Research and
!
Education at Kjeller
Close relation to FFI,
!
IFE, NILU,...

2
Privacy Issues 19. Aug 2008, Josef Noll

t
f the bes
o
re some n
Norwegia
tive whe
tia e
o build th
citing ini t
a very ex emselves tion”
is h
commit t
Movation a
gy innov
Norway
quot; lo
panies in s techno a
ffey, Abeli
com wireles
Paul Cha
in
nal team –
natio

“Innovation by Design”
3

Have you heard these ones?
from Scott Mc Nealy (Sun Microsystems)

of is
o fond
s
ou are
acy y
e priv
“Th usion”
an ill
ostly
m

“You h
ave no
privacy
. Get ov
er it.”

4

from Scott Mc Nealy (Sun Microsystems)

of is
o fond
s
ou are
acy y
e priv
“Th usion”
an ill
ostly So, let’s go
m
home and do
something useful
“You h
ave no
privacy
. Get ov
er it.”

4

How come these guys didn’t think
of that? these guys didn’t think of that?
How come

Source:Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
©2007 Stefan Weiss, Deloite & Touche, 2007
11 Web 2.0 Expo Berlin 2007

5

Outline
Privacy, Identity, Trust, Reputation,....
!
Network environments
!
technical: Internet and wireless networks
–
Social networks
–
.... networks
–

Technologies
!

Protection mechanisms
!
! Legal issues
! Tips and tricks

6

Privacy
Privacy is the ability of an individual or group to seclude themselves or
information about themselves and thereby reveal themselves selectively. The
boundaries and content of what is considered private differ among cultures and
individuals, but share basic common themes. Privacy is sometimes related to
anonymity, the wish to remain unnoticed or unidentified in the public realm.
source: Wikipedia

7

Privacy
Privacy is the ability of an individual or group to seclude themselves or
information about themselves and thereby reveal themselves selectively. The
boundaries and content of what is considered private differ among cultures and
individuals, but share basic common themes. Privacy is sometimes related to
anonymity, the wish to remain unnoticed or unidentified in the public realm.
source: Wikipedia

Physical:
!
intrusion into physical space (sauna, stalking,...)
-
- searching in my personal possessions
- access to my home
! Informational
- Internet, electronic traces
- Medical data
! Organisational
- Industrial property rights (IPR)
- protection of secrets

7

Physical privacy
don’t touch me
!
don’t kiss me
!
don’t invade
!
don’t you dare
!

8

Physical privacy
Factors
don’t touch me
!
! cultural sensitivity
don’t kiss me
!
! personal dignity
don’t invade
!
! shyness
don’t you dare
!
! safety concerns

8

Physical privacy
Factors
don’t touch me
!
don’t kiss me
!
! personal dignity
don’t invade
!
! shyness
don’t you dare
!
! safety concerns

The worst places
(for me)

8

Physical privacy
Factors
don’t touch me
!
don’t kiss me
!
! personal dignity
don’t invade
!
! shyness
don’t you dare
!
! safety concerns

The worst places The best places (for me)
(for me)

8

Organisational privacy
What is in Coca Cola? Access to fingerprints
! !
of all people
!
When will VW launch
!
the new Golf?

9

Organisational privacy
What is in Coca Cola? Access to fingerprints
! !
of all people
!
When will VW launch
!
the new Golf?

Factors
! Patent (IPR)
! Trade mark
! price of information
! effect of damage

9

Information privacy
Information about me
! electronic information
stored about me
religion, sexual
-
orientation, political
opinion
personal activities
-
family information
-

Membership in social
!
networks
access to accounts
!
Medical information
!
Political privacy
!
10

Information privacy
Electronic traces
Information about me
! Mobile phone
! electronic information
stored about me GSM,
-
Bluetooth
religion, sexual -
-
orientation, political sensor data
!
opinion
traffic cameras
!
personal activities
-
surveillance
!
family information
-
payment card usage
!
Membership in social
!
networks fingerprint check-in
!
access to accounts
!
Medical information
!
Political privacy
!
10

Summary
Factors influencing privacy
cultural sensitivity
!
personal dignity
!
shyness
!
....
!

11

Summary
cultural sensitivity safety concerns
! !
personal dignity effect of damage
! !
shyness professional reputation
! !
.... discrimination ....
! !

11

Summary
cultural sensitivity safety concerns
! !
personal dignity effect of damage
! !
shyness professional reputation
! !
.... discrimination ....
! !

