activity 6 - infrastructuresprimelife.ercim.eu/images/stories/talks/primelifereview_3-a6...activity...
TRANSCRIPT
1
June 7, 2011 PrimeLife Summit 1
A research project funded by the European Commission’s 7th Framework Programme
PrimeLife Summit
June 7, 2011
Activity 6 - Infrastructures
Kai Rannenberg, GUF
Ulrich Pinsdorf, EMIC
Marc-Michael Bergfeld, GD
Sascha Koschinat, GUF
Stuart Short, SAP
June 7, 2011
Outline
PrimeLife “Infrastructure“ Activity at a Glance
Service Composition (WP6.3)
Secure Mobile Interaction (WP6.2)
Economic Valuation (WP6.1)
PrimeLife Summit 2
2
June 7, 2011
ACTIVITY 6 AT A GLANCE
PrimeLife Summit 3
June 7, 2011
Activity 6 “Infrastructures”
Mission Improve infrastructures, devices and services with
privacy-enhancing features
Focus on cross-domain service composition
Research Focus WP6.1 – Economic Aspects for Privacy in SOA
WP6.2 – Secure Mobile Usage of Services
WP6.3 – Service Composition
Partners GUF, SAP, EMIC, GD, ULD
4 PrimeLife Summit
3
June 7, 2011
Infrastructure (A6) Policy (A5)
Collaboration
PrimeLife Summit 5
Policy
Requirements
WP5.1
Policy Research
WP5.2
Policy
Implementation
WP5.3
Service
Composition
WP6.3
Economic
Valuation
WP6.1
Mobile
Interaction
WP6.2
Requirements for Privacy in SOA
PPL Engine
Logical Reasoning on
Policies & Logs
Evaluation in complex scenario
HCI Research (A4) Mismatch Problem
Mobile UI
Technical Concepts
June 7, 2011
Infrastructure (A6) Policy (A5)
Collaboration
PrimeLife Summit 6
Policy
Requirements
WP5.1
Policy Research
WP5.2
Policy
Implementation
WP5.3
Service
Composition
WP6.3
Economic
Valuation
WP6.1
Mobile
Interaction
WP6.2
Requirements for Privacy in SOA
PPL Engine
Logical Reasoning on
Policies & Logs
Evaluation in complex scenario
HCI Research (A4) Mismatch Problem
Mobile UI
Technical Concepts
Demonstrator Implementation
4
June 7, 2011
Demonstrator Implementation
PrimeLife Summit 7
Policy Composition
PPL Engine
Downstream Data
Usage
Mobile User
Interaction
Obligation
Enforcement
Privacy–aware
service binding
Please visit
Demo in Foyer
June 7, 2011
ABSTRACT PRIVACY POLICY
FRAMEWORK
Focus on WP6.3 – Ulrich Pinsdorf (Microsoft EMIC)
PrimeLife Summit 8
5
June 7, 2011
Privacy in SOA
PII1
PII Provider(of PII1, PII2, PII3)
PII Consumer (of PII1, PII2, PII3)PII Provider (of PII1, PII3)
PII1, PII3
discovery
PII Consumer (of PII3)PII Provider (of PII4)
PII2, PII3
aggregation
splitPrefA PolB SPB
PolE
PolD
PolC
SPE
PolF SPFPII1
PII3
PII4
PII Consumer (of PII1, PII3)PII Provider (of PII1, PII3)
PII Consumer (of PII1)
PolG
PrefG
SPG
9 PrimeLife Summit
June 7, 2011
Why an Abstract Privacy Policy Framework?
Generalization
Distill reoccurring patterns
Language independent
Technology-agnostic
Guidelines
How to create and deploy privacy policies in SOA?
What building blocks are needed?
Identify missing features
Looking at shortcomings of existing languages
Define future work
PrimeLife Summit 10
6
June 7, 2011
Abstract Privacy Policy Framework
PII ConsumerPII Provider
PII Lookup
Policy Matching
PII Selection
Mutual Commitment
Attach SP
Handle service response
PIIs + SPs
Service Discovery
History
Check sticky policy
Obligation enforcement
Data Sharing(act as
PII Provider)
Authorization enforcement
Events Handler
Actions handler
obligations
Save Collected data
Local Use
Authorizations
Get Metadat, PIIs’ + SPs’, ...
