(0000-0003-3044-5345)[C18] Empowering Resource-Constrained WoT Devices With Lightweight Self-Sovereign Identity (SSI) Using Delegation
The 21st Annual International Conference on Distributed Computing in Smart Systems and the Internet of Things (DCOSS-IoT 2025)
The Web of Things (WoT) represents a com- plex ecosystem of interconnected devices that exchange vast amounts of data, enabling advanced applications essential for various industrial and social processes. These applica- tions face stringent security requirements due to the open nature of the Internet of Things (IoT) ecosystem and the widespread deployment of devices in public environments, posing significant challenges in safeguarding against malicious activities. FIWARE has established itself as a leading IoT infrastructure standard, offering robust security and access control through key components that facilitate authentication, access management, and secure data transmission. However, traditional authentication methods cannot be implemented at end-device level, posing significant risks. This study bridges critical gaps by seamlessly integrating Self-Sovereign Identity (SSI) into FIWARE by incorporating an innovative delegate node designed to enhance the computational capabilities of resource-constrained IoT devices while adhering to SSI design principles. By deploying an SSI-compliant agent on a gateway node and utilizing keys stored on devices with minimal memory—requiring only 520 KB of SRAM—via MQTT, this approach demonstrates its feasibility both in terms of performance and security. The results indicate an average session key generation and authentication time of 2.573 seconds, enabling mutual authentication between the application and the end device, making it suitable for real- world scenarios. Also, we provide a formal verification for the proposed protocol using the ProVerif model checking tool to check and validate our approach.
[C17] User-Centric and Privacy-Preserving Attribute-Based Authentication in Healthcare Systems Leveraging zk-SNARKs and Soulbound Tokens
28th IEEE INTERNATIONAL SYMPOSIUM ON REAL-TIME DISTRIBUTED COMPUTING
Digital health services for disease diagnosis, follow-up, and patient empowerment manage data that belongs to a special class of personal information, according to the General Data Protection Regulation (GDPR). For this reason, user authentication and access control are among the key security measures suggested for their protection. However, in the medical context, it is crucial to balance security and privacy support with timeliness and ease of access, which requires innovative solutions. This manuscript introduces an innovative approach leveraging Soulbound Tokens (SBTs) and Zero-Knowledge Proofs (ZKPs), particularly zk-SNARKs, to provide a privacy-aware mechanism for patient authentication in the medical domain. SBTs are utilized within an Attribute-Based Access Control (ABAC) model, ensuring that only eligible patients can access specific medical treatments. In a treatment-specific model, an SBT is issued for each diagnosis, allowing precise control but increasing management complexity. Alternatively, in a diagnosis-category-based model, SBTs are grouped by diagnostic categories. This reduces the number of tokens and optimizes the space in the patient’s wallet but sacrifices some precision in the information. Results demonstrate the timeliness of the proposed approach, with an average time of 6.82s for the release of an SBT and a maximum on-chain verification time of 15.04ms, showcasing their future adoption in a real-time environment, such as the medical context.
[C16] Anomaly-Based Intrusion Detection System Using ESP32-WROOM-DA
The 39th International Conference on Advanced Information Networking and Applications (AINA-2025)
Internet of Things (IoT) devices are increasingly employed in monitoring and controlling both domestic and industrial infrastructures. However, security measures are often neglected due to the computational resource limitations of these devices. Despite numerous research initiatives aimed at developing Intrusion Detection Systems (IDS) for IoT, practical implementation-focused studies remain scarce. The goal of this research is to develop an anomaly-based IDS using a supervised approach with three different neural network models: Sequential Neural Network (SNN), Recurrent Neural Network (RNN), and Deep Recurrent Neural Network (DRNN). The objective is to determine whether it is feasible to create and deploy a high-performing IDS directly on the ESP32 board while simultaneously maintaining low resource requirements. To achieve this, the IDS is first trained and then tested on the NSL-KDD dataset. Results show that the most accurate IDS utilizes the SNN model, achieving a precision level of 94.04%. This IDS, when deployed on the ESP32-WROOM-32 microcontroller, reports a minimum inference time of 0.226 ms, an average time of 3.198 ms, and a maximum time of 10.478 ms, requiring just over 8 KB of SRAM for installation.
