Nisnet meeting 10 10 2007 mobile applied trusted computing
This presentation is the property of its rightful owner.
Sponsored Links
1 / 8

NISnet meeting 10.10.2007 Mobile Applied Trusted Computing PowerPoint PPT Presentation


  • 48 Views
  • Uploaded on
  • Presentation posted in: General

NISnet meeting 10.10.2007 Mobile Applied Trusted Computing. Josef Noll, [email protected] Security and authentication: Leading questions. What do I fear? That somebody steals my identity and I can't do anything about it. That biometrics takes it all – and privacy disappears

Download Presentation

NISnet meeting 10.10.2007 Mobile Applied Trusted Computing

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Nisnet meeting 10 10 2007 mobile applied trusted computing

NISnet meeting 10.10.2007Mobile Applied Trusted Computing

Josef Noll,

[email protected]


Security and authentication leading questions

Security and authentication:Leading questions

  • What do I fear?

    • That somebody steals my identity and I can't do anything about it.

    • That biometrics takes it all – and privacy disappears

  • What can I use to make life more comfortable?

    • Reduce number of “secure devices” I have to carry (BankID, Telenor access card, keys, money, credit card, …)

    • Have a device which is secure (enough).

  • Why is my phone the security infrastructure?

    • Because I can ask my operator to block it, if it gets stolen.

    • Because it is not an insecure Microsoft device.


Summary identity in the virtual world

Summary:Identity in the virtual world

  • Real world: see and/or talk

  • Voice

  • Face

  • Virtual world: email, web

  • Username, passwd

  • SIM, PKI

  • Security, privacy

  • Service world (between providers)

  • Identity management

  • Service level agreement (SLA)

  • Trust relation


Introduction identity

Introduction:Identity

  • Identity is attributes of your persona

    • Social, Corporate and Private IDs

  • Internet was built without an identity layer

    • Identity 2.0 stems from Web 2.0

    • People, information and software

    • More user-oriented (wikis, comments, tags)

    • More seamless web services (AJAX)

  • Service related security

    • Provide just the information which is necessary

  • Mobile challenges


Summary identity 2 0 the goal

Summary:Identity 2.0 – The goal

Identity

Personal(PID)

Corporate(CID)

Social(SID)

  • User centric

    • More like real life ID’s (passport, license)

    • Multiple ID’s (PID, SID, CID)

    • Certificates and preferences

    • Choose attributes~more privacy

  • ID providers

    • Multiple providers

    • Own certificates

  • Mobile, and de-centralized


Challenge role based service access

Certificate

Certificate

Certificate

Certificate

Mastercard,Visa

Soc. sec. number

Challenge: Role based service access

My identities

Appx

Appz

Appy

Bank

Telecom

Josef

Role based service access

admittance

sports

VPN

origin

Public Authority

Corporate - CID

Social - SID

  • Next Generation Applications:

    • Customized services

    • Remote services

    • Proximity services

    • High flexibility

    • Telecom-IT integration

  • Challenges

    • Privacy

    • Trust

    • Application security

Application providers

Identity provider

Private - PID


New role identity provider

Certificate

New role:Identity provider

Josefine

Remote services

Proximity services

  • Who provides?

  • ID provider

  • Where to store?

  • Network

  • Phone

  • How to store/backup?

  • long term, short term


Summary security challenges

Summary:Security Challenges

  • Mobile based access and payment

    • Next generation SIM cards

    • Virtualization of SIM credentials

    • Contactless access through NFC

    • (out-of-band) key distribution in heterogeneous networks

  • User privacy enhancing technologies

    • service specific authentication methods

    • role-based access mechanisms

  • Semantic Web and Web Services

    • Policies and rules support in ontologies

    • Trust distribution in distributed ontologies

    • Privacy protection in social networks


  • Login