60 %
40 %
Information about brands

Published on January 15, 2009

Author: aSGuest10648


Digital Access Management : Digital Access Management November 8, 2002 Presented to: 3rd Annual Privacy and Security Workshop Privacy and Security: Totally Committed November 7 & 8, 2002 Toronto Dr. Stefan Brands Credentica Inc. : Credentica Inc. Founded January 2002, based in Montreal Mission: Secure digital authentication and authorization solutions for Internet, mobile, and smart card applications Who we are: seasoned cryptographers and designers & developers of secure software First product: a Digital Access Management platform that provides fundamental security, performance, and privacy benefits Market Trends : Market Trends Information managed in electronic form Information systems moving from closed environments to open environments Data sharing across multiple trust domains Physical trust domains are disappearing Increasing data volume & sensitivity Security must be tied to the information itself, not to the perimeter of its repository :  Critical Information Infrastructures E-Health (many applications) E-Government (many applications) Collaborative Enterprise Electronic B2C (Liberty Alliance, Passport) (Other) applications involving sensitive data and relying on smart cards, wireless devices, peer-to-peer, etc. Examples Slide 6: “The lack of trustworthy security services is a major obstacle to the use of information technology in private, in business as well as in public services.” — European Parliament, Directorate General for Research (March 2001) “Identification and authentication are becoming more important with the move towards e-government and the rising incidence of identity fraud.” — U.K. Cabinet Office, Performance and Innovation Unit, “Privacy and data-sharing: The way forward for public services” (April 2002) Problem: Inadequate security (system abuse, identity theft, data propagation, etc.) “Nearly 70% of consumers cite privacy concerns as one reason that could make them stop using e-government services.” — Gartner survey (May 2001) “meeting data protection standards is a key component [of e-government]. In the area of on-line authentication and identification in particular there is still much work to be done. [...] enhancing privacy should be a Government objective.“ — UK Information Commissioner Annual report (June 2001) Problem: Privacy intrusions (systematic identification, no control over data usage, linkability, conflicts with privacy laws, etc.) Slide 9: “A single authentication server / service equals a single point of failure.” — Information Security Magazine (September 1998) “54% of respondents were extremely concerned with the possibility of government employees misusing their personal information, and 64% were extremely concerned about the risk of hackers breaking into government computers.” — Hart-Teeter, “E-GOVERNMENT: To Connect, Protect, and Serve Us” (November 2001) Problem: Heavy dependence on connection to central servers “GAO (US General Accounting Office) found that at the Department of Veterans Affairs, many employees were sharing passwords: "These types of weaknesses make the financial transaction data and personal information on veteran medical records and benefits stored on these systems vulnerable to misuse, improper disclosure and destruction.” — Government Executive Magazine (September 1998) “…a device like a card is likely to disappear if the carrying person does not feel that its presentation will be of benefit to him.” — European Committee For Standardization, “Health Informatics” (1998) Problem: Lending, copying & discarding of credentials (access rights, profiles, …) Information Security Products : Information Security Products Anti-virus (software & hardware devices) Network security (Web & email monitoring, intrusion detection, security management, vulnerability assessment); Perimeter security (firewall, VPN) Encryption (password-based, symmetric-key, and public-key cryptography) Access Management Digital Access Management : Digital Access Management Access Management: the combination of Authentication & Authorization Authentication: who a user is Authorization: what access a user gets Crucial for: identity-related (personal) information information restricted to authorized entities Security, privacy, and performance issues :  Avoids duplication of passwords by giving users a single password for all resources Liberty Alliance, Passport, Netegrity, Oblix, … A user convenience, not a security solution! Highly insecure for managing access to sensitive information over open networks “Single sign-on is a security compromise waiting to happen” (CEO of Burton Group) A Poor Solution: Single Sign-On Slide 13: Gartner, November 2001 :  Inappropriately pushed forward by some PKI-technology vendors as the strongest solution Identity certificates proposed 25 years ago for the purpose of message encryption Entity authentication serves to prevent man-in-the-middle attacks Highly inadequate in the context of digital access management (with all its security, privacy & performance concerns) Another Poor Solution: X–509 Style Digital Certificates :  Access right cloning and lending Non-scalable Central point of attack Identity theft & privacy violations Managed services are intrusive Violation of data protection laws Unconditional trust required in smart cards Poor performance on low-cost devices Fundamental Problems of X–509 Style Digital Certificates Lessons Learned : Lessons Learned X.509-style PKI was not designed for the purpose of digital access management Real-world solutions must address security, privacy, and performance for all parties Solution must be built into the architecture Policies and legislation must surround a secure architecture – they cannot replace it Credentica’s Solution: CMP(Credential Management Platform) : Credentica’s Solution: CMP(Credential Management Platform) Multi-party secure (holistic solution) Any mix of local & central credential data Privacy slider: Identification & pseudonymity & role-Based & anonymity & selective disclosure Efficient & secure smartcard implementations Multi-purpose & multi-application certificates Limited-use access rights and credentials Suitable for peer-to-peer architectures Support for managed services CMP: Based On Digital Credentials : CMP: Based On Digital Credentials Inherit all the strengths of PKI & digital signatures, but avoid their weaknesses Protocols described in open literature (350-page MIT Press book & 31 publications) Scrutinized by world's top cryptographers (Shamir, Rivest, Schnorr, …) Unanimous acclaim from security, legal, and privacy experts worldwide Slide 21: “shows ways to do digital certificates without giving so much power to the system owner” Former Chief Privacy Counselor to the Clinton Administration, Dr. Peter Swire, April 2001 “an important landmark” Dr. Ronald L. Rivest (Webster Professor of Electrical Engineering and Computer Science at MIT), August 2000 “security without sacrificing privacy” Dr. Hal Abelson (Professor at the Artificial Intelligence Laboratory, MIT), August 2000 “the state of the art” Dr. A. Michael Froomkin (Professor of Law, University of Miami), August 2000 “a superior alternative to conventional approaches to PKI” Dr. Roger Clarke (consultant in the management of information and information technology), 2001 “minimizing the risks of all the interested actors” Electronic Privacy Information Center & Privacy International, 2001 Properties of Digital Credentials : Properties of Digital Credentials Untraceable & unlinkable authentication Selective disclosure of attributes Private reissuing & updating of credentials Data separation for verifiers and RAs Limited-show credentials Lending/discarding protection Chip-card integration Online/offline clearing/validation Multi-purpose & multi-application credentials Server-assisted protocols Integration with X.509-based PKI Additional Information : Additional Information Digital Credential overviews Non-technical 2-pager: Semi-technical 40-page overview: Technical 350-page book with mathematical security proofs: CMP architecture overview: Other information:

