320 likes | 510 Vues
FIA Madrid. Trust & Identity Session Panel 1: Trust. Introduction by Jim Clarke. High-level introduction to the position paper the concept of lanes session focuses on lane 1 (Trust) and 2 (Identity and Privacy). Keynote Sachar Paulus. Trust definition close to “business trust”:
E N D
FIA Madrid Trust & Identity SessionPanel 1: Trust
Introduction by Jim Clarke • High-level introduction to the position paper • the concept of lanes • session focuses on lane 1 (Trust) and 2 (Identity and Privacy)
Keynote Sachar Paulus • Trust definition close to “business trust”: • willingness to take risk • necessary prerequisite: “get back or blame” • trust vs. faith • achieve trust by providing recovery options (“contract”) • accountability
Keynote Sachar Paulus (2) • Trust into the FI for businesses • Measurability • Trust into the FI for individuals • right to be left alone • right to time and memory loss • but legal environment needed in consumer role • multi-party security requirements
Keynote Sachar Paulus (3) • Trust in the FI • trust cannot be outsourced • but: trust management can be outsourced (cf. PKI) • Scenario: Cloud Computing • Business: • where is data located? • who runs the services? • who runs the servers? • accountability • Individuals: • privacy, roll-back option, etc. • transparency, multi-party security • Security, Privacy and Trust are essential non-functional design properties • no way to outsource them
Position Paper SyedNaqvi (Services) • how to establish trust in Services • trust: A believes that B behaves exactly as expected and required • can services be modeled as generic entity • many concepts that are difficult to converge • introduces convergence areas of trust • e.g., resilient services: possible to restore the level of trust? • RESERVOIR overview: grid, virtualisation, services
Position Paper SyedNaqvi (Services) (2) • RESERVOIR security requirements • separation of services running in the same virtual environment • trust: interoperation of service vendors • protect the management interfaces • policies upon migration: only allow migration to domains with same policy
Position Paper Theodore Zahariadis (Content) • “Prosumer” • relation to • identity, authentication trust • usage • business (payment) • social context (children) • etc. • Requirements scale to network issues (cf. slides) • Identity requirements
Position Paper Mirko Presser (RWI) • there is no single representative scenario • billions of nodes meet billions of consumers • behaviour changes in real-time • Trust starts at the elementary point, i.e., the node • authentication, authorisation, payment, accuracy, quality of service
Discussion (1) • Peter S(?) Eurescom: need for an trustworthy entity (was government, banks etc. before) • Sachar: there will never be one single entity spread across different entities. Who will be the entities? • Michel: real-time trust necessary, important to design and measure trust in real-time, build up trust scenarios • Theodore: different application layers will have different means for establishing trust (cf. payment vs. sensor network usage), we need different methods
Discussion (2) • real-time trust: • Michel: based on recommendation • or the availability of history (we will need to have logs immediately raises privacy issues) • Sachar: not a new concept, but the context has changed in the FI • Theodore: trust without history based on reputation metrics
Discussion (3) • ? (Uni Vienna): importance of different means, compartementalisation, how to manage this? • Michel: big difference between trust and security • Syed: trust is a multilateral notion in the FI, • trust based on certification, assurance • Jacques: chained services, liability of software and service providers, one partner for the customer: the provider of the service consumed by the end user, how does trust propagate through the chain? It will just happen, no way to discuss away the complexity • Caspar: pointer to InfoCard, usability of trust, privacy, people have different aptitudes, motivation for response (cf. response time of banks for phishing attacks), systematic response only when critical situation occur
Discussion (4) • activities of GT 2009
Discussion (5) • ? end-point trust (t-shirt example: we have means to evaluate and impose trust based on the evaluation), need for new models for building reputation, responsibility at multiple levels • Sachar: to which extent do we need to regulate? regulations can be helpful, but don’t over-regulate
Discussion (6) • Nick: individuals will likely not be willing to take risk, how to tell them • Michel: depends on the respective trust model, model trust in terms of behaviour • Theodore: example of reading terms and conditions when entering a web site, they are never read • Jacques: normally no absolute freedom in offers and service to customers consumer protection law that provides some trust, need for similar regulation in the FI • Mirko: ignorance (of the detailed conditions) is a blessing, need only if things go wrong • is there a higher percentage of bad guys in the FI than in the real world • Caspar: it will be impossible to provide complete transparency
After Lunch, Volkmar Lotz Volkmar Lotz, SAP Labs Presentation of Position Paper What is an identity? Considerations • Privacy-friendly identity • Usability and flexibility • Usage Control Enforcement
Caspar Bowden Caspar Bowden, Chief Privacy Advisor Microsoft EMEA An Example of a Strategic Privacy Technology and Implications for Policy • Privacy V Security • The trouble with PKI, “Minimum Disclosure Tokens” • Authentication ≠ Identification, Privacy Friendly revocation • Aligning Technology with Policy • Strategic PETs in a Legal Framework
Phil Jansen Phil Jansen, Manager Security ad Cryptography, IBM Security Lab, Zurich. • Problem: Digital world never forgets. • Challenges: Controlling Access (security), Accuracy and Usage (privacy) • Privacy V. Accountability, Anonymity V Traceability • Role of Identity Provider • Research Directions
Discussion (7) Panel Discussion • Joao Girao, NEC (SWIFT, Daidalos)Virtual ID defined in Daidalos. Separation of one person’s different IDs (Joao Girao from work and Joao Girao from home want a different ID. One should not be traceable to the other.) • Kajetan Dolinar, Privacy Protection Cycle, A concept for a systemic privacy protection (PERSIST)Peer-to-Peer security backed-up with the infrastructure defined in PERSIST.PERSIST Privacy Protection Cycle.
