FIDIS & PRIMEFIDIS & PRIME

Project ViewsProject Views

SecurIST Inaugural WorkshopSecurIST Inaugural WorkshopBrussels, 2005-01-18Brussels, 2005-01-18Kai RannenbergGoethe University Frankfurtwww.fidis.net

2

FIDIS Future of Identity in the Information

Society (www.fidis.net)

PRIME Privacy and Identity Management for

Europe (www.prime-project.eu.org)

3

Identity ManagementIdentity Managementin the Information Societyin the Information Society IT puts more HighTech on ID cards

Biometrics to bind them closer to a human being Chips to add services (such as a PKI)

Profiles may make the „traditional“ ID concept obsolete People are represented not by numbers or ID keys any more

but by data sets. Identities become “a fuzzy thing”.

New IDs and ID management systems are coming up Mobile communication (GSM) has introduced a globally

interoperable „ID token“: the Subscriber Identity Module eBay lets people trade using Pseudonyms.

Europe (the EU) consider joint IDs and ID management systems

European countries have different traditions on identity card use.

Compatibility of ID systems is not trivial. …

4

Joint Research Joint Research Topics/ActivitiesTopics/Activities

„Identity of Identity“ State of things, taxonomy

Profiling Interoperability of IDs and ID

management systems Forensic Implications De-Identification The HighTechID Mobility and Identity

5

Database IMSDatabase IMS

App

licat

ion

Mai

n Fu

nctio

nalit

y

Type

of I

D

Use

fuln

ess

Eas

e of

Use

Mal

func

tion

Und

erst

andi

ng

Sec

urity

Priv

acy

Dig

ital E

vide

nce

Trus

twor

thin

ess

Cos

t for

Use

rB

usin

ess

Mod

el

Microsoft Passport SSO centralised 4 4 2 1.5 1.5 0 1 0 Paid by partner sitesLiberty Alliance SSO federated 4 2+X X 1.5+X 1.5+X 0 2+X 0 Paid by partner sitesYodlee SSO centralised 4 3.5 4 3.5 2 0 1 0 Presentation / PromotionMozilla Navigator Form Filler federated (client) 4 4.5 4 2 3 0 3 0 Open SourceDigitalme Form Filler centralised 4 3.5 2 2.5 3 1 1 0 Presentation / PromotionCookieCooker Form Filler federated (client) 4.5 2 3 2 3.5 1 2 15 € Paid by userOutlook Express Mail Identities federated (client) 3.5 4.5 5 1.5 3 1 3 0 Part of MS Windows

6

First Results of IMS ComparisonFirst Results of IMS Comparison

Main goal: usefulness Deficiencies concerning privacy and security

functionality, and if realised: usability problems

Digital evidence is not addressed (lack of liability / no non-repudiation), no support for law enforcement

Identity theft is not prevented Little functionality, limited purposes No general solutions, no standards Trustworthy computer systems and infrastructure are

still missing no trustworthy and secure IMS possible Business models:

Service and software mostly free for users

Today’s IMS: Playground for users & service providers

www.prime-project.eu.org

Page 7

PRIME Vision

In the Information Society, users can act and interact in a safe and secure way while retaining control of their private sphere.

www.prime-project.eu.org

Page 8

PRIME Solution Approaches

• User focused identity management– Anonymous Credentials & Strong

Pseudonyms– Obligation Management– New trust concepts (Trusted

Computing, Assurance)– Attribute based access control– Support for Location Based

Services and other application scenarios

9

Challenges and potential for FP 7 1/2

User policy-driven (determined) and privacy friendly access control

• Users are put in a trade-off Privacy vs. Gimmicks

• … and make them “feel” the results of their actions quickly. Graceful integration

• Interoperability of heterogeneous systems• Standardisation within a developing field• Respect for separations of domains that had been

natural before A secure identity carrier beyond the chip card or

SIM: TPM phones or PDAs? Careful evaluation of biometric patterns and

mechanisms

10

Challenges and potential for FP 7 2/2

Security and Protection• in applications• along the value chain• considering the views of the

respective stakeholders (Multilateral Security)

Take care of the “If the data is used for providing the service, we want them too”-Paradigm/Challenge/