IIGIIG Institut für Informatik und Gesellschaft, Abteilung Telematik, Albert-Ludwigs-Universität Freiburg Michael Kreutzer, Uwe Jendricke, Alf Zugenmaier 1 Mobile Identity Management Michael Kreutzer Uwe Jendricke Alf Zugenmaier Göteborg, September 29th 2002
IIGIIG Institut für Informatik und Gesellschaft, Abteilung Telematik, Albert-Ludwigs-Universität Freiburg Michael Kreutzer, Uwe Jendricke, Alf Zugenmaier 2 Scenario User: Kreutzer, Michael Access: 09:20 Withdraw: 500
IIGIIG Institut für Informatik und Gesellschaft, Abteilung Telematik, Albert-Ludwigs-Universität Freiburg Michael Kreutzer, Uwe Jendricke, Alf Zugenmaier 3 User: Kreutzer, Michael Access: 09:20 Withdraw: 500 User: Kreutzer, Michael Access: 10:21 Using: Bus #10 Scenario
IIGIIG Institut für Informatik und Gesellschaft, Abteilung Telematik, Albert-Ludwigs-Universität Freiburg Michael Kreutzer, Uwe Jendricke, Alf Zugenmaier 4 User: Kreutzer, Michael Access: 09:20 Withdraw: 500 User: Kreutzer, Michael Access: 10:21 Using: Bus #10 User: Kreutzer, Michael Access: 11:42 Query: Privacy+NSA Scenario
IIGIIG Institut für Informatik und Gesellschaft, Abteilung Telematik, Albert-Ludwigs-Universität Freiburg Michael Kreutzer, Uwe Jendricke, Alf Zugenmaier 5 Library Client Profile Bruce Schneier Date: Time: 11:42 Query: Location TrafficSystem Client Profile Bruce Schneier Date: Time: 10:21 Using:Bus #10 Exit: Stop#11 TrafficSystem Client Profile Bruce Schneier Date: Time: 10:21 Using:Bus #10 Exit: Stop#11 TrafficSystem Client Profile Bruce Schneier Date: Time: 10:21 Using:Bus #103 Exit: Stop#11 Bank Client Profile Bruce Schneier Date: Time: 09:20 Withdraw: Quit: 09:42 Bank Client Profile Bruce Schneier Date: Time: 09:20 Withdraw: 100 Quit: 09:42 Linkability => User Profiling User: Kreutzer, Michael Access: 09:20 Withdraw: 500 User: Kreutzer Michael Access: 10:21 Using: Bus #10 User: Kreutzer, Michael Access: 11:42 Query: Privacy+NSA General Person Profile Bruce Schneier Date: Time: 11:42 Location:Bus Exit: Stop#11 General Person Profile Bruce Schneier Date: Time: 11:42 Location:Bus Exit: Stop#11 General Person Profile Bruce Schneier Date: Time: 11:42 Location:Bus Exit: Stop#11 General Person Profile Bruce Schneier Date: Time: 11:42 Location:Bus Exit: Stop#11 General Person Profile Michael Kreutzer Date: Time: 11:42 Location:Library Query:Privacy+ NSA Library Client Profile Michael Kreutzer Date: Time: 11:42 Query:Privacy+ NSA TrafficSystem Client Profile Michael Kreutzer Date: Time: 10:21 Using:Bus #10 Exit: Stop#11 Bank Client Profile Michael Kreutzer Date: Time: 09:20 Withdraw: 500 Quit: 09:42
IIGIIG Institut für Informatik und Gesellschaft, Abteilung Telematik, Albert-Ludwigs-Universität Freiburg Michael Kreutzer, Uwe Jendricke, Alf Zugenmaier 6 Control of Personal Data Internet: Well known techniques to prevent disclosure. UC: Personal devices carry personal data..com
IIGIIG Institut für Informatik und Gesellschaft, Abteilung Telematik, Albert-Ludwigs-Universität Freiburg Michael Kreutzer, Uwe Jendricke, Alf Zugenmaier 7 The Problem: Prevention of User Profiling Conditions: –Ad Hoc => Constantly changing networks/services. –Mobile => Constantly changing location. –Fully automatic authentication requests from the environment. Linkability of the device!
IIGIIG Institut für Informatik und Gesellschaft, Abteilung Telematik, Albert-Ludwigs-Universität Freiburg Michael Kreutzer, Uwe Jendricke, Alf Zugenmaier 8 The solution: Self-Protection by Identity Management (IM) –Express & enforce security needs –Depending on the situation (context) –Communication is based on anonymity and confidentiality.
IIGIIG Institut für Informatik und Gesellschaft, Abteilung Telematik, Albert-Ludwigs-Universität Freiburg Michael Kreutzer, Uwe Jendricke, Alf Zugenmaier 9 Shopping Identity Management: Management of partial identities Willi Webster Public Authority Leisure Anonymous Name: Willi Weber Credit Card: VISA Card #: Valid until: Address: Street: Friedrichstr. 50 ZIP-Code: City: Freiburg Birthday: Place of Birth: Paris Hobbies: Swimming, Books Identity Nickname: Webster Society: Friends of Privacy Berlin e.V.
