Presentation is loading. Please wait.

Presentation is loading. Please wait.

Strength in diversity: lessons learnt from the Stork* projects Antonio Lioy Politecnico di Torino Dip. Automatica e Informatica.

Published byScarlett Quinn Modified over 8 years ago

Similar presentations

Presentation on theme: "Strength in diversity: lessons learnt from the Stork* projects Antonio Lioy Politecnico di Torino Dip. Automatica e Informatica."— Presentation transcript:

1 Strength in diversity: lessons learnt from the Stork* projects Antonio Lioy Politecnico di Torino Dip. Automatica e Informatica

2 Security: is mine the same as yours? n is a door secure? n plastic? wood? steel? n no key? mechanical key? electronic key? n who is the attacker? n what is inside the room? n there is no government-mandated standard for physical doors... n... so why there should be one for "computer doors"?

3 Security: a difficult (and moving) target n a human generation is 30 years... a computer one is just 3! n any technical solution (especially if agreed in a lengthy process) risks to be obsolete by the time of its adoption n any technical solution is vulnerable to some attack (as humans are vulnerable to diseases) n so mandate principles, not technologies: n using the same technology we can save money n... but we increase the risk of a total attacks (as a pandemia for humans)

4 Some security principles n security = n technical solution (minimize violations) n legislative support (violators will be prosecuted) n individual behaviour (don't make violations easy) n which is the most important factor? n security level must be adequate to the value of the protected item... but not more! n users are typically the weak link in every security solution

5 Stork (18 countries, 36 partners, 2008-11) Austria Belgio Estonia France Germany Italy Luxembourg Netherlands Portugal Slovenia Spain Sweden United Kingdom plus – Iceland Finland, Greece, Lithuania, Slovakia and then STORK 2.0 (2012-2015)

6 Stork: principles and results (I) n electronic identity = authentication + certified attributes n set of certified European attributes n lexicon (multilanguage attribute names) n syntax (possible values) n semantics (e.g. surname) n various authentication credentials n reusable password, one-time-password, cellphone, software certificate, smart-card n used in a transparent way and with legal value (according to the citizen's country) n mutual recognition

7 Stork: principles and results (II) n various authentication levels n cryptographic strength of the authentication technique n strength of the identification process when distributing the credentials n QAA (Quality of Authentication Assurance) levels 1…4 n requested level (to access the service) versus effective level (depending on the authentication technique used by the citizen) n privacy protection and localization n user talks with her own country n provides explicit consent for the required attributes n compulsory and optional attributes n attributes managed end-to-end

8 The Stork infrastructure service provider Italian citizen Swedish Stork gateway Italian Stork gateway e-ID + attribute provider (Italian) 3. select your country 4a. consent? 4b. which e-ID? 5a. authentication 5b. consent (final) 2. go Stork! 1. ask for service

9 ECAS Europ. Commission Authentication Service Stork: pilots change of address e-delivery (cross-border) e-services authentication (cross-border) student mobility safer chat

10 Stork 2.0 n focus on: n attributes / delegation / representation powers n integratione with non-government e-ID n three years n 2012 -2015 n many countries (~30) and partners (~60) n pilots: n business registry (e.g. single-point-of-contact) n e-health n job market (e.g. professional certifications) n e-learning n e-banking

11 Strength in diversity n different countries use different e-IDs, with variable strength n the interoperability solution permits the use of all of them yet it does not compromise security, rather it supports adaptive security where each electronic service can request (and receive!) the appropriate level of protection n this solution does not hamper technological progress n any country can adopt a new e-ID technology without breaking its interoperability with the other countries n a smooth evolution path is possible. n the Stork* projects are a clear example that: n a compromise is often needed in deciding appropriate security measures n … but it does not have to be at the lowest common level n … and does not stop technological evolution.

Download ppt "Strength in diversity: lessons learnt from the Stork* projects Antonio Lioy Politecnico di Torino Dip. Automatica e Informatica."

Similar presentations

S.O.S. eHealth Project Open eHealth initiative for a European large scale pilot of patient summary and electronic prescription Daniel Forslund, Head of.

S.O.S. eHealth Project Open eHealth initiative for a European large scale pilot of patient summary and electronic prescription Daniel Forslund, Head of.
The European Activities of BR Communication e-CODEX e-Justice Communication via Online Data Exchange Bucharest, June 14 th 2013.

The European Activities of BR Communication e-CODEX e-Justice Communication via Online Data Exchange Bucharest, June 14 th 2013.
 At first there were 6 members  Today there are 27 members of the EU  Created in 1952.  Requirements:  Democratic  Free market government Flag of.