Discussion (8) Panel Discussion Neeli Prasad, Aalbourg University (ASPIRE)Real world scenarios • Tracking your children. Who else can see? How to validate the correct user? • Tracking the food you eat. Where does it come from? How long did it take to get to me? • Am I paying my bill to the right person? What does identity really mean?
Discussion (9) Chair • What are user expectations?, Management of Identity. • What are the gaps? Use these to driver our research roadmap? Caspar “Blinding” developed 19 years ago but not seen as a priority. Now we have a problem. Phishing attacks were predicted by some but ignored. Currently have a unique window of opportunity. Identity V. Anonymity. Prediction rise of traffic analysis attacks by attaacking the router.
Discussion (10) Caspar “Onion Routing” (?) where packets are bounced off multiple router randomly to avoid traffic analysis so web server doesn’t know where packets are coming from. Interface between transport layer and application layer not well understood by most. Phil Janson Gaps are: • Key players need to get together (like IBM and MS). Need to be able to use either technology interchangeability. Requires Standards • Deliberate decision by key stakeholders to start deploying. Firstly in s/w eventually in chips.
Discussion (11) Chair What’s the delay implementing this? Kajetan Dolinar Legislation Joao Girao Need to rewrite some code already out there. The current Internet is not optimal. Neeli Prasad Maybe the pieces are not yet ready. Have to understand what we need. We have nice solutions, now these protocols should be modified for what we need.
Discussion (12) Caspar Economics is the issue. Most professional don’t even know the problem exists, never mind a typical user. Market has failed to take care of this issue. Legal situation is confusion with a clutter of many laws, forcing companies to keep data. Phil Privacy is user-centric. Only the user cares. Stakeholders have to push service providers. Users are not prepared to pay for security/privacy so no business case. Floor Openness and privacy. User awareness is missing. Technology cannot catch up with law. Also need for international laws.
Discussion (13) Floor 2. Reiterate previous speaker. Floor 3. German Awareness initiative for raising awareness among users of security. “What is missing from security learning?” Q to IT students. Their only concern was the availability of their computer. People will always choose comfort over privacy.
Discussion (14) Floor Public Sector procurement policies, panel to discuss. Phil – Switzerland is working on this for citizens’ interaction with the govt. Caspar – Lobbyist shooting down ideas. “Most liberal environment is best for the market” is the thinking. Neeli – Denmark is quite a safe environment. Danish people typically put a lot of information on-line. Jacques (Commission) – Some initiatives already exist like health card in UK. Still societal discussions to take place. Some projects like STORK leading to the possibility for EU govts to come to a policy definition to allow them to start thinking about procurement. Kajetan – Each service provider should be forced to use a Hypocratic database.
Discussion (15) Jacques (Commission) – Standardisation will be introduced. Chair – summary • Some pieces are available and can be deployed. • Lawyers are 20 years behind • Kids don’t care • Users won’t pay.
Martin Potts Martin Pots – Martel (FEDERICA) FEDERICA is a FIRE project. A large open test bed that can be used for many things. Federica similar to GENI. Based on GEANT network. Onelab is European part of PlanetLab. Federica is looking into becoming part of OneLab. Federica can be used by anyone but not for commercial purposes. Usually a timeframe limit of about 3 months but open for all ideas. Jacques – Who pays for access Martin – Federica funded under FP7, only expense is to get connected.
Martin Pots Latif Ladid - Which ideas are of particular interest. Martin – Virtualisation, Security. Federica is IPv6-ready. Floor – Security testing usually involves negative testing. Martin – Mechanisms will be in place to stop people going outside the slice allocated to them. Floor (PII project) – Panlabs network can be used for security testing also. Apply through PII office.
Discussion (16) (New Panel) Jim Clarke – Moving from Trust and Identity/Privacy to Security. Panel member (France) – not talked enough about governance of the process. Identity of things and virtual services. How to design the management framework. Volkmar – Lots of dependencies. How to break it into manageable pieces. Chair (UK) – Need to think about pilots. What kind of pilots should we be deploying. Panel member (France) – Hard to simulate what we need to test – need a real user. Floor – a lot of discussion today on privacy, assuming one overall authority. Not as much discussion on user-management of identity. Panel member (France) – Identity is a vague term (e.g. RFID) treat IP address in different ways in different cases – it is just a pointer.
Discussion (17) Panel member (France) – Need to monitor P2P communications. How to measure all activity on the network. Floor – Hard to test across multiple networks. Jim – Should be taken into consideration.
Conclusion Trust Panel • Real-time • compartementalisation, different means in place, multiple levels of responsibility • multi-lateral • transitivity of trust, liability • usability • motivation for response • the proper level of regulation