supports for identity management in ambient environments ......“supports for identity management...
TRANSCRIPT
Hasan Akram(MSc.-Inform.)ResearcherFraunhofer Institute for Secure Information Technology
Mario Hoffmann (Dipl.-Inform.)Head of Department “Secure mobile Systems“Fraunhofer Institute for Secure Information Technology
I-Centric26th Oct – 31st Oct, 2008, Sliema, Malta
Supports for Identity Management in Ambient Environments –The HYDRA Approach
“Supports for Identity Management in Ambient Environments – The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric26th Oct – 31st Oct, 2008, Sliema, Malta
Wireless becomes ambient and intelligent
“7 trillion wireless devices
for 7 billion people in 2017“
Wireless World Research Forum
“7 trillion wireless devices
for 7 billion people in 2017“
Wireless World Research Forum
Loss of control
Surveillance
Profiling
(SWAMI-Safeguards in a World of Ambient Intelligence, EU-Project, FP6)
“Supports for Identity Management in Ambient Environments – The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric26th Oct – 31st Oct, 2008, Sliema, Malta
Rapidly Increasing Amount ofPersonalisable Information
“Supports for Identity Management in Ambient Environments – The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric26th Oct – 31st Oct, 2008, Sliema, Malta
Identity Management Roadmap
“Supports for Identity Management in Ambient Environments – The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric26th Oct – 31st Oct, 2008, Sliema, Malta
User-centricityA question of the perspective
INTELLIGENTENVIRONMENTS
PERSONALISEDONLINESERVICES
PROFESSIONALATTACKERS
GOVERNMENT &ADMINISTRATION
IN COMPANYDATABASES
“Supports for Identity Management in Ambient Environments – The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric26th Oct – 31st Oct, 2008, Sliema, Malta
(Research) Challenges forUser-centric Identity Management
• User Empowerment
– User-controlled Identity Management – Informational Self-determination– Minimisation of Information Disclosure– Transparency
• Support of Anonymity & Pseudonymity
– Application level– Middleware– Access and Core Networks
• Privacy-enhanced Personalisation
– Best Practice– Rise Awareness
• New Development Tools for Ambient Environments
– Efficient and flexible Service Creation– Security & Privacy by Design (default configuration)
Citizen
Employee
Customer
Individuum
Victim
“Supports for Identity Management in Ambient Environments – The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric26th Oct – 31st Oct, 2008, Sliema, Malta
The Backend for Ambient Intelligent Systems
The Hydra project is co-funded by the European Commission within the Sixth Framework Programme under contract IST-2005-034891
Partners
1 C International Ltd., UK 2 CNet Sweden AB, SE3a Fraunhofer Institute for Applied
Information Technology, DE3b Fraunhofer Institute for Secure
Information Technology, DE4 In-JeT ApS, DK5 Priway, DK6 T-Connect, IT7 Telefónica I+D, ES8 University of Aarhus, Dept. of
Computer Science, DK9 Innova S.p.A., IT10 University of Reading,
Informatics Research Centre, UK11 MESH Technologies, DK12 Siemens Business Services, DE13 Technical University of Kosice
Networked Embedded System Middleware for Heterogeneous Physical Devices in a Distributed Architecture
3 major objectives:
- middleware tool that allows developers to develop systems with embedded, autonomic ambient intelligence computing
- middleware tool that hides the complexity of the underlying infrastructure
- make new and existing distributed device networks trustworthy and secure, robust and fault tolerant
The main challenge for implementation of ambient computing in networked embedded systems is to support the self-adaptive interplay of a vast range of existing and new components.
“Supports for Identity Management in Ambient Environments – The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric26th Oct – 31st Oct, 2008, Sliema, Malta
Outlook: PrototypeICT Summit, 25th-27th Nov 2008, Lyon, France
The photo shows the so-called “Kosice scenario“ realising an ambient intelligent heating breakdown.
