jump to navigation

Finally the thesis November 27, 2009

Posted by tcarlyle in identity management, Me, Sensors, SIM Cards, Thesis, trust, Uncategorized.
Tags: , , ,

After almost six months that I have delivered my thesis, I’m finally posting it here. It turned up to be a very extensive document (about 150 pages), but mainly because we first wanted to assess the capabilities of SIM cards, identities and finally trust frameworks. And as I was working together with the SIM Research Team at Telenor and I do have some experience with SIM from when I worked in Gemalto, we spent several pages on reviewing the SIM capabilities and trying to figure it out the future SIM.  We also touched an aspect that may start to become more present in the SIM cards which is the ability to sense context.

Other pages were spent in getting into the identity management world and this was one part of the thesis which in fact I wished I had more time to go through. I got very interested in going deeper in the field after finally understanding the identity frameworks such as Higgins, Cardspace and specially on the concepts in which they are based. At last we studied a bit about trust models and this was one of the most difficult parts of the thesis as none of us had much an idea of trust modeling and it is a topic that can get very complex if studied deeply.

After this long background, we finally chosen a new application that could be hosted in the state-of-art (or future) SIM cards, take advantage of the fact that the SIM represent one or more identities and that can be used to build trust. That application was what I have proposed in my paper mentioned in the previous post.

The idea is to use the future sim cards to sense each other (either through NFC,  location information and server interaction, wlan, etc), to sense the environment and based on that, attribute a situational trust value for that meeting between the 2 sim holders.  Then with a bunch of those situational trust value, you can infer the user relation. The more context information, the more you can infer.

Based on that idea, we made a small prototype using SunSpots representing those advanced SIM cards and with a simple trust inference model and a test scenario.  It  may sound a simple test and in fact it was, as the thesis focused a bit on bringing a new idea (which is extensively described) and the state-of-art research, having the prototype as a small proof-of-concept.

When I was reviweing the thesis for the paper presentation, I read in Bruce Schneier‘s blog about a paper from some researchers from the Santa Fe institute that used location information and phone calls information to infer the friendship closeness between the people involved in the experiment. The result was that they could predict the level of friendship with 95% accuracy! This pretty much confirm my thesis result =)


Closing Nordsec 09 November 3, 2009

Posted by tcarlyle in identity management, Me, Sensors, SIM Cards, Thesis.
Tags: , , ,
add a comment

I know it has been more less about half month since the ending of the Nordsec 09 and I was supposed to update about the last two days. However, after the conference (and some days off at the Belgium coast) I had a lot to catch up at work. Anyway, one good new is that the talks which does not correspond to paper presentation had their slides uploaded at the Nordsec Program Webiste.

The second day had some quite more technical (sometimes even more mathemathical) presentations. The ones I was most interested was the one about the usability of petname systems and the one about widget security.

Though due to the presentation on “A Parallelism-Based Approach to Network Anonymization” from Igor Margasinski, I got to know more about network anonymization which is a topic that I must admit not have heard before. It was nice to know that there are some options such as the tor project that tries to completly protect user privacy and enable users to bypass some content filters from some countries, therefore raising the freedom of communication.

However, the people that discussed about TOR said that in practice this anonimity routing, make the traffic flow pretty slow. Still, on the same day, Heiko Roßnagel discussed how the porn industry could in fact sponsor the development of TOR networks, as they correspond to users that would like the service and that are also willing to pay for it. On the other hand, this is a delicate topic as the porn industry can have some complex legality and ethic borders.

In the presentation of Karsten Peder Holth around widget security, the author points several of the security flaws that can be introduced when installing a widget. However, as he says, this is somehow a consequence of the simple development model of widgets and in fact it is this simple development model taht makes widgets so popular.

Audung Jøsang presented the paper his students have written about usability of petnames. He defended the need of making Identity Management more user centric with the usage of petnames and it makes a lot of sense. However, it looked like the Identity Selectors, as the ones part of identity schemas such as Geneva (“new name” of Microsoft Cardspace) and Higgins, already provide the user an alternative for the memorizing problem towards identities.

