19. Aug 2008, Josef NollPrivacy Issues

! Research and Education at Kjeller

! Close relation to FFI, IFE, NILU,...

2


“Innovation by Design”

"Movation is a very exciting initiative where some of the best

companies in Norway commit themselves to build the Norwegian

national team in wireless technology innovation”

– Paul Chaffey, Abelia

3


Have you heard these ones? from Scott Mc Nealy (Sun Microsystems)

4

“The privacy you are so fond of is

mostly an illusion”

“You have no privacy. Get over it.”


Have you heard these ones? from Scott Mc Nealy (Sun Microsystems)

4

“The privacy you are so fond of is

mostly an illusion”

“You have no privacy. Get over it.”

So, let’s go home and do

something useful


How come these guys didn’t think of that?

5

11 ©2007 Deloitte & Touche GmbH WirtschaftsprüfungsgesellschaftWeb 2.0 Expo Berlin 2007

How come these guys didn’t think of that?

Source: Stefan Weiss, Deloite & Touche, 2007


Outline

! Privacy, Identity, Trust, Reputation,....

! Network environments– technical: Internet and wireless networks

– Social networks

– .... networks

6

! Technologies

! Protection mechanisms

! Legal issues

! Tips and tricks


Privacy

7

Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share basic common themes. Privacy is sometimes related to anonymity, the wish to remain unnoticed or unidentified in the public realm.

source: Wikipedia

http://en.wikipedia.org/wiki/Anonymity



Privacy

7

Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively. The boundaries and content of what is considered private differ among cultures and individuals, but share basic common themes. Privacy is sometimes related to anonymity, the wish to remain unnoticed or unidentified in the public realm.

source: Wikipedia

! Physical: - intrusion into physical space (sauna, stalking,...)- searching in my personal possessions- access to my home

! Informational- Internet, electronic traces- Medical data

! Organisational- Industrial property rights (IPR)- protection of secrets




Physical privacy! don’t touch me

! don’t kiss me

! don’t invade

! don’t you dare

8



! don’t kiss me

! don’t invade

! don’t you dare

8

Factors

! cultural sensitivity

! personal dignity

! shyness

! safety concerns



! don’t kiss me

! don’t invade

! don’t you dare

8

The worst places (for me)

Factors


! personal dignity

! shyness

! safety concerns



! don’t kiss me

! don’t invade

! don’t you dare

8

The worst places (for me)

Factors


! personal dignity

! shyness

! safety concerns

The best places (for me)


Organisational privacy

9

! Access to fingerprints of all people

!

! What is in Coca Cola?

! When will VW launch the new Golf?


Organisational privacy

9

Factors

! Patent (IPR)

! Trade mark

! price of information

! effect of damage

! Access to fingerprints of all people

!

! What is in Coca Cola?

! When will VW launch the new Golf?


Information privacy

10

Information about me

! electronic information stored about me

- religion, sexual orientation, political opinion

- personal activities- family information

! Membership in social networks

! access to accounts

! Medical information

! Political privacy


Information privacy

10

Information about me

! electronic information stored about me

- religion, sexual orientation, political opinion

- personal activities- family information

! Membership in social networks

! access to accounts

! Medical information

! Political privacy

Electronic traces

! Mobile phone- GSM, - Bluetooth

! sensor data

! traffic cameras

! surveillance

! payment card usage

! fingerprint check-in


Summary

Factors influencing privacy

11


! personal dignity

! shyness

! ....


Summary


11


! personal dignity

! shyness

! ....

! safety concerns

! effect of damage

! professional reputation

! discrimination ....


Summary


11


! personal dignity

! shyness

! ....

! safety concerns

! effect of damage

! professional reputation

! discrimination ....

My own understanding

Privacy is about protecting myself such that others can’t harm me more than I can tolerate

others --> trust, relation

harm --> my roles (identity)


Reality

What the Internet knows about me

12

Preface

I am not a member of a social network (yet). I do not publishing pictures about me.

And still ...


