Paulus / Pohlmann / Reimer ISSE 2006 Securing Electronic Business Processes
2006
ISBN: 978-3-8348-9195-2
Verlag: Vieweg & Teubner
Format: PDF
Kopierschutz: 1 - PDF Watermark
Highlights of the Information Security Solutions Europe 2006 Conference
E-Book, Englisch, 479 Seiten, eBook
ISBN: 978-3-8348-9195-2
Verlag: Vieweg & Teubner
Format: PDF
Kopierschutz: 1 - PDF Watermark
This book presents the most interesting talks given at ISSE 2006 - the forum for the interdisciplinary discussion of how to adequately secure electronic business processes.
The topics include: Smart Token and e-ID-Card Developments and their Application - Secure Computing and how it will change the way we trust computers - Risk Management and how to quantify security threats - Awareness raising, Data Protection and how we secure corporate information.
Adequate information security is one of the basic requirements of all electronic business processes. It is crucial for effective solutions that the possibilities offered by security technology can be integrated with the commercial requirements of the applications. The reader may expect state-of-the-art: best papers of the Conference ISSE 2006.
Prof. Dr. Sachar Paulus is Chief Security Officer of SAP, Walldorf, Germany.
Prof. Dr. Norbert Pohlmann is Professor for System and Information Security at the University of Applied Sciences in Gelsenkirchen, Germany.
Prof. Dr. Helmut Reimer is Chief Executive Officer of TeleTrusT, Germany.
Zielgruppe
Professional/practitioner
Autoren/Hrsg.
Weitere Infos & Material
1;Contents;6
2;Preface;12
3;About this Book;14
4;ISCOM: On the Way for ICT Security in Italy;16
5;RFID e-ID Cards Trusted Computing Interoperability;18
5.1;Radio Frequency Identification (RFID) and Data Protection Legal Issues;20
5.1.1;1 What RFIDs are all about;20
5.1.2;2 Use of RFID technology;21
5.1.2.1;2.1 Retail/Consumer Goods Sector;21
5.1.2.2;2.2 Manufacturing Sector;21
5.1.2.3;2.3 Recycling & waste management;22
5.1.2.4;2.4 Transportation/Logistics Sector;22
5.1.2.5;2.5 Libraries;22
5.1.2.6;2.6 Tracking of animals (dogs, cows and sheep);22
5.1.2.7;2.7 Health Care Sector;23
5.1.2.8;2.8 Tracking of people (schools, prisons, VIP clubs);23
5.1.2.9;2.9 Passports and Ids;23
5.1.2.10;2.10 Transportation: e-pass, e-plate, e-ticket;24
5.1.3;3 Legal Implications;25
5.1.3.1;3.1 Infringement of the right to privacy and data protection;25
5.1.3.1.1;3.1.1 Identification and profiling of a person;25
5.1.3.1.2;3.1.2 Unnoticed remote reading without iine-of-sight;26
5.1.3.1.3;3.1.3 Use of RFID technology for law enforcement purposes;26
5.1.3.2;3.2 Infringement of the right to personality;26
5.1.3.3;3.3 Infringement of the right to human dignity;27
5.1.3.4;3.4 Unfair competition;27
5.1.3.5;3.5 Labour iaw;27
5.1.4;4 Existing and proposed Legislation;28
5.1.5;5 Open Legal Issues;28
5.1.5.1;5.1 Do RFID tags contain personal data;28
5.1.5.2;5.2 Applicability of Directive 2002/58/EC;29
5.1.5.3;5.3 Prior-checking;30
5.1.6;6 Guidelines;30
5.1.6.1;6.1 Legal Guidelines to the deployers of RFID technology;30
5.1.6.2;6.2 Technical recommendations;31
5.1.7;7 Conclusions - Recommendations;32
5.2;e-ID and Smartcards - Current Status, Hopeful Developments and Best Practices;34
5.2.1;1 Background;34
5.2.1.1;1.1 Financial Sector;34
5.2.1.2;1.2 l\/lobile Phone Sector;34
5.2.1.3;1.3 Ticketing;35
5.2.1.4;1.4 Identification;35
5.2.1.5;1.5 Convergence;36
5.2.2;2 Experience with e-ID;36
5.2.2.1;2.1 US Federal Government Initiatives;36
5.2.2.2;2.2 Belgian Government Cards;37
5.2.3;3 The Issues;37
5.2.3.1;3.1 Interoperability;37
5.2.3.1.1;3.1.1 ISO 24727;38
5.2.3.2;3.2 Privacy;38
5.2.3.2.1;3.2.1 Example: Australian Driver Licence Smartcard;39
5.2.4;4 Conclusion;41
5.3;European Citizen Card Combined with Travel Document Function, Convergence or Divergence?;42
5.3.1;1 Introduction;42
5.3.2;2 The EU nation strategies and the new ECCStandard;43
5.3.3;3 Selected card interface for ECC;44
5.3.4;4 ECC and the "carrier";44
5.3.5;5 ECC and addressable memory space;44
5.3.6;6 The legal framework for the ECC;44
5.3.7;7 ECC and the challenge for the supplier industry, for example the semiconductor producer;45
5.3.8;8 Conclusion;45
5.4;Physical Unclonable Functions for enhanced security of tolcens and tags;47
5.4.1;1 Introduction;47
5.4.2;2 Physical realisations;48
5.4.2.1;2.1 Coating PUFs;48
5.4.2.2;2.2 Optical PUFs;49
5.4.3;3 Overview of PUF applications;50
5.4.3.1;3.1 PUF-Based Tokens;50
5.4.3.2;3.2 Secure Key Storage;50
5.4.3.3;3.3 Unclonable RFID-Tags;52
5.4.4;4 Conclusion;53
5.5;Hardware Security Features for Secure Embedded Devices;55
5.5.1;1 Introduction;55
