Michele Schiano di Zenise, Andrea Vitaletti , David Argles
description
Transcript of Michele Schiano di Zenise, Andrea Vitaletti , David Argles
A USER-CENTRIC APPROACH TO ECERTIFICATE FOR ELECTRONIC IDENTITIES
(EIDS) MANAGEMENT IN MOBILE ENVIRONMENT
MICHELE SCHIANO DI ZENISE, ANDREA VITALETTI , DAVID ARGLES
University of Rome “Sapienza”, Italy University of Southampton, United Kingdom
2
Scenario A person goes out clubbing and has to certify his age
to enter. In order to reach the goal, this person has to provide some kind of documentation to the bouncer.
Problems because of forgetfulness the documents are not always
available; the document could contain useless information (for the
goal); the person should decide what information to show; the procedure should be quick, secure and guarantee
privacy; to prompt credibility and legality.
A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment
3
Goal To develop a tool that solves these problems,
creating and managing electronic eIDs Required features
mobility; security; privacy; user-centricity; easy to use; credibility.
A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment
4
Idea to use the Android platform provided by
Google for the development of a mobile application that provides the expected features
Dependent technologies Android; Java; mySQL; PHP; UML.
A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment
5
Possible technologies Exsisting Technologies
Smart card: is used to access reserved areas managed by automated access control or use private services;
Electronic Identities: government-issued document for online and offline identification that usually allows digital signing.
eCert: is a UK government-sponsored project that uses an eCertification protocol to address security issues which originally arose as a concern within the field of ePortfolios.
A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment
6
eCert Why eCert?
it is a UK government user-centric structure for ePortofolios with a high security level;
the idea behind ePortfolios is close to that of eID. Main features
central services with user-orientated storage approach;
two levels of security for the documents; common system for all types of users; user-centricity, with low level of required skills.
A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment
7
Demonstration of the concepts: the toolA User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in
Mobile Environment
8
Implication What the tool guarantees:
User-centricity Security and privacy Mobility and easy interface
Trade-off with the current technologies qrCode: because of the limits of the qrCode in terms
of data storage, it has been necessary to simplify the process and store the eID on the server and link to it. This problem should be solved in the next five years with the evolution of the technologies relating to production and scanning of qrcodes.
A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment
9
Future works Immediate improvements:
Add other controls related to the validity of the eID (revocation list)
Improve the randomness of the link (waiting for improvements in the qr codes)
Fix minor bug relating to the generation of the system key.
Future improvements: After an accurate series of testbeds (practical and
theoretical), follow the results and improve the protocol where it needs.
A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment
10
Acknowledgments and questions
We would like to thank Lisha Chen-Wilson to have allowed us the use of her protocol to develop this project.
AND THANK YOU FOR BEING HERE!
QUESTIONS?
A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment
11
References [1] Chen-Wilson, L. and Argles, D.”Towards a framework of a secure e-Qualification certificate
system” ICCMS, 2010, Sanya, China. [2] George Lorenzo and John Ittelson, “An overview of E-Portfolio” July 2005. [3] Vu Anh Pham and Ahmed Karmouch, “Mobile Software Agents: An Overview”, IEEE
Communications Magazine, 1998, Volume 36 Issue 7. [4]http://www.direct.gov.uk/en/TravelAndTransport/Passports/Applicationinformation/DG_174159/,
accessed 30dec2010. [5]http://www.servizidemografici.interno.it/sitoCNSD/pagina.do?
metodo=homePage&servizio=navigazione, accessed 30dec2010. [6]http://www.soton.ac.uk/sais/idstudio/idstudio.html, accessed 30dec2010. [7]http://www.unicreditbanca.it/it/privati/conti/genius/one/?idc=14626, accessed 30dec2010. [8]http://www.jisc.ac.uk/whatwedo/programmes/aim/ecert.aspx, accessed 30dec2010. [9]http://www.nfc-forum.org/specs/spec_list/#refapps, accessed 30dec2010. [10]http://www.denso-wave.com/qrcode/index-e.html, accessed 30dec2010. [11] NIST, Announcing the Advanced Encryption Standard (AES), Federal Information Processing
Standards Publication 197, 2001. [12]http://developer.android.com/index.html, accessed 30dec2010. [13]http://agilemanifesto.org/, accessed 30dec2010. [14] Maarten W. van Someren, Yvonne F. Barnard, Jacobijn A.C. Sandberg, “The think aloud method
- A practical guide to modelling cognitive processes”, Academic Press, London, 1994.
A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment