CAIMR was launched in October 2008 and its partners include identity management experts from industry, academia and government. The goal of the organization is to identify key identity management challenges and the existing gaps in knowledge surrounding them in order to provide the much-needed applied research to properly address them. Those societal challenges include cyber crime, identity theft and fraud, attacks on critical infrastructure systems, data breaches, financial crimes including mortgage fraud, protection of the warfighter and more, that impact individuals, public safety, commerce, government and national security.
"Late last year, we decided to bring together all of our key stakeholders to define the current and near future challenges in identity management and to build a research agenda to address those challenges," said Dr. Gary Gordon, Executive Director of CAIMR. "Based on that meeting, CAIMR has developed this report that outlines the first phase of our applied research agenda."
The consensus of the workshop participants was that a bold, comprehensive, and innovative applied research agenda is required to solve the identity management challenges faced by society today and in the future. As a result of the workshop discussions, CAIMR has identified four of the most prevalent identity management challenges that the organization will examine as it builds its applied research agenda this year:
The Cyber Challenge
-- Cyber crime investigations including advanced processes, methods, and tools to determine digital identities and to link them back to physical ones; -- Cyber security preventions and detection, data protection and attack vectors; and -- Cyber defenses and increased information sharing.
The Information Protection Challenge
-- Current and future attack vectors including vulnerabilities and how they can be eliminated; and -- Data breaches: analysis of the characteristics of the breaches, the amount of identity theft and fraud associated with the stolen data, the risks posed by different types of breeches, and how the breaches occurred.
The Information Sharing Challenge
-- Assessment of information sharing and collaboration models that incorporate strong policy and privacy components for enhancing identity management across large government organizations; -- Collaboration models for the sharing of information in order to protect the critical infrastructure; and -- Test-bed environments to study the impact of fusing shared data sets such as biometric and biographic information to improve authentication.
The Policy and Privacy Challenge
-- Assess the effectiveness of implemented policies (legislation or regulation) to address identity management issues such as credit freezes to protect future harm from identity theft or Red Flag Regulations; and -- Assess the impact of proposed identity management policies.
"We are currently facing a whole host of complex global identity management challenges ranging from major vulnerabilities in our critical infrastructure to rising cybercrime rings and reports of new data breaches in the headlines almost every day," said Norm Willox, Chairman of CAIMR and Special Advisor to the CEO, LexisNexis Risk and Information Analytics Group. "Identity management-related crime is growing exponentially and no one sector can mitigate or solve it alone. That's why CAIMR is dedicated to working collaboratively with its government, corporate and academic partners to address these key issues and provide real-world solutions."
In addition, CAIMR's workshop participants identified over 100 scenarios including threat scenarios which described how an identity can be compromised and threat mitigation scenarios which described how an identity can be protected. These threat scenarios span every industry, government agency and personal use for the Internet. Examples include:
-- Account take-over fraud against bank/retailer/healthcare providers -- Attack on an identity database -- Cyber threats to enterprise attribute-based controls -- Insider misuse of corporate assets/information -- Gain access to credit/financial data by fraud -- Using botnet networks to extort or hijack identity -- Identity fraud in thin file situations -- Relating real-world identities to 2nd life identities
After a thorough examination of these threat scenarios, CAIMR determined that the United States is failing to anticipate these threats and to develop new solutions in response to anticipated threats. CAIMR also concluded that a wide range of solutions exist to declare identity, protect the digital representation of that identity and guard against identity theft and misuse. Those include biometrics to declare identity; data encryption and digital rights management to protect the digital representation of an identity; and policy management, auditing and breach detectors to guard against identity theft and misuse.
"The struggle to establish identity, protect identity, and guard against identity theft and misuse is hard and only getting harder. We need new solutions faster and we need to be more sophisticated than those who are constantly at work falsifying, stealing, selling and using the identity of others," said Dr. Suzanne Barber, Director of the Center of Excellence in Distributed Global Environments (EDGE) at the University of Texas at Austin.
Gordon added, "CAIMR is committed to working closely with academia and public and private industry to change that equation and improve the overall state of identity management."
A full copy of CAIMR's report, "An Applied Research Agenda for Confronting Global Identity Management Challenges,"is available at http://caimr.indiana.edu/documents/20090507_caimr_researchagenda.pdf. The report is co-authored by Dr. Gary R. Gordon, Dr. Suzanne Barber, Director of the Center of Excellence in Distributed Global Environments (EDGE) at The University of Texas at Austin and Professor Fred Cate, Director of the Center for Applied Cybersecurity Research at Indiana University.
In Q3, CAIMR's next steps will be to define a common set of identity management terms, provide a model for use of data for identity management research, and create and maintain a portfolio of evolving requirements and solutions.
The Center for Applied Identity Management Research (CAIMR) is a non-profit corporation comprised of representatives from government, corporate and academic institutions who share a common interest in the multi-faceted aspects of identity management. It is a trusted public-private partnership bringing together cross-disciplinary experts in criminal justice, financial crime, biometrics, cyber crime and cyber defense, data protection, homeland security, risk management and national defense. CAIMR is an applied research organization that studies identity issues, their social implications, and the processes, technologies and polices designed to deal with them. Most importantly, CAIMR is focused on discovering real world solutions and providing best practices and recommendations. CAIMR's partners are: Cogent Systems, Equifax, IBM, Intersections, Indiana University, LexisNexis, Symantec, The University of Texas at Austin, US Secret Service, Visa, Fair Isaac, US Marshals Service, Wells Fargo & Company, Dragnet Solutions, ID Experts, Identity Theft Assistance Corporation (ITAC), Information Technology Association of America (ITAA), and National Center for Missing and Exploited Children (NCMEC), with Dr. Gary R. Gordon serving as its Executive Director. For more information on CAIMR, please visit: http://caimr.indiana.edu/.