Pragmatic authentication

Hinke, Martin

Outline

• Introduction• Basic principles • Current approaches• Our suggestions

Voting mechanism

• Government knows, who can vote• Voter trusts VS, that it will not reveal his/her identity• Voter & Government trust, that VS is not cheating

Pragmatic Authentication

• Government knows own citizens• Citizen has and regularly uses X• X is trustworthy for Government

Pragmatic Tool - Requirements

• Trustworthy o Governmento Userso Security Specialists

• User friendly• Cheap• Safe• Private (anonymous)

Pragmatic Tool (2)

• more widely used → more easy to use• more widely used → less trustworthy• less complicated → more easy to use• less complicated → less secure

User uses

• All timeo own bodyo clothes

• Daily o mobile phoneo bank cardo e-mail o social networks

•  Rarelyo DigiDo OpenID

The Chasm of Death

• Some users may be lost during loginVOTING

SYSTEM

AUTHEN

SYSTEM

Own body / Clothes

• Bodyo very trustworthyo problematic installationo ethical problems

• Clotheso more people lose phone than clotheso short endurance o highly visible for other people

Mobile Phone / Banking Tools

• Mobile phoneo widely usedo high probability of losto user has more phones

• Banking tools o widely usedo trustworthy for both sideso user has multiple accounts

• Government assigns always same ID

E-Mail / Social Networks

• Technology o Hybrid Onboarding - Details o Federated Login - Details

• Exampleo Sourceforge - Detailso Plaxo

20M users 92% success rate

o Facebook Connect 60M users 80k sites 2/3 of US Top 100

OpenID / DigiD

• OpenIDo in the past for "geeks"o now more spread - AOL, BBC, Google, IBM, Microsoft,

MySpace, Orange, PayPal, VeriSign, Yahoo!, etc.o Google, AOL,Yahoo!, MS - 73%

• DigiDo Digital Identity  o 7M accountso 3 authentication levels: basic, medium, higho Growing number of services

Our suggestion

• Same mechanism like OpenIDo User (U) choose partner (P)o U is redirected to P siteo U logs in and is redirected backo User is logged in

• Requirementso Same protocolo E.g.: OpenID

Underwear Authentication

• Underwear is very secure o More people lose their phone/wallet than underwearo Wallet/phone is more accessible by foreign people

• But not quite sophisticated → improvement is needed• Process

o User asks government for labelso User attaches label to underwearo Hybrid mechanism

• Same trustworthy level as PC

Cycling Voting

• Everybody is using bike• Bike can be improved with bar code / RFID chip

Questions?

 

Thank You!

Thank You!