CMC - RIES-improvements: Pragmatic authentication
-
Upload
martin-majlis -
Category
Design
-
view
292 -
download
0
Transcript of CMC - RIES-improvements: Pragmatic authentication
![Page 1: CMC - RIES-improvements: Pragmatic authentication](https://reader035.fdocuments.us/reader035/viewer/2022062419/558205fdd8b42aa9498b4ddb/html5/thumbnails/1.jpg)
Pragmatic authentication
Hinke, Martin
![Page 2: CMC - RIES-improvements: Pragmatic authentication](https://reader035.fdocuments.us/reader035/viewer/2022062419/558205fdd8b42aa9498b4ddb/html5/thumbnails/2.jpg)
Outline
• Introduction• Basic principles • Current approaches• Our suggestions
![Page 3: CMC - RIES-improvements: Pragmatic authentication](https://reader035.fdocuments.us/reader035/viewer/2022062419/558205fdd8b42aa9498b4ddb/html5/thumbnails/3.jpg)
Voting mechanism
• Government knows, who can vote• Voter trusts VS, that it will not reveal his/her identity• Voter & Government trust, that VS is not cheating
![Page 4: CMC - RIES-improvements: Pragmatic authentication](https://reader035.fdocuments.us/reader035/viewer/2022062419/558205fdd8b42aa9498b4ddb/html5/thumbnails/4.jpg)
Pragmatic Authentication
• Government knows own citizens• Citizen has and regularly uses X• X is trustworthy for Government
![Page 5: CMC - RIES-improvements: Pragmatic authentication](https://reader035.fdocuments.us/reader035/viewer/2022062419/558205fdd8b42aa9498b4ddb/html5/thumbnails/5.jpg)
Pragmatic Tool - Requirements
• Trustworthy o Governmento Userso Security Specialists
• User friendly• Cheap• Safe• Private (anonymous)
![Page 6: CMC - RIES-improvements: Pragmatic authentication](https://reader035.fdocuments.us/reader035/viewer/2022062419/558205fdd8b42aa9498b4ddb/html5/thumbnails/6.jpg)
Pragmatic Tool (2)
• more widely used → more easy to use• more widely used → less trustworthy• less complicated → more easy to use• less complicated → less secure
![Page 7: CMC - RIES-improvements: Pragmatic authentication](https://reader035.fdocuments.us/reader035/viewer/2022062419/558205fdd8b42aa9498b4ddb/html5/thumbnails/7.jpg)
User uses
• All timeo own bodyo clothes
• Daily o mobile phoneo bank cardo e-mail o social networks
• Rarelyo DigiDo OpenID
![Page 8: CMC - RIES-improvements: Pragmatic authentication](https://reader035.fdocuments.us/reader035/viewer/2022062419/558205fdd8b42aa9498b4ddb/html5/thumbnails/8.jpg)
The Chasm of Death
• Some users may be lost during loginVOTING
SYSTEM
AUTHEN
SYSTEM
![Page 9: CMC - RIES-improvements: Pragmatic authentication](https://reader035.fdocuments.us/reader035/viewer/2022062419/558205fdd8b42aa9498b4ddb/html5/thumbnails/9.jpg)
Own body / Clothes
• Bodyo very trustworthyo problematic installationo ethical problems
• Clotheso more people lose phone than clotheso short endurance o highly visible for other people
![Page 10: CMC - RIES-improvements: Pragmatic authentication](https://reader035.fdocuments.us/reader035/viewer/2022062419/558205fdd8b42aa9498b4ddb/html5/thumbnails/10.jpg)
Mobile Phone / Banking Tools
• Mobile phoneo widely usedo high probability of losto user has more phones
• Banking tools o widely usedo trustworthy for both sideso user has multiple accounts
• Government assigns always same ID
![Page 11: CMC - RIES-improvements: Pragmatic authentication](https://reader035.fdocuments.us/reader035/viewer/2022062419/558205fdd8b42aa9498b4ddb/html5/thumbnails/11.jpg)
E-Mail / Social Networks
• Technology o Hybrid Onboarding - Details o Federated Login - Details
• Exampleo Sourceforge - Detailso Plaxo
20M users 92% success rate
o Facebook Connect 60M users 80k sites 2/3 of US Top 100
![Page 12: CMC - RIES-improvements: Pragmatic authentication](https://reader035.fdocuments.us/reader035/viewer/2022062419/558205fdd8b42aa9498b4ddb/html5/thumbnails/12.jpg)
OpenID / DigiD
• OpenIDo in the past for "geeks"o now more spread - AOL, BBC, Google, IBM, Microsoft,
MySpace, Orange, PayPal, VeriSign, Yahoo!, etc.o Google, AOL,Yahoo!, MS - 73%
• DigiDo Digital Identity o 7M accountso 3 authentication levels: basic, medium, higho Growing number of services
![Page 13: CMC - RIES-improvements: Pragmatic authentication](https://reader035.fdocuments.us/reader035/viewer/2022062419/558205fdd8b42aa9498b4ddb/html5/thumbnails/13.jpg)
Our suggestion
• Same mechanism like OpenIDo User (U) choose partner (P)o U is redirected to P siteo U logs in and is redirected backo User is logged in
• Requirementso Same protocolo E.g.: OpenID
![Page 14: CMC - RIES-improvements: Pragmatic authentication](https://reader035.fdocuments.us/reader035/viewer/2022062419/558205fdd8b42aa9498b4ddb/html5/thumbnails/14.jpg)
Underwear Authentication
• Underwear is very secure o More people lose their phone/wallet than underwearo Wallet/phone is more accessible by foreign people
• But not quite sophisticated → improvement is needed• Process
o User asks government for labelso User attaches label to underwearo Hybrid mechanism
• Same trustworthy level as PC
![Page 15: CMC - RIES-improvements: Pragmatic authentication](https://reader035.fdocuments.us/reader035/viewer/2022062419/558205fdd8b42aa9498b4ddb/html5/thumbnails/15.jpg)
Cycling Voting
• Everybody is using bike• Bike can be improved with bar code / RFID chip
![Page 16: CMC - RIES-improvements: Pragmatic authentication](https://reader035.fdocuments.us/reader035/viewer/2022062419/558205fdd8b42aa9498b4ddb/html5/thumbnails/16.jpg)
Questions?
![Page 17: CMC - RIES-improvements: Pragmatic authentication](https://reader035.fdocuments.us/reader035/viewer/2022062419/558205fdd8b42aa9498b4ddb/html5/thumbnails/17.jpg)
Thank You!
Thank You!