5.5.2;2 Physical Attacks on Secure Hardware;56
5.5.2.1;2.1 Invasive Techniques;56
5.5.2.2;2.2 Hardware Countermeasures;56
5.5.3;3 SoC and Cryptographic Coprocessors;57
5.5.3.1;3.1 Attacks on Public Key Coprocessors;57
5.5.3.2;3.2 Attacks on Secret Key Accelerators;59
5.5.4;4 Conclusion;60
5.6;Security in Next Generation Consumer Electronic Devices;62
5.6.1;1 Introduction;62
5.6.2;2 CE Devices Under Attack;62
5.6.2.1;2.1 Goals of Attackers;63
5.6.2.2;2.2 Attack Models and Protection Profile;63
5.6.3;3 Protecting CE devices;64
5.6.3.1;3.1 Security Strategy for CE;64
5.6.3.2;3.2 A level of Protection In CE Devices;65
5.6.3.2.1;3.2.1 Eliminating Errors in Code;65
5.6.3.2.2;3.2.2 Secure Boot;66
5.6.3.2.3;3.2.3 Prevent Unauthorised Introduction of New Code;66
5.6.3.2.4;3.2.4 Isolation;67
5.6.3.2.5;3.2.5 Obstructing Analysis;68
5.6.4;4 Security in Small Spaces;68
5.6.5;5 Conclusions;69
5.7;Security Architecture for Device Encryption and VPN;71
5.7.1;1 Introduction;71
5.7.2;2 Existing Solutions;72
5.7.2.1;2.1 Windows Vista BitLoclcer Drive Encryption;72
5.7.2.2;2.2 Cisco VPN Client;73
5.7.3;3 The EMSCB Project;73
5.7.4;4 Turaya Security Kernel;74
5.7.5;5 Device Encryption;75
5.7.6;6 VPN Client;76
5.7.7;7 Implementation;77
5.7.8;8 Conclusion and Outlook;79
5.8;TPM Enterprise Key Management requires centralized Hardware-based Security;81
5.8.1;1 Introduction;81
5.8.1.1;1.1 TPM background;82
5.8.1.2;1.2 TPM market;82
5.8.2;2 Enterprise IT Management;83
5.8.2.1;2.1 The current state of TPM enterprise key management;84
5.8.3;3 Challenges faced by the different key management options;86
5.8.3.1;3.1 TPM enterprise key management based on centralized i-lardware Security l\/lodules;87
5.8.4;4 Conclusion;88
5.9;Implementation of DRM Systems under the EU Legal Framework;89
5.9.1;1 Introduction;89
5.9.1.1;1.1 How does Digital Rights Management ("DRM") woric?;89
5.9.1.2;1.2 Interests in the DRM Value Chain;91
5.9.2;2 DRM and Data Protection;91
5.9.2.1;2.1 What is the issue?;91
5.9.2.2;2.2 Which Legislative Instruments are applicable at EU Level?;92
5.9.2.3;2.3 What are Personal Data;93
5.9.2.4;2.4 Responsibility for Compliance with Data Protection Rules;94
5.9.2.5;2.5 Which Principles Do In particular Impact on Data Processing?;94
5.9.2.5.1;2.5.1 "Necessity of Processing" and Consent - Requirements;94
5.9.2.5.2;2.5.2 Sensitive Data;97
5.9.2.5.3;2.5.3 Data Avoidance;98
5.9.2.5.4;2.5.4 Finality Principle;98
5.9.2.6;2.6 Other relevant Principles;99
5.9.3;3 The Mechanisms of the "InfoSoc" Directive;99
5.9.3.1;3.1 Overview;99
5.9.3.2;3.2 DRM and the Rights of Beneficiaries of Public Policy Privileges (also: Private Copy);100
5.9.3.2.1;3.2.1 Principles and Definitions;100
5.9.3.2.2;3.2.2 Limitations of Copyright;101
5.9.3.2.3;3.2.3 Limits of the Protection of Anti - Circumvention Devices and "Fair Use";104
5.9.3.3;3.3 The Protection of Electronic Rights Management Information ("RMI") and its Limits;104
5.9.4;4 Interoperability vs. Exclusive Proprietary Systems;105
5.9.5;5 Further Impact of DRM;107
5.9.5.1;5.1 Levy Systems;107
5.9.5.2;5.2 Collective Rights Management Societies;107
5.9.6;6 Conclusion;108
5.9.6.1;6.1 Protection of DRM Systems and Licensing;109
5.9.6.2;6.2 Data Protection;110
5.9.6.3;6.3 Technical Solutions and Trusted Platforms;110
5.10;IT-Grundschutz: Two-Tier Risk Assessment for a Higher Efficiency in IT Security l\/lanagement;112
5.10.1;1 Need for an Information Security IVIanagement l\/lethod;112
5.10.2;2 Optimising resources;112
5.10.2.1;2.1 The IT-Grundschutz concept;113
5.10.2.2;2.2 Two-Tier Risk Assessment versus Traditional Risic Assessment;114
5.10.2.3;2.3 Risk Analysis based on IT-Grundschutz;115
5.10.3;3 Consolidation of the IT Security Concept;116
5.10.4;4 ISO 27001 Certification based on iT-Grundschutz;117
5.10.5;5 Conclusion;117
5.11;ISO/IEC 24727 - A Future Standard for Smart Card Middleware;119
5.11.1;1 Overview;119
5.11.2;2 Market Impact of ISO/IEC 24727;119
5.11.3;3 Parts of the ISO/IEC 24727 Standard;120
5.11.3.1;3.1 Encapsulation of Smart Card Access;120
5.11.3.2;3.2 The Service Access Layer;121
5.11.3.2.1;3.2.1 Default Services in the SAL interface;121
5.11.3.2.2;3.2.2 Model-based Architecture;122
5.11.3.2.3;3.2.3 IAS Services and Secure Sessions;123
5.12;Information Security Standardization - the ETSI Perspective;125
5.12.1;1 Introduction;125
5.12.2;2 Mobile and Wireless Communications;126
5.12.2.1;2.1 GSM and UMTS;126
5.12.2.1.1;2.1.1 Anonymity;126
5.12.2.1.2;2.1.2 Authentication and Signalling Protection;126
5.12.2.1.3;2.1.3 IMEI;127
5.12.2.1.4;2.1.4 Fraud Information Gathering System;127
5.12.2.1.5;2.1.5 Priority;127
