Nisnet meeting 10 10 2007 mobile applied trusted computing
Download
1 / 8

NISnet meeting 10.10.2007 Mobile Applied Trusted Computing - PowerPoint PPT Presentation


  • 77 Views
  • Uploaded on

NISnet meeting 10.10.2007 Mobile Applied Trusted Computing. Josef Noll, [email protected] Security and authentication: Leading questions. What do I fear? That somebody steals my identity and I can't do anything about it. That biometrics takes it all – and privacy disappears

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'NISnet meeting 10.10.2007 Mobile Applied Trusted Computing' - dino


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Nisnet meeting 10 10 2007 mobile applied trusted computing
NISnet meeting 10.10.2007Mobile Applied Trusted Computing

Josef Noll,

[email protected]


Security and authentication leading questions
Security and authentication:Leading questions

  • What do I fear?

    • That somebody steals my identity and I can't do anything about it.

    • That biometrics takes it all – and privacy disappears

  • What can I use to make life more comfortable?

    • Reduce number of “secure devices” I have to carry (BankID, Telenor access card, keys, money, credit card, …)

    • Have a device which is secure (enough).

  • Why is my phone the security infrastructure?

    • Because I can ask my operator to block it, if it gets stolen.

    • Because it is not an insecure Microsoft device.


Summary identity in the virtual world
Summary:Identity in the virtual world

  • Real world: see and/or talk

  • Voice

  • Face

  • Virtual world: email, web

  • Username, passwd

  • SIM, PKI

  • Security, privacy

  • Service world (between providers)

  • Identity management

  • Service level agreement (SLA)

  • Trust relation


Introduction identity
Introduction:Identity

  • Identity is attributes of your persona

    • Social, Corporate and Private IDs

  • Internet was built without an identity layer

    • Identity 2.0 stems from Web 2.0

    • People, information and software

    • More user-oriented (wikis, comments, tags)

    • More seamless web services (AJAX)

  • Service related security

    • Provide just the information which is necessary

  • Mobile challenges


Summary identity 2 0 the goal
Summary:Identity 2.0 – The goal

Identity

Personal(PID)

Corporate(CID)

Social(SID)

  • User centric

    • More like real life ID’s (passport, license)

    • Multiple ID’s (PID, SID, CID)

    • Certificates and preferences

    • Choose attributes~more privacy

  • ID providers

    • Multiple providers

    • Own certificates

  • Mobile, and de-centralized


Challenge role based service access

Certificate

Certificate

Certificate

Certificate

Mastercard,Visa

Soc. sec. number

Challenge: Role based service access

My identities

Appx

Appz

Appy

Bank

Telecom

Josef

Role based service access

admittance

sports

VPN

origin

Public Authority

Corporate - CID

Social - SID

  • Next Generation Applications:

    • Customized services

    • Remote services

    • Proximity services

    • High flexibility

    • Telecom-IT integration

  • Challenges

    • Privacy

    • Trust

    • Application security

Application providers

Identity provider

Private - PID


New role identity provider

Certificate

New role:Identity provider

Josefine

Remote services

Proximity services

  • Who provides?

  • ID provider

  • Where to store?

  • Network

  • Phone

  • How to store/backup?

  • long term, short term


Summary security challenges
Summary:Security Challenges

  • Mobile based access and payment

    • Next generation SIM cards

    • Virtualization of SIM credentials

    • Contactless access through NFC

    • (out-of-band) key distribution in heterogeneous networks

  • User privacy enhancing technologies

    • service specific authentication methods

    • role-based access mechanisms

  • Semantic Web and Web Services

    • Policies and rules support in ontologies

    • Trust distribution in distributed ontologies

    • Privacy protection in social networks


ad