jump to navigation

Finally the thesis November 27, 2009

Posted by tcarlyle in identity management, Me, Sensors, SIM Cards, Thesis, trust, Uncategorized.
Tags: , , ,
3 comments

After almost six months that I have delivered my thesis, I’m finally posting it here. It turned up to be a very extensive document (about 150 pages), but mainly because we first wanted to assess the capabilities of SIM cards, identities and finally trust frameworks. And as I was working together with the SIM Research Team at Telenor and I do have some experience with SIM from when I worked in Gemalto, we spent several pages on reviewing the SIM capabilities and trying to figure it out the future SIM.  We also touched an aspect that may start to become more present in the SIM cards which is the ability to sense context.

Other pages were spent in getting into the identity management world and this was one part of the thesis which in fact I wished I had more time to go through. I got very interested in going deeper in the field after finally understanding the identity frameworks such as Higgins, Cardspace and specially on the concepts in which they are based. At last we studied a bit about trust models and this was one of the most difficult parts of the thesis as none of us had much an idea of trust modeling and it is a topic that can get very complex if studied deeply.

After this long background, we finally chosen a new application that could be hosted in the state-of-art (or future) SIM cards, take advantage of the fact that the SIM represent one or more identities and that can be used to build trust. That application was what I have proposed in my paper mentioned in the previous post.

The idea is to use the future sim cards to sense each other (either through NFC,  location information and server interaction, wlan, etc), to sense the environment and based on that, attribute a situational trust value for that meeting between the 2 sim holders.  Then with a bunch of those situational trust value, you can infer the user relation. The more context information, the more you can infer.

Based on that idea, we made a small prototype using SunSpots representing those advanced SIM cards and with a simple trust inference model and a test scenario.  It  may sound a simple test and in fact it was, as the thesis focused a bit on bringing a new idea (which is extensively described) and the state-of-art research, having the prototype as a small proof-of-concept.

When I was reviweing the thesis for the paper presentation, I read in Bruce Schneier‘s blog about a paper from some researchers from the Santa Fe institute that used location information and phone calls information to infer the friendship closeness between the people involved in the experiment. The result was that they could predict the level of friendship with 95% accuracy! This pretty much confirm my thesis result =)

Advertisements

Closing Nordsec 09 November 3, 2009

Posted by tcarlyle in identity management, Me, Sensors, SIM Cards, Thesis.
Tags: , , ,
add a comment

I know it has been more less about half month since the ending of the Nordsec 09 and I was supposed to update about the last two days. However, after the conference (and some days off at the Belgium coast) I had a lot to catch up at work. Anyway, one good new is that the talks which does not correspond to paper presentation had their slides uploaded at the Nordsec Program Webiste.

The second day had some quite more technical (sometimes even more mathemathical) presentations. The ones I was most interested was the one about the usability of petname systems and the one about widget security.

Though due to the presentation on “A Parallelism-Based Approach to Network Anonymization” from Igor Margasinski, I got to know more about network anonymization which is a topic that I must admit not have heard before. It was nice to know that there are some options such as the tor project that tries to completly protect user privacy and enable users to bypass some content filters from some countries, therefore raising the freedom of communication.

However, the people that discussed about TOR said that in practice this anonimity routing, make the traffic flow pretty slow. Still, on the same day, Heiko Roßnagel discussed how the porn industry could in fact sponsor the development of TOR networks, as they correspond to users that would like the service and that are also willing to pay for it. On the other hand, this is a delicate topic as the porn industry can have some complex legality and ethic borders.

In the presentation of Karsten Peder Holth around widget security, the author points several of the security flaws that can be introduced when installing a widget. However, as he says, this is somehow a consequence of the simple development model of widgets and in fact it is this simple development model taht makes widgets so popular.

Audung Jøsang presented the paper his students have written about usability of petnames. He defended the need of making Identity Management more user centric with the usage of petnames and it makes a lot of sense. However, it looked like the Identity Selectors, as the ones part of identity schemas such as Geneva (“new name” of Microsoft Cardspace) and Higgins, already provide the user an alternative for the memorizing problem towards identities.