5.12.2.1.6;2.1.6 Location;128
5.12.2.2;2.2 TETRA;128
5.12.2.2.1;2.2.1 Mutual authentication;128
5.12.2.2.2;2.2.2 Encryption;128
5.12.2.2.3;2.2.3 Anonymity;128
5.12.3;3 Next Generation Networks;128
5.12.3.1;3.1 NGN Release 1;128
5.12.3.2;3.2 Security Design Guide;129
5.12.4;4 Lawful Interception;129
5.12.4.1;4.1 Handover Interface;129
5.12.4.2;4.2 IP interception and Service-specific details;130
5.12.5;5 Electronic Signatures;130
5.12.6;6 Smart Cards;131
5.12.7;7 Algorithms;132
5.12.8;8 Future Challenges;132
5.12.8.1;8.1 Next Generation Networks;132
5.12.8.2;8.2 Privacy;133
5.12.8.3;8.3 Product Proofing;133
5.12.8.4;8.4 Data Rights l\/lanagement;133
5.12.8.5;8.5 Data Retention;133
5.12.8.6;8.6 l\/lobiie terminal security;133
5.12.8.7;8.7 Banking security and eCommerce;134
5.12.8.8;8.8 RFID;134
5.12.9;9 Conclusions;134
5.13;Digital Signatures witliout the Headaches;136
5.13.1;1 Why OASIS DSS?;136
5.13.2;2 What Does OASIS DSS Do?;138
5.13.3;3 DSS specification set structure;139
5.13.4;4 Variations and Profiling DSS;140
5.13.5;5 Technical Details;142
5.13.5.1;5.1 Sign protocol;142
5.13.5.2;5.2 Verify protocol;144
5.13.5.3;5.3 XML Time-stamp token;144
5.13.6;6 Conclusion;144
5.14;Could Test Standards Help on the Way to Achieve Global e-Passport Interoperability?;146
5.14.1;1 Passport and Reader Compliance;146
5.14.2;2 Biometric Data Compliance and Performance of Biometric Systems;151
5.14.3;3 Assessment;154
5.15;A New Standard Based Road to Interoperable Strong Authentication;156
5.15.1;1 The strong authentication eco-system;156
5.15.1.1;1.1 Overview;156
5.15.1.2;1.2 Devices;156
5.15.1.3;1.3 The client framework;157
5.15.1.4;1.4 Validation framework;157
5.15.1.5;1.5 Provisioning framework;158
5.15.1.6;1.6 Applications;158
5.15.2;2 The interoperability challenge;158
5.15.2.1;2.1 Interoperability between devices and validation systems;158
5.15.2.2;2.2 Interoperability from an application view;158
5.15.2.3;2.3 Provisioning Interoperability;159
5.15.3;3 Standards;159
5.15.3.1;3.1 Algorithms;159
5.15.3.1.1;3.1.1 OATH - HOTP, RFC 4226 HMAC based one time password algorithm;159
5.15.3.1.2;3.1.2 OATH - Mutual OATH: HOTP Extensions for mutual authentication;159
5.15.3.1.3;3.1.3 MasterCard EMV - Chip Authentication Program (CAP);159
5.15.3.2;3.2 Device interface;160
5.15.3.2.1;3.2.1 DTPS - PKCS #11 V2.20 Amendment 1: PKCS #11 mechanisms for One-Tlme Password Tokens;160
5.15.3.2.2;3.2.2 MasterCard EMV;161
5.15.3.3;3.3 Validation interface;161
5.15.3.3.1;3.3.1 OTPS - OTP-WSS-Token: Web Services Security One-Tlme Password Tolcen Profile;161
5.15.3.3.2;3.3.2 OTPS- OTP Validation Service;161
5.15.3.4;3.4 Provisioning;162
5.15.3.4.1;3.4.1 OATH - Portable Symmetric Key Container;162
5.15.3.4.2;3.4.2 OATH - XKI\AS Provisioning of OATH Shared Secret Keys;162
5.15.3.4.3;3.4.3 OTPS-CT-KIP;162
5.15.4;4 Interoperability;163
5.15.4.1;4.1 Now;163
5.15.4.2;4.2 The future;163
5.15.5;5 Conclusion;163
6;Identity Management Biometrics PKI-Soiutions Networic Security;166
6.1;Identifying Patterns of Federation Adoption;168
6.1.1;1 Introduction;168
6.1.2;2 Federation Adoption Patterns;169
6.1.2.1;2.1 Employer Based Federations;170
6.1.2.1.1;2.1.1 Internal Federation;170
6.1.2.1.2;2.1.2 External Federation;171
6.1.2.2;2.2 Parent Company/Subsidiary; Mergers and Acquisitions;172
6.1.2.3;2.3 Specialized Content Providers;174
6.1.2.4;2.4 Enabling Internal Users: Rich Client Adoption;176
6.1.3;3 Observations;176
6.1.4;4 Conclusions;177
6.2;Fidelity: Federated identity IVIanagement Security based on Liberty Aliiance on European Ambit;178
6.2.1;1 Liberty Alliance Federated Identity Management approach;179
6.2.2;2 Liberty Alliance Protocols suit proof of concept;180
6.2.3;3 Technical approaches;181
6.2.4;4 Security Aspects: Attacks and testing tools;182
6.2.5;5 Concluding remarks;183
6.3;Deflecting Active Directory Attaclcs;185
6.3.1;1 Introduction;185
6.3.2;2 Attack#1: Cracking Passwords Based on the LM Hash;185
6.3.2.1;2.1 Attack#1: Prevention;186
6.3.3;3 Attack#2: Cracking Passwords Based on Kerberos Pre-authentication Data;187
6.3.3.1;3.1 Attack#2: Prevention;187
6.3.4;4 Attack#3: Privilege Elevation by Using SIDHistory;187
6.3.4.1;4.1 Attack#3: Prevention;188
6.3.5;5 Attack#4: DoS Attack Based on Excessive AD Object Creations;188
6.3.5.1;5.1 Attack#4: Prevention;189
6.3.6;6 Attack#5: DoS Attack Based on the MaxTokenSize Property;190
6.3.6.1;6.1 Attack#5: Prevention;190
6.3.7;7 Conclusion;191
6.4;Implementing role based access control - How we can do it better!;193
6.4.1;1 Introduction;193
6.4.2;2 Classic access control models;194
6.4.3;3 Role Based Access Control (RBAC);194