[C15] On Exploiting LLMs and Statistical Methods for Testing Clarity in Legal Contracts
The 40th ACM/SIGAPP Symposium on Applied Computing (SAC ’25)
Current legislation requires contracts to be written clearly and con- cisely. However, many contracts remain ambiguous and challeng- ing for readers to understand. Advancements in natural language analysis using statistical and Large Language Models (LLMs) are improving the process of clarity verification by reducing the time needed for the overall process. In this paper, we investigate the po- tential of LLMs, such as ChatGPT and Giuri-Matrix, against existing statistical tools for natural language clarity checks. Results suggest the adaptability of traditional LLMs in verifying contractual clarity and providing suggestions for improvement of submitted contracts.
[J6] Green Operations of SWIPT Networks: The Role of End-User Devices
IEEE Transactions on Green Communications and Networking
Internet of Things (IoT) devices often come with batteries of limited capacity that are not easily replaceable or rechargeable, and that constrain significantly the sensing, computing, and communication tasks that devices can perform. The Simultaneous Wireless Information and Power Transfer (SWIPT) paradigm addresses this issue by delivering power wirelessly to energy-harvesting IoT devices with the same signal used for information transfer. For their peculiarity, these networks require specific energy-efficient planning and management approaches. However, to date, it is not clear what are the most effective strategies for managing a SWIPT network for energy efficiency. In this paper, we address this issue by developing an analytical model based on stochastic geometry, accounting for the statistics of user-perceived performance and base station scheduling. We formulate an optimization problem for deriving the energy-optimal configuration as a function of the main system parameters, and we propose a genetic algorithm approach to solve it. Our results enable a first-order evaluation of the most effective strategies for energy-efficient provisioning of power and communications in a SWIPT network. We show that the service capacity brought about by users brings energy-efficient dynamic network provisioning strategies that radically differ from those of networks with no wireless power transfer.
[C14] User-aware LLM-based Framework for Enhancing Contractual Clauses Compliance
2025 Workshop on Computing, Networking and Communications (CNC)
Contractual clarity is one of the most critical requirements in drafting a contract, yet its importance is often underestimated. This paper investigates the exploitability of Large Language Models (LLMs) to validate the comprehensiveness and correctness of contractual clauses, addressing the pressing need for precision in contract drafting, and the eventual possibility of getting improvement measures. Specifically, this study utilizes LLMs to automatically analyze and refine contractual clauses, focusing on improving clarity, coherence, and juridical compliance. By assessing the linguistic and structural features of the clauses, the LLM-based approach identifies potential sources of ambiguity and suggests modifications to ensure legal validity and reduce the risk of dispute. The framework’s efficacy is demonstrated through a concrete case study composed of ten contractual clauses that illustrate its impact on enhancing contractual juridical compliance. This work represents a step forward in automating legal validation, offering a practical tool for creating legally robust contracts.
[C13] Tiny Federated Learning with Blockchain for Privacy and Security Preservation of MCU-Based IoT Applications
2024 6th International Conference on Blockchain Computing and Applications (BCCA)
In several Internet of Things (IoT) application contexts, such as autonomous vehicles, healthcare, and smart cities, massive amounts of data are produced at the edge and used in neural networks deployed in central servers or the cloud. On the other hand, physical or legal constraints may restrict the use of this data only locally. Thus, the development of secure and efficient traditional Machine Learning solutions in the IoT context can be a huge challenge. Therefore, this paper combines an approach based on Tiny Federated Learning and Transfer Learning with on-board training, as an effective paradigm to continuously analyze data locally without having to transfer sensitive data to untrusted servers and networks. Moreover, a decentralized blockchain-based federated learning framework is implemented to provide tamper-proof data protection and resistance to malicious or compromised tiny devices. A prototype is created based on the Hyperledger Fabric and real resource-constrained microcontrollers to assess the viability of the proposed solution.