Reality

What the Internet knows about me

12

Preface

I am not a member of a social network (yet). I do not publishing pictures about me.

And still ...

and I’m only talking about my public available data


Two more definitions

13

Context,Presence

Community

User profile,privacy

Roles,Identities

User behaviour

Location,Proximity


Two more definitions

13

others

--> trust, relation

harm --> my roles (identity)

Context,Presence

Community

User profile,privacy

Roles,Identities

User behaviour

Location,Proximity


Identity! In philosophy, identity is whatever makes an entity definable

and recognizable, in terms of possessing a set of qualities or characteristics.

! Identity is an umbrella term used throughout the social sciences for an individual's comprehension of him or herself as a discrete, separate entity.

! Digital identity also has another common usage as the digital representation of a set of claims made by one digital subject about itself or another digital subject.

! An online identity is a social identity that network users establish in online communities.

! As more more services are accessible in digital world, digital identities and their management will play a vital role in secure service access and privacy …..

14source: Wikipedia


Digital identity

! Recommendation: Dick Hardt@OSCON, Identity 2.0

15June 09, 2008; MushfiqSWACOM Meeting, Grimstad 3

Identity: Real world to digital world

Real world Identities

Digital world

identities

Identity

Digital world

Passwords

everywhere


The dilemma of computer science

Identity - “same as” and “not”! Identity is an umbrella term used throughout the social

sciences for an individual's comprehension of him or herself as a discrete, separate entity.

16





16

! Computer science: use of ontologies, binary strings ‘xFxkeyil9e4’

JosefJosef Noll

same as





16


JosefJosef Noll

same as

ContextCommunity

Roles,Identities





16


JosefJosef Noll

same as

ContextCommunity

Roles,Identities

! Are we in computer science in the Middle Ages?

! G. W. Leipniz (1646): if a=b and b=c, then a=c


Reputation and Trust! Reputation is the opinion (more technically, a social evaluation) of

the public toward a person, a group of people, or an organization. It is an important factor in many fields, such as business, online communities or social status.

! Reputation is known to be a ubiquitous, spontaneous and highly efficient mechanism of social control in natural societies.

17

! Trust is a relationship of reliance. A trusted party is presumed to seek to fulfill policies, ethical codes, law and their previous promises.

! Trust is a prediction of reliance on an action, based on what a party knows about the other party. Comment: Members of “la familia” trusts each other

http://en.wikipedia.org/wiki/Law

http://en.wikipedia.org/wiki/Person


http://en.wikipedia.org/wiki/Group_(sociology)


http://en.wikipedia.org/wiki/Organization


http://en.wikipedia.org/wiki/Important


http://en.wikipedia.org/wiki/Factor


http://en.wikipedia.org/wiki/Business


http://en.wikipedia.org/wiki/Online_communities




http://en.wikipedia.org/wiki/Social_status


http://en.wikipedia.org/wiki/Ubiquitous


http://en.wikipedia.org/wiki/Spontaneous


http://en.wikipedia.org/wiki/Mechanism_of_social_control


http://en.wikipedia.org/wiki/Policy


http://en.wikipedia.org/wiki/Ethics




Reputation and Trust! Reputation is the opinion (more technically, a social evaluation) of

the public toward a person, a group of people, or an organization. It is an important factor in many fields, such as business, online communities or social status.

! Reputation is known to be a ubiquitous, spontaneous and highly efficient mechanism of social control in natural societies.

17

! Trust is a relationship of reliance. A trusted party is presumed to seek to fulfill policies, ethical codes, law and their previous promises.

! Trust is a prediction of reliance on an action, based on what a party knows about the other party. Comment: Members of “la familia” trusts each other

do we really believe we can manage trust and represent reputation?































19. Aug 2008, Josef NollPrivacy Issues 18

! !

