Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Supports for Identity Management in Ambient Environments

advertisement 
Supports for Identity Management
in Ambient Environments –
The HYDRA Approach
I-Centric
26th Oct – 31st Oct, 2008, Sliema, Malta
Hasan Akram
(MSc.-Inform.)
Researcher
Fraunhofer Institute for Secure Information Technology
Mario Hoffmann
(Dipl.-Inform.)
Head of Department “Secure mobile Systems“
Fraunhofer Institute for Secure Information Technology
Wireless becomes ambient and intelligent
Loss of control
Surveillance
ss
e
c
e
i
eevvic01177““
d
ss dn 220
s
e
s
lle le iin ruumm
e
r
e
i
r opple h FFoor
i
w
w
nn ppeeo earrcch
o
i
l
o
irillli lliioonn Reessea
r
t
77 t bbiill orrldld R
“
“
77 sFP6)WWo
(SWAMI-Safeguards in a World of Ambient Intelligence,rEU-Project,
o
r
ffo irelelesss
ire
Profiling
W
W
“Supports for Identity Management in Ambient Environments
– The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric
26th Oct – 31st Oct, 2008, Sliema, Malta
Rapidly Increasing Amount of
Personalisable Information
“Supports for Identity Management in Ambient Environments
– The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric
26th Oct – 31st Oct, 2008, Sliema, Malta
Identity Management Roadmap
“Supports for Identity Management in Ambient Environments
– The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric
26th Oct – 31st Oct, 2008, Sliema, Malta
User-centricity
A question of the perspective
IN COMPANY
DATABASES
INTELLIGENT
ENVIRONMENTS
GOVERNMENT &
ADMINISTRATION
PERSONALISED
ONLINE
SERVICES
PROFESSIONAL
ATTACKERS
“Supports for Identity Management in Ambient Environments
– The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric
26th Oct – 31st Oct, 2008, Sliema, Malta
(Research) Challenges for
User-centric Identity Management
Citizen
Employee
• User Empowerment
–
–
–
–
User-controlled Identity Management
Informational Self-determination
Minimisation of Information Disclosure
Transparency
• Support of Anonymity & Pseudonymity
Customer
Individuum
Victim
– Application level
– Middleware
– Access and Core Networks
• Privacy-enhanced Personalisation
– Best Practice
– Rise Awareness
• New Development Tools for Ambient Environments
– Efficient and flexible Service Creation
– Security & Privacy by Design (default configuration)
“Supports for Identity Management in Ambient Environments
– The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric
26th Oct – 31st Oct, 2008, Sliema, Malta
The Backend for Ambient Intelligent Systems
Networked Embedded System Middleware for
Heterogeneous Physical Devices in a
Distributed Architecture
The Hydra project is co-funded by the
European Commission within the Sixth
Framework Programme under contract
IST-2005-034891
Partners
1
2
3a
3b
4
5
6
7
8
9
10
11
12
13
C International Ltd., UK
CNet Sweden AB, SE
Fraunhofer Institute for Applied
Information Technology, DE
Fraunhofer Institute for Secure
Information Technology, DE
In-JeT ApS, DK
Priway, DK
T-Connect, IT
Telefónica I+D, ES
University of Aarhus, Dept. of
Computer Science, DK
Innova S.p.A., IT
University of Reading,
Informatics Research Centre, UK
MESH Technologies, DK
Siemens Business Services, DE
Technical University of Kosice
The main challenge for implementation of ambient computing
in networked embedded systems is to support the self-adaptive
interplay of a vast range of existing and new components.
3 major objectives:
- middleware tool that allows developers to develop systems
with embedded, autonomic ambient intelligence computing
- middleware tool that hides the complexity of the underlying
infrastructure
- make new and existing distributed device networks
trustworthy and secure, robust and fault tolerant
“Supports for Identity Management in Ambient Environments
– The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric
26th Oct – 31st Oct, 2008, Sliema, Malta
Outlook: Prototype
ICT Summit, 25th-27th Nov 2008, Lyon, France
The photo shows the so-called “Kosice
scenario“ realising an ambient
intelligent heating breakdown.
The demonstrator comprises:
- Hydra-based Building Automotion
System (HBAS) on Sony Playstation 3
- Larger-than-life smart phone model
receiving the breakdown message
- The technician‘s Tablet PC with
Smartcard unit (left outside the
photo)
- Animated Flash cartoons explaining
the process
“Supports for Identity Management in Ambient Environments
– The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric
26th Oct – 31st Oct, 2008, Sliema, Malta
HYDRA Scenario:
1.
Breakdown of the Heating
System
•
2.
Resident receives error
•
3.
Send request with context
specific token
Approach of the service agent
•
4.