In the following day, we had another presentation around SIM cards and Identity. This one was given by Do Van Than, and although it also touched the aspects of the possible positioning of operatords towards IdM, it showed a bunch of cases on how this could be done and they have already tested. It is somehow sad to see that we could be already using the SIM as an IdM device with the EAP-SIM protocol and the federation standards (such as the ones from Liberty Alliance, which seem to have changed its name also, but I dont remember the new one), and unfortunatelly due to protective interests from several players in this heterogeneous market, we don’t.

Besides that we had more two SIM related presentations. One, where Heiko Roßnagel discuss the potential of the SIM as a the most suitable tool for delivering real-time information services. And my presentation covering the usage of high-end SIM cards enabling the possibility of sensing and chategorizing user relation. I’ll discuss my presentation a bit better in a next post (which hopefully wont take that long), but if you are interested in check it out the paper here is the springer link for it or you can see a 100% free preview at this googlebooks link. In fact, Ill verify if I can put it here in the blog as well.

It was really nice to present the paper and although I was a bit nervous before, the presentation went really well. I think I kind of have the knack for presentations.

Later (hope not much), I come back for talking a bit more about my paper, my master thesis and maybe also some frustrations and experiences with the N97 =)

First day of Nordsec 09 October 15, 2009

Posted by tcarlyle in Biometrics, identity management, SIM Cards, trust, Uncategorized.
Tags: , , , , , , ,
add a comment

I’m bloging directly from the Nordsec 09 conference here in Oslo. So far it has passed one day and a half and the programme has been quite interesting. There has been a more strong focus on identity and privacy, and, moreover more “high-level” presentations than the conference last year. As the conference programme has been quite extensive I must assume not having payed full attention to all presentations and specially the ones that didn’t have slides as supporting material. I’ll cover in this post just a bit of my impressions around the first day.

The first day was mainly about identity and privacy.  We started with a great presentation from Drummond Reed from the Information Card Foundation. He end up spending some of time explaining IdM as the concept was not familiar for the whole public, then he talked a bit on the challenges to using the open ID standards by the governments, in special in the USA. He also mentioned the issue of having a branding competition on the websites towards the several OpenID providers. It was pretty interesting to see that the US government is going for an exisiting open IdM standard and also to know that apparently a lot of the companies that seemed to be competing for IdM ownership seem to be cooperating more. At least, as far as I got there are several new players joining the OpenID (although it is not clear if they are just offering authentication tokens or if they are also accepting other OpenID tokens) and the Information card has become a common format shared between Cardspace, Higgins and other selectors.

There was a presentation about Identity Theft from the Ministry of Justice and the Police of Norway. The presentation was mainly on how biometrics could help to prevent Identity Theft. As the usage of biometrics in his speech was not characterized if it was for identification or authentication as I mentioned in a post in the blog, it generated a lot of questions around the dangers of impersonating someone using a copy of the biometric template which could be gathered through a fingerprint left in a glass for example. This generated some discussion around storage of the biometric template and issues around biometrics in unsupervisioned scenario which the speech could have maybe addressed and made itself even more interesting.

Later we had a presentation of Tor-Hjalmar Johannessen from Telenor presenting arguments towards having an e-ID centric model on the SIM with very logical arguments. He bases it in the massive presence of sim cards, its security, the fact that they already represent an excellent working case of IdM (roaming is single-sign-on), new enhacements to the SIM as a hardware and software platform and others. I had already seen other of this presentations on the topic and I’ve read a few of his papers for my Master Thesis. Therefore, it was not something completly new for me, but it already introduced the audience in the topic which will be good for my presentation on Friday =)

Other 2 presentation that specially called my attention were the one about “Privacy risks in Web 2.0” from Roar Thon from the Norwegian National Security Authority and the one about the future e-voting system in Norway. The first one was a bit more on the need of creating awareness around how much private information we are publishing and distributing. It was interesting to see tha the  Norwegian National Security Authority is interested in that and also on some numbers presented. In fact the presentation opened the point of the lack of attribution of social networks relations which is something Ill discuss in my presentation.