!"#$%&#'()*+&#$')&'(,*-+('-

Source: New York Times; Lasse Øverlier


Revisit:Information privacy

19



19

It starts with the radio

! radio is broadcast: everyone can listen

! “radio identity” (MAC, Bluetooth,...) is known

! eavesdropping of traffic, man-in-the-middle: read-your email (smtp is plain text)

! Bluetooth and other ad-hoc networks, connectivity to phone without notice

! wireless networks at home: WEP easy to crack, access to whole home infrastructure

! Mobile phone (GSM): location, fake base-station



20

And it never stops

! Eavesdropping -> read your communication

! Crack WEP (encryption) -> read open information

! DNS forging -> leading you to a different site

! Phishing -> getting your secure information

! “Click to confirm that you read the privacy issue”

! Netvibes: Leading personal start page to manage your digital life

! Banking, Social Networks....


Some technology first

Have you heard these ones?

21

"Last year (2007) the world produced more transistors

than rice corns”

– Hans Christian Haugli, CEO, Telenor R&I

“In three to five years we will interact with to 30-50

devices in our vicinity” – Marie Austenstaa, Connected Objects, Telenor R&I


“The speed of technology”! The speed of development

22

source: Gerhard Fettweis, TU Dresden

! Do you remember: “There might be a need for 5 computers” (1943 Watson(?), 1951 Hartree)

! Mobile: NMT, GSM, GPRS, EDGE, UMTS, 3G, HSDPA, SMS, EMS, MMS,... DVB-H,...


! N. Arora, Google Europe Manager [Oslo Innovation Week]:

– By 2012, iPods ... be capable of holding all music you will ever hear in your life (or one year of video)

– By 2018 it can hold all videos ever produced

! This speed will continue until 2025 [ITRS Roadmap]

Mobile Phone and Sensors

23






! Imagine a device, which – will save all the conversations you ever had

– will record all the environments you have ever been in

– identity all people you have ever talked to and remember what you talked about


23






! Imagine a device, which – will save all the conversations you ever had

– will record all the environments you have ever been in

– identity all people you have ever talked to and remember what you talked about

! “Your Mobile will do”


23


Let’s get at deep breath....

and see what we can do about it

24


RecallLessions learned

! Definitions of Privacy, Identity, Trust, Reputation,....

! “It all begins with the radio”

– location, device identity

– eavesdropping, phishing, man-in-the-middle, forging

! The user providing all kinds of information– social networks, service providers, ...

25


Challenge

Manage the Privacy 2.0 Bermuda Triangle


Challenge: Manage the Privacy 2.0 Bermuda Triangle

User’s Privacy

Data iseverywhere

High value ofpersonal data

Vulnerabletechnology



Privacy Requirements

27

Network access

email, photo

Examples of Services

VPN, !/$

“How much will it cost me if my privacy gets compromised?”

•see: lost mobile phone, security of your house

•take appropriate measures


Protecting the identity?

! 8 million US residents victims of identity theft in 2006 (4% of adults)

! US total (known) cost of identity theft was $49 billion – ~10% was paid by customers

– remaining by merchants and financial institutions

! Average victim spent $531 and 25 hours to repair for damages

28

Source: Lasse Øverlier & California Office of Privacy Protection

ID theft in secondshttp://itpro.no/art/11501.html

http://itpro.no/art/11501.html

http://itpro.no/art/11501.html


2nd lecturePersonalisation, tips and tricks

! Personalisation of service, why?

! The role of the mobile phone– Seamless authentication

– Payment and access

! Protection mechanisms– Legal issues

– Tips and tricks

–

29


! Complexity is ever increasing -> Need for reduction

! Technology is in place -> Semantics, Web Services,...

! Research projects address adaptation of services towards user needs

! Mobile phones are becoming the source for Internet and Service access

– 20-30 % of all phones worldwide will be smartphones by 2009

– 30 % of mobile users in the Nordic will receive push content by 2010

! Market need for personalisation: “Mobile advertisement has to fit to the user, otherwise it will fail completely”

30

User profiles/profiling -

“We have heard that before, nothing has happened”

[Movation White Paper, Mobile Phone Evolution, April 2007]


! “Mobile advertisement is 1000 to 10000 times more valuable as Internet advertisement” [Bjarne Myklebust, NRK]

! “The chances of annoying customers through mobile advertisements are high. Mobile advertisements have to fit.”