PII StoreGet PII(description)
Pref Store
Modify Prefs[pii]
Metadata Provider
Policy StoreGet Metadata Get Policy (param ∈ APIs)
PII Consumer(s)
SP Store
PII Store
Store sticky policies SPsStore PIIs
Get SP or PII
Get Pref(pii-ref)
pii
Prefs[pii]
Change Pref
APIs (with policies) Pols[param]
response
PII / SP
Set obligations (SPs)
11
PII Provider PII Consumer
PrimeLife Summit
June 7, 2011
Abstract Privacy Policy Framework
PII ConsumerPII Provider
PII Lookup
Policy Matching
PII Selection
Mutual Commitment
Attach SP
Handle service response
PIIs + SPs
Service Discovery
History
Check sticky policy
Obligation enforcement
Data Sharing(act as
PII Provider)
Authorization enforcement
Events Handler
Actions handler
obligations
Save Collected data
Local Use
Authorizations
Get Metadat, PIIs’ + SPs’, ...
PII StoreGet PII(description)
Pref Store
Modify Prefs[pii]
Metadata Provider
Policy StoreGet Metadata Get Policy (param ∈ APIs)
PII Consumer(s)
SP Store
PII Store
Store sticky policies SPsStore PIIs
Get SP or PII
Get Pref(pii-ref)
pii
Prefs[pii]
Change Pref
APIs (with policies) Pols[param]
response
PII / SP
Set obligations (SPs)
12
Protocol for
Service Invocation
PrimeLife Summit
7
June 7, 2011
Abstract Privacy Policy Framework
PII ConsumerPII Provider
PII Lookup
Policy Matching
PII Selection
Mutual Commitment
Attach SP
Handle service response
PIIs + SPs
Service Discovery
History
Check sticky policy
Obligation enforcement
Data Sharing(act as
PII Provider)
Authorization enforcement
Events Handler
Actions handler
obligations
Save Collected data
Local Use
Authorizations
Get Metadat, PIIs’ + SPs’, ...
PII StoreGet PII(description)
Pref Store
Modify Prefs[pii]
Metadata Provider
Policy StoreGet Metadata Get Policy (param ∈ APIs)
PII Consumer(s)
SP Store
PII Store
Store sticky policies SPsStore PIIs
Get SP or PII
Get Pref(pii-ref)
pii
Prefs[pii]
Change Pref
APIs (with policies) Pols[param]
response
PII / SP
Set obligations (SPs)
13
PII Provider
PrimeLife Summit
PII Consumer
June 7, 2011
Instantiations
Validation
APPEL + P3P
(+EPAL)
PrimeLife Policy
Language (PPL)
SecPAL for Privacy
Remote management
of XACML
PRIME Data Handling
Policy + Framework
Key Findings
Access control on PII
is not sufficient without
obligations
Preference and sticky
policies needed for
complex downstream
cases
Language should
allow for logic
reasoning
14 PrimeLife Summit
8
June 7, 2011
More Details
12 pages summary at
iNetSec 2011, see
you there
Dedicated Talk
IFIP WG 11.4 iNetSec
Thursday, 15:55
Forum 2.14
Full details in public
Deliverable D6.3.2
PrimeLife Summit 15
June 7, 2011
PRIVATE MOBILE SERVICES /
MOBILE USAGE OF SERVICES
Focus on WP6.2 – Marc-Michael Bergfeld (G&D)
PrimeLife Summit 16
9
June 7, 2011
You are here!
PrimeLife Summit 17
Infrastructure (A6)
Service
Composition
WP6.3
Economic
Valuation
WP6.1
Mobile
Interaction
WP6.2
June 7, 2011 PrimeLife Summit 18
Present & Future
Market & Technology
Environment
10
June 7, 2011 PrimeLife Summit 19
What are we talking about….
June 7, 2011 PrimeLife Summit 20
Mobile Services and Secure Elements
Dynamic
Mobile Services
TEE
UICC µSD
eSE
Trusted Service Manager
(Over-the-Air)
Sticker
Secure Elements in Mobile Devices are the identity modules of the future.
Dominating (partial) identities and the data assigned to these is an important link between Mobile and Web-based services.
11
June 7, 2011 PrimeLife Summit 21
Why complex….
June 7, 2011 PrimeLife Summit 22
The Mobile Services Value Chain
Banks /
Credit schemes Want direct
client access.
Other services Want additional channels
to sell transportation,
ticketing etc. service
Want
Profit.
