1 / 8

NISnet meeting 10.10.2007 Mobile Applied Trusted Computing

NISnet meeting 10.10.2007 Mobile Applied Trusted Computing. Josef Noll, josef@unik.no. Security and authentication: Leading questions. What do I fear? That somebody steals my identity and I can't do anything about it. That biometrics takes it all – and privacy disappears

dino
Télécharger la présentation

NISnet meeting 10.10.2007 Mobile Applied Trusted Computing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NISnet meeting 10.10.2007Mobile Applied Trusted Computing Josef Noll, josef@unik.no

  2. Security and authentication:Leading questions • What do I fear? • That somebody steals my identity and I can't do anything about it. • That biometrics takes it all – and privacy disappears • What can I use to make life more comfortable? • Reduce number of “secure devices” I have to carry (BankID, Telenor access card, keys, money, credit card, …) • Have a device which is secure (enough). • Why is my phone the security infrastructure? • Because I can ask my operator to block it, if it gets stolen. • Because it is not an insecure Microsoft device.

  3. Summary:Identity in the virtual world • Real world: see and/or talk • Voice • Face • Virtual world: email, web • Username, passwd • SIM, PKI • Security, privacy • Service world (between providers) • Identity management • Service level agreement (SLA) • Trust relation

  4. Introduction:Identity • Identity is attributes of your persona • Social, Corporate and Private IDs • Internet was built without an identity layer • Identity 2.0 stems from Web 2.0 • People, information and software • More user-oriented (wikis, comments, tags) • More seamless web services (AJAX) • Service related security • Provide just the information which is necessary • Mobile challenges

  5. Summary:Identity 2.0 – The goal Identity Personal(PID) Corporate(CID) Social(SID) • User centric • More like real life ID’s (passport, license) • Multiple ID’s (PID, SID, CID) • Certificates and preferences • Choose attributes~more privacy • ID providers • Multiple providers • Own certificates • Mobile, and de-centralized

  6. Certificate Certificate Certificate Certificate Mastercard,Visa Soc. sec. number Challenge: Role based service access My identities … Appx Appz Appy Bank Telecom Josef Role based service access admittance sports VPN origin Public Authority Corporate - CID Social - SID • Next Generation Applications: • Customized services • Remote services • Proximity services • High flexibility • Telecom-IT integration • Challenges • Privacy • Trust • Application security Application providers Identity provider Private - PID

  7. Certificate New role:Identity provider Josefine Remote services Proximity services • Who provides? • ID provider • Where to store? • Network • Phone • How to store/backup? • long term, short term

  8. Summary:Security Challenges • Mobile based access and payment • Next generation SIM cards • Virtualization of SIM credentials • Contactless access through NFC • (out-of-band) key distribution in heterogeneous networks • User privacy enhancing technologies • service specific authentication methods • role-based access mechanisms • Semantic Web and Web Services • Policies and rules support in ontologies • Trust distribution in distributed ontologies • Privacy protection in social networks

More Related