Using ePassports for online authentication - ICT Delta 2010


Published on

As presented at ICT Delta, 18 March 2010, in Rotterdam (NL)

  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • MRZ alvast goed uitleggen wegens BAC op de volgende slide.Misschien hier al iets zeggen over de handtekeningen per data groep en niet per attribuut.
  • Using ePassports for online authentication - ICT Delta 2010

    1. 1. UsingePassportsfor online authentication<br />Maarten Wegdam<br />Joint work with: Martijn Oostdijk & Dirk-Jan van Dijk<br />
    2. 2. The goalSecure online authentication<br />ICT Delta 2010<br />2<br />
    3. 3. 3<br />Chip<br />Verified attributes<br />Machine<br />Readable<br />Zone<br />Logo<br />Antenna<br />The opportunityePassport chip<br />ICT Delta 2010<br />
    4. 4. Example<br />ICT Delta 2010<br />4<br />
    5. 5. The problemNotdesignedfor online authentication<br />ICT Delta 2010<br />5<br />
    6. 6. OursolutionUser-centricIdentity Provider<br />ICT Delta 2010<br />6<br />
    7. 7. How does thiswork? (simplified)<br />ICT Delta 2010<br />7<br />Identity Provider<br />Client<br />Relying Party<br />3. uses service<br />1. authenticates<br />2. pseudonym & attributes <br />
    8. 8. How does thiswork? (simplified)<br />ICT Delta 2010<br />8<br />Identity Provider<br />Client<br />Relying Party<br /> uses service<br />Facilitates this process by<br />1 Partial release of attributes (& pseudonym)<br />2 Asks client for consent<br />3 Additional password authentication<br />
    9. 9. Prototype<br />ICT Delta 2010<br />9<br />
    10. 10. Key-takeaways<br />ICT Delta 2010<br />10<br />More info:<br /><ul><li>Oostdijk, Van Dijk, Wegdam, User-Centric Identity Using ePassportsSecureComm 2009, DOI: 10.1007/978-3-642-05284-2_17
    11. 11. and
    12. 12. /</li></li></ul><li>Backup Slides<br />ICT Delta 2010<br />11<br />
    13. 13. ePassport security mechanisms<br />CONTROLS:<br /><ul><li>Basic Access Control
    14. 14. Passive Authentication
    15. 15. Active Authentication
    16. 16. Extended Access Control
    17. 17. Biometry</li></ul>THREATS:<br /><ul><li>Skimming & tracking (privacy)
    18. 18. Eavesdropping (privacy)
    19. 19. Altering (authenticity, integrity)
    20. 20. Cloning (authenticity)
    21. 21. Disclosure of biometrics (confidentiality)
    22. 22. Look-a-like fraud</li></ul>12<br />
    23. 23. What’s inside?<br />Chip<br />MRZ<br />Logo<br />Antenna<br />13<br />ICT Delta 2010<br />
    24. 24. 14<br />Laws of Identity<br />By Kim Cameron of Microsoft<br />User control<br />Minimal disclosure, constrained purpose<br />Justifiable parties<br />Directed identity<br />Pluralism of operators and technologies<br />Human integration<br />Consistent experience across contexts<br />Explained for dummies:<br /><ul><li>People using computers should be in control of giving out information about themselves, just as they are in the physical world.
    25. 25. The minimum information needed for the purpose at hand should be released, and only to those who need it. Details should be retained no longer than necesary.
    26. 26. It should NOT be possible to automatically link up everything we do in all aspects of how we use the Internet. A single identifier that stitches everything up would have many unintended consequences.
    27. 27. We need choice in terms of who provides our identity information in different contexts.
    28. 28. The system must be built so we can understand how it works, make rational decisions and protect ourselves.
    29. 29. Devices through which we employ identity should offer people the same kinds of identity controls - just as car makers offer similar controls so we can all drive safely.</li></ul><br />ICT Delta 2010<br />