Strength in diversity:lessons learnt from the Stork* projects

Strength in diversity:lessons learnt from the Stork* projects

Antonio Lioy< lioy @ polito.it >

Politecnico di TorinoDip. Automatica e Informatica

Security: is mine the same as yours?

is a door secure? plastic? wood? steel? no key? mechanical key? electronic key? who is the attacker? what is inside the room?

there is no government-mandated standard for physical doors ...

... so why there should be one for "computer doors"?

Security: a difficult (and moving) target

a human generation is 30 years ... a computer one is just 3! any technical solution (especially if agreed in a lengthy

process) risks to be obsolete by the time of its adoption

any technical solution is vulnerable to some attack (as humans are vulnerable to diseases)

so mandate principles, not technologies: using the same technology we can save money ... but we increase the risk of a total attacks (as a pandemia

for humans)

Some security principles

security = technical solution (minimize violations) legislative support (violators will be prosecuted) individual behaviour (don't make violations easy)

which is the most important factor?

security level must be adequate to the value of the protected item ... but not more!

users are typically the weak link in every security solution

Stork (18 countries, 36 partners, 2008-11) Austria Belgio Estonia France Germany Italy Luxembourg Netherlands Portugal Slovenia Spain Sweden United Kingdom plus – Iceland Finland, Greece, Lithuania,

Slovakia

and then STORK 2.0(2012-2015)

Stork: principles and results (I)

electronic identity = authentication + certified attributes set of certified European attributes lexicon (multilanguage attribute names) syntax (possible values) semantics (e.g. surname)

various authentication credentials reusable password, one-time-password, cellphone, software

certificate, smart-card used in a transparent way and with legal value (according

to the citizen's country) mutual recognition

Stork: principles and results (II)

various authentication levels cryptographic strength of the authentication technique strength of the identification process when distributing the

credentials QAA (Quality of Authentication Assurance) levels 1…4 requested level (to access the service) versus effective level

(depending on the authentication technique used by the citizen)

privacy protection and localization user talks with her own country provides explicit consent for the required attributes compulsory and optional attributes attributes managed end-to-end

The Stork infrastructureserviceprovider

Italiancitizen

SwedishStork

gatewayItalianStork

gateway

e-ID + attribute provider(Italian)

3. selectyour country

4a. consent?4b. which e-ID?

5a. authentication5b. consent (final)

2. go Stork!1. ask for

service

ECASEurop. Commission

Authentication Service

Stork: pilots

change of address

e-delivery (cross-border)

e-services authentication (cross-border)

student mobility

safer chat

Stork 2.0

focus on: attributes / delegation / representation powers integratione with non-government e-ID

three years 2012 -2015

many countries (~30) and partners (~60) pilots:

business registry (e.g. single-point-of-contact) e-health job market (e.g. professional certifications) e-learning e-banking

Strength in diversity

different countries use different e-IDs, with variable strength the interoperability solution permits the use of all of them

yet it does not compromise security, rather it supports adaptive security where each electronic service can request (and receive!) the appropriate level of protection

this solution does not hamper technological progress any country can adopt a new e-ID technology without

breaking its interoperability with the other countries a smooth evolution path is possible.

the Stork* projects are a clear example that: a compromise is often needed in deciding appropriate

security measures … but it does not have to be at the lowest common level … and does not stop technological evolution.