! “Mobile advertising isn’t only hot, it’s on fire.” [Bena Roberts, GoMo News]

! Operators launch mobile advertisement companies (Telenor)

31

User profiles/profiling -

“Nobody is willing to pay for it”


My phone collects all my security

SIM with NFC & PKI

Josef Noll, “Who owns the SIM?”, 5 June 2007

Mobile Services, incl. NFC

• Focus in 2008 on

mobile web

• Push content upcoming

• NFC needs next

generation phones

• S60, UIQ, ...

• Common Application

development

• Integrated

development

[“Mobile Phone Evolution”, Movation White paper, May 2007]

Expected customer usage [%] “have tried” of

mobile services in the Nordic Market

0

15

30

45

60

2006 2008 2010

SMS authentication Mobile WebPush content NFC payment

33


Operator supported service access

34

Seamless authenticationAuthentication

provider



34

Seamless authentication

Service access

Authentication provider



34


Physical access

VPNService access




34


Physical access

VPN

Home access, .mp3,

.jpg

Service access



Mobile Phone supported access! SMS one-time password

! MMS, barcode

! eCommerce (SMS exchange)

! Network authentication

! WAP auto access

! Applets: PIN code generation (Bank ID)

! Future SIM35

Photo: Spanair


WAP gatewaySeamless authentication

Source: Erzsebet Somogyi, UNIK



HTTP request

94815894




HTTP request

94815894 Hash




HTTP request

94815894 Hash

HTTP request

!"#$%&'()*+,-.//




HTTP request

94815894 Hash

HTTP request

!"#$%&'()*+,-.//

Pictures for ’rzso’.

Password:1234sID: cTHG8aseJPIjog==



Bankingfrom the mobile phone

Security considerations

! Equally secure as SMS (get your account status)

! Easy to use

! Advanced functionality through PIN (if required)

" Seamless phone (SIM) authentication

! Advanced security when required

– BankID or

– PIN

Welcome Josef: SIM authentication

Smartcard interfacesISO/IEC 7816

NFCcommunication

unit

SIM

NFC2SIM





! Easy to use




– BankID or

– PIN


Account status

Information:

Using SIM,no customer input

required


NFCcommunication

unit

SIM

NFC2SIM





! Easy to use




– BankID or

– PIN


Transfer, payments

Advanced functionality

BankID or PIN(double security)

Account status

Information:

Using SIM,no customer input

required


NFCcommunication

unit

SIM

NFC2SIM


MyBank example:

User incentive:

! “My account is just one click away”

! “enhanced security for transactions”

"Phone (SIM) authentication

"Level 2 security through PKI/BankID/PIN?


RFID and NFCexample: Birkebeiner

! Online information to mobile phone

! Could be used for photo, video, etc


NFC – Near field communication

! Based on RFID technology at 13.56 MHz

! Typical operating distance 10 cm

! Compatible with RFID

! Data rate today up to 424 kbit/s

! Philips and Sony

• ECMA-340, ISO/IEC 18092 & ECMA-352, …standards

• Powered and non-self powered devices

Photo: Nokia


NFC is ...

! RFID at 13.56 MHz

! RF (modem) and protocolls

41


NFC is ...

! RFID at 13.56 MHz


41

Passive operation:1) Phone=Reader has static magnetic field2) Tag acts as resonator, “takes energy” ~1/r^6


NFC is ...

! RFID at 13.56 MHz


41

Passive operation:1) Phone=Reader has static magnetic field2) Tag acts as resonator, “takes energy” ~1/r^6

0 0,8 1,6 2,4 3,2 4 4,8 5,6 6,4 7,2 8 8,8 9,6

0,25

0,5

0,75

1

1/r^2

1/r^6

Power decrease of static and electromagnetic field


NFC use cases! Payment and access

– include Master-/Visacard in the phone

– have small amount money electronically

– admittance to work

! Service Discovery– easy access to mobile services:

Web page, SMS, call, ...

