jump to navigation

Finally the thesis November 27, 2009

Posted by tcarlyle in identity management, Me, Sensors, SIM Cards, Thesis, trust, Uncategorized.
Tags: , , ,
3 comments

After almost six months that I have delivered my thesis, I’m finally posting it here. It turned up to be a very extensive document (about 150 pages), but mainly because we first wanted to assess the capabilities of SIM cards, identities and finally trust frameworks. And as I was working together with the SIM Research Team at Telenor and I do have some experience with SIM from when I worked in Gemalto, we spent several pages on reviewing the SIM capabilities and trying to figure it out the future SIM.  We also touched an aspect that may start to become more present in the SIM cards which is the ability to sense context.

Other pages were spent in getting into the identity management world and this was one part of the thesis which in fact I wished I had more time to go through. I got very interested in going deeper in the field after finally understanding the identity frameworks such as Higgins, Cardspace and specially on the concepts in which they are based. At last we studied a bit about trust models and this was one of the most difficult parts of the thesis as none of us had much an idea of trust modeling and it is a topic that can get very complex if studied deeply.

After this long background, we finally chosen a new application that could be hosted in the state-of-art (or future) SIM cards, take advantage of the fact that the SIM represent one or more identities and that can be used to build trust. That application was what I have proposed in my paper mentioned in the previous post.

The idea is to use the future sim cards to sense each other (either through NFC,  location information and server interaction, wlan, etc), to sense the environment and based on that, attribute a situational trust value for that meeting between the 2 sim holders.  Then with a bunch of those situational trust value, you can infer the user relation. The more context information, the more you can infer.

Based on that idea, we made a small prototype using SunSpots representing those advanced SIM cards and with a simple trust inference model and a test scenario.  It  may sound a simple test and in fact it was, as the thesis focused a bit on bringing a new idea (which is extensively described) and the state-of-art research, having the prototype as a small proof-of-concept.

When I was reviweing the thesis for the paper presentation, I read in Bruce Schneier‘s blog about a paper from some researchers from the Santa Fe institute that used location information and phone calls information to infer the friendship closeness between the people involved in the experiment. The result was that they could predict the level of friendship with 95% accuracy! This pretty much confirm my thesis result =)

Closing Nordsec 09 November 3, 2009

Posted by tcarlyle in identity management, Me, Sensors, SIM Cards, Thesis.
Tags: , , ,
add a comment

I know it has been more less about half month since the ending of the Nordsec 09 and I was supposed to update about the last two days. However, after the conference (and some days off at the Belgium coast) I had a lot to catch up at work. Anyway, one good new is that the talks which does not correspond to paper presentation had their slides uploaded at the Nordsec Program Webiste.

The second day had some quite more technical (sometimes even more mathemathical) presentations. The ones I was most interested was the one about the usability of petname systems and the one about widget security.

Though due to the presentation on “A Parallelism-Based Approach to Network Anonymization” from Igor Margasinski, I got to know more about network anonymization which is a topic that I must admit not have heard before. It was nice to know that there are some options such as the tor project that tries to completly protect user privacy and enable users to bypass some content filters from some countries, therefore raising the freedom of communication.

However, the people that discussed about TOR said that in practice this anonimity routing, make the traffic flow pretty slow. Still, on the same day, Heiko Roßnagel discussed how the porn industry could in fact sponsor the development of TOR networks, as they correspond to users that would like the service and that are also willing to pay for it. On the other hand, this is a delicate topic as the porn industry can have some complex legality and ethic borders.

In the presentation of Karsten Peder Holth around widget security, the author points several of the security flaws that can be introduced when installing a widget. However, as he says, this is somehow a consequence of the simple development model of widgets and in fact it is this simple development model taht makes widgets so popular.

Audung Jøsang presented the paper his students have written about usability of petnames. He defended the need of making Identity Management more user centric with the usage of petnames and it makes a lot of sense. However, it looked like the Identity Selectors, as the ones part of identity schemas such as Geneva (“new name” of Microsoft Cardspace) and Higgins, already provide the user an alternative for the memorizing problem towards identities.

In the following day, we had another presentation around SIM cards and Identity. This one was given by Do Van Than, and although it also touched the aspects of the possible positioning of operatords towards IdM, it showed a bunch of cases on how this could be done and they have already tested. It is somehow sad to see that we could be already using the SIM as an IdM device with the EAP-SIM protocol and the federation standards (such as the ones from Liberty Alliance, which seem to have changed its name also, but I dont remember the new one), and unfortunatelly due to protective interests from several players in this heterogeneous market, we don’t.

Besides that we had more two SIM related presentations. One, where Heiko Roßnagel discuss the potential of the SIM as a the most suitable tool for delivering real-time information services. And my presentation covering the usage of high-end SIM cards enabling the possibility of sensing and chategorizing user relation. I’ll discuss my presentation a bit better in a next post (which hopefully wont take that long), but if you are interested in check it out the paper here is the springer link for it or you can see a 100% free preview at this googlebooks link. In fact, Ill verify if I can put it here in the blog as well.

It was really nice to present the paper and although I was a bit nervous before, the presentation went really well. I think I kind of have the knack for presentations.

Later (hope not much), I come back for talking a bit more about my paper, my master thesis and maybe also some frustrations and experiences with the N97 =)