Download - Who am I Now?
© 2006, ACCESS Co. Ltd. All rights reserved.
“Who Am I Now?”:
Identity and Mobility
David “Lefty” Schlesinger Director, Open Source Technologies
OSDL NEPs and Carriers Face-to-Face 10 Oct. 2006
Copyright © 2006, PalmSource, Inc. All rights reserved. 2
Do you know me?
“How can you tell?”—Dorothy Parker, on being told that Pres. Calvin Coolidge had died
Identity in the literal village (c. 12th century) is fundamentally different than identity in the virtual village (c. 21st century)
When mobility is limited, establishing identity is relatively easy
As mobility increases, establishing identity becomes both more difficult, more important, and potentially more useful
Copyright © 2006, PalmSource, Inc. All rights reserved.
How Is Identity Established?
First-hand Recognition
• This is the trivial case
• Limited utility outside of very constrained contexts, by its very nature
Second-Hand Recognition (aka “Introduction”)
• A mutually trusted third party is necessary to make the introduction
• Second-hand recognition becomes first-hand recognition
You know me, you know her, but does she know me?
• Identity relationships are not inherently transitive
Copyright © 2006, PalmSource, Inc. All rights reserved.
Increased Mobility Requires Credentials
Reputation could be passed on, one hop at a time.
Someone had to vouch for you, or give you a reference
As we travelled farther, we needed credentials
As we did more things, and needed to establish our
identities for different purposes, we needed more
credentials
Today, we travel farther than ever, both physically and
virtually; we do more things than ever.
Copyright © 2006, PalmSource, Inc. All rights reserved.
Third-Hand Recognition…
…otherwise known as “credentials”
• Again, a trusted third party (aka “an authority”) is required
• A business card is not a credential; lose your wallet and see for yourself!
• My driver’s license is not generally helpful in Nepal…
Credentials need to be authenticatable
• The authority can (hopefully) validate credentials, but this is not always practical…
• Challenges and responses…
Copyright © 2006, PalmSource, Inc. All rights reserved.
Some Different Kinds of Credentials
Copyright © 2006, PalmSource, Inc. All rights reserved.
A Quick Digression…
The GSM/SIM system is the most widespread identity
management infrastucture ever created…
• More than 1.7 billion subscribers in over 200 countries at the end
of 2005
• There are more countries with GSM systems than there are in the United Nations!
• There are more countries with GSM systems than there are with McDonalds!
UMTS/USIM will make even greater functionality available
Copyright © 2006, PalmSource, Inc. All rights reserved.
Who I Am Depends on What’s Going On
A particular “identity”, i.e. a given credential, is only meaningful in a given context and domain
• Driver’s license at the airport ticket counter…? Okay!
• Passport at the airport ticket counter…? Okay!
• Driver’s license at the roadside…? Okay!
• Passport at the roadside…? Not okay.
• Passport at immigration…? Okay!
• Driver’s license at immigration…? Not okay.
Potentially, my mobile device can encompass all these credentials and more…
Copyright © 2006, PalmSource, Inc. All rights reserved.
Authentication
Authentication reliably associates an actual human being (i.e. a physical identity) with a digital identity
• Via something you know (e.g. a password)
• Via something you have (e.g. a token)
• Via something you are (e.g. biometrics)
Strong authentication requires multiple factors
• My passport functions as a two-factor authentication: a physical token with an embedded “biometric device”…
As we do more with our mobile devices—i.e. as our mobile devices hold more, and more sensitive information about us—the need to authenticate increases
Copyright © 2006, PalmSource, Inc. All rights reserved.
Another Brief Digression
• The hanko: something you have… 鏡石 ==
• Hanko design requires research; they need to be unique, even for common names – 430,000 people in Japan have the last name “Sato”
• This is why archaic scripts, such as tensho (i.e. “seal script”) are used for this sort of thing…
• Since the hanko is only a single-factor authentication scheme, and since there are no protections against copying, physical or digital, hanko counterfeit is a growing and serious problem in Japan
Copyright © 2006, PalmSource, Inc. All rights reserved.
One Response…
Mitsubishi Pencil Co. introduced the “Dial Bank Hanko”…
Two eight-position dials alter the arrangement of the pattern on the outer rings
• 64 possibilities…
• Acceptance has been…slow
Copyright © 2006, PalmSource, Inc. All rights reserved.
Who I Am Depends on Who You Are
Identity is about relationship and access
• My work “identity”: access to my corporate network, servers, etc.
• My cellphone “identity”: access to my provider’s network
• My Google “identity”: access to email, etc.
• My Amazon “identity”: access to my recommendations, past orders, etc.
Managing a multiplicity of “identities” becomes
increasingly difficult…
Copyright © 2006, PalmSource, Inc. All rights reserved.
Multiple Identity Disorder…?
Even in a given context, one can have multiple identities.
At work I have:
• An email “identity”
• A source code management system “identity”
• A bug tracking system “identity”
• A payroll system “identity”
• And several others…
Copyright © 2006, PalmSource, Inc. All rights reserved.