IIGIIG Institut für Informatik und Gesellschaft, Abteilung Telematik, Albert-Ludwigs-Universität Freiburg Michael Kreutzer, Uwe Jendricke, Alf Zugenmaier 10 Mobile Identity Management Identity: Anonymous Name: Michael Kreutzer Account#: Identity: Bank Client User: Kreutzer, Michael Access: 09:20 Withdraw: 500
IIGIIG Institut für Informatik und Gesellschaft, Abteilung Telematik, Albert-Ludwigs-Universität Freiburg Michael Kreutzer, Uwe Jendricke, Alf Zugenmaier 11 Ticket #: Identity: Bus Ticket#: Access: 10:21 Using: Bus #10 Bus User: Kreutzer, Michael Access: 09:20 Withdraw: 500 Mobile Identity Management
IIGIIG Institut für Informatik und Gesellschaft, Abteilung Telematik, Albert-Ludwigs-Universität Freiburg Michael Kreutzer, Uwe Jendricke, Alf Zugenmaier 12 Identity: Anonymous Mobile Identity Management Ticket#: Access: 10:21 Using: Bus #10 Bus User: Anonymous Access: 10:21 Query: Privacy+NSA User: Kreutzer, Michael Access: 09:20 Withdraw: 500
IIGIIG Institut für Informatik und Gesellschaft, Abteilung Telematik, Albert-Ludwigs-Universität Freiburg Michael Kreutzer, Uwe Jendricke, Alf Zugenmaier 13 Limited User Profiling Ticket#: Access: 10:21 Using: Bus #10 Bus User: Anonymous Access: 10:21 Query: Privacy+NSA User: Kreutzer, Michael Access: 09:20 Withdraw: 500 Bank Client Profile Bruce Schneier Date: Time: 09:20 Withdraw: Quit: 09:42 Bank Client Profile Bruce Schneier Date: Time: 09:20 Withdraw: 100 Quit: 09:42 Bank Client Profile Michael Kreutzer Date: Time: 09:20 Withdraw: Quit: 09:42 Library Client Profile Anonymous Date: Time: 11:42 Query: Crypto Library Client Profile Anonymous Date: Time: 11:42 Query:Privacy+ NSA ? TrafficSystem Client Profile Ticket #23882 Date: Time: 10:21 Using:Bus #10 Exit: Stop#11 Bus TrafficSystem Client Profile Ticket #5321 Date: Time: 14:31 Using:Bus #12 Exit: Stop#123 Bus TrafficSystem Client Profile Ticket #12321 Date: Time: 10:31 Using:Bus #1 Exit: Stop#5 Bus
IIGIIG Institut für Informatik und Gesellschaft, Abteilung Telematik, Albert-Ludwigs-Universität Freiburg Michael Kreutzer, Uwe Jendricke, Alf Zugenmaier 14 Flow Chart of Mobile Identity Management System Context Sensing Choice of Appropriate Identity Setting of Authentication and Services User Input
IIGIIG Institut für Informatik und Gesellschaft, Abteilung Telematik, Albert-Ludwigs-Universität Freiburg Michael Kreutzer, Uwe Jendricke, Alf Zugenmaier 15 Context of the User (focus: PDA) The Task IT-Infrastructure Physical Environment AP Time Table 05:00 22:00 Saarbr. Landwehrpl. (Wednesday) all: Heusweiler/Holz
IIGIIG Institut für Informatik und Gesellschaft, Abteilung Telematik, Albert-Ludwigs-Universität Freiburg Michael Kreutzer, Uwe Jendricke, Alf Zugenmaier 16 Components of a Mobile Identity Management System Identity Management Context Sensors Services and Applications Banking Shopping Home Automation... Context Sensing Choice of Identity Configuration of Services RulesIdentities Filter
IIGIIG Institut für Informatik und Gesellschaft, Abteilung Telematik, Albert-Ludwigs-Universität Freiburg Michael Kreutzer, Uwe Jendricke, Alf Zugenmaier 17 Communication Environment Network User Network- Gateway Comm. Interface (to Anon- ymizing Service) Applica tions Identity- Manager (IDM) IDM Trustworthy End- Device Anonymi- zing Service Local Service Service Provider/ Communication Partner
IIGIIG Institut für Informatik und Gesellschaft, Abteilung Telematik, Albert-Ludwigs-Universität Freiburg Michael Kreutzer, Uwe Jendricke, Alf Zugenmaier 18 The Demonstrator
IIGIIG Institut für Informatik und Gesellschaft, Abteilung Telematik, Albert-Ludwigs-Universität Freiburg Michael Kreutzer, Uwe Jendricke, Alf Zugenmaier 19 The demonstrator: Lessons learnt –Active and inactive Applications –Priority of Applications –Overview of Local Services –User initiated Authentication –First Step in Direction Prototype
IIGIIG Institut für Informatik und Gesellschaft, Abteilung Telematik, Albert-Ludwigs-Universität Freiburg Michael Kreutzer, Uwe Jendricke, Alf Zugenmaier 20 Mobile Identity Management: Benefits for the User... –Usable: Only available applications visible –The user feels safe and secure –The user is safe and secure The user is per default anonymous The user has full control of what kind of personal data leaves the device.