Michele Schiano di Zenise, Andrea Vitaletti , David Argles

A USER-CENTRIC APPROACH TO ECERTIFICATE FOR ELECTRONIC IDENTITIES

(EIDS) MANAGEMENT IN MOBILE ENVIRONMENT

MICHELE SCHIANO DI ZENISE, ANDREA VITALETTI , DAVID ARGLES

University of Rome “Sapienza”, Italy University of Southampton, United Kingdom

2

Scenario A person goes out clubbing and has to certify his age

to enter. In order to reach the goal, this person has to provide some kind of documentation to the bouncer.

Problems because of forgetfulness the documents are not always

available; the document could contain useless information (for the

goal); the person should decide what information to show; the procedure should be quick, secure and guarantee

privacy; to prompt credibility and legality.

A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment

3

Goal To develop a tool that solves these problems,

creating and managing electronic eIDs Required features

mobility; security; privacy; user-centricity; easy to use; credibility.


4

Idea to use the Android platform provided by

Google for the development of a mobile application that provides the expected features

Dependent technologies Android; Java; mySQL; PHP; UML.


5

Possible technologies Exsisting Technologies

Smart card: is used to access reserved areas managed by automated access control or use private services;

Electronic Identities: government-issued document for online and offline identification that usually allows digital signing.

eCert: is a UK government-sponsored project that uses an eCertification protocol to address security issues which originally arose as a concern within the field of ePortfolios.


6

eCert Why eCert?

it is a UK government user-centric structure for ePortofolios with a high security level;

the idea behind ePortfolios is close to that of eID. Main features

central services with user-orientated storage approach;

two levels of security for the documents; common system for all types of users; user-centricity, with low level of required skills.


7

Demonstration of the concepts: the toolA User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in

Mobile Environment

8

Implication What the tool guarantees:

User-centricity Security and privacy Mobility and easy interface

Trade-off with the current technologies qrCode: because of the limits of the qrCode in terms

of data storage, it has been necessary to simplify the process and store the eID on the server and link to it. This problem should be solved in the next five years with the evolution of the technologies relating to production and scanning of qrcodes.


9

Future works Immediate improvements:

Add other controls related to the validity of the eID (revocation list)

Improve the randomness of the link (waiting for improvements in the qr codes)

Fix minor bug relating to the generation of the system key.

Future improvements: After an accurate series of testbeds (practical and

theoretical), follow the results and improve the protocol where it needs.


10

Acknowledgments and questions

We would like to thank Lisha Chen-Wilson to have allowed us the use of her protocol to develop this project.

AND THANK YOU FOR BEING HERE!

QUESTIONS?


11

References [1] Chen-Wilson, L. and Argles, D.”Towards a framework of a secure e-Qualification certificate

system” ICCMS, 2010, Sanya, China. [2] George Lorenzo and John Ittelson, “An overview of E-Portfolio” July 2005. [3] Vu Anh Pham and Ahmed Karmouch, “Mobile Software Agents: An Overview”, IEEE

Communications Magazine, 1998, Volume 36 Issue 7. [4]http://www.direct.gov.uk/en/TravelAndTransport/Passports/Applicationinformation/DG_174159/,

accessed 30dec2010. [5]http://www.servizidemografici.interno.it/sitoCNSD/pagina.do?

metodo=homePage&servizio=navigazione, accessed 30dec2010. [6]http://www.soton.ac.uk/sais/idstudio/idstudio.html, accessed 30dec2010. [7]http://www.unicreditbanca.it/it/privati/conti/genius/one/?idc=14626, accessed 30dec2010. [8]http://www.jisc.ac.uk/whatwedo/programmes/aim/ecert.aspx, accessed 30dec2010. [9]http://www.nfc-forum.org/specs/spec_list/#refapps, accessed 30dec2010. [10]http://www.denso-wave.com/qrcode/index-e.html, accessed 30dec2010. [11] NIST, Announcing the Advanced Encryption Standard (AES), Federal Information Processing

Standards Publication 197, 2001. [12]http://developer.android.com/index.html, accessed 30dec2010. [13]http://agilemanifesto.org/, accessed 30dec2010. [14] Maarten W. van Someren, Yvonne F. Barnard, Jacobijn A.C. Sandberg, “The think aloud method

- A practical guide to modelling cognitive processes”, Academic Press, London, 1994.


Michele Schiano di Zenise, Andrea Vitaletti , David Argles

Documents

Transcript of Michele Schiano di Zenise, Andrea Vitaletti , David Argles