– local information and proximity services (get a game)

! Ticketing– Mobile tickets for plain, train, bus:

Parents can order and distribute, ...

42

Source: Nokia 6131 NFC Technical Product Description


NFCIP-2 Interface and protocol

43

ECMA-340

Interface Standards

ISO/IEC 14443

PCD mode

(MIFARE, FeliCa)

ISO/IEC 15693

VCD mode

(facility access)

NFC deviceProximity Card

ReaderVicinity Card

Reader



43

ECMA-340

Interface Standards

ISO/IEC 14443

PCD mode

(MIFARE, FeliCa)

ISO/IEC 15693

VCD mode

(facility access)


ReaderVicinity Card

Reader

NFC ECMA-340

YES340 okay



44

ECMA-340

Interface Standards

ISO/IEC 14443

PCD mode

(MIFARE, FeliCa)

ISO/IEC 15693

VCD mode

(facility access)


ReaderVicinity Card

Reader



44

ECMA-340

Interface Standards

ISO/IEC 14443

PCD mode

(MIFARE, FeliCa)

ISO/IEC 15693

VCD mode

(facility access)


ReaderVicinity Card

Reader

NO15693 okay


The radioNFC and privacy

! NFC is “as bad” as– your contactless Master and Visa card

– your passport

! Typical reading distance up to 4 cm (for activation)

! Eavesdropping possible under operation (1/r^2), – encrypted communication

45


The radioNFC and privacy

! NFC is “as bad” as– your contactless Master and Visa card

– your passport

! Typical reading distance up to 4 cm (for activation)

! Eavesdropping possible under operation (1/r^2), – encrypted communication

45

Passport

! USA: passport can only be read when opened

! European passport: just place it on NFC reader


From current SIM to Future SIM

46

New visionsfor mobile / UICC

Current Telenor Current Telenor

SIM (UICC) cardSIM (UICC) card(from 2001)(from 2001)

GlobalPlatform’s

Real Estate 3.rd

Party sec. domains

vision

SUN

2009?

(Java)

Plus ETSI SCP

3 new phys IFs:

12 Mb/s USB

NFC (SWP)

On-board

WEB server !

Multi-

Thread

New visionsfor mobile / UICC

Current Telenor Current Telenor

SIM (UICC) cardSIM (UICC) card(from 2001)(from 2001)

GlobalPlatform’s

Real Estate 3.rd

Party sec. domains

vision

SUN

2009?

(Java)

Plus ETSI SCP

3 new phys IFs:

12 Mb/s USB

NFC (SWP)

On-board

WEB server !

Multi-

Thread

Source: Judith Rossebø, Telenor

! To comply with 3G networking requirements (USIM)

– Security features (algorithms and protocols), longer key lengths

– GSM uses EAP SIM: client authentication

– UMTS uses EAP AKA: Mutual authentication

! 3rd party identities – ISIM application (IMS)

– private user identity

– one or more public user identities

– Long term secret


Network privacy

! GSM– client-based positioning allows user to take control

– trustworthy operators?

! WLAN– open for all kinds of attacks

– example: TraceRoute for exposing packet origin

– encrypted communication and more....

! Bluetooth– are you afraid, then switch it off

– I leave it on, danger for getting tapped is rather small

! Social Network

! Web tools, e.g. search present significant privacy issue

47


Do you know Freddie Staur4

48


Do you know Freddie Staur4?

4 www.sophos.com/facebook, Survey among 200 randomly chosen Facebook users, August 2007.

•Sophos Facebook ID probe shows 41% of users happy

to reveal all to potential identity thieves

•Research highlights dangers of irresponsible behavior on

social networking sites



Privacy is not about ...

