80 likes | 183 Views
NISnet meeting 10.10.2007 Mobile Applied Trusted Computing. Josef Noll, josef@unik.no. Security and authentication: Leading questions. What do I fear? That somebody steals my identity and I can't do anything about it. That biometrics takes it all – and privacy disappears
E N D
NISnet meeting 10.10.2007Mobile Applied Trusted Computing Josef Noll, josef@unik.no
Security and authentication:Leading questions • What do I fear? • That somebody steals my identity and I can't do anything about it. • That biometrics takes it all – and privacy disappears • What can I use to make life more comfortable? • Reduce number of “secure devices” I have to carry (BankID, Telenor access card, keys, money, credit card, …) • Have a device which is secure (enough). • Why is my phone the security infrastructure? • Because I can ask my operator to block it, if it gets stolen. • Because it is not an insecure Microsoft device.
Summary:Identity in the virtual world • Real world: see and/or talk • Voice • Face • Virtual world: email, web • Username, passwd • SIM, PKI • Security, privacy • Service world (between providers) • Identity management • Service level agreement (SLA) • Trust relation
Introduction:Identity • Identity is attributes of your persona • Social, Corporate and Private IDs • Internet was built without an identity layer • Identity 2.0 stems from Web 2.0 • People, information and software • More user-oriented (wikis, comments, tags) • More seamless web services (AJAX) • Service related security • Provide just the information which is necessary • Mobile challenges
Summary:Identity 2.0 – The goal Identity Personal(PID) Corporate(CID) Social(SID) • User centric • More like real life ID’s (passport, license) • Multiple ID’s (PID, SID, CID) • Certificates and preferences • Choose attributes~more privacy • ID providers • Multiple providers • Own certificates • Mobile, and de-centralized
Certificate Certificate Certificate Certificate Mastercard,Visa Soc. sec. number Challenge: Role based service access My identities … Appx Appz Appy Bank Telecom Josef Role based service access admittance sports VPN origin Public Authority Corporate - CID Social - SID • Next Generation Applications: • Customized services • Remote services • Proximity services • High flexibility • Telecom-IT integration • Challenges • Privacy • Trust • Application security Application providers Identity provider Private - PID
Certificate New role:Identity provider Josefine Remote services Proximity services • Who provides? • ID provider • Where to store? • Network • Phone • How to store/backup? • long term, short term
Summary:Security Challenges • Mobile based access and payment • Next generation SIM cards • Virtualization of SIM credentials • Contactless access through NFC • (out-of-band) key distribution in heterogeneous networks • User privacy enhancing technologies • service specific authentication methods • role-based access mechanisms • Semantic Web and Web Services • Policies and rules support in ontologies • Trust distribution in distributed ontologies • Privacy protection in social networks