• Save
Using ePassports for online authentication - ICT Delta 2010
Upcoming SlideShare
Loading in...5
×
 

Using ePassports for online authentication - ICT Delta 2010

on

  • 865 views

As presented at ICT Delta, 18 March 2010, in Rotterdam (NL)

As presented at ICT Delta, 18 March 2010, in Rotterdam (NL)

Statistics

Views

Total Views
865
Views on SlideShare
863
Embed Views
2

Actions

Likes
1
Downloads
0
Comments
0

1 Embed 2

https://www.linkedin.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • MRZ alvast goed uitleggen wegens BAC op de volgende slide.Misschien hier al iets zeggen over de handtekeningen per data groep en niet per attribuut.

Using ePassports for online authentication - ICT Delta 2010 Using ePassports for online authentication - ICT Delta 2010 Presentation Transcript

  • UsingePassportsfor online authentication
    Maarten Wegdam
    Joint work with: Martijn Oostdijk & Dirk-Jan van Dijk
  • The goalSecure online authentication
    ICT Delta 2010
    2
  • 3
    Chip
    Verified attributes
    Machine
    Readable
    Zone
    Logo
    Antenna
    The opportunityePassport chip
    ICT Delta 2010
  • Example
    ICT Delta 2010
    4
  • The problemNotdesignedfor online authentication
    ICT Delta 2010
    5
  • OursolutionUser-centricIdentity Provider
    ICT Delta 2010
    6
  • How does thiswork? (simplified)
    ICT Delta 2010
    7
    Identity Provider
    Client
    Relying Party
    3. uses service
    1. authenticates
    2. pseudonym & attributes
  • How does thiswork? (simplified)
    ICT Delta 2010
    8
    Identity Provider
    Client
    Relying Party
    uses service
    Facilitates this process by
    1 Partial release of attributes (& pseudonym)
    2 Asks client for consent
    3 Additional password authentication
  • Prototype
    ICT Delta 2010
    9
  • Key-takeaways
    ICT Delta 2010
    10
    More info:
    • Oostdijk, Van Dijk, Wegdam, User-Centric Identity Using ePassportsSecureComm 2009, DOI: 10.1007/978-3-642-05284-2_17
    • http://www.nlnet.nl/project/epassports/ and http://jmrtd.org
    • http://maarten.wegdam.name / maarten.wegdam@novay.nl
  • Backup Slides
    ICT Delta 2010
    11
  • ePassport security mechanisms
    CONTROLS:
    • Basic Access Control
    • Passive Authentication
    • Active Authentication
    • Extended Access Control
    • Biometry
    THREATS:
    • Skimming & tracking (privacy)
    • Eavesdropping (privacy)
    • Altering (authenticity, integrity)
    • Cloning (authenticity)
    • Disclosure of biometrics (confidentiality)
    • Look-a-like fraud
    12
  • What’s inside?
    Chip
    MRZ
    Logo
    Antenna
    13
    ICT Delta 2010
  • 14
    Laws of Identity
    By Kim Cameron of Microsoft
    User control
    Minimal disclosure, constrained purpose
    Justifiable parties
    Directed identity
    Pluralism of operators and technologies
    Human integration
    Consistent experience across contexts
    Explained for dummies:
    • People using computers should be in control of giving out information about themselves, just as they are in the physical world.
    • The minimum information needed for the purpose at hand should be released, and only to those who need it. Details should be retained no longer than necesary.
    • It should NOT be possible to automatically link up everything we do in all aspects of how we use the Internet. A single identifier that stitches everything up would have many unintended consequences.
    • We need choice in terms of who provides our identity information in different contexts.
    • The system must be built so we can understand how it works, make rational decisions and protect ourselves.
    • Devices through which we employ identity should offer people the same kinds of identity controls - just as car makers offer similar controls so we can all drive safely.
    http://www.identityblog.com/
    ICT Delta 2010