I think I’ve never stopped to think so much about the complexities around e-voting and the presentation from Christian Bull gave a great overview. There are issues on the fact that you are not over a supervisioned environment and this could lead to vote selling or coertion, or on making sure that every vote is counted but it is not possible to trace who voted in who, and there it goes. He presented a few neat features to counter some difficulties of the e-voting and the system sounds very promissing. It was also nice to see that they plan to make it open source so the system security can be assessed and they will submit it to common criteria evaluation (or a similar one, I dont quite remember).

I’m not sure if the presentations are going to be published in the conference website, but in case it will I write it here.

Back to the blog October 6, 2009

Posted by tcarlyle in identity management, ride sharing, SIM Cards.
Tags: , , ,
add a comment

After more then one month without posting, I’m finally writing. I guess the absence was a bit cause I’ve had a few days with abunch of work and during this period I alswo broke my hand, and it is extremelly annoying to type with just one hand. Anyway, now I’m back and hopefully I’ll be updating the blog quite often.

At work I’ve been mainly working in the wlansim project of telenor and I’ll be starting as well to help on writing a proposal to a SIM related EU project. Outside of work, I’ve been discussing with my friend Tommy about the possible creation of a ride sharing application. We are not so satisfied with the existing ones and we are brainstorming a bit what could be done better. As soon as we have a better concept we will start implementing it. It is a side project I’ve been wanting to work since some time as hitch hiking is an environmentally friendly win-win method for traveling and meeting people (two tings that I particulary enjoy). So far the best ones I know are the roadsharing (great user interface) and a german option which I have in fact used in Germany twice and it was fairly easy to find a ride (I guess it is probably one of the ride sharing with the biggest number of register rides in relation to its context – mainly Germany).  Recently, I’ve read also about a mobile ride sharing application in which the Fraunhofer institute is working and which looks quite promising. Unfortunately the website is only in german. Anyway, if you have seen any nice articles about ride sharing or some other interesting applications in the domain, please forward me.

Changing a bit the topic, next week I’m going to the NordSec 2009 Conference in Oslo. I’ll present a paper named:”Advanced SIM capabilities supporting Trust-based applications”. I’ve written it during my Master Thesis last semester (and by the way, I promise that after the conference, I’ll make it availablle here). In fact there seem to be a lot of presentations (and publications) around e-identities and another related to SIM cards in the program.It seems quite promissing and I hope I can manage to make some free time and  find out a bit more about some presentations before the conference. Anyway, if you have specific questions you would like to ask the speakers based on the theme of their presentations, you can forward me and I’ll try to ask them and publish the answers afterwards.

Biometrics and SIM May 24, 2009

Posted by tcarlyle in Biometrics, identity management, SIM Cards.
1 comment so far

I know I said I would not post so soon, but here it goes a small post on Biometrics (reusing the text from my thesis =D)


Biometrics corresponds to the recognition of an individual based on the measurement and analysis of his physical and behavioral aspects. Some biometric techniques include: fingerprint, iris scan, face recognition, DNA, hand geometry, voice recognition and hand-writing patterns. The biometric information can enhance identity, verification and authentication mechanisms as it consists into a unique feature that can identify a user. 


In fact biometrics is massively deployed in the several physical identity cards that carry a picture of the owner. This picture, a facial biometric, is aimed to present something that can be used for a visual verification on the side of the agent.


One of the biggest concerns about the usage of biometric information is the case where the biometric template, the synthesis of the biometric characteristics, is stolen. Since the biometric template can’t be revoked, a user can’t revoke his fingerprint or have his iris reissued, this is a very important topic to be taken into account. A solution for that is the storage of the fingerprint information in a secure environment, such as a smart card. It enables the possibility of employing match-on-card (MOC) identification without the need of transmitting the biometric information outside of the card. Inside the card, the biometric information can serve as one of the authentication factors complementing or replacing passwords. 