[C12] A Stochastic Geometry approach to performance modeling of SWIPT vehicular networks
22nd International Symposium on Modeling and Optimization in Mobile, Ad hoc, and Wireless Networks (WiOpt) @ Workshop on Spatial Stochastic Models for Wireless Networks (SpaSWiN)
With the increasing number of devices and the advent of 5G and 6G networks, ensuring reliable power and data connectivity remains a significant challenge, particularly in rural or remote areas. Simultaneous Wireless Information and Power Transfer (SWIPT) networks have emerged as a promising solution to power devices without batteries. However, their deployment in real-world scenarios is hindered by complex channel conditions and spatial dynamics. This research introduces a two-tier analytical model grounded in stochastic geometry, where base stations (BSs) are arranged along roads following a Poisson Line Cox Process (PLCP), while user equipment (UEs) is distributed using a Poisson Point Process (PPP). A comparative evaluation against planar PPP-based models demonstrates the performance advantages of this novel approach. Additionally, a Genetic Algorithm (GA) is applied to explore real-world scenario parameters, enhancing the model’s adaptability and performance in practical applications.
[J5] Blockchain and Federated Learning Empowered Digital Twin for Effective Healthcare
Human-centric Computing and Information Sciences
Proper exploitation of artificial intelligence (AI) models is required to achieve precise and efficient healthcare. However, this is an obstacle to the possibility of exchanging medical data, as they are considered instances of personal information and subject to data protection legislation and legal requirements. Moreover, because fully automatic decision-making leveraging AI is undesirable, and in contrast to current legislations, human-in-the-loop should be enforced. Digital twins represent a valuable solution to these issues as they allow continuous retraining with newly collected data and seamlessly integrate human intervention within AI-based solutions. However, to address the impossibility of a central node capable of collecting and processing medical data for training an AI model, a network of interacting and collaborating digital twins should be properly defined without leveraging the exchange of medical data to avoid legal issues. Federated learning (FL) alleviates this issue by exchanging model parameters; however, security is compromised by poisoning attacks. This paper presents the architecture of networked digital twins using FL for disease diagnosis across multiple healthcare providers. Moreover, we deal with data-poisoning protection by leveraging the blockchain. The proposed solutions were experimentally assessed to prove their suitability and effectiveness in addressing the introduced research challenges. We prove that under data-poisoning attacks, the achievable accuracy is close to that for the case with no attacks, with a distance of 10%, and is not affected by sudden drops, as in the case of attacks without any protection. We assessed various FL models and achieved an accuracy of approximately 0.8 within an emulated scenario affected by heterogeneities and the impossibility of sharing data samples.
[J4] Soulbound Tokens: Enabler for Privacy-Aware and Decentralized Authentication Mechanism in Medical Data Storage
Blockchain in Healthcare Today
The digitalization of the healthcare sector faces significant challenges due to the diverse representation of data and their distribution across various hospitals. Moreover, security is a key concern as healthcare-related data are subject to the legal obligations of GDPR and similar data protection legislations. Standardization efforts like HL7 have been implemented to enhance data interoperability. However, authentication still remains a critical issue, even significant challenges. This research aims to improve and strengthen the authentication process by introducing a novel architecture for decentralized authentication. Additionally, it proposes a new approach to decentralized data management, which is crucial for handling sensitive medical data efficiently. The proposed architecture adopts a user-centric approach, utilizing Self-Sovereign Identity (SSI). It introduced a new non-fungible token (NFT) type called Soulbound token (SBT) in the medical context, which will facilitate user authentication across different hospitals, effectively creating a federation of interconnected institutions. The implementation of the proposed architecture demonstrated a significant reduction in authentication time across multiple hospitals. The use of SBT ensured secure and seamless user authentication, enhancing overall system interoperability and data security. The decentralized approach also mitigated the risks associated with centralized authentication servers. The study successfully presents a novel decentralized authentication architecture for the healthcare domain, leveraging SSI and SBTs. This approach not only accelerates the authentication process but also enhances data security and interoperability among hospitals. Future research should explore the scalability of this architecture and its application in other sectors requiring stringent data security measures.
