International Telecommunication Union ITU-T FIDIS FP6 European Network of Excellence “Future of Identity in the Information Society” David-Olivier Jaquet-Chiffelle V.I.P – Virtual Identity, Privacy and Security Prof. HES bernoise and University of Lausanne ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 FIDIS ITU-T o o o An International interdisciplinary Network of Excellence (2004-04-01 – 2009-03-31) Vision: Europe will develop a deeper understanding of how appropriate identification and ID management can open the way to a fairer European Information Society. 24 partners from 1. Research / Academia 2. Industry / Business 3. Government / Administration ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 2 “Identity” is changing (1) ITU-T o IT puts more HighTech on ID cards 1. Biometrics, to better bind ID cards to a human beings 2. Chips, to add services (such as a PKI) o Profiles may make the „traditional“ ID concept obsolete 1. People are represented not by numbers or ID keys any more but by data sets. 2. Identities become “a fuzzy thing”. ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 3 “Identity” is changing (2) ITU-T o New IDs and ID management systems are coming up 1. Mobile communication (GSM) has introduced a globally interoperable „ID token“: the Subscriber Identity Module 2. eBay lets people trade using Pseudonyms. o Europe (the EU) considers joint ID documents and ID management systems 1. European countries have different traditions on identity card use. 2. Compatibility of ID systems is not trivial. ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 4 Budapest Declaration (1) ITU-T o o By failing to implement an appropriate security architecture, European governments have effectively forced citizens to adopt new International Machine Readable Travel Documents (MRTDs) which dramatically decrease their security and privacy and increases risk of identity theft. Whilst still susceptible to traditional ID document abuse scenarios, new MRTDs offer numerous additional threats. ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 5 Budapest Declaration (2) ITU-T o European MRTD data are remotely, transparently and non-interactively readable (from the perspective of the passport owner) from a distance of 2 to 10 meters. MRTDs enable for example: 1. tracking of people carrying a passport, for example when residing as a tourist in a foreign country. 2. abuse of the remote readability of RFID tags in passports, for e.g. person sensitive ignition of ‘smart bombs’. ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 6 Budapest Declaration (3) ITU-T o o Full Declaration available at http://www.fidis.net/ more precisely at http://www.fidis.net/press-events/pressreleases/budapest-declaration/ (October 2006) ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 7 Activities: examples (1) ITU-T o Multilateral Security for Identity Management 1. ISO WD 24760 in ISO/IEC JTC1/SC27/WG5 o (Privacy friendly ?) HighTech IDs 1. Analysis of HighTech travel documents 2. Compatibility of ID systems is not trivial. o o Interoperability of identity and identification concepts Mobility and Identity ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 8 Activities: examples (2) ITU-T Identity fraud 1. Legal and Technology analysis o Profiling and 1. Forensic implications 2. Implications on society at large o Modeling “identity” 1. Virtual persons o ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 9 Identities Management (1 to 1) ITU-T Single-sign on 1. One user – One person – One identity © Edelhoff o ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 10 Identities Management (1 to 1) bis ITU-T Access control by an enterprise controlling its users 1. One user – One person – One identity © Edelhoff o ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 11 Identities Management (1 to many) ITU-T © Edelhoff o (Partial) Identities 1. One user – One person – Several (partial) identities rg364@vip.ch ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 12 Identities Management (many to 1) ITU-T © Edelhoff o Shared Identity 1. Several users – Several persons – One identity Guest account ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 13 Virtual Persons ITU-T o Masks of subjects ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 14 The Consortium ITU-T o o o o o o o o o o o Goethe University Frankfurt, D AXSionics AG, CH BUTE-UNESCO Information Society Research Institute, H Europäisches Microsoft Innovations Center GmbH, D European Institute of Business Administration, F Institut de recherche criminelle de la gendarmerie nationale, F Institute for Prospective Technological Studies, E International Business Machines Corporation, CH Karlstad University, S Katholieke Universiteit Leuven, B London School of Economics & Political Science, GB o o o o o o o o o o o o o Masarykova universita v Brne, CZ National TU of Athens, GR Netherlands Forensic Institute, NL SIRRIX Security Technologies, D TU Berlin, D TU Dresden, D Tilburg University, NL Unabhängiges Landes-zentrum für Datenschutz, D University of Freiburg, D University of Reading, GB VaF, Bratislava, SK Virtual Identity and Privacy Research Center, CH Vrije Universiteit Brussels, B ITU-T Workshop on “Digital Identity for NGN“ Geneva, 5 December 2006 http://www.fidis.net 15