My own understanding
Privacy is about protecting myself such that others
can’t harm me more than I can tolerate
harm
others
--> trust, relation --> my roles (identity)

11

Reality
What the Internet knows about me
Preface
I am not a member of a social network (yet). I do not
publishing pictures about me.
And still ...

12

Reality
What the Internet knows about me
Preface
I am not a member of a social network (yet). I do not
publishing pictures about me.
And still ...

and I’m only talking Privacy Issues my public availableJosef Noll
about data 12
19. Aug 2008,

Two more definitions

Roles,
Identities
User
User profile,
behaviour
privacy

Location,
Proximity
Community
Context,
Presence

13

Two more definitions

others
--> trust, relation
Roles,
Identities
User
User profile,
behaviour
privacy

Location,
Proximity
Community
harm Context,
--> my roles (identity) Presence

13

Identity
In philosophy, identity is whatever makes an entity definable
!
and recognizable, in terms of possessing a set of qualities or
characteristics.
Identity is an umbrella term used throughout the social
!
sciences for an individual's comprehension of him or herself as
a discrete, separate entity.
Digital identity also has another common usage as the digital
!
representation of a set of claims made by one digital subject
about itself or another digital subject.
An online identity is a social identity that network users
!
establish in online communities.

As more more services are accessible in digital world, digital
!
identities and their management will play a vital role in secure
service access and privacy …..
source: Wikipedia
14

Identity: Real world to digital world
Digital identity
Passwords
everywhere

Real world Identities

Digital world
identities

Identity

Digital world

Recommendation: Dick Hardt@OSCON,
!
Identity 2.0 15

The dilemma of computer science
Identity - “same as” and “not”
!

16

!
Computer science: use of ontologies, binary strings ‘xFxkeyil9e4’
!

same as
Josef
Josef Noll

16

!
!

same as
Josef Roles,
Identities
Josef Noll
Community
Context

16

!
!

same as
Josef Roles,
Identities
Josef Noll
Community
Context

Are we in computer science in the Middle Ages?
!

G. W. Leipniz (1646): if a=b and
!
b=c, then a=c

16

Reputation and Trust
Reputation is the opinion (more technically, a social evaluation) of
!
the public toward a person, a group of people, or an organization. It
is an important factor in many fields, such as business, online
communities or social status.
Reputation is known to be a ubiquitous, spontaneous and highly
!
efficient mechanism of social control in natural societies.

Trust is a relationship of reliance. A trusted party is presumed to
!
seek to fulfill policies, ethical codes, law and their previous
promises.
Trust is a prediction of reliance on an action, based on what a party
!
knows about the other party. Comment: Members of “la familia”
trusts each other

17

Reputation and Trust
Reputation is the opinion (more technically, a social evaluation) of
!
the public toward a person, a group of people, or an organization. It
is an important factor in many fields, such as business, online
communities or social status.
Reputation is known to be a ubiquitous, spontaneous and highly
!
efficient mechanism of social control in natural societies.

Trust is a relationship of reliance. A trusted party is presumed to
!
seek to fulfill policies, ethical codes, law and their previous
promises.
Trust is a prediction of reliance on an action, based on what a party
!
knows about the other party. Comment: Members of “la familia”
trusts each other

do we really believe we can manage trust and
represent reputation? 17

!quot;#$%&#'()*+&#$')&'(,*-+('-

! !
Source: New York Times; Lasse Øverlier
18

Revisit:
Information privacy

19

Revisit:
Information privacy
It starts with the radio
! radio is broadcast: everyone can listen
! “radio identity” (MAC, Bluetooth,...) is known
! eavesdropping of traffic, man-in-the-middle: read-
your email (smtp is plain text)

Bluetooth and other ad-hoc networks, connectivity
!
to phone without notice
wireless networks at home: WEP easy to crack,
!
access to whole home infrastructure
Mobile phone (GSM): location, fake base-station
!

19

Revisit:
Information privacy
And it never stops
! Eavesdropping -> read your communication
! Crack WEP (encryption) -> read open information
! DNS forging -> leading you to a different site
! Phishing -> getting your secure information

“Click to confirm that you read the privacy issue”
!
Netvibes: Leading personal start page to manage
!
your digital life
Banking, Social Networks....
!

