Presentation on theme: "Strength in diversity: lessons learnt from the Stork* projects Antonio Lioy Politecnico di Torino Dip. Automatica e Informatica."— Presentation transcript:
Strength in diversity: lessons learnt from the Stork* projects Antonio Lioy Politecnico di Torino Dip. Automatica e Informatica
Security: is mine the same as yours? n is a door secure? n plastic? wood? steel? n no key? mechanical key? electronic key? n who is the attacker? n what is inside the room? n there is no government-mandated standard for physical doors... n... so why there should be one for "computer doors"?
Security: a difficult (and moving) target n a human generation is 30 years... a computer one is just 3! n any technical solution (especially if agreed in a lengthy process) risks to be obsolete by the time of its adoption n any technical solution is vulnerable to some attack (as humans are vulnerable to diseases) n so mandate principles, not technologies: n using the same technology we can save money n... but we increase the risk of a total attacks (as a pandemia for humans)
Some security principles n security = n technical solution (minimize violations) n legislative support (violators will be prosecuted) n individual behaviour (don't make violations easy) n which is the most important factor? n security level must be adequate to the value of the protected item... but not more! n users are typically the weak link in every security solution
Stork (18 countries, 36 partners, 2008-11) Austria Belgio Estonia France Germany Italy Luxembourg Netherlands Portugal Slovenia Spain Sweden United Kingdom plus – Iceland Finland, Greece, Lithuania, Slovakia and then STORK 2.0 (2012-2015)
Stork: principles and results (I) n electronic identity = authentication + certified attributes n set of certified European attributes n lexicon (multilanguage attribute names) n syntax (possible values) n semantics (e.g. surname) n various authentication credentials n reusable password, one-time-password, cellphone, software certificate, smart-card n used in a transparent way and with legal value (according to the citizen's country) n mutual recognition
Stork: principles and results (II) n various authentication levels n cryptographic strength of the authentication technique n strength of the identification process when distributing the credentials n QAA (Quality of Authentication Assurance) levels 1…4 n requested level (to access the service) versus effective level (depending on the authentication technique used by the citizen) n privacy protection and localization n user talks with her own country n provides explicit consent for the required attributes n compulsory and optional attributes n attributes managed end-to-end
The Stork infrastructure service provider Italian citizen Swedish Stork gateway Italian Stork gateway e-ID + attribute provider (Italian) 3. select your country 4a. consent? 4b. which e-ID? 5a. authentication 5b. consent (final) 2. go Stork! 1. ask for service
ECAS Europ. Commission Authentication Service Stork: pilots change of address e-delivery (cross-border) e-services authentication (cross-border) student mobility safer chat
Stork 2.0 n focus on: n attributes / delegation / representation powers n integratione with non-government e-ID n three years n 2012 -2015 n many countries (~30) and partners (~60) n pilots: n business registry (e.g. single-point-of-contact) n e-health n job market (e.g. professional certifications) n e-learning n e-banking
Strength in diversity n different countries use different e-IDs, with variable strength n the interoperability solution permits the use of all of them yet it does not compromise security, rather it supports adaptive security where each electronic service can request (and receive!) the appropriate level of protection n this solution does not hamper technological progress n any country can adopt a new e-ID technology without breaking its interoperability with the other countries n a smooth evolution path is possible. n the Stork* projects are a clear example that: n a compromise is often needed in deciding appropriate security measures n … but it does not have to be at the lowest common level n … and does not stop technological evolution.