Context information to
enhance resolution process
Token is co-signed by service
provider
Firmware update
•
Restricted access to internet
based on context
“Supports for Identity Management in Ambient Environments
– The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric
26th Oct – 31st Oct, 2008, Sliema, Malta
Hydra‘s Security by Design Approach
Ambient Security
15
1
H e a tin g S y s te m
HYDRA
P ro x y
14
11
10
S e rv ic e
Agent
2
12
F irm w a re
D a ta b a s e
13
Confidentiality
Integrity
Authenticity
Authorisation
Availability
Non-repudiation
Privacy
8
Authorisation
H Y D R A -b a se d
B u ild in g A u to m a tio n
S y s te m
9
D
Step: « 6 7 8 »
D oor Lock
5
Sub-Process
Semantics
Middleware
Network
Devices
7
3
6
S e rv ic e
A gent
4
R e s id e n t
16
17
“Supports for Identity Management in Ambient Environments
– The HYDRA Approach”, Hasan Akram, Mario Hoffmann
S e rv ic e
P ro v id e r
I-Centric
26th Oct – 31st Oct, 2008, Sliema, Malta
Hydra‘s Security by Design Approach
Virtualisation
Ambient Security
15
1
H e a tin g S y s te m
HYDRA
P ro x y
Integration of Trust Models
14
11
10
S e rv ic e
Agent
2
12
F irm w a re
D a ta b a s e
13
Semantic Resolution of Security
Confidentiality
Integrity
Authenticity
Authorisation
Availability
Non-repudiation
Privacy
8
H Y D R A -b a se d
B u ild in g A u to m a tio n
S y s te m
9
Step: « 6 7 8 »
D oor Lock
5
Authorisation
D
Sub-Process
Semantics
Middleware
Network
Devices
7
Support of Identity Management
3
6
S e rv ic e
A gent
4
R e s id e n t
16
17
“Supports for Identity Management in Ambient Environments
– The HYDRA Approach”, Hasan Akram, Mario Hoffmann
S e rv ic e
P ro v id e r
I-Centric
26th Oct – 31st Oct, 2008, Sliema, Malta
HYDRA‘s Ten Laws of Identity
1.
2.
User Empowerment: Awareness and Control
Minimal Information Disclosure for a
Constrained Use
3. Non-repudiation
4. Support for directional identity topologies
5. Universal Identity Bus
6. Provision of defining strength of identity
7. Decoupling identity management layer from
application layer
8. Usability issue concerning identity selection
and disclosure
9. Consistent experience across contexts
10. Scalability
“Supports for Identity Management in Ambient Environments
– The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric
26th Oct – 31st Oct, 2008, Sliema, Malta
HYDRA Identity Law 1
• User Empowerment: Awareness and Control
e
e
r
?
r
a
?
?
a
?
?
w
?
s
w
a
s
e
a
e
r
c
r
c
e
n
e
s
n
e
s
u
e
u
u
u
e
q
e
q
h
e
h
e
t
s
t
s
n
s
IIs ccoon
e
e
h
h
t
t
f
f
oo
“Supports for Identity Management in Ambient Environments
– The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric
26th Oct – 31st Oct, 2008, Sliema, Malta
HYDRA Identity Law 4
• Support for directional identity topologies
“Supports for Identity Management in Ambient Environments
– The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric
26th Oct – 31st Oct, 2008, Sliema, Malta
HYDRA Identity Law 7
• Decoupling identity management layer from
application layer
“Supports for Identity Management in Ambient Environments
– The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric
26th Oct – 31st Oct, 2008, Sliema, Malta
Architecture/Implementation
“Supports for Identity Management in Ambient Environments
– The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric
26th Oct – 31st Oct, 2008, Sliema, Malta
1. User Empowerment
2. Minimal Disclosure
3. Non-repudiation
4. Directional Identity
5. Universal Identity Bus
6. Strength of Identity
7. Decoupling Layers
8. Usability
9. Context Consistency
10. Scalability
+
o
+
++
“Supports for Identity Management in Ambient Environments
– The HYDRA Approach”, Hasan Akram, Mario Hoffmann
+
++
o
o
++
++
++
+
o
++
+
++
++
++
++
Sh
ib
ol
et
h
H
ig
gi
ns
Li
be
rt
y
H
IM
Sp
ac
e
ar
d
C
pe
nI
D
O
Hydra Identity Laws
SA
M
L
State of the Art Evaluation
++
o
o
+
+
+
++
++
++
++
++
++
+
o
+
++
o
o
++
++
++
++
+
++
+
+
++
++
++
+
I-Centric
26th Oct – 31st Oct, 2008, Sliema, Malta
Socio-Political Frameworks & Legal Aspects
http://www.privacyinternational.org/
“Supports for Identity Management in Ambient Environments
– The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric
26th Oct – 31st Oct, 2008, Sliema, Malta
Summary
• Different perspectives allow different
interpretations of the term “user-centric”
– The perspective of the user is decisive!
• Privacy enhancing technologies (e.g. on
middleware layer) have to enable developers
to design privacy preserving applications
• Socio-political environments and legal
constraints have to be taken into account
• Privacy and data protection needs support
from politics and society
“Supports for Identity Management in Ambient Environments
– The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric
26th Oct – 31st Oct, 2008, Sliema, Malta
Contact
Mario Hoffmann (Dipl.-Inform.)
Head of Department “Secure mobile Systems“
Address
Fraunhofer Institute for
Secure Information Technology
Rheinstrasse 75
64295 Darmstadt
Germany
Tel
Fax
e-Mail
+49-(0)6151/869-60034
+49-(0)6151/869-224
mario.hoffmann@sit.fraunhofer.de
“Supports for Identity Management in Ambient Environments
– The HYDRA Approach”, Hasan Akram, Mario Hoffmann
I-Centric
26th Oct – 31st Oct, 2008, Sliema, Malta
Related documents
Assignment for Oct 5 • Hand in either:
Assignment for Oct 5 • Hand in either:
SIGHT WORDS OCTOBER stop go
SIGHT WORDS OCTOBER stop go
Download
advertisement