Names
Names abstract multiple identities, multiple kinds of identity, and the attributes of identity
• My web page changes, but the URL remains the same…
Names simplify access to identity
• “www.google.com” or 72.14.205.99 or 72.14.205.104 or…?
For a name to be useful, you need access to the information it abstracts
• This is the function of “a directory”
• LDAP is one example: I can access all my work “identities” through a single password…
Copyright © 2006, PalmSource, Inc. All rights reserved.
Partial Identities
Mary has
• A Social Security number
• An auto insurance policy number
• A work phone
• A personal mobile phone
• A diary
Boyfriend Bob sees
• A Social Security number
• An auto insurance policy number
• A work phone
• A personal mobile phone
• A diary
Copyright © 2006, PalmSource, Inc. All rights reserved.
Partial Identities
Mary has
• A Social Security number
• An auto insurance policy number
• A work phone
• A personal mobile phone
• A diary
Mary’s employer sees
• A Social Security number
• An auto insurance policy number
• A work phone
• A personal mobile phone
• A diary
Copyright © 2006, PalmSource, Inc. All rights reserved.
Why Partial Identities?
In a secure system, access to resources is based on the “principle of least privilege”
Similarly, in identity management, access to information should be based on the “principle of data economy”
Transactions should be
• Unobservable: they directly reveal no information about the parties involved
• Untraceable: no framing information is usable to identify the parties involved
• Unlinkable: no two transactions can be associated with one another
Anonymity should be the baseline…
Copyright © 2006, PalmSource, Inc. All rights reserved.
“But wait, there’s more!”
As mobile devices, and the systems supporting them become more capable, the information which can be incorporated into one or more of our identities expands:
• Location
• Location history
• Friends and contacts
• Preferences
• Buying habits
• Etc…
Copyright © 2006, PalmSource, Inc. All rights reserved.
Expanded Identities, Expanded Services
Based on my preferences, location and time of day, the content of my personal mobile “portal” can be customized…
• Most likely in coordination with service-providing partners
“I’m away from home, it’s lunch time in this time zone, and I like ramen…”
• I like places with counters better than places with tables…
• I especially like Sapporo-style miso ramen…
• Etc., etc…
Copyright © 2006, PalmSource, Inc. All rights reserved.
A Sample Enhanced Transaction
I choose a participating restaurant from the selection on my phone’s customized portal…
A token (a credential) is transferred to my phone by the service provider…
When I go to the (physical) restaurant, my phone transfers the token back…
• I get a discount on my ramen
• The service provider is paid a “finder’s fee” by the ramen-ya
• The service provider pays a participation fee to the network operator
Copyright © 2006, PalmSource, Inc. All rights reserved.
A Couple of Points…
My mobile operator doesn’t need to know I like ramen,
only that I received a token (of some sort) that I might redeem…
The ramen-ya doesn’t need to know anything about me
(other than that I’ve presented them with a verifiably valid
discount token)
Copyright © 2006, PalmSource, Inc. All rights reserved.
More Scenarios…
Based on my location and my DVD-buying habits…
• The service provider recommends a movie to me…
• I buy an “e-movie-ticket” through my mobile device…
• My mobile operator passes the payment to the theater…
• The theater pays the service provider…
The service provider is able to leverage the mobile
operator’s billing infrastructure!
My phone can be my wallet—eCash experiments in Tokyo…
Copyright © 2006, PalmSource, Inc. All rights reserved.
Some Proposed Definitions
Mobile Identity = Data + Policies regarding the use of that
data
Mobile Identity is a set of claims a “digital subject” makes
regarding itself
Copyright © 2006, PalmSource, Inc. All rights reserved.
Challenges
Security is not generally a goal of users, they don’t view it
as making them more productive…
Users underestimate the consequences of insufficient
security
• Thus, they are not willing to invest a lot of effort in order to learn how to use security mechanisms…
Copyright © 2006, PalmSource, Inc. All rights reserved.
What’s Needed Here…?
User-friendly interfaces need to be developed for the non-
expert to prevent unintentional misuse
• Different “partial identities” for different purposes
Verifiable linkage between real and digital identity on user’s device is critical to prevent impersonation
Published identifying data—both personal and device
characteristics—must be protected against misuse
Copyright © 2006, PalmSource, Inc. All rights reserved.
What Are We Doing?
The ACCESS Linux Platform provides facilities which can
be leveraged for on-device identity management
• A flexible, policy-driven security infrastructure
• Support for a variety of authentication schemes through Linux’s PAM infrastructure
• Certificate management services
• SIM tool kit
• Vaulting services
Copyright © 2006, PalmSource, Inc. All rights reserved.
Some Recommended Reading
The Consortium of the Future of Identity in the Information
Society (FIDIS): www.fidis.net
• D3.3: A Study on Mobile Identity Management
• D11.1: Towards a Taxonomy of Mobility and Identity
Digital Identity, J. Philip Windley, O’Reilly Books
Copyright © 2006, PalmSource, Inc. All rights reserved. 28
That’s all, folks!
Thanks!