20

Some technology first
nsistors
more tra
roduced
world p
2007) the nor R&I
ear (
CEO, Tele
quot;Last y
Haugli,
orns”
an rice c Christian
th – Hans

“In thre
e to fiv
e years
devices
we will
in our v interac
– Mari icinity” t with t
e Auste o 30-50
nstaa, C
onnecte
d Objec
ts, Tele
nor R&I

21

“The speed of technology”
The speed of development
!

source: Gerhard Fettweis, TU Dresden

Do you remember: “There might be a need for 5
!
computers” (1943 Watson(?), 1951 Hartree)
Mobile: NMT, GSM, GPRS, EDGE, UMTS, 3G, HSDPA,
!
SMS, EMS, MMS,... DVB-H,...
22

Mobile Phone and Sensors
N. Arora, Google Europe Manager [Oslo Innovation
!
Week]:
By 2012, iPods ... be capable of holding all music
–
you will ever hear in your life (or one year of video)
By 2018 it can hold all videos ever produced
–

This speed will continue until 2025 [ITRS Roadmap]
!

23

!
Week]:
–
–

!

Imagine a device, which
!
will save all the conversations you ever had
–
will record all the environments you have ever been in
–
identity all people you have ever talked to and remember what
–
you talked about

23

!
Week]:
–
–

!

Imagine a device, which
!
will save all the conversations you ever had
–
will record all the environments you have ever been in
–
identity all people you have ever talked to and remember what
–
you talked about

“Your Mobile will do”
!

23

Let’s get at deep breath....

and see what we can do
about it

24

Recall
Lessions learned
Definitions of Privacy, Identity, Trust, Reputation,....
!

“It all begins with the radio”
!
location, device identity
–
eavesdropping, phishing, man-in-the-middle, forging
–

The user providing all kinds of information
!
social networks, service providers, ...
–

25

Challenge
Challenge: Manage the Privacy 2.0 Bermuda Triangle
Manage the Privacy 2.0 Bermuda Triangle

Data is
everywhere

User’s
Privacy

Vulnerable
High value of
technology
personal data
Source: Stefan Weiss, Deloite & Touche, 2007
26
19 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft

Privacy Requirements
“How much will it cost me if my privacy gets compromised?”
•see: lost mobile phone, security of your house
Examples of
•take appropriate measures Services
VPN, !/$

email, photo

Network access

27

Protecting the identity?

8 million US residents victims of identity theft in 2006
!
(4% of adults)
US total (known) cost of identity theft was $49 billion
!
~10% was paid by customers
–
remaining by merchants and financial institutions
–

Average victim spent $531 and 25 hours to repair
!
for damages Source: Lasse Øverlier & California Office of Privacy Protection

ID theft in seconds
http://itpro.no/art/11501.html

28

2nd lecture
Personalisation, tips and tricks
Personalisation of service, why?
!

The role of the mobile phone
!
Seamless authentication
–
Payment and access
–

Protection mechanisms
!
Legal issues
–
Tips and tricks
–
–

29

User profiles/profiling -
“We have heard that before, nothing has
happened”
Complexity is ever increasing -> Need for reduction
!

Technology is in place -> Semantics, Web Services,...
!

Research projects address adaptation of services towards
!
user needs

Mobile phones are becoming the source for Internet and
!
Service access
– 20-30 % of all phones worldwide will be smartphones by
2009
– 30 % of mobile users in the Nordic will receive push
content by 2010
Market need for personalisation: “Mobile advertisement has
!
to fit to the user, otherwise it will fail completely” Phone Evolution, April 2007]
[Movation White Paper, Mobile
30

User profiles/profiling -
“Nobody is willing to pay for it”

“Mobile advertisement is 1000 to 10000 times more valuable
!
as Internet advertisement” [Bjarne Myklebust, NRK]

“The chances of annoying customers through mobile
!
advertisements are high. Mobile advertisements have to fit.”
“Mobile advertising isn’t only hot, it’s on fire.” [Bena Roberts,
!
GoMo News]

Operators launch mobile advertisement companies (Telenor)
!

31

My phone collects all my security

SIM with
NFC & PKI

32

Mobile Services, incl. NFC
• NFC needs next
• Focus in 2008 on
generation phones
mobile web
• S60, UIQ, ...
• Push content upcoming
• Common Application
development
• Integrated
SMS authentication Mobile Web
Push content NFC payment
60
development
45

30

15

0
2006 2008 2010
Expected customer usage [%] “have tried” of
mobile services in the Nordic Market

[“Mobile Phone Evolution”, Movation White paper, May 2007]
33
Josef Noll, “Who owns the SIM?”, 5 June 2007

Operator supported service access

Seamless
Authentication authentication
provider

34


Seamless
provider

Service
access

34


Seamless
provider

Service Physical
VPN
access access

34


Seamless
provider

Home
Service Physical access, .mp3,
VPN
access access .jpg

34

Mobile Phone supported access
SMS one-time password
!