[J3] Smart Contract Vulnerability Detection: The Role of Large Language Model (LLM)
ACM SIGAPP Applied Computing Review
Smart contracts are susceptible to various vulnerabilities that can lead to significant financial losses. The usage of tools for vulnerabilities is reducing the threats but presents some limitations related to the approach used by the tool itself. This paper presents a novel approach to smart contract vulnerability detection utilizing Large Language Models (LLMs), as a tool to detect all the vulnerabilities at once. Our proposed tool leverages the advanced natural language processing capabilities of LLMs to analyze smart contract code and identify potential security flaws. By training the LLM on a diverse dataset of known smart contract vulnerabilities and secure coding practices, we enhance its ability to recognize subtle and complex vulnerabilities that traditional static analysis tools might miss. The evaluation of our tool demonstrates its effectiveness in detecting a wide range of vulnerabilities with satisfaction and accuracy, providing developers with a robust mechanism to improve the security of their smart contracts before deployment. This approach signifies a significant advancement in the application of artificial intelligence for blockchain security, highlighting the potential of LLMs to enhance the reliability and safety of decentralized applications.
[C11] Decentralized Identity Management and Privacy-Enhanced Federated Learning for Automotive Systems: A Novel Framework
2024 IEEE 27th International Symposium on Real-Time Distributed Computing (ISORC)
Federated Learning (FL) has revolutionized collaborative machine learning by decentralizing data processing, enhancing the efficiency of traditional Machine Learning (ML) approaches, and mitigating privacy concerns associated with data exchange. Despite these advantages, security challenges persist, particularly in securely transmitting model updates within vehicular networks and authenticating nodes participating in the protocol. This paper presents an innovative framework that addresses authentication and mobility challenges in automotive systems through the integration of Decentralized Identity Management (IdM) and FL. Highlighting the need for robust authentication in automotive systems, the research concurrently explores avenues to optimize FL performance within this specific context. Through the incorporation of a decentralized authentication mechanism and the establishment of synchronization means, our proposed framework ensures security and synchronization in the transmission of model weights. This comprehensive solution paves the way for notable advancements in collaborative ML in highly dense and distributed contexts, such as the vehicular networks.
[C10] Escaping from identity providers: protecting privacy with verifiable credentials in community solid server
2024 IEEE 27th International Symposium on Real-Time Distributed Computing (ISORC)
This paper investigates how Verifiable Credentials can be incorporated into authentication and authorisation protocols used in Solid as a solution which can enhance user privacy. A VC-based authentication protocol is proven secure as an alternative to Solid-OIDC. The protocol distinguishes clearly between the agent holding a VC and the app accessing resources on behalf of the user. The protocol is integrated into the authorisation server of the open-source Community Solid Server.
[C9] Improve Wallet Interoperability and Federation in Blockchain-Based User-Centric Authentication for Healthcare
2nd International Workshop on Trends in Digital Identity (TDI 2024)
The continuous enhancement and extensive digitalization of medical services have raised various challenges regarding security and privacy. Among these, authentication is one of the most critical, considering identity spoofing and weak passwords. Recently, novel authentication methods such as user-centric authentication are trying to solve the problem by moving identity data and relative claim verification away from a centralized identity manager. When turning this paradigm into the medical domain, it is needed to encompass that not all users are equal, but certain classes are characterized by precise privileges with respect to authentication, such as doctors that must be prioritized over patients. Moreover, it is unfeasible to impose a single technology and infrastructure within an ecosystem characterized by current medical applications; therefore, multiple different solutions need to coexist. In this paper, we discuss a novel framework able to cope with the interoperability, backup and restore of Blockchain-based Self-Sovereign Identity (SSI) wallets. We particularly evaluated the system in a medical context by outlining the different roles of holders with related wallet typologies. Our approach demonstrates its feasibility through the use of a shared registry and smart contract that can smoothly work with two kinds of wallet implementation in a federation of issuers and verifiers.