6.4.4;4 Role Engineering;196
6.4.4.1;4.1 Top-down approach;197
6.4.4.2;4.2 Bottom-up approach;198
6.4.4.3;4.3 Role Engineering in ERP Environments;199
6.4.4.4;4.4 Company-wide multi-system role engineering;200
6.4.5;5 Conclusion;201
6.5;Identity and Access Control - Demonstrating Compliance;203
6.5.1;1 The challenge of Identity and Access Control;203
6.5.1.1;1.1 Introduction;203
6.5.1.2;1.2 IdM initiatives often fall short of meeting expectations;204
6.5.2;2 The way forward;205
6.5.2.1;2.1 Increasing abstraction;205
6.5.2.2;2.2 A possible way forward;205
6.5.2.2.1;2.2.1 Unifying technologies;205
6.5.2.2.2;2.2.2 Control library;207
6.5.2.2.3;2.2.3 Combining unification and control libraries;208
6.5.3;3 Case study;209
6.5.3.1;3.1 The challenge;209
6.5.3.2;3.2 The solution;209
6.5.3.3;3.3 Role-mining the authorisation data;209
6.5.3.4;3.4 Defining and testing compliance via business rules;210
6.5.4;4 Conclusion;212
6.6;Robust and Secure Biometrics: Some Application Examples;213
6.6.1;1 Introduction;213
6.6.2;2 Key Extraction from Noisy Data;214
6.6.2.1;2.1 General Setting;214
6.6.2.2;2.2 Application to Biometrics;214
6.6.3;3 A Server Access Token;215
6.6.3.1;3.1 Introduction and Problem Definition;215
6.6.3.2;3.2 Deriving the Secret Key from the Biometric;216
6.6.4;4 3-Way Check for Biometric ePassport;217
6.6.4.1;4.1 Introduction and Problem Definition;217
6.6.4.2;4.2 Architecture for a 3-Way Check;217
6.6.5;5 A Secure Password Vault;218
6.6.5.1;5.1 Introduction and Problem Definition;218
6.6.5.2;5.2 Architecture for a Secure Password Vault;218
6.6.6;6 Conclusion;220
6.7;Selecting the Optimal Biometric 2-factor Authentication Method - a User's Viewpoint;221
6.7.1;1 Concept;221
6.7.2;2 Integration;223
6.7.3;3 Business Case;224
6.7.4;4 Form factor and user experience;225
6.7.5;5 Alternative concepts:;226
6.7.5.1;5.1 The trusted platform module (TPM);226
6.7.5.2;5.2 Cardio sampling;227
6.7.6;6 Conclusion;227
6.8;A Face Recognition System for l\/lobile Phones;228
6.8.1;1 Introduction;228
6.8.2;2 System description;229
6.8.3;3 System implementation;231
6.8.4;4 Experimental results;232
6.8.5;5 Conclusions;233
6.9;Advanced certificate validation service for secure Service-Oriented Architectures;235
6.9.1;1 Introduction;235
6.9.2;2 Certificate validation;236
6.9.2.1;2.1 SAVaCert;237
6.9.3;3 Validation architecture;238
6.9.3.1;3.1 Goals;238
6.9.3.2;3.2 Design;239
6.9.3.2.1;3.2.1 Clients;239
6.9.3.2.2;3.2.2 PKIs;240
6.9.3.2.3;3.2.3 Certificate Validation Service;240
6.9.4;4 Scenarios;242
6.9.5;5 Conclusions and future work;243
6.10;An Introduction to Validation for Federated PKIs;245
6.10.1;1 Introduction;245
6.10.2;2 Establishing Trust in a Hierarchical PKI;246
6.10.3;3 Establishing Trust in a Federated PKI;248
6.10.4;4 Applying Validation Policies;250
6.10.5;5 Building Trust Paths;251
6.10.6;6 Evaluating Validation Deployment Choices;252
6.10.6.1;6.1 Delegated Path Validation;253
6.10.6.2;6.2 Delegated Path Discovery;254
6.10.7;7 Conclusion;256
6.11;MADSig: Enhancing Digital Signature to Capture Secure Document Processing Requirements;258
6.11.1;1 Motivations;258
6.11.2;2 Technical Landscape;259
6.11.3;3 MADSig principles;260
6.11.4;4 The European Arrest Warrant Example;261
6.12;PKI Consolidation Project and l\/lultiapplicative Smart Payment Cards;266
6.12.1;1 Introduction;266
6.12.2;2 PKI consolidation Project of Banca Intesa ad Beograd;267
6.12.3;3 Multiapplicative smart payment cards of Banca Intesa ad Beograd;270
6.12.4;4 Main features of the implemented PKI solution;271
6.12.4.1;4.1 interoperability;271
6.12.4.2;4.2 Architecture of the implemented PKI solution;272
6.12.4.2.1;4.2.1 Certification Service;272
6.12.4.2.2;4.2.2 Registration Service;272
6.12.4.2.3;4.2.3 Enrolment Service;273
6.12.4.2.4;4.2.4 Web server application;273
6.12.4.2.5;4.2.5 RA Operator application;274
6.12.4.2.6;4.2.6 CA Administrator application;274
6.12.4.2.7;4.2.7 Application Programming Interface;274
6.12.5;5 Conclusion;274
6.13;Security Analysis and Configuration of Large Networks;276
6.13.1;1 Introduction;276
6.13.2;2 The POSITIF framework;277
6.13.2.1;2.1 Overview;277
6.13.2.2;2.2 P-SDL;278
6.13.2.3;2.3 P-SPL;279
6.13.2.4;2.4 Checking security and generating configurations;279
6.13.2.5;2.5 Mapping to actual protection technology;280
6.13.2.6;2.6 Configuration deployment;280
6.13.2.7;2.7 Monitoring security;280
6.13.2.8;2.8 Supporting new blocks;281
6.13.2.9;2.9 Managing the framework;281
6.13.2.10;2.10 The framework at work;282
6.13.2.11;2.11 For further information;282
6.13.3;3 Conclusion;282
6.14;S-VPN Policy: Access List Conflict Automatic Analysis and Resolution;283
