10.20.2007, josef nollnisnet nisnet meeting 10.10.2007 mobile applied trusted computing josef noll,...
TRANSCRIPT
10.20.2007, Josef Noll NISnet
NISnet meeting 10.10.2007
Mobile Applied Trusted Computing
Josef Noll,
10.10.2007, Josef Noll NISnet
Security and authentication:
Leading questions What do I fear?
– That somebody steals my identity and I can't do anything about it.– That biometrics takes it all – and privacy disappears
What can I use to make life more comfortable?– Reduce number of “secure devices” I have to carry (BankID,
Telenor access card, keys, money, credit card, …)– Have a device which is secure (enough).
Why is my phone the security infrastructure?– Because I can ask my operator to block it, if it gets stolen.– Because it is not an insecure Microsoft device.
10.10.2007, Josef Noll NISnet
Summary:
Identity in the virtual world Real world:
see and/or talk Voice Face
Virtual world: email, web
Username, passwd SIM, PKI Security, privacy
Service world (between providers)
Identity management Service level agreement
(SLA) Trust relation
10.10.2007, Josef Noll NISnet
Introduction:
Identity Identity is attributes of your persona
– Social, Corporate and Private IDs Internet was built without an identity layer
– Identity 2.0 stems from Web 2.0– People, information and software– More user-oriented (wikis, comments, tags)– More seamless web services (AJAX)
Service related security– Provide just the information which is necessary
Mobile challenges
10.10.2007, Josef Noll NISnet
Summary:
Identity 2.0 – The goal User centric
– More like real life ID’s (passport, license)– Multiple ID’s (PID, SID, CID)– Certificates and preferences– Choose attributes
~more privacy ID providers
– Multiple providers– Own certificates
Mobile, and de-centralized
Personal(PID)
Corporate(CID)Social
(SID)
Identity
10.10.2007, Josef Noll NISnet
Challenge: Role based service access
Next Generation Applications:
– Customized services– Remote services– Proximity services– High flexibility– Telecom-IT integration
Challenges– Privacy– Trust– Application security
Appx
Appy
Appz
Identity providerCorporate - CID
VPN admittance Public Authority
…
Bank
Application providers
CertificateCertifica
te
Certificate
Social - SID
sports origin
Private - PIDMastercard,
VisaSoc. sec. number
Certificate
Telecom
Josef
Role based service access
My identities
10.10.2007, Josef Noll NISnet
New role:Identity provider
Certificate
Josefine
Remote services
Proximity services
Who provides?–ID provider
Where to store?–Network–Phone
How to store/backup?–long term, short term
10.10.2007, Josef Noll NISnet
Summary:Security Challenges Mobile based access and payment
– Next generation SIM cards– Virtualization of SIM credentials– Contactless access through NFC – (out-of-band) key distribution in heterogeneous networks
User privacy enhancing technologies– service specific authentication methods– role-based access mechanisms
Semantic Web and Web Services– Policies and rules support in ontologies– Trust distribution in distributed ontologies– Privacy protection in social networks