A USER-CENTRIC APPROACH TO ECERTIFICATE FOR ELECTRONIC IDENTITIES (EIDS) MANAGEMENT IN MOBILE ENVIRONMENT MICHELE SCHIANO DI ZENISE, ANDREA VITALETTI , DAVID ARGLES University of Rome “Sapienza”, Italy University of Southampton, United Kingdom
Dec 19, 2015
A USER-CENTRIC APPROACH TO ECERTIFICATE FOR ELECTRONIC IDENTITIES
(EIDS) MANAGEMENT IN MOBILE ENVIRONMENT
MICHELE SCHIANO DI ZENISE, ANDREA VITALETTI , DAVID ARGLES
University of Rome “Sapienza”, Italy University of Southampton, United Kingdom
2
Scenario
A person goes out clubbing and has to certify his age to enter. In order to reach the goal, this person has to provide some kind of documentation to the bouncer.
Problems because of forgetfulness the documents are not always
available; the document could contain useless information (for the
goal); the person should decide what information to show; the procedure should be quick, secure and guarantee
privacy; to prompt credibility and legality.
A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment
3
Goal
To develop a tool that solves these problems, creating and managing electronic eIDs
Required features mobility; security; privacy; user-centricity; easy to use; credibility.
A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment
4
Idea
to use the Android platform provided by Google for the development of a mobile application that provides the expected features
Dependent technologies Android; Java; mySQL; PHP; UML.
A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment
5
Possible technologies
Exsisting Technologies Smart card: is used to access reserved areas
managed by automated access control or use private services;
Electronic Identities: government-issued document for online and offline identification that usually allows digital signing.
eCert: is a UK government-sponsored project that uses an eCertification protocol to address security issues which originally arose as a concern within the field of ePortfolios.
A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment
6
eCert
Why eCert? it is a UK government user-centric structure for
ePortofolios with a high security level; the idea behind ePortfolios is close to that of
eID. Main features
central services with user-orientated storage approach;
two levels of security for the documents; common system for all types of users; user-centricity, with low level of required skills.
A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment
7
Demonstration of the concepts: the toolA User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in
Mobile Environment
8
Implication
What the tool guarantees: User-centricity Security and privacy Mobility and easy interface
Trade-off with the current technologies qrCode: because of the limits of the qrCode in terms
of data storage, it has been necessary to simplify the process and store the eID on the server and link to it. This problem should be solved in the next five years with the evolution of the technologies relating to production and scanning of qrcodes.
A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment
9
Future works
Immediate improvements: Add other controls related to the validity of the
eID (revocation list) Improve the randomness of the link (waiting for
improvements in the qr codes) Fix minor bug relating to the generation of the
system key. Future improvements:
After an accurate series of testbeds (practical and theoretical), follow the results and improve the protocol where it needs.
A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment
10
Acknowledgments and questions
We would like to thank Lisha Chen-Wilson to have allowed us the use of her protocol to develop this project.
AND THANK YOU FOR BEING HERE!
QUESTIONS?
A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment
11
References [1] Chen-Wilson, L. and Argles, D.”Towards a framework of a secure e-Qualification certificate
system” ICCMS, 2010, Sanya, China. [2] George Lorenzo and John Ittelson, “An overview of E-Portfolio” July 2005. [3] Vu Anh Pham and Ahmed Karmouch, “Mobile Software Agents: An Overview”, IEEE
Communications Magazine, 1998, Volume 36 Issue 7. [4]http://www.direct.gov.uk/en/TravelAndTransport/Passports/Applicationinformation/
DG_174159/, accessed 30dec2010. [5]http://www.servizidemografici.interno.it/sitoCNSD/pagina.do?
metodo=homePage&servizio=navigazione, accessed 30dec2010. [6]http://www.soton.ac.uk/sais/idstudio/idstudio.html, accessed 30dec2010. [7]http://www.unicreditbanca.it/it/privati/conti/genius/one/?idc=14626, accessed 30dec2010. [8]http://www.jisc.ac.uk/whatwedo/programmes/aim/ecert.aspx, accessed 30dec2010. [9]http://www.nfc-forum.org/specs/spec_list/#refapps, accessed 30dec2010. [10]http://www.denso-wave.com/qrcode/index-e.html, accessed 30dec2010. [11] NIST, Announcing the Advanced Encryption Standard (AES), Federal Information
Processing Standards Publication 197, 2001. [12]http://developer.android.com/index.html, accessed 30dec2010. [13]http://agilemanifesto.org/, accessed 30dec2010. [14] Maarten W. van Someren, Yvonne F. Barnard, Jacobijn A.C. Sandberg, “The think aloud
method - A practical guide to modelling cognitive processes”, Academic Press, London, 1994.
A User-Centric Approach to eCertificate for Electronic Identities (eIDs) Management in Mobile Environment