6.14.1;1 Introduction;283
6.14.2;2 Modelling of Rules Relation;284
6.14.2.1;2.1 Rules Relations;285
6.14.3;3 Conflict Analysis;286
6.14.3.1;3.1 Conflicts Classification;286
6.14.4;4 Conflict Resolution;288
6.14.4.1;4.1 All Disjoint Algorithm;288
6.14.4.2;4.2 Inclusive Match Ordered Algorithm;289
6.14.5;5 Software Implementation;290
6.14.6;6 Conclusions and Future Works;290
6.15;Lock-Keeper: A New Implementation of Physical Separation Technology;292
6.15.1;1 Introduction;292
6.15.2;2 Physical Separation Principle;293
6.15.2.1;2.1 Firewalls and their Drawbacks;293
6.15.2.2;2.2 Concept of Physical Separation Principle;294
6.15.2.3;2.3 Lock-Keeper Sluice Technology;294
6.15.3;3 The Lock-Keeper System;295
6.15.3.1;3.1 Architecture of the SingleGate Lock-Keeper;295
6.15.3.2;3.2 Functionalities;295
6.15.3.3;3.3 Performance Analysis;296
6.15.4;4 Comparison with other ''Physical Separation" Implementations;296
6.15.5;5 Architecture Improvement: DualGate Lock-Keeper System;297
6.15.5.1;5.1 Architecture of the DualGate Lock-Keeper;297
6.15.5.2;5.2 Functionalities and New Cliaracteristics;298
6.15.5.2.1;5.2.1 increasing the transmit capacity (TC);298
6.15.5.2.2;5.2.2 Reducing the minimum round trip time of small messages through the Lock-Keeper;298
6.15.5.2.3;5.2.3 Using the whole time for transferring files between connected hosts;299
6.15.5.2.4;5.2.4 Implementing a few file queuing algorithms;299
6.15.5.3;5.3 Experiments on Performance Measurement;299
6.15.5.4;5.4 Lock-Keeper Cluster;299
6.15.6;6 Lock-Keeper Applications;300
6.15.6.1;6.1 Mail Transfer via Lock-Keeper;301
6.15.6.2;6.2 File Transfer via Locl(-Keeper;301
6.15.6.3;6.3 Database Synchronization via Loclc-Keeper;301
6.15.6.4;6.4 Secure Web Services Provider;302
6.15.7;7 Conclusion;302
6.16;SPEECH: Secure Personal End-to-End Communication with Handheld;304
6.16.1;1 Introduction;305
6.16.2;2 Existing solutions;306
6.16.3;3 SPEECH;307
6.16.3.1;3.1 Audio Module;309
6.16.3.2;3.2 Voice Codec;309
6.16.3.3;3.3 Security l\Aodule;309
6.16.3.4;3.4 WSP Module;309
6.16.3.5;3.5 WTP Module;310
6.16.4;4 The SPEECH Security;310
6.16.4.1;4.1 User Authentication and Key Agreement;310
6.16.4.1.1;4.1.1 Keyescrowing;311
6.16.4.2;4.2 Confidentiality;312
6.16.4.3;4.3 Non-repudiation;312
6.16.5;5 Conclusions;312
6.17;Finding the l\/lobile Trusted Element;315
6.17.1;1 Introduction;315
6.17.2;2 Mobile Trusted Elements;316
6.17.3;3 Mobile Secure Services Design;318
6.17.4;4 Use Case: DVB-H;321
6.17.5;5 Conclusions;324
7;Security Management Applications;326
7.1;Centrally Administered COIs Using Cross-Organizational Trust;328
7.1.1;1 Introduction;328
7.1.2;2 Cross-Forest Collaboration Goals;329
7.1.3;3 Cross-Forest Collaboration Solutions;329
7.1.4;4 Using the CFCOI;331
7.1.5;5 Conclusion;334
7.2;Improving Assurance of Information Security Rol;335
7.2.1;1 Changing Security Architectures;335
7.2.1.1;1.1 New Demands;336
7.2.2;2 A New Approach;337
7.2.2.1;2.1 Defining the Parameters;338
7.2.2.2;2.2 Criteria for the Semantic Structure;338
7.2.2.2.1;2.2.1 Information Attributes;338
7.2.2.2.2;2.2.2 Defining a Breach;339
7.2.2.2.3;2.2.3 Defining Business Detriments;339
7.2.2.2.4;2.2.4 Costing Business Detriments;339
7.2.2.3;2.3 The Process;339
7.2.2.3.1;2.3.1 Business Enquiry Phase;340
7.2.2.3.2;2.3.2 Technical IVIapping Phase;340
7.2.3;3 Methods;340
7.2.3.1;3.1 Interviewing;340
7.2.3.2;3.2 Metadata Management;341
7.2.4;4 Return on Investment;341
7.2.5;5 Conclusion;342
7.3;Modelling the Economics of Free and Open Source Software Security;343
7.3.1;1 Introduction;343
7.3.2;2 Software Dependability and F/OSS;344
7.3.3;3 A System Dynamics Approach;345
7.3.4;4 Towards a Dynamic Model of Software Dependability;346
7.3.5;5 Model Validation and Utilization;349
7.3.6;6 Conclusions;350
7.4;Securing service-oriented applications;353
7.4.1;1 Introduction;353
7.4.2;2 Business Applications and Security infrastructure;353
7.4.3;3 SOA Security Model;354
7.4.4;4 Message security;356
7.4.5;5 Trust Model;356
7.4.6;6 Programming model - Design Principles;358
7.4.7;7 Infrastructure-managed vs. application-managed;358
7.4.8;8 Flexibility of choice;359
7.4.9;9 Security Engineering;360
7.4.10;10 Conclusion;360
7.5;A Service Oriented Trust Development Platform;361
7.5.1;1 Introduction;361
7.5.2;2 Trust Development Platform Architecture;362
7.5.3;3 Federation services;364
7.5.3.1;3.1 Identity Federation;364
7.5.3.2;3.2 Trust Federation;365
7.5.4;4 Policies;366
7.5.5;5 Trust Development Rationale;367
7.5.5.1;5.1 PKI Traditional Models;367
7.5.5.2;5.2 The Problem of PKI: Technology or Model?;368