Need
Security.
Want
Convenience.
Need
Performance.
Handset provider Handset w/ SE
of different kinds
MNO / Have clients.
End-Consumer Use handsets to
execute trusted services
Chip provider Produce CPU
Service
providers Have new services..
Mobile Services
Value Chain
DL
Trusted Service Manager (Trusted Third Party) Have access and secure provisioning & client service
Potential
SEs &
Dominant Links eSE SIM TEE
SD
Sticker
DL
DL
Dom
inant
links (
DL)
12
June 7, 2011 PrimeLife Summit 23
Handset provider Handset w/ SE
of different kinds
MNO / Have clients.
End-Consumer Use handsets to
execute trusted services
Banks /
Credit schemes Want direct client access.
Other services Want additional channels
to sell transportation,
ticketing etc. service
Chip provider Produce CPU
Service
providers Have new services..
Trusted Service Manager (Trusted Third Party) Have access and secure provisioning & client service
Want
Profit.
Need
Security.
Want
Convenience.
Need
Performance.
PrimeLife
focus eSE SIM TEE
SD
Sticker
Mobile Services
Value Chain
The Mobile Services Value Chain
June 7, 2011 PrimeLife Summit 24
Technologies and
Privacy in Mobile-
Web-interactions
13
June 7, 2011 PrimeLife Summit 25
Privacy, Identity & the Secure Elements
Yes
No
Partially
No
No
Yes
Yes
Yes
Possible
Partially
Yes
Yes
Yes
Possible
Yes
Trust:
A Trusted Secure
Element / Environment
Identity:
A specific
communication channel
for the partial identity
Privacy:
Secure communication,
only for the individual
Anonymity:
Unlinkeablility of the
interaction to the
individual
Highly dynamic
Sticker µSD TEE
Remember: Mobile
Services Value Chain!
June 7, 2011 PrimeLife Summit 26
Privacy, Identity & the Secure Elements
Trust:
A Trusted Secure
Element / Environment
Identity:
A specific
communication channel
for the partial identity
Privacy:
Secure communication,
only for the individual
Anonymity:
Unlinkeablility of the
interaction to the
individual
Highly dynamic
Sticker µSD TEE
Yes
No
Partially
Possibly
No
Yes
Yes
Yes
Possibly
Partially
Yes
Yes
Yes
Possibly
Yes
PrimeLife
Standard
(Global
Platform)
Future
research
(e.g.
SEPIA)
PrimeLife
Demo
(Secure SD
Card)
Lessons
learned for
TEE
concepts
14
June 7, 2011 PrimeLife Summit 27
PrimeLife Demo
Mobile Privacy
June 7, 2011 PrimeLife Summit 28
The „Flow“ of „Mobile PrimeLife“
Open „Private
World“ on SE via
Privacy-PIN
Receive Identity-
and Privacy-
enhanced request.
„Private World“-
keys decript data:
Secure, private,
identity-related.
Manage policies in
the „Private World“-
encrypt before
sending to Back-
end
Overview of
„Private Activities“
15
June 7, 2011 PrimeLife Summit 29
Outlook and
Discussion
June 7, 2011 PrimeLife Summit 30
Privacy in a „Cloud-connected World“
Other Mobile Payment
Terminals
as Mobile Devices
Car Navigation and
Entertainment
as Mobile Device
Mobile Phone (Smart
Phone)
as Mobile Device
Netbooks, Laptops and
Tablet PCs
as Mobile Devices
The
Cloud
as
Back-
end
16
June 7, 2011
Key results
Direct user interaction between mobile and
back-end in “Private World”.
Shown in real-life demonstrator (see D 6.3.2)
Lessons learned in Demonstrator -> Global
Platform standardization
APIs published (D. 6.3.1)
Future research: Certification & Isolation of
“Private World” (see SEPIA).
PrimeLife Summit 31
June 7, 2011
ECONOMIC VALUATION OF
PRIVACY-ENHANCING IDENTITY
MANAGEMENT SERVICES
Focus on WP6.1 – Sascha Koschinat (Goethe University Frankfurt)
PrimeLife Summit 32
17
June 7, 2011 PrimeLife Summit 33
Challenge to be addressed
Developers and providers of innovative privacy-enhancing
identity management services need appropriate methods in order
to: valuate the potentials and risks of alternative service designs
select the most promising service designs for investments and market
introductions
Due to different shortcomings current valuation approaches are
not appropriate for valuations in this domain, e.g.:
Six Forces Model: considers only external factors to the decision maker -
competition, new entrants, end users, suppliers, substitutes, government
SWOT analysis: considers only highly abstract factors to the decision maker -
strength, weaknesses, opportunities, threats
...