[C8] VulnHunt-GPT: a Smart Contract vulnerabilities detector based on OpenAI ChatGPT
The 39th ACM/SIGAPP Symposium on Applied Computing (SAC 2024)
Smart contracts are self-executing programs that can run on a blockchain. Due to the fact of being immutable after their deployment on blockchain, it is crucial to ensure their correctness. For this reason, various approaches for static analysis of smart contracts have been proposed, but they may be on the one hand imprecise or on the other hand difficult to train. In this paper, we propose a novel approach for detecting smart contract vulnerabilities using OpenAI's Generative Pre-trained Transformer 3 (GPT-3) language model. Our approach, called VulntHunt-GPT, uses GPT-3 to examine Ethereum smart contracts in order to identify the most popular vulnerabilities according to OWASP. We train VulntHunt-GPT on a dataset of smart contract functions and vulnerabilities to improve its accuracy. Our experiments show that VulntHunt-GPT outperforms almost all the existing state-of-the-art approaches in detecting a variety of vulnerabilities, including reentrancy attacks, integer overflow, and uninitialized storage. In addition, we conduct a case study to demonstrate the effectiveness of VulntHunt-GPT in detecting real-world smart contract vulnerabilities. We show that VulntHunt-GPT can identify previously unknown vulnerabilities in popular smart contracts, highlighting its potential for improving smart contract security. Our approach provides a promising direction for using natural language processing techniques to improve smart contract security and reduce the risk of smart contract exploits.
[C7] Ethereum Attestation Service as a solution for the revocation of hardware-based password-less mechanisms
The 39th ACM/SIGAPP Symposium on Applied Computing (SAC 2024)
Hardware-based solutions are becoming more and more popular as a result of the increased need for practical and safe authentication methods. However, one of the key challenges in these systems is the lack of a robust mechanism to revoke compromised credentials effectively. The Ethereum Attestation Service (EAS), which uses the blockchain-based Ethereum platform to create a decentralized, tamper-resistant infrastructure for credential attestation and revocation, is presented in this article as a novel solution to this critical issue. By combining the transparency and immutability of blockchain technology with smart contracts and cryptographic techniques, the EAS enables secure and auditable management of certificates. The conducted study investigates the limitations of existing revocation methods of password-less mechanisms and proposes the EAS as a viable alternative. In the design phase, the paper demonstrates the system's efficiency in handling attestation requests, verifying attestations, and securely managing revocations. EAS excels in providing reliable revocation, thereby reducing the risks associated with compromised hardware-based passwordless systems. Moreover, this research explores the benefits of EAS-based revocation within the IoT context, where Physically Unclonable Functions (PUFs) face similar challenges as HSMs. Experimental results, obtained in a testnet environment, reveal reduced authentication times, making this solution suitable for real-time scenarios as well.
[C6] Enhancing Security in User-Centered Authentication using KERI
The 32nd Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP 2024)
In the context of the widespread adoption of user-centric authentication methods, safeguarding the confidentiality of private keys during the exchange of credentials has become a critical concern. Key Event Receipt Infrastructure (KERI), distinguished by its distinctive design focusing on key events and receipts, aligns seamlessly with the ethos of user-centric authentication, eschewing the necessity for blockchain integration. This research leverages the architectural model of KERI to discern potential implications within the contemporary landscape of Self-Sovereign Identity (SSI) ecosystems, thereby contributing to the evolution of identity management practices. The need for this research arises from the recognition that while SSI obviates the need for central authorities, thereby augmenting privacy and security, the imperative to preserve and securely store private keys persists. Our primary findings confirm that the integration of KERI within the SSI ecosystem provides a more resilient protocol for authentication by preventing the exchange of any kind of key used for the generation of the proof. This approach aims to prevent attacks in line with the principles of decentralization and trustlessness inherent in blockchain technologies. This research contributes to the expanding body of literature devoted to security and access management within the dynamic realm of user-centric applications and authentication.