7.5.5.3;5.3 Trust Service Provider Model;369
7.5.5.4;5.4 Semantic Trust;370
7.5.6;6 Conclusion;371
7.6;A Trust Label for Secure and Compliant e-ID Applications: The Belgian Experience;373
7.6.1;1 Challenges of e-ID applications;373
7.6.1.1;1.1 Potential of e-ID applications;373
7.6.1.2;1.2 Consumer concerns;374
7.6.1.3;1.3 Countering consumer concerns;374
7.6.2;2 e-ID applications and legal compliance;374
7.6.2.1;2.1 Importance of legal compliance;374
7.6.2.2;2.2 Purposes of e-ID applications;375
7.6.2.3;2.3 e-ID applications and authentication;375
7.6.2.4;2.4 e-ID applications and transaction;376
7.6.3;3 A standard and label for secure e-ID applications;376
7.6.3.1;3.1 Importance of an independent audit;376
7.6.3.2;3.2 Development of a standard;377
7.6.3.3;3.3 Setting up and functioning of a standardisation organisation;377
7.6.3.4;3.4 Development and granting of a label;378
7.6.4;4 Protection of the standard and the label;378
7.6.5;5 Official launch of the standard and the label;378
7.6.6;6 Promotion of the standard and label;379
7.6.6.1;6.1 Belgium;379
7.6.6.2;6.2 Europe;379
7.6.7;7 Conclusion;379
7.7;Electronic signature in Italy after ten years of "running in";380
7.7.1;1 The History;380
7.7.2;2 The Present;381
7.7.2.1;2.1 Electronic document;381
7.7.2.2;2.2 Electronic log-book;382
7.7.2.3;2.3 Registered E-Mail;382
7.7.2.4;2.4 Electronic Substitutional Storage;382
7.7.2.5;2.5 Electronic fiscally relevant documentation;383
7.7.3;3 The state of the art;383
7.7.3.1;3.1 Electronic signature;383
7.7.3.1.1;3.1.1 Electronic Document Content and Format;383
7.7.3.1.2;3.1.2 Signature formats;384
7.7.3.1.3;3.1.3 Signature types;384
7.7.3.1.4;3.1.4 Time Referencing;385
7.7.3.1.5;3.1.5 Revocation;386
7.7.3.2;3.2 Electronic Log Book;387
7.7.3.3;3.3 Registered e-Mail - REM (In Italian: Posta Elettronica Certificata - PEC);387
7.7.3.4;3.4 Substitutional Documents Conservation;388
7.7.3.5;3.5 e-lnvoicing;388
7.7.4;4 A few numbers;389
7.7.4.1;4.1 Qualified electronic Signatures;389
7.7.5;5 Conclusion;390
8;Awareness Raising Compliance Data Protection Cyberspace Regulation;392
8.1;Internet Early Warning System: The Global View;394
8.1.1;1 Introduction;394
8.1.2;2 Aims and Task of the Internet Analysis System;395
8.1.3;3 Mode of Operation of the Internet Analysis System;396
8.1.4;4 Tasks and Mode of Operation of the Probes;397
8.1.5;6 Evaluation of the Collective Raw Data;399
8.1.6;7 User Interface of the Internet Analysis System;399
8.1.7;8 Results of the Internet Analysis Systems;400
8.1.7.1;8.1 Transport Protocol Distribution;400
8.1.7.2;8.3 Types of E-mail Messages;401
8.1.8;9 Uses of the Internet Analysis System;402
8.1.9;10 Conclusion;402
8.2;IT Security Vulnerability and Incident Response Management;404
8.2.1;1 Context;404
8.2.2;2 State-of-the-Practise;405
8.2.2.1;2.1 IT Management;405
8.2.2.2;2.2 Computer Emergency Response Teams;406
8.2.2.3;2.3 Technology push;407
8.2.2.3.1;2.3.1 Intrusion detection systems;407
8.2.2.4;2.4 Vulnerability Scanning;408
8.2.3;3 Case studies;408
8.2.3.1;3.1 ITIL;408
8.2.3.2;3.2 IT security incidents;409
8.2.3.3;3.3 Computer Security Incident Response Teams;409
8.2.4;4 Conclusions & Recommendations;409
8.2.4.1;4.1 Conclusions;409
8.2.4.2;4.2 Recommendations;409
8.2.4.2.1;4.2.1 Vulnerability lifecycle management;409
8.2.4.2.2;4.2.2 IT security incident responses;411
8.3;Blending Corporate Governance with Information Security;413
8.3.1;1 How to define ''Corporate Governance";413
8.3.2;2 Principles;415
8.3.2.1;2.1 CEO Involvement;415
8.3.2.2;2.2 Organizational Understanding of Information Assets;415
8.3.2.3;2.3 Integrating Data Storage with the System Lifecycie;416
8.3.2.4;2.4 Systems l\/lust Be Tested;416
8.3.2.5;2.5 Comparative Analysis;416
8.3.3;3 Shifts in Information Security Perspective;417
8.3.4;4 The fives areas of responsibility;418
8.3.4.1;4.1 The Board of Directors.;418
8.3.4.2;4.2 The CEO.;418
8.3.4.3;4.3 Executive Committee.;418
8.3.4.4;4.4 Senior Managers.;419
8.3.4.5;4.5 Employees.;419
8.3.5;5 The Security Governance Framework & Architecture;419
8.3.6;6 Conclusion;421
8.4;On Privacy-aware Information Lifecycle IVIanagement in Enterprises: Setting tlie Context;422
8.4.1;1 Introduction;422
8.4.2;2 Overview of ILM and IDM Solutions;424
8.4.2.1;2.1 Information Lifecycle Management Solutions;424
8.4.3;3 Privacy-Aware Information Lifecycle Management;425
8.4.3.1;3.1 Requirements and Open Issues;425
8.4.3.2;3.2 Core Properties and Functionalities;427
8.4.3.3;3.3 Our Approach;427
8.4.4;4 Important Issues and Next Steps;430
8.4.5;5 Conclusions;430
8.5;Regulation of State Surveillance of the Internet;432