MMS, barcode
!

eCommerce (SMS exchange)
!

Network authentication
!
WAP auto access
!

Applets: PIN code generation
!
(Bank ID)
Future SIM
! Photo: Spanair
35

WAP gateway

Source: Erzsebet Somogyi, UNIK
36

WAP gateway

HTTP request
94815894

36

WAP gateway

HTTP request
Hash
94815894

36

WAP gateway

HTTP request HTTP request
Hash
94815894 !quot;#$%&'()*+,-.//

36

WAP gateway

HTTP request HTTP request
Hash
94815894 !quot;#$%&'()*+,-.//

Pictures for ’rzso’.
Password:1234
sID: cTHG8aseJPIjog==
36

Banking
from the mobile phone
Security considerations
! Equally secure as SMS Welcome Josef:
(get your account status) SIM authentication
! Easy to use
! Advanced functionality
through PIN (if required)
quot; Seamless phone (SIM)
authentication
! Advanced security when
required
BankID or
–
NFC
communication
PIN
– unit

NFC2
SIM
SIM
Smartcard interfaces
ISO/IEC 7816

37

Banking
! Easy to use
through PIN (if required) Information:
Using SIM,
authentication no customer input
! Advanced security when required
required
BankID or
–
NFC
communication
Account status
PIN
– unit

NFC2
SIM
SIM
ISO/IEC 7816

37

Banking
! Easy to use
Advanced
through PIN (if required) Information: functionality
Using SIM,
authentication BankID or PIN
no customer input
(double security)
! Advanced security when required
required
BankID or
–
Transfer,
NFC
communication
Account status
PIN
– unit
payments
NFC2
SIM
SIM
ISO/IEC 7816

37

MyBank example:

User incentive:
! “My account is just one
click away”
! “enhanced security for
transactions”
quot;Phone (SIM) authentication
quot;Level 2 security through
PKI/BankID/PIN?

38

RFID and NFC
example: Birkebeiner

Online information to mobile
!
phone
Could be used for photo, video,
!
etc
39

NFC –
Near field communication
Based on RFID technology at 13.56
! • ECMA-340, ISO/IEC 18092 &
MHz ECMA-352, …standards
Typical operating distance 10 cm
! • Powered and non-self powered
devices
Compatible with RFID
!

Data rate today up to 424 kbit/s
!

Philips and Sony
!

Photo: Nokia
40

NFC is ...
RFID at 13.56 MHz
!
RF (modem) and protocolls
!

41

NFC is ...
Passive operation:
RFID at 13.56 MHz
!
1) Phone=Reader has static
! magnetic field
2) Tag acts as resonator, “takes
energy” ~1/r^6

41

NFC is ...
Passive operation:
RFID at 13.56 MHz
!
1) Phone=Reader has static
! magnetic field
2) Tag acts as resonator, “takes
energy” ~1/r^6
1

Power decrease of static and electromagnetic ﬁeld

0,75

0,5

1/r^2

0,25

1/r^6
0 0,8 1,6 2,4 3,2 4 4,8 5,6 6,4 7,2 8 8,8 9,6

41

NFC use cases
Payment and access
!
include Master-/Visacard in the phone
–
have small amount money electronically
–
admittance to work
–

Service Discovery
!
easy access to mobile services:
–
Web page, SMS, call, ...
local information and proximity services (get
–
a game)
Ticketing
!
Mobile tickets for plain, train, bus:
–
Parents can order and distribute, ...