[J2] Securing the Internet of Medical Things with ECG-based PUF encryption
IET Cyber-Physical Systems: Theory & Applications
The Internet of Things (IoT) is revolutionizing the healthcare industry by enhancing personalized patient care. However, the transmission of sensitive health data in IoT systems presents significant security and privacy challenges, further exacerbated by the difficulty of exploiting traditional protection means due to poor battery equipment and limited storage and computational capabilities of IoT devices. The authors analyze techniques applied in the medical context to encrypt sensible data and deal with the unique challenges of resource-constrained devices. A technique that is facing increasing interest is the Physical Unclonable Function (PUF), where biometrics are implemented on integrated circuits' electric features. PUFs, however, demand special hardware, so in this work, instead of considering the physical device as a source of randomness, an ElectroCardioGram (ECG) can be taken into consideration to make a ‘virtual’ PUF. Such an mechanism leverages individual ECG signals to generate a cryptographic key for encrypting and decrypting data. Due to the poor stability of the ECG signal and the typical noise existing in the measurement process for such a signal, filtering and feature extraction techniques must be adopted. The proposed model considers the adoption of pre-processing techniques in conjunction with a fuzzy extractor to add stability to the signal. Experiments were performed on a dataset containing ECG records gathered over 6 months, yielding good results in the short term and valuable outcomes in the long term, paving the way for adaptive PUF techniques in this context.
[C5] Decentralized Authentication for Web of Things: a Self-Sovereign Identity (SSI)-based solution
2024 International Conference on Computing, Networking and Communications (ICNC): Edge Computing, Cloud Computing and Big Data
As the Internet of Things (IoT) continues to expand its reach, encompassing a vast array of devices and applications, including mission-critical ones, the need for secure and privacy-aware solutions increases. Traditional centralized authentication mechanisms may not be suitable for the highly distributed and heterogeneous nature of IoT environments, and they also have a very high demand in terms of energy and memory, which does not match the availability of resource-constrained devices. In this study, we suggest a novel solution to these difficulties based on Self-Sovereign Identity (SSI) principles, while taking into account the innovative Web of Things (WoT) architecture. It discusses how these elements from SSI can be applied in a WoT environment to establish trust between devices, users, and applications. Additionally, the paper explores the potential challenges and opportunities of integrating SSI into the WoT ecosystem, such as scalability, interoperability, and authentication. Through a comprehensive analysis of the SSI paradigm and its applicability in the WoT context, this paper sheds light on the transformative potential of device-centric identity management. It underscores the importance of privacy, security, and individual control in an increasingly interconnected world, advocating for SSI as a solution that aligns with the values of the digital age. By embracing SSI, stakeholders in the WoT ecosystem can ensure a more secure and trustworthy environment for all parties.
[J1] Strengthening Automotive Cybersecurity: A Comparative Analysis of ISO/SAE 21434-Compliant Automatic Collision Notification (ACN) Systems
Vehicles 2023
The increasing usage of autonomous and automatic systems within the automotive industry is steering us towards a more interconnected world. This enhanced interconnectivity fosters a more streamlined driving experience, reduces costs, and provides timely driver assistance. The electric/electronic (EE) architectures of modern vehicles are inherently complex due to the multitude of components they encompass. Contemporary architectures reveal that these components converge at an electronic control unit (ECU) called the central gateway, which could potentially represent a single point of failure. While this central unit is typically adequately safeguarded, the same cannot be said for the connected components, which often remain vulnerable to cyber threats. The ISO/SAE 21434 standard paved the way for automotive cybersecurity and could be used in parallel with other standards such as ISO 26262 and ISO PAS 21488. Automatic collision notification (ACN) is one of the most typical systems in a vehicle, and limited effort has been dedicated to identifying the most suitable architecture for this feature. This paper addresses the existing security and privacy gap of this feature by conducting a comparative analysis of security threats in two distinct ACN architectures. Notably, despite ACN architectures exhibiting inherent similarities, the primary distinction between the two architectures lies in their strategies for crash estimation and detection, followed by subsequent communication with emergency response teams. A rigorous security assessment was conducted using the ISO/SAE 21434 standard, employing the TARA and STRIDE methodologies through the Ansys medini analyze software. This analysis identified an average of 310 threats per architecture, including a significant number of high-level threats (11.8% and 15%, respectively), highlighting the importance of a comprehensive evaluation.