8.5.1;1 Introduction;432
8.5.2;2 Impact of the Internet;433
8.5.3;3 Impact on State Surveillance by 9/11 U.S. attacks;434
8.5.4;4 Overview of State Surveillance laws regarding Internet communications;434
8.5.4.1;4.1 Introduction;434
8.5.4.2;4.2 Council of Europe Convention on Cybercrime;435
8.5.4.3;4.3 European Union (EU);436
8.5.4.4;4.4 USA;437
8.5.4.5;4.5 South Africa;437
8.5.5;5 Evaluation of the justifiability of State Surveillance regulation of Internet communications;438
8.5.5.1;5.1 Introduction;438
8.5.5.2;5.2 Considerations;438
8.5.6;6 Conclusion;441
8.6;How Can NRA Contribute to the Improvement of IT Security?;443
8.6.1;1 Introduction;443
8.6.1.1;1.1 The investigation of security incidents;443
8.6.2;2 NRA response;445
8.6.2.1;2.1 Consumer education;445
8.6.2.2;2.2 Reduction of negative impact of security incidents;446
8.6.2.3;2.3 l\/lanaging security incidents (CERT functions);446
8.6.2.4;2.4 Draft Law on Network and Information Security;447
8.6.3;3 Public and private partnership;449
8.6.4;4 Conclusions;449
8.7;Information Security Regulation: Tomorrow Never Dies?;450
8.7.1;1 Introduction;450
8.7.2;2 Information security and the law;450
8.7.3;3 Sampling law;452
8.7.3.1;3.1 Case Law;453
8.7.4;4 Relevant activities;455
8.7.5;5 Conclusions;455
8.8;Introducing Regulatory Compliance Requirements Engineering;456
8.8.1;1 Introduction;456
8.8.2;2 Background;457
8.8.2.1;2.1 Compliance and Security;457
8.8.2.2;2.2 Problem Frames;459
8.8.2.3;2.3 Abuse and Misuse Cases;460
8.8.3;3 Compliance Frames - A Data Protection Exampie;461
8.8.4;4 Conclusion;462
8.9;Legal Issues in Secure Grid Computing Environments;465
8.9.1;1 Introduction;465
8.9.2;2 Contracts in the Grid Environment;466
8.9.2.1;2.1 Licensing in the Grid;466
8.9.2.2;2.2 Contracting a node to the Grid;468
8.9.3;3 Privacy in the grid environment;469
8.9.4;4 Intellectual Property in the grid environment;470
8.9.5;5 Discussion;471
8.10;The Impact of Monitoring Technology on the Law;472
8.10.1;1 Introduction;472
8.10.2;2 Surveillance with the help of technological means;474
8.10.2.1;2.1 Camera surveillance in public and non-public places;474
8.10.2.2;2.2 Surveillance of telecommunication;474
8.10.2.3;2.3 Entry control; identification of persons and goods;475
8.10.2.4;2.4 Detection and prosecution of crimes;476
8.10.2.5;2.5 Conclusions regarding surveillance technology;477
8.10.3;3 Legal considerations;477
8.10.3.1;3.1 Privacy versus safety?;477
8.10.3.2;3.2 Suspects and non-suspects;478
8.10.3.3;3.3 Technology and social control;479
8.10.3.4;3.4 Technology and solidarity;480
8.10.3.5;3.5 Subsidiarity and proportionality;481
8.10.4;4 Conclusions;482
9;Index;484
RFID, e-ID Cards, Trusted Computing, Interoperability.- Radio Frequency Identification (RFID) and Data Protection Legal Issues.- e-ID and Smartcards — Current Status, Hopeful Developments and Best Practices.- European Citizen Card Combined with Travel Document Function, Convergence or Divergence?.- Physical Unclonable Functions for enhanced security of tokens and tags.- Hardware Security Features for Secure Embedded Devices.- Security in Next Generation Consumer Electronic Devices.- Security Architecture for Device Encryption and VPN.- TPM Enterprise Key Management requires centralized Hardware-based Security.- Implementation of DRM Systems under the EU Legal Framework.- IT-Grundschutz: Two-Tier Risk Assessment for a Higher Efficiency in IT Security Management.- ISOIIEC 24727 — A Future Standard for Smart Card Middleware.- Information Security Standardization — the ETSI Perspective.- Digital Signatures without the Headaches.- Could Test Standards Help on the Way to Achieve Global e-Passport Interoperability?.- A New Standard Based Road to Interoperable Strong Authentication.- Identity Management, Biometrics, PKI-Solutions, Network Security.- Identifying Patterns of Federation Adoption.- Fidelity: Federated Identity Management Security based on Liberty Alliance on European Ambit.- Deflecting Active Directory Attacks.- Implementing role based access control — How we can do it better!.- Identity and Access Control — Demonstrating Compliance.- Robust and Secure Biometrics: Some Application Examples.- Selecting the Optimal Biometric 2-factor Authentication Method — a User’s Viewpoint.- A Face Recognition System for Mobile Phones.- Advanced certificate validation service for secure Service-Oriented Architectures.- An Introduction to Validation for FederatedPKIs.- MADSig: Enhancing Digital Signature to Capture Secure Document Processing Requirements.- PKi Consolidation Project and Multiapplicative Smart Payment Cards.