49


Privacy is not about getting your private space

Sources: isolatr.com; Stefan Weiss, Deloite & Touche, 2007



50



50

Switching off the lights


Private Sphere and PrivacyDirective 95/46/EC of the European parliament

! Data must be fairly and lawfully processed

! They must be processed for prior specified and limited purposes

! Adequate, relevant and not excessive

! Accurate

! Not kept longer than necessary

! Processed in accordance with the data subject’s rights

! Secure

! Not transferred to countries without adequate protection

51


And the law might be applicable to Google

Google has to obey Norwegian law

! Art. 29-group looks how privacy is handled in the EU

! “Google is using cookies on PCs” thus they use equipment physically located in an EU state

! Art. 29 is valid for everyone using equipment in an EU state, thus also Google

52


Tips and Tricks

! If you put your data into the social networks, it is your responsibility

! Security, Your data, Anonymity, .....

53

University of Florida © IFAS Information Technology, 2002

Specialized Privacy Probes

!Wiretap

!Web Bug + JAVA code

!Retrieve e-mail comments

!Retrieve mailing list

!Computer Triangulation

!Pinpoint physical location

• Country and City (90% accuracy)

• ZIP code (possible)

Source: Thomas Hintz, “Prrotecting your Internet Privacy”


Privacy Solutionshttp://notebook.ifas.ufl.edu/privacy/

All are free For home use…

Some are freeFor education sites

(check the license)

http://notebook.ifas.ufl.edu/privacy/



Anonymous web surfing

!Internet Explorer plug-in

!FREE – cannot visit secure sites

!Blocks IP address

!Blocks cookieshttp://www.anonymizer.com/

http://www.anonymizer.com



Encrypted e-mail

Pretty

Good

Privacy


Encrypted e-mail

Pretty

Good

Privacy

GPG

(GNU Privacy Guard)is a PGP compatible alternative

replacement based on the OpenPGP standard

http://www.gnupg.org/

http://www.gnupg.org



Avoiding web spambots

!Do not use “ mailto: ” TAG unless encoded – mailto:hintz@ufl.edu

Source: Thomas Hintz, “Protecting your Internet Privacy”



!Use a graphic

!Use a graphic @ symbol

!Use TABLE

!Spell out address





[email protected]!Use a graphic


!Use TABLE

!Spell out address





[email protected]!Use a graphic


!Use TABLE

!Spell out address

!hintz AT ifas.ufl.edu

!hintz AT ifas DOT ufl DOT edu

[email protected] (remove NOJUNK)




Would you give personal

information to strangers?





24%of users havesupplied falseinformation






Create a

Virtual User

John Smith

7/7/77

blue eyes

red hair



Provide accurate

personal information

ONLY

if appropriate for the

services requested.




Create a

Virtual User

John Smith

7/7/77

blue eyes

red hair



! but what ....

60

! !

!"#$%#&%%'#(&"&)*+,)-

Anonymity is a shield from the tyranny of the majority.- US Supreme Court decision No. 93-986, April 19 1995

Source: Lasse Øverlier, “Anonymity, Privacy and Hidden Services”


! !

!"#$$%&'()*+',*-$%./-0%#)%01

! “Disabling traffic flow analysis”! What can be resolved?

! who communicates to/with whom! who communicates when! activity type! movement! chain of command! type of information



! !

!"#$%&'$&'"'()*+($#",-.

! We need to distribute trust! Use an anonymizing network

! Independent nodes! Encrypted tunnels

! using (perfect) forward secrecy! changing appearance of data

! Any user, or server, of the network can be the originator

"#$%&'

(%)*%)

+,

+-+.

+/

+0

+1+2

3&4&56$7$&8!&%'94):


torproject.org


And we have not talked about

! Semantic technologies “the Web of Services”

! the car and future car2x communication

! and what about all the sensor networks

! who takes care of my data63


StaticWWWURI, HTML, HTTP

Semantic WebRDF, RDF(S), OWL

Dynamic

Semantic Web Services

64

source: Juan Miguel Gomez, UC3M

Syntactic Semantic




DynamicWeb ServicesUDDI, WSDL, SOAP


64


Syntactic Semantic




DynamicWeb ServicesUDDI, WSDL, SOAP

Bringing the web to its full potential

Intelligent WebServices


64


Syntactic Semantic


Semantics in Business:

! Enable a paradigm switch in searching information

! From– Information Retrieval

! To– Question Answering

65






Google: “Josef Noll”

65






Google: “Josef Noll”

Why did Josef Noll come to Norway?