[C4] Decentralized Authentication in Microservice Architectures with SSI and DID in Blockchain
The 14th ieee international conference on Cloud Computing Technology and Science - CloudCom 2023
Microservice architectures aim at high modularity, reuse, and efficiency of code by structuring applications as a collection of services that are independently deployable, loosely coupled, and organized around business capabilities. As they are starting to be used in sensitive applications, security has started to be a priority, where authentication is one of the first protection means to be offered to developers by those products supporting microservice development. However, the available authentication solutions in these products are highly centralized, leveraging JSON Web Token (JWT) or related standards. This poses a serious issue in meeting the recent privacy legal obligations. In this paper, we propose a solution for integrating a decentralized blockchain-based authentication solution within the context of Istio, which is a service mesh supporting microservice developments. The usage of a Smart Contract, in combination with Decentralized Identifiers (DIDs) and JWT, paves the way for a concrete and fully decentralized revocation system without adding overhead or modification to existing microservices.
[C3] Using Knowledge Graphs to ensure Privacy Policies in decentralized data collection systems
2023 International Conference on Research in Adaptive and Convergent Systems - RACS 2023
As data collection systems become more complex and pervasive, ensuring transparency and accountability in the acquisition and use of personal data becomes increasingly critical. This work investigates the use of knowledge graphs as a solution to this problem, emphasizing their capacity to represent and enforce privacy laws in a decentralized setting. Knowledge graphs provide full privacy management and can be applied also to decentralized systems by providing a consistent representation of data and privacy policies. We specifically discuss how knowledge graphs can be used to track consent management and data retention policies; we also present a case study of our framework in action, demonstrating how it can be used to ensure transparency in an increasingly popular decentralized data collection system. The implementation of such a framework in a decentralized context shows that the use of knowledge graphs can provide a transparent and accountable view of the data collection process, improving trust and confidence in the system among both data subjects and regulators.
[C2] Self-Sovereign Identity (SSI) Attribute-Based Web Authentication
20th International Conference on Security and Cryptography - SECRYPT 2023
Web authentication is primarily based on password usage, representing the weakest link in the entire security chain. The number of services offered over the web is continuously increasing, and with them also the number of required passwords that users need to create and securely store. Despite various standards for password-less or multi-factor authentication, another issue is that most web authentication means use an identity provider (or a federation of providers) advocated to create, manage and check digital identity claims; able to profile user habits related to web navigation and violate rights in terms of privacy. Recently, we are witnessing a radical change of perspective, where identity checks and enforcement are moved away from the providers and more focused on users. Within such user-centric approaches, Self-Sovereign Identity (SSI) has faced progressive popularity, and some authentication mechanisms based on SSI have been proposed. This paper aims to describe a solution ba sed on Hyperledger Aries which is capable to achieve zero-knowledge proof to make an attribute-based authentication and authorization for the web able to cope with the recent legal obligations in terms of privacy.
[C1] A Decentralized Smart City Using Solid and Self-Sovereign Identity
Computational Science and Its Applications – ICCSA 2023 Workshops
In the Internet of Things (IoT) context, a considerable quantity of data flows from sensors to centralized servers, holding sensitive information related to users. Unfortunately, how servers store these data instances is usually poorly documented and does not offer any transparency to the users but may pave the way to possible privacy violations. Web decentralization is a prominent solution to cope with these issues and legal obligations regarding data protection so that multiple domains are progressively adopting it as the principal technological enabler. The IoT is not among them yet, as a centralized approach is still the most common one; however, moving data location away from servers to prefer gateways or directly to devices closer to users and under their direct control can realize a more decentralized approach and alleviate the issues related to performance, throughput as well as data protection. This paper aims to exploit existing data decentralization solutions, like Social Linked Data (Solid), to define a more distributed data management for IoT and propose a proof-of-concept implementation of a Smart City platform where users can store and directly manage data produced by public or private IoT devices. Despite providing decentralized data handling, Solid is still affected by a centralized identity management and authentication implementation represented by OpenID Connect. Therefore, to fulfill our vision of a decentralized IoT, we also investigate how decentralizing authentication within Solid and a new user-centric approach based on Self-Sovereign Identity (SSI) represents a promising solution.