The demonstrator comprises:- Hydra-based Building Automotion
System (HBAS) on Sony Playstation 3- Larger-than-life smart phone model
receiving the breakdown message- The technician‘s Tablet PC with
Smartcard unit (left outside the photo)
- Animated Flash cartoons explaining the process
“Supports for Identity Management in Ambient Environments – The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric26th Oct – 31st Oct, 2008, Sliema, Malta
HYDRA Scenario:
1. Breakdown of the Heating System
• Context information to enhance resolution process
2. Resident receives error
• Send request with context specific token
3. Approach of the service agent
• Token is co-signed by service provider
4. Firmware update
• Restricted access to internet based on context
“Supports for Identity Management in Ambient Environments – The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric26th Oct – 31st Oct, 2008, Sliema, Malta
Hydra‘s Security by Design Approach
H e a ting S y s te mH Y D R AP ro xy
H Y D R A -ba se dB u ild in g A u to m atio n
S ys te m
S e rv iceP rov ide r
R e s ide n t
S e rv iceA g en t
S e rv ic eA g en t
F irm w areD a ta b as e
D
D o or L oc k
1
2
3
4
5
6
7
9
8
1 0
1 1
1 2
1 3
1 4
1 5
16
1 7
Ambient Security
ConfidentialityIntegrityAuthenticityAuthorisationAvailabilityNon-repudiationPrivacy
Authorisation
Step: « 6 7 8 »
Sub-ProcessSemanticsMiddlewareNetworkDevices
“Supports for Identity Management in Ambient Environments – The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric26th Oct – 31st Oct, 2008, Sliema, Malta
Hydra‘s Security by Design Approach
H e a ting S y s te mH Y D R AP ro xy
H Y D R A -ba se dB u ild in g A u to m atio n
S ys te m
S e rv iceP rov ide r
R e s ide n t
S e rv iceA g en t
S e rv ic eA g en t
F irm w areD a ta b as e
D
D o or L oc k
1
2
3
4
5
6
7
9
8
1 0
1 1
1 2
1 3
1 4
1 5
16
1 7
Ambient Security
ConfidentialityIntegrityAuthenticityAuthorisationAvailabilityNon-repudiationPrivacy
Authorisation
Step: « 6 7 8 »
Sub-ProcessSemanticsMiddlewareNetworkDevices
Virtualisation
Integration of Trust Models
Support of Identity Management
Semantic Resolution of Security
“Supports for Identity Management in Ambient Environments – The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric26th Oct – 31st Oct, 2008, Sliema, Malta
HYDRA‘s Ten Laws of Identity
1. User Empowerment: Awareness and Control2. Minimal Information Disclosure for a
Constrained Use3. Non-repudiation4. Support for directional identity topologies5. Universal Identity Bus6. Provision of defining strength of identity7. Decoupling identity management layer from
application layer8. Usability issue concerning identity selection
and disclosure9. Consistent experience across contexts10. Scalability
“Supports for Identity Management in Ambient Environments – The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric26th Oct – 31st Oct, 2008, Sliema, Malta
HYDRA Identity Law 1
Is the user aware
of the consequences???
Is the user aware
of the consequences???
• User Empowerment: Awareness and Control
“Supports for Identity Management in Ambient Environments – The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric26th Oct – 31st Oct, 2008, Sliema, Malta
HYDRA Identity Law 4
• Support for directional identity topologies
“Supports for Identity Management in Ambient Environments – The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric26th Oct – 31st Oct, 2008, Sliema, Malta
HYDRA Identity Law 7
• Decoupling identity management layer from application layer
“Supports for Identity Management in Ambient Environments – The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric26th Oct – 31st Oct, 2008, Sliema, Malta
Architecture/Implementation
“Supports for Identity Management in Ambient Environments – The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric26th Oct – 31st Oct, 2008, Sliema, Malta
State of the Art Evaluation
SAML
OpenID
Higgins
CardSpac
e
Liberty
HIMShiboleth
1. User Empowerment
2. Minimal Disclosure
3. Non-repudiation
4. Directional Identity
5. Universal Identity Bus
6. Strength of Identity
7. Decoupling Layers
8. Usability
9. Context Consistency
10. Scalability
+++++
++++
+++++++
-+o+
++-oo
++++
-++
++++-
++++++++
-++----oo-+
+++o
+++-
++++++++
-+-
++--oo
++++
-+-o----+
++
Hydra Identity Laws
“Supports for Identity Management in Ambient Environments – The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric26th Oct – 31st Oct, 2008, Sliema, Malta
Socio-Political Frameworks & Legal Aspects
http://www.privacyinternational.org/
“Supports for Identity Management in Ambient Environments – The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric26th Oct – 31st Oct, 2008, Sliema, Malta
Summary
• Different perspectives allow different interpretations of the term “user-centric”– The perspective of the user is decisive!
• Privacy enhancing technologies (e.g. on middleware layer) have to enable developers to design privacy preserving applications
• Socio-political environments and legal constraints have to be taken into account
• Privacy and data protection needs support from politics and society
“Supports for Identity Management in Ambient Environments – The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric26th Oct – 31st Oct, 2008, Sliema, Malta
Contact
Mario Hoffmann (Dipl.-Inform.)Head of Department “Secure mobile Systems“
Address Fraunhofer Institute forSecure Information TechnologyRheinstrasse 75 64295 DarmstadtGermany
Tel +49-(0)6151/869-60034Fax +49-(0)6151/869-224e-Mail [email protected]