Identity Management is. What is the question? what are risks to mitigate? what are the new risks...
-
date post
20-Dec-2015 -
Category
Documents
-
view
213 -
download
1
Transcript of Identity Management is. What is the question? what are risks to mitigate? what are the new risks...
Identity Management is
What is the question?
• what are risks to mitigate?• what are the new risks created by
trusting the ID management?• what are the new risks created by
– ID fraud or failure– malicious abuse of ID recovery– denial of service
• You may think you are building one thing but if it works, it will become another
What is the Question?
• Targeted Ads Public Services & Finance
When the Real Merges with the Artificial?
“Identity Providers” Provide
• Fraud prevention & detection• Payment• DRM• Resource allocation• Personalization & price
discrimination• Filtering
Reputations Systems
– Assume strategic behaviors by opponents– Always linked to persistent pseudonym– Low end reputation systems merge with rating
systems•Examples: eBay, slashdot, political blogs, kazaa
– Reputation designs have assumptions about fluidity of community•embeds identity in a community
Bit Torrent
– Swarm downloading– No static reputation– Must upload in order to download– NO assumptions about community
Who Is an ID Provider• Amazon Honor System
• Small payments for web sites not accepting cash• Rollout in the blog and open source communities• Micropayments from pre-established accounts
– Fraud prevention & detection, Payment, Resource allocation– Personalization & price discrimination, Filtering
• FaceBook– Places identity in a community– Available to employers
• martial status, orientation, religion, political interests• cultural indicators• are you one of us?
– Personalization & price discrimination, Filtering, resource allocation?
Rating Systems
• Assume passive acceptance of ratings, active rating parties
• There may be no identity or account information
• Work on “wisdom of crowds” – integration of many low quality signals is better
than a single signal
• Examples: eopinions, Zagats• Web site rating based on shared history and
community behavior
Securing the User: Account Management as Privacy
Service• Series of failed third party payment and
privacy management systems– generate one time credit cards– decrease spam by creating single-merchant emails– protect physical location information– decrease fraud for merchants and subscribers– generate individual credentials
No Single Identity
• Identity systems determine fraud tolerance– any entity with equal or more tolerance will seek
to free ride– any entity with more tolerance will under-invest
in protecting the identifier– identifiers
• free riders• tragedy of the commons• risk shifting
– MySpace
– solving this requires better systems, as well as better regulation
Securing the User on the Network
– Identity based cryptography– Sender ID– Domain Keys– IPv6
Identity Based Cryptography Implications
– If eBay signed all outgoing emails at server, no phishing and no masquerade
– Incoming server could examine email and identify genuine emails, inside the trusted network
– Select customers could be given authentication for customer subgroups
• e.g., Bank of America with Comcast address
– Has the potential to retain the value of the merchant-customer email channel in the face of massive phishing
– Can be implemented ad-hoc
Identity -Based Cryptography
Domain Specific Master [email protected]@[email protected]
– A Master secret key for each domain– Master secret key generates individual keys– Individual keys are distributed using trusted
network– Individual secret key has public key– Anyone can generate the public key knowing the
identity string and master secret key» identity key confirms email, domain association» domain association can confirm other attributes» 20 ms per email for sig/verify» compatible with current email via headers
Microsoft Sender ID
– Check that TCP/IP addresses are correct all along the loop
– Cannot address NAT– Cannot address botnets or subversions
of networks– Requires large-scale coordination for
rollout
Yahoo Domain Keys
– Authenticate DNS with traditional cryptography
– Authenticate emails as sent from domains– Traditional PKI structure– Problematic for political reasons, requires
coordination– In summer of 06, AOL rejected gmail
email because of domain-key based spam
Design for the Network or the Human?
• Start with human trust behaviors• Trust
– Used for simplification– Encompasses discrete technical
problems• privacy, integrity, data security
– Embeds discrete policy problems• business behavior, customer service, quality
of goods, privacy
Usability on the Surface
• Does What we Built Work?– Toolbars, do people pay attention?– Signed Email, tor
• can you install it• can you use it• can you detect it?
– Seals• A triumph of style over substance
– SSL • what is that funny lock and what does it mean?• economics is NOT the same as business
Dominant Trust Communication
Beyond Interface Deep
• Security people may want– surveillance as prevention– information more than privacy provision
• Not built for the way people act– would that be a 7.2 privacy preference?– do you trust more or les than 17%– we’ll helpfully stop you from lying in any circumstance
• With appropriate risk communication, signaling, etc– examination of how humans evaluate risk– computer security -- decision-making under
uncertainty
Security and Processes Business processes Organizational processes Security aligned with users and
processes to the extent that this is possible
Users subvert security when it violates privacy provides nonrepudiation for all actions
(blog, IM) prevents use of media or it is simply in the way human risk behaviours are fairly consistent
trust pictures of faces, discount risks
Trust and Context
Resource VerificationResources are often fairly easy to
identify as “good” or “bad” in physical realms
vs.
Trust and Context
Resource VerificationResources are often fairly easy to
identify as “good” or “bad” in physical realms
vs.
Trust and Context
Fewer signals in economic termsLess usable in design terms
Standing on the Toenails of Giants?
• Economics– Behavioral
• adversaries prefer to limit conflict scope• credible commitment• the advantage of closing off options• tipping• small incentives
– Rational• CENTRALIZED PLANNED ECONOMIES DON’T
WORK• distributed mechanisms, coordination at the low
level
Behavioral Economics implies Usability
– usability studies– involving designers at an earlier level– what do users understand?
• wireless & broadband– wide spread deployment by non-experts– botnets, e.g., home users, major tier 1 threat
– Usability in Depth implies economics• Interface• Interactions• Incentives
– is it rational to design for humans as if they were machines?
• Social context• Human and Organizational requirements
Net Trust Building from Theory
• Using Social Context to Build Digital Context
Beyond Trusted Third Parties
• Giving users their own histories– This is a new site you have never visited– This site has no domain name, just a IP
address• in a more meaningful manner, e.g. alert
– FDIC says this in not a bank– BBB says YUCK– Your friends haven’t visited this site
• As opposed to– Verisign has not approved this
certification
Identity Systems
• Place risk on responsible party– instant credit == instant loss– no distribution of some loses
• the police will not risk liberty to enforce your cheap business plan
• Do not allow risk-shifting to – citizens
• pay for construction, maintenance through taxation• pay for financial failures in personal lives• law enforcement implements prosecution of the
victim or perpetrator of crime• there is no cost to the creator of the risks
Educate the Individual
• Education without empowerment is useless– risk that could be decreased is instead
shifted– empower by design and regulation