In the following day, we had another presentation around SIM cards and Identity. This one was given by Do Van Than, and although it also touched the aspects of the possible positioning of operatords towards IdM, it showed a bunch of cases on how this could be done and they have already tested. It is somehow sad to see that we could be already using the SIM as an IdM device with the EAP-SIM protocol and the federation standards (such as the ones from Liberty Alliance, which seem to have changed its name also, but I dont remember the new one), and unfortunatelly due to protective interests from several players in this heterogeneous market, we don’t.

Besides that we had more two SIM related presentations. One, where Heiko Roßnagel discuss the potential of the SIM as a the most suitable tool for delivering real-time information services. And my presentation covering the usage of high-end SIM cards enabling the possibility of sensing and chategorizing user relation. I’ll discuss my presentation a bit better in a next post (which hopefully wont take that long), but if you are interested in check it out the paper here is the springer link for it or you can see a 100% free preview at this googlebooks link. In fact, Ill verify if I can put it here in the blog as well.

It was really nice to present the paper and although I was a bit nervous before, the presentation went really well. I think I kind of have the knack for presentations.

Later (hope not much), I come back for talking a bit more about my paper, my master thesis and maybe also some frustrations and experiences with the N97 =)

Back from vacations but not fully back to blogging, yet =) August 19, 2009

Posted by tcarlyle in Me, Nokia Devices, Thesis.
add a comment

I’m back from well deserved vacations in Turkey and Brazil, but I’m still kind of adapting to be back, to be working again and to some new devices I got =)

I’ve finished my thesis and soon I’ll make it available here, but I’ll wait a bit because a paper I wrote based on the thesis has been accepted in the NordSec conference. Thus, I’d prefer to wait it be published there to make my thesis available (even though they are different documents) There is a lot of interesting presentation’s in this year’s agenda, with special attention to digital identity. But, I’ll blog about that when it gets closer to the date of the conference.

I  started to work here at the Telenor R&I department in Trondheim, Norway. I’m working with the SIM group, thus I should be posting some SIM related topics in the blog. In fact, just recently I’ve read 2 nice surveys on the Science Direct and I recommend their reading in case you are interested in smart cards and have access to Science Direct Publications. As a survey/overview papers maybe you already know some of the information described, but I thought they were specially well written and easy to follow. One of them is about Eletronic Passports (actually more into RFIDs) and the other about multi-application smart cards (with a nice overview of the smart card path from monoapplication to multiapplication environment).

As I just got into my hands a N810 tablet and a n97 phone I must already warn that I may eventually post something about them =) In fact, so far I haven’t got much time to play with them, which is actually good as the weather has been nice around here and that is not so common in August. Overall, the N97 seems nice although so far it seems too overloaded with junk applications. For the N810, I must say that the browsing capabilities are really awesome, there is a lot of nice open source and free applications and as mentioned in several places the GPS is quite bad to find satellites. I’d say that the biggest unconvenient in the N810 is that it’s design is not friendly for gaming. Although it is not on my top priorities it would be sweet to play some old NES games with the emulators if the buttons are kind of annoying to use as a joystick (specially the directionals).

I hope this post works as an initial attempt to ressurrect the blog =)

First Post! Me, my thesis and this blog February 17, 2009

Posted by tcarlyle in Me, SIM Cards, Thesis.
Tags: , , , , ,
2 comments

Well, my name is Thomas Carlyle Vilarinho, I’ve lived most of my life in Brazil where I’ve graduated  as a Computer Systems Engineer. Recently I’ve came to Scandinavia to pursue a Masters in order to deepen  my  technical knowledge, to acquire more international experience and specialize in  mobile computing and data security (but also to learn a little bit more on project management and mobile and security business).

I am currently writing my thesis on the state of art of the SIM cards (actually on the future of it!), identification schemes and using those two together to build trust. More details can be found at http://wiki.unik.no/index.php/Communications/TrustedService . Actually the detailed work status is not open for everyone to view because there may be some confidential information (I’m doing the project together with Telenor).

But I will most likely post some of the public information in here. And actually one of the reasons to build this blog is to publish some of the public content I’ve been through on the thesis and possibly some other technical information that may interest the others. As an ex-editor of the electric engineering student association, it is good to be writing again =)