 At first there were 6 members  Today there are 27 members of the EU  Created in  Requirements:  Democratic  Free market government Flag of.
1 14 th May 2008 How can pan-European Public Services Benefit from CIP ICT PSP Pilot on eID Dr. Davorka Šel Ministry of Public Administration SLOVENIA.

1 14 th May 2008 How can pan-European Public Services Benefit from CIP ICT PSP Pilot on eID Dr. Davorka Šel Ministry of Public Administration SLOVENIA.
Stork 2.0 is an EU co-funded project INFSO-ICT-PSP-297263 Robert Scharinger & Gottfried Heider (Ministry of Health, AT) WP 5.4 eHealth pilot - epSOS OpenNCP.

Stork 2.0 is an EU co-funded project INFSO-ICT-PSP Robert Scharinger & Gottfried Heider (Ministry of Health, AT) WP 5.4 eHealth pilot - epSOS OpenNCP.
Stork is an EU co-funded project INFSO-ICT-PSP-224993 Secure Identity Across Borders Linked Secure Electronic Identity Across Europe! STORK – 4 TH I NDUSTRY.

Stork is an EU co-funded project INFSO-ICT-PSP Secure Identity Across Borders Linked Secure Electronic Identity Across Europe! STORK – 4 TH I NDUSTRY.
Can PKI be made simple enough to be used by non-experts? Signature formats and context Antonio Lioy ( polito.it ) Politecnico di Torino Dip. Automatica.

Can PKI be made simple enough to be used by non-experts? Signature formats and context Antonio Lioy ( polito.it ) Politecnico di Torino Dip. Automatica.
E-SENS Electronic Simple European Networked Services Moving services forward Dr. Cagatay KARABAT National Coordinator of e-SENS.

E-SENS Electronic Simple European Networked Services Moving services forward Dr. Cagatay KARABAT National Coordinator of e-SENS.
E-tax system stages 1.Stage 1 - Information: online information about public services 2.Stage 2 - Interaction: downloading of forms 3.Stage 3: Two-way.

E-tax system stages 1.Stage 1 - Information: online information about public services 2.Stage 2 - Interaction: downloading of forms 3.Stage 3: Two-way.
Stork is an EU co-funded project INFSO-ICT-PSP-224993 STORK PRESENTATION STORK Presentation Lithuania March 2010.

Stork is an EU co-funded project INFSO-ICT-PSP STORK PRESENTATION STORK Presentation Lithuania March 2010.
Who belongs to the European Union?

Who belongs to the European Union?
Evolution in cross-border interoperability of eSignatures and eID Tarvi Martens SK, Estonia.

Evolution in cross-border interoperability of eSignatures and eID Tarvi Martens SK, Estonia.
16 out of 27 member states Known as euro zones 2 nd largest traded currency after the dollar The name euro was officially adopted on 16 December 1995.

16 out of 27 member states Known as euro zones 2 nd largest traded currency after the dollar The name euro was officially adopted on 16 December 1995.
Regional Trading Agreements European Union 1. RTA 1945 – 1959 A peaceful Europe – the beginnings of cooperation Aim of ending the frequent and bloody.

Regional Trading Agreements European Union 1. RTA 1945 – 1959 A peaceful Europe – the beginnings of cooperation Aim of ending the frequent and bloody.
Identity management – developments within the European Social Security Sector Pantelis Angelidis.

Identity management – developments within the European Social Security Sector Pantelis Angelidis.
Österreich 2006 Austria 2006 Autriche 2006 Präsidentschaft der Europäischen Union Presidency of the European Union Présidence de L’Union européenne ★★★★★★

Österreich 2006 Austria 2006 Autriche 2006 Präsidentschaft der Europäischen Union Presidency of the European Union Présidence de L’Union européenne ★★★★★★
European Life Sciences Infrastructure for Biological Information www.elixir-europe.org ELIXIR www.elixir-europe.org.

European Life Sciences Infrastructure for Biological Information ELIXIR
Slovenian Governmental Certification Authority Dr. Aleš Dobnikar Government Centre for informatics of the Republic of Slovenia 4th Business and Government.

Slovenian Governmental Certification Authority Dr. Aleš Dobnikar Government Centre for informatics of the Republic of Slovenia 4th Business and Government.
THE EUROPEAN UNION. HISTORY 28 European states after the second world war in 1951 head office: Brussels 24 different languages Austria joined 1995.

THE EUROPEAN UNION. HISTORY 28 European states after the second world war in 1951 head office: Brussels 24 different languages Austria joined 1995.
THE EUROPEAN UNION. EU  1993 European Union  Main Aims  All states in the EU = a single market  One currency throughout the EU = the Euro  To have.

THE EUROPEAN UNION. EU  1993 European Union  Main Aims  All states in the EU = a single market  One currency throughout the EU = the Euro  To have.

Similar presentations

Ads by Google