classification of advanced mobile access control scenarios
DESCRIPTION
Presentation for the Ecumict 2012 conference (KaHo Sint-Lieven, Ghent)TRANSCRIPT
![Page 1: Classification of advanced mobile access control scenarios](https://reader033.vdocument.in/reader033/viewer/2022042815/55856ec3d8b42a4c2c8b48bc/html5/thumbnails/1.jpg)
Faysal Boukayoua Jan Vossaert
Ecumict KaHo Sint-Lieven, Ghent March 22nd 2012
![Page 2: Classification of advanced mobile access control scenarios](https://reader033.vdocument.in/reader033/viewer/2022042815/55856ec3d8b42a4c2c8b48bc/html5/thumbnails/2.jpg)
Introduction MobCom Access control use cases Research challenges
2
![Page 3: Classification of advanced mobile access control scenarios](https://reader033.vdocument.in/reader033/viewer/2022042815/55856ec3d8b42a4c2c8b48bc/html5/thumbnails/3.jpg)
Many authentication tokens
Time & location constraints in credentials?
Inflexible credential issuance
& revocation
Weak authentication
means
Privacy issues
3
![Page 4: Classification of advanced mobile access control scenarios](https://reader033.vdocument.in/reader033/viewer/2022042815/55856ec3d8b42a4c2c8b48bc/html5/thumbnails/4.jpg)
Trends & findings:
Increasing capabilities
Allows for more flexible solutions
Omnipresent
Mobile Internet penetration
Large backing from industry
4
![Page 5: Classification of advanced mobile access control scenarios](https://reader033.vdocument.in/reader033/viewer/2022042815/55856ec3d8b42a4c2c8b48bc/html5/thumbnails/5.jpg)
“A Mobile Companion” IWT research project 2010-2014 Prestudy: gather relevant requirements
Interview SMEs & large companies
Generalise use cases
Analyse standards & state-of-the-art
5
![Page 6: Classification of advanced mobile access control scenarios](https://reader033.vdocument.in/reader033/viewer/2022042815/55856ec3d8b42a4c2c8b48bc/html5/thumbnails/6.jpg)
MobCom
Flexible Access Control
Loyalty Cards &
Vouchers
Context-aware
services
6
![Page 7: Classification of advanced mobile access control scenarios](https://reader033.vdocument.in/reader033/viewer/2022042815/55856ec3d8b42a4c2c8b48bc/html5/thumbnails/7.jpg)
User’s mobile device User
1. Request confidential data
2. Authentication prompt
3. Authenticate
4. Confidential data
7
![Page 8: Classification of advanced mobile access control scenarios](https://reader033.vdocument.in/reader033/viewer/2022042815/55856ec3d8b42a4c2c8b48bc/html5/thumbnails/8.jpg)
Topics of interest
Distance bounding
Credential delegation to separate token
Biometrics
▪ Secure storage
▪ Secure matching
8
![Page 9: Classification of advanced mobile access control scenarios](https://reader033.vdocument.in/reader033/viewer/2022042815/55856ec3d8b42a4c2c8b48bc/html5/thumbnails/9.jpg)
Caregiver’s
mobile
Medical
caregiver
Credential
issuer
Patient’s
mobile
1. Authenticate
2a. Request medical data 2b. Request medical data
3. Prompt for credentials
4. Display required credentials
5. Acknowledge
7. Request credentials
6. Authenticate
8. Credentials 9. Credential properties
10. Return medical data 9
![Page 10: Classification of advanced mobile access control scenarios](https://reader033.vdocument.in/reader033/viewer/2022042815/55856ec3d8b42a4c2c8b48bc/html5/thumbnails/10.jpg)
Topics of interest
Break-the-glass policies
Credential/rights delegation
Realtime credential/rights retrieval
10
![Page 11: Classification of advanced mobile access control scenarios](https://reader033.vdocument.in/reader033/viewer/2022042815/55856ec3d8b42a4c2c8b48bc/html5/thumbnails/11.jpg)
Credential
issuer
Caregiver’s
mobile
Medical
caregiver
Patient’s
door
1. Authenticate
2a. Request access to residence
2b. Request access to residence
3. Prompt for credentials
4. Display required credentials
5. Acknowledge
7. Request credentials
6. Authenticate
8. Issue credentials 9. Credential properties
10. Open door 11
![Page 12: Classification of advanced mobile access control scenarios](https://reader033.vdocument.in/reader033/viewer/2022042815/55856ec3d8b42a4c2c8b48bc/html5/thumbnails/12.jpg)
Topics of interest
Remote versus local AC:
▪ Advanced versus simple decisions
▪ Revocation
▪ Requirement of network connectivity
▪ Single points of failure?
▪ Financial cost
▪ Remote upgrades
12
![Page 13: Classification of advanced mobile access control scenarios](https://reader033.vdocument.in/reader033/viewer/2022042815/55856ec3d8b42a4c2c8b48bc/html5/thumbnails/13.jpg)
Caregiver’s mobile Patient’s door
Credential
issuer
Medical
caregiver
1. Authenticate
2a. Request access to residence
2b. Request access to residence
3. Prompt for credentials
4. Review required credentials
5. Acknowledge
7. Request credentials
8. Issue credentials
9. Credential properties
10. Open door
6. Set up secure authentic tunnel
13
![Page 14: Classification of advanced mobile access control scenarios](https://reader033.vdocument.in/reader033/viewer/2022042815/55856ec3d8b42a4c2c8b48bc/html5/thumbnails/14.jpg)
Typical use cases
Guests at hotels
Nurses in service flats
Cleaners in corporate environment
More centralisation Remote upgrades easier No phone connectivity needed
14
![Page 15: Classification of advanced mobile access control scenarios](https://reader033.vdocument.in/reader033/viewer/2022042815/55856ec3d8b42a4c2c8b48bc/html5/thumbnails/15.jpg)
User’s mobile User’s
workstation
Credential
issuer
User Remote
Server
1a. Request resource 1b. Request resource
2. Prompt for credentials 3. Forward prompt
4. Review credentials
5. Acknowledge
7. Request credentials
8. Issue credentials
10. Credential properties
11. Return resource
9. Set up secure authentic tunnel
6. Set up secure authentic tunnel
15
![Page 16: Classification of advanced mobile access control scenarios](https://reader033.vdocument.in/reader033/viewer/2022042815/55856ec3d8b42a4c2c8b48bc/html5/thumbnails/16.jpg)
16
![Page 17: Classification of advanced mobile access control scenarios](https://reader033.vdocument.in/reader033/viewer/2022042815/55856ec3d8b42a4c2c8b48bc/html5/thumbnails/17.jpg)
17