- Security Analysis and Configuration of Large Networks.- S-VPN Policy: Access List Conflict Automatic Analysis and Resolution.- Lock-Keeper: A New Implementation of Physical Separation Technology.- SPEECH: Secure Personal End-to-End Communication with Handheld.- Finding the Mobile Trusted Element.- Security Management, Applications.- Centrally Administered COIs Using Cross-Organizational Trust.- Improving Assurance of Information Security Rol.- Modelling the Economics of Free and Open Source Software Security.- Securing service-oriented applications.- A Service Oriented Trust Development Platform.- A Trust Label for Secure and Compliant e-ID Applications: The Belgian Experience.- Electronic signature in Italy after ten years of “running in”.- Awareness Raising, Compliance, Data Protection, Cyberspace Regulation.- Internet Early Warning System: The Global View.- IT Security Vulnerability and Incident Response Management.- Blending Corporate Governance with Information Security.- On Privacy-aware Information Lifecycle Management in Enterprises: Setting the Context.- Regulation of State Surveillance of the Internet.- How Can NRA Contribute to the Improvement of IT Security?.- Information Security Regulation: Tomorrow Never Dies?.- Introducing Regulatory Compliance Requirements Engineering.- Legal Issues in Secure Grid Computing Environments.- The Impact of Monitoring Technology on the Law.
Identifying Patterns of Federation Adoption (S. 151-152)
Heather Hinton • Mark Vandenwauver
IBM Software Group {hhinton mvanden}@us.ibm.com
Abstract
"I dont see that [federation identity] happening this year, I dont see it happening next year or the year after that~that leaves 2009, and Ill leave that one open ... There are a lot of issues, but basically it boils down to trust and antitrust." [Penn06]. Despite this pessimism, federation technology and models are being deployed and are in production now, only not in those areas that they were originally expected. In this paper, we describe several adoption patterns that we have observed and the characteristics that have driven these deployments. Existing business relationships between companies are often strong enough to support federated relationships and are being used as the foundation of present-day federated identity deployments.
1 Introduction
Federation has typically been cast as the "next best thing" to happen to a users online experience. For example, the much-hyped travel agency example has been used to illustrate the benefits of a federation relationship - when booking travel tickets with an online travel agency, John can seamlessly access the airline (to book seats and identify special requirements), the car rental agency and the hotel. Another equally well discussed example is based on the Internet Service Provider as w/r-Identity Provider, allowing Jane to authenticate to her ISP and then engage in online shopping. These examples, while excellent for explaining some of the values of a federated single sign-on environment, do not yet have widespread adoption, leading many to question if, not even when, federation technology will be adopted.
What is interesting with these early examples of (hypothetical) federation adoption is that they all describe scenarios where federated technology is used to bootstrap a business relationship between companies. It helped, of course, that the average Internet user could immediately see the value of this type of environment. What hurt, however, is that it was not immediately obvious to the federation partners what value they would realize with this environment, if they acted in any role other than an Identity Provider. And given that they all act as Identity Providers right now, why would they willingly give that up? This leads to the conclusion that federation technology can not (and should not) be driving federation adoption in and of itself.
Our customer experience shows us that federation technology and models are being adopted right now though. Federated technology is being adopted in many environments between companies with existing business relationships. Adoption is taking place where there is a need for tighter integration achieved through the loose coupling offered by federation. The adoption/deployment of federated identity solutions that we have been involved with (to date), have all been based on scenarios where:
• Business agreements are already in place upon which a federation-driven trust relationship can be based, and,
• One of the participants is a clear "owner" of the user identities and is responsible for the identity lifecycle management