“It is important to educate

female engineers, ...”

65


ITEA-Wellcom project

Future TV

source: Sony

And some of the partners working on tomorows TV experience:


ITEA-WellCom.org

TV today and tomorrow

67

STB

Content

TV


ITEA-WellCom.org


67

STB

Content

TV

BT

NFC

Service


Service

adaptation

Context

(jabber)

Commun-

ication

Trust & Personalisation

Provider

ITEA-WellCom.org


67

STB

Content

TV

BT

NFC

Service


Third party business model

• Media,

• Banks, Service providers

• Telecom, Corporate, Home

Identity and personalisation

provider

Customer care

Serviceaggregator

Authentication and Access

provider

Paymentprovider

Content provider

68



• Media,




provider

Customer care

Serviceaggregator


provider

Paymentprovider

Content provider

• Service aggregator• Convenient interfaces

• Ease of use

68



• Media,




provider

Customer care

Serviceaggregator


provider

Paymentprovider

Content provider

• Service aggregator• Convenient interfaces

• Ease of use

• Identity and personalisation

provider• Convenience

• Trust

68


The secure element:

SIM card

Send service to phone

Send info to recipient


NFCcommunication

unit

SIM

NFC2SIM


providerAuthentication

and Accessprovider

Serviceaggregator

Send key and credentials


The secure element:

SIM card

Send service to phone

Send info to recipient


NFCcommunication

unit

SIM

NFC2SIM


providerAuthentication

and Accessprovider

Serviceaggregator

• SIM is secure

element• controlled environment

• over-the-air update

• open for applications

• SIM will be owned by user

• managed by trusted third party

Send key and credentials


Challenges and Benefits

How insecure is the Internet?

Will the phone be the only secure element?

Dynamic service environment? On-the-fly creation of services?

Are Google, facebook and flickr more trusted than telecom

operators?

Visa and Mastercard enable convenient small amount

purchases

0

50

100

150

200

2006 2008 2010

Telco favourite Third party favourite

Convenience of usage

70


Conclusions

71

• “The last time we were connected by a wire was at birth!” [Motorola]

• The service world is wireless– Q: “what is if you loose your

phone?”

– A: “A real crisis in life!”

• Easy access to devices and services, dependent on the context of the user

• Challenges– get control of complexity

– get people understanding what they are doing and us understanding people

! http://wiki.unik.no

http://wiki.unik.no

http://wiki.unik.no


Thanks to contributions from! My PhD students György Kálmán, Mohammad M. R. Chowdhury

! Lasse Øverlier, “Anonymity, Privacy and Hidden Services”, PhD thesis at University of Oslo

! Stefan Weiss, “Your Users’ Privacy”, Deloite & Touche, 2007

! Thomas Hintz, “Protecting your Internet Privacy”, University of Florida, http://notebook.ifas.ufl.edu/privacy/

! Wikipedia; Dick Hardt, Identity 2.0

! Erzsebet Somogyi, UNIK - now CanalDigital.no; Judith Rossebø, Telenor

! Movation - White paper 'Mobile Phone Evolution', April 2007

! GPG(GNU Privacy Guard), based on PGP http://www.gnupg.org/

! Anonymizer http://www.anonymizer.com/

! Tor network, http://www.torproject.org

! The New York Times, Sony Europe, Facebook; isolatr.com

! Heung-Gyoon Ryu from Chungbuk National University, Korea

! ID theft in seconds, itpro.no

72

http://www.torproject.org









http://www.torproject.org

privacy issues in network environments

Technology