Despite MOC solutions on the regular smart cards, for example the Portuguese e-ID, there are already deployments on the SIM Card. As shown in the article”Beefing up security with biometrics” from Card Technology Today, May, 2008, the memory needed to store the biometric information is not so high, specially if you take into account the new high-density smart cards. A facial image can require 20KB while the iris image can require 30KB and a fingerprint 8KB. If instead of using the image, the biometric template is used, the size requirements are reduced by around 90% or less. 


What security experts such as Bruce Schneier and Steve Riley discuss is that biometrics should not be used as an authentication secret, but as identity information. By that, the identity, biometric data publicly known, identifies the user, but in order to obtain authorization in a system, a secret is used. This argument is based on the fact that biometrics can be tampered: they can be scanned, they are left when people touch objects, people can be filmed without their consent. Moreover, differently from the secret, the biometric can’t be revoked.


The MOC solution in the smart card mentioned before has the biometric in a context that is hard to characterize between identity or authorization secret. It is something in between, since the biometric information is actually the input to authenticate the person which has the card, but the biometric alone is powerless and the card can be revoked. I woud say that it is secure enough for most of the day-to-day purposes since it combines “what you are” with “what you have” and it can be revoked.  It seems harder once it is easier to steal (or guess) a password than a fingerprint(hopefully not your finger as in those sci-fi  action movies) . 

If you have any comments around the MOC security, please write. I’ll consider them when revising the thesis =)

Web 2.0, mashups, dandyID and SIMidea April 1, 2009

Posted by tcarlyle in identity management, mashup, SIM Cards.
Tags: , , , , , ,

Well, I am working with a friend in a mobile solution for the Excitera Mobile Cup and our application (that unfortunatelly I can’t give much more details now)  is in the Web 2.0 and Mashup world. I joined him on the competition because of my interest in mobile applications and expertise in the SIM domain. But we are not creating a SIM mashup, although with the Smart Card Web Services it would be possible. Actually the whole thing I mentioned in the last post of turning the SIM into a self signed IdP for reputation based systems could be very well explored by mashups if the SIM Card web service offers an API to retrieve attribute information to Value Added Services. Then, the sim could be responsible for the secure handshake for the attribute sharing just as the https implementation defined in the OMA Standards for the Smart Card Web Services.

Actually, one of the applications I was thinking when I started my thesis was to mix the potential of context information stored in all of our identities with the location information from GPS, Cell ID, Wlan positioning or any other position technology accessible to the SIM (even if through a satsa or other connection to the mobile).  The idea was to have the sim as the secure storage of the identities and the entity that would deal with the handshake of sharing the identity attributes (and also location attribute) with the Value Added Services.

For the identity management, actually there is already a mashup API provider that is trying to create a central point for attribute and contact sharing of all our tons of digital identities. This service provider is the DandyID. The idea is pretty good, although I dont like their name =) I’ve just tried it really fast and I think they may have added too many ID providers in the list (maybe they could have left the main ones in the first identity page and the secondary ones in another page), and I haven’t seen a functionality to already fill my profile based on the information that I already have from my identities. Maybe it is because the application is just in beta, let see.

Back to the mashups and web 2.0, I’d like to share this excellent link that clarified most of my doubts about it. It is kind of hard not to get excited with the mashup potentials when reading it, but I’d say to be somehow carefull with the expectations around mashup applications (I’ll be on the application I’m working with at Excitera). A lot of people are trying to launch web 2.0 apps, get users and, then, try to see how to make money out of it. I do not see much future on those apps as users are less and less keen on paying for services, as last-fm announced that they will charge for the music streaming most people I know start to look for free options. And as this article mentions making money out of advertisement is harder than it may sound.