Develop an economic valuation approach appropriate for
privacy-enhancing identity management services!
June 7, 2011 PrimeLife Summit 34
Economic Valuation Approach for Privacy-Enhancing
Identity Management Services
Process Model:
6 process steps (instructions) that
guide the decision maker through
the decision process
Structure Model:
Building blocks (elements) that
support the decision maker to
represent the decision situation
1 •Scenario Descriptions
2 •Identification of Costs and Benefits
3 •Selection of Key Costs and Benefits
4 •Clustering and Mapping
5 •Assessment and Aggregation
6 •Visualisation
Sequence Diagrams
Economic Value Diagrams
Decision Diagrams
18
June 7, 2011 PrimeLife Summit 35
Real-life Identity Management Service Scenarios
Baseline Option Delta Option 1
Attribute Verification
Service Scenario
Authentication Service
Scenario
Privacy Policy Enforcement
Service Scenario
Delta Option 2
June 7, 2011 PrimeLife Summit 36
Brief Application Example – Privacy Policy Enforcement
Baseline Option vs. Delta Option 1
Baseline Option Delta Option 1
Attribute Verification
Service Scenario
Authentication Service
Scenario
Privacy Policy Enforcement
Service Scenario
Delta Option 2
19
June 7, 2011
Brief Application Example – Privacy Policy Enforcement
Baseline Option vs. Delta Option 1
PrimeLife Summit 37
End Customer Service Provider (SP) IdM Service Provider (IdMSP)
June 7, 2011 PrimeLife Summit 38
Brief Application Example – Privacy Policy Enforcement
Baseline Option vs. Delta Option 2
Baseline Option Delta Option 1
Attribute Verification
Service Scenario
Authentication Service
Scenario
Privacy Policy Enforcement
Service Scenario
Delta Option 2
20
June 7, 2011 PrimeLife Summit 39
Brief Application Example – Privacy Policy Enforcement
Baseline Option vs. Delta Option 2
End Customer Service Provider IdM Service Provider
June 7, 2011 PrimeLife Summit 40
Brief Application Example – Privacy Policy Enforcement
Delta Option 1 vs. Delta Option 2
Dimension Values
(Aggregated
Costs & Benefits)
Decision Values
(Aggregated
Dimension Values)
DO1 vs. BO
DO2 vs. BO
End Customer
Service Provider
IdM Service
Provider
EC SP IdMSP
Delta Option 1 vs. Baseline Option
Delta Option 2 vs. Baseline Option
21
June 7, 2011 PrimeLife Summit 41
Results of Scenario Valuations – Summary
Dimension Values
Decision Values
Attribute Verification
Service Scenario
Authentication Service
Scenario
Privacy Policy Enforcement
Service Scenario
June 7, 2011
Conclusion & Outlook
Conclusion:
Presents decision-relevant information in a simple, structured, and transparent
way without over-challenging the decision maker
Enables a stronger focus on (and integration of) privacy-effects on consumers as
an essential factor for economic success
Considers individual value perceptions of stakeholders and interdependencies to
enable application field-specific valuations of IdM services
Structures complex decision processes and simplifies a separation into
transparent sub-aspects
…
Outlook:
More intensive testing of the method on real world use-cases
Enhancement and improvement of each step by more sophisticated methods
and concepts
More intensive focus on privacy-related effects
Reducing possible errors caused by subjectivity of the decision maker
…
PrimeLife Summit 42
22
June 7, 2011 PrimeLife Summit 43
Thank you
for your attention
June 7, 2011
Activity 6: Key Results
WP6.1 – Economic Aspects for Privacy in SOA Privacy as an essential factor for economic success
Simple, structured, and transparent valuation method for privacy-enhancing IdM services
WP6.2 – Mobile Device in SOA Trustworthy mobile interaction enables
end user’s control in infrastructure
Isolation designed into future TEEs (standardized)
WP6.3 – Privacy-Enhanced Infrastructures Requirements for Privacy in SOA
Abstract Privacy Framework
Test implementation and evaluation of PPL Engine
PrimeLife Summit 44