Classification of advanced mobile access control scenarios
-
Upload
faysal-boukayoua -
Category
Technology
-
view
448 -
download
1
description
Transcript of Classification of advanced mobile access control scenarios
Faysal Boukayoua Jan Vossaert
Ecumict KaHo Sint-Lieven, Ghent March 22nd 2012
Introduction MobCom Access control use cases Research challenges
2
Many authentication tokens
Time & location constraints in credentials?
Inflexible credential issuance
& revocation
Weak authentication
means
Privacy issues
3
Trends & findings:
Increasing capabilities
Allows for more flexible solutions
Omnipresent
Mobile Internet penetration
Large backing from industry
4
“A Mobile Companion” IWT research project 2010-2014 Prestudy: gather relevant requirements
Interview SMEs & large companies
Generalise use cases
Analyse standards & state-of-the-art
5
MobCom
Flexible Access Control
Loyalty Cards &
Vouchers
Context-aware
services
6
User’s mobile device User
1. Request confidential data
2. Authentication prompt
3. Authenticate
4. Confidential data
7
Topics of interest
Distance bounding
Credential delegation to separate token
Biometrics
▪ Secure storage
▪ Secure matching
8
Caregiver’s
mobile
Medical
caregiver
Credential
issuer
Patient’s
mobile
1. Authenticate
2a. Request medical data 2b. Request medical data
3. Prompt for credentials
4. Display required credentials
5. Acknowledge
7. Request credentials
6. Authenticate
8. Credentials 9. Credential properties
10. Return medical data 9
Topics of interest
Break-the-glass policies
Credential/rights delegation
Realtime credential/rights retrieval
10
Credential
issuer
Caregiver’s
mobile
Medical
caregiver
Patient’s
door
1. Authenticate
2a. Request access to residence
2b. Request access to residence
3. Prompt for credentials
4. Display required credentials
5. Acknowledge
7. Request credentials
6. Authenticate
8. Issue credentials 9. Credential properties
10. Open door 11
Topics of interest
Remote versus local AC:
▪ Advanced versus simple decisions
▪ Revocation
▪ Requirement of network connectivity
▪ Single points of failure?
▪ Financial cost
▪ Remote upgrades
12
Caregiver’s mobile Patient’s door
Credential
issuer
Medical
caregiver
1. Authenticate
2a. Request access to residence
2b. Request access to residence
3. Prompt for credentials
4. Review required credentials
5. Acknowledge
7. Request credentials
8. Issue credentials
9. Credential properties
10. Open door
6. Set up secure authentic tunnel
13
Typical use cases
Guests at hotels
Nurses in service flats
Cleaners in corporate environment
More centralisation Remote upgrades easier No phone connectivity needed
14
User’s mobile User’s
workstation
Credential
issuer
User Remote
Server
1a. Request resource 1b. Request resource
2. Prompt for credentials 3. Forward prompt
4. Review credentials
5. Acknowledge
7. Request credentials
8. Issue credentials
10. Credential properties
11. Return resource
9. Set up secure authentic tunnel
6. Set up secure authentic tunnel
15
16
17