED project funded by Horizon2020 and he was the technical manager of the UINFC2 project funded by DGHOME/ISEC. He is also a steering committee member of the European Cyber Security Challenge 2017. His research interests are in the field of systems, networks and applications security. He has authored more than 70 papers in peer-reviewed journals and international conferences.|