Add a comment

Related presentations

Related pages

Günstige Markenkleidung im Online Shopping Club bei ...

brands4friends ist Deutschlands No.1 Shopping-Club. Mitglieder erhalten bis zu 70% Rabatt (ggü. UVP) bei Mode & Lifestyle. Jetzt kostenlos anmelden!
Read more | brands | Wörterbuch Englisch-Deutsch

Übersetzung für brands im Englisch-Deutsch-Wörterbuch ... Limited Input Mode - Mehr als 1000 ungeprüfte Übersetzungen! Du kannst trotzdem ...
Read more

Brand – Wikipedia

Ein Brand entsteht sobald Voraussetzungen einer Verbrennung am Brandort erfüllt sind und erlischt, sobald sie nicht mehr gegeben sind. Diese ...
Read more

BRAND GMBH + CO KG: Laborgeräte, Liquid Handling ...

BRAND GMBH + CO KG Laborbedarf, Labortechnik, Liquid Handling, Volumenmessung, Life Science, Biotechnologie
Read more

Brands of the World™ | Download vector logos and logotypes

Brands of the World has the world's largest collection of freely downloadable vector logos. Upload logos to showcase your work and help your fellow designers.
Read more

Beste Qualität -

VOLLTANKEN MIT STYLE. Wenn der JET-Tankwart Ihnen ordentlich einschenkt, trägt er dabei Workwear von Brands Fashion. MEHR »
Read more

best brands

"best brands - das deutsche Markenranking" zeichnet jährlich Deutschlands beste Marken auf Basis einer repräsentativen Studie von GfK aus.
Read more | brand | Wörterbuch Englisch-Deutsch

Übersetzung für brand im Englisch-Deutsch-Wörterbuch
Read more

Brands – Wikipedia

Brands ist der Familienname folgender Personen: Daniel Brands (* 1987), deutscher Tennisspieler; Friedrich Brands (1892–1963), deutscher Politiker (DNVP ...
Read more

Brand – Wiktionary

Anmerkung zum Artikelgebrauch: Der Artikel wird gebraucht, wenn „Brand“ in einer bestimmten Qualität, zu einem bestimmten Zeitpunkt oder Zeitabschnitt ...
Read more