Due to this personal diving into web 2.0 (without loosing the mobile focust) you may have the risk of seeing more web 2.0 related post here! But, I can assure that most of the posts will still be more related with my thesis work. By the way, soon I’ll post the application description.

Trust March 24, 2009

Posted by tcarlyle in identity management, reputation systems, SIM Cards, trust.
Tags: , , , , ,
add a comment

“Trust – Trust is the characteristic that one entity is willing to rely upon a second entity to execute a set of actions and/or to make set of assertions about a set of subjects and/or scopes.” [from the WS-Trust spec ]

This means that one entity will claim some information about a subject to another that will rely on it. This is pretty much the same trust concept in the Identity Management models described in Cardspace (now codename Geneva), Higgins,  and other centralized approaches (that are actually based on the WS-Trust and WS-Security).

An user register himself (establish a relationship) with an IdP (Idenity Provider). Due to this relationship, the IdP is able to prove and manage user claims. This relationship between the user and the IdP, depending on the claims involved, should be based on SLA and the IdP may have to acquire data from the user (through the registration for example) by a reliable process (by checking the user national ID to be sure that he is an adult and etc).

The mentioned example is what is sometimes described in the literature as policy-based trust. It relies on the security behind the agreements of the Identity authorities which are enforced by certifications, auditions and SLAs. The trust result is a binary trust or not-trust to the claim.

However, trust can also be extended to reputation systems, where entities have their reputation rated by other users, that do not have a relationship build through SLA with them. This is of great usage in scenarios where it is important to generate trust over claims that are somehow subjective or context-dependent (such as: “is this an interesting article?” – that depends for whom, “is the staff of that restaurant friendly?” – that relies on a personal opinion) or when an IdP would not have enough mechanisms or would not be feasible to be responsible for the claims (such as in systems as on-line auctions).

In those cases, every individual taking part on the system and being able to create or support a claim is somehow an IdP. This mechanism, in general rely on a system or entity that offer an identity to the user so he can act as an “IdP” and which offers the IT infrastructure for those users to play that role. This entity or system can have a more neutral role as offering the IT infrastructure and the rules for the claim stating and support, or it may have a more active role such as mediating and filtering claims, giving special weights to some users claim based or requesting and validating information about the user that will act as an “IdP, in order to raise the trust over him.

By having each user as an IdP, they can establish digital relationship between themselves based on long-term relationship such as friendship or less established relations such as both were engaged in a operation that evolved trust (such as an online purchase) and everything was ok. Those long-term or short-term relations  could be exmplored to build a trust network, a web-of-trust, somehow similar to a federation (but more loose as it is not based in contracts).

This good article about reputation trust models describes, some researchdone towards the development of trust metrics that can predict the trustworthiness of a person or claim based on the relationship between the person or the claim owner and the trust network of the person who is accessing the claim. It actually points the concepts of Global Trust Metric which takes in consideration the opinion of the whole network in order to trace the trustworthiness of the claim and the Local Trust Network which restricts the trust building on taking into account just the feedback from users on the same trust network as the user who is checking the veracity of the claim.

This other arcticle, comments on the success of using reputation systems build over individual on-line feedbacks to provide reasonable trust in systems that seems really risky such as on-line auctions . Moreover, this kind of reputation based information is being more and more accredit and now represent a big weight in user’s decisions varying from choosing a music album to buy or which company to invest. Due to the fast dynamic of today’s world and the widespread of information, the lack of knowledge in some decisions is being compensated by information gathered through trust relationships.

I see a big trend in the usage of reputation systems for more and more cases. As an example wikipedia as a collaborative environment has a pretty similar trust base as a reputation system, and it is accepted by a great number of people as a very reliable information source (this post in fact shows that the wikipedia is as accurate as the Britannica encyclopedia). Based on that, I am currently reading about trust models in order to built seamless Local Trust Network based on the sim card pervasiveness, the new cool features showing up in the mobiles and the sim idenitities. In case you are looking for similar reading, please feel free to share and to ask me for arcticles I may have collected.