Source: Nokia 6131 NFC Technical Product Description
42

NFCIP-2 Interface and protocol
Proximity Card Vicinity Card
NFC device
Reader Reader

Interface
Standards

ECMA-340 ISO/IEC 14443 ISO/IEC 15693
PCD mode VCD mode
(MIFARE, FeliCa) (facility access)
43

NFC device
Reader Reader

NFC ECMA-340

Interface
Standards

YES
340 okay

PCD mode VCD mode
43

NFC device
Reader Reader

Interface
Standards

PCD mode VCD mode
44

NFC device
Reader Reader

Interface
Standards

NO
15693 okay

PCD mode VCD mode
44

The radio
NFC and privacy
NFC is “as bad” as
!
your contactless Master and Visa card
–
your passport
–

Typical reading distance up to 4 cm (for activation)
!
Eavesdropping possible under operation (1/r^2),
!
encrypted communication
–

45

The radio
NFC and privacy
NFC is “as bad” as
!
your contactless Master and Visa card
–
your passport
–

Typical reading distance up to 4 cm (for activation)
!
Eavesdropping possible under operation (1/r^2),
!
encrypted communication
–

Passport
USA: passport can only be read when
!
opened
European passport: just place it on NFC
!
reader
45

New current SIM to Future SIM
visions GlobalPlatform
From Real Estate 3.r
ionsfor mobile / UICC GlobalPlatform’s Party sec. dom
vision
Real Estate 3.rd
! To comply with 3G networking requirements
UICC Party sec. domains
(USIM)
vision
Security features (algorithms and protocols),
–
longer key lengths
GSM uses EAP SIM: client authentication
–

UMTS uses EAP AKA: Mutual authentication
–

3rd party identities
!
ISIM application (IMS)
–

Current Telenor private user identity
On-board On-board –
WEB server ! WEB server !
SIM (UICC) card one or more public user
–
(from 2001) identities
Multi-
Multi-
Thread
Plus ETSI SCP– Long term secret
Thread
Plus ETSI
3 new phys IFs:
3 new phy
12 Mb/s USB
SUN
2009?
12 Mb/s
SUN
(Java) NFC (SWP)
2009?
Source: Judith Rossebø, Telenor
(Java) NFC (S
46

Network privacy
GSM
!
client-based positioning allows user to take control
–
trustworthy operators?
–

WLAN
!
open for all kinds of attacks
–
example: TraceRoute for exposing packet origin
–
encrypted communication and more....
–

Bluetooth
!
are you afraid, then switch it off
–
I leave it on, danger for getting tapped is rather small
–

Social Network
!
Web tools, e.g. search present significant privacy
!
issue 47

Do you know Freddie Staur4?

Do you know Freddie Staur4

• Sophos Facebook ID probe shows 41% of users happy
to reveal all to potential identity thieves
• Research highlights dangers of irresponsible behavior on
social networking sites

www.sophos.com/facebook, Survey among 200 randomly chosen Facebook users, August 2007.
4

13 Web 2.0 Expo Berlin 2007 ©2007 Deloitte & Touche GmbH Wirtschaftsprüfungsgesellschaft
Source: Stefan Weiss, Deloite & Touche, 2007
48

Privacy is not about ...
Privacy is not about getting your private space

Sources: isolatr.com; Stefan Weiss,Aug 2008, & Touche, 200749
19. Deloite Josef Noll
Privacy Issues


50


Switching off the lights

50

Private Sphere and Privacy
Directive 95/46/EC of the European parliament
Data must be fairly and lawfully processed
!
They must be processed for prior specified and
!
limited purposes
Adequate, relevant and not excessive
!
Accurate
!
Not kept longer than necessary
!
Processed in accordance with the data subject’s
!
rights
Secure
!
Not transferred to countries without adequate
!
protection

51

And the law might be applicable
to Google

Google has to obey Norwegian law
! Art. 29-group looks how privacy is
handled in the EU
! “Google is using cookies on PCs”
thus they use equipment physically
located in an EU state
! Art. 29 is valid for everyone using
equipment in an EU state, thus
also Google
52

Tips and Tricks
If you put your data into the social networks, it is your
!
responsibility
Security, Your data, Anonymity, .....
!

53

Specialized Privacy Probes
!Wiretap
!Web Bug + JAVA code
!Retrieve e-mail comments
!Retrieve mailing list

!Computer Triangulation
!Pinpoint physical location
• Country and City (90% accuracy)
• ZIP code (possible)

Source: Thomas Hintz, “Prrotecting your Internet Privacy”
University of Florida © IFAS Information Technology, 2002

Privacy Solutions
http://notebook.ifas.ufl.edu/privacy/

All are free
For home use…

Some are free
For education sites

(check the license)


Anonymous web surfing

! Internet Explorer plug-in
! FREE – cannot visit secure sites
! Blocks IP address
! Blocks cookies
http://www.anonymizer.com/

Encrypted e-mail

Pretty
Good
Privacy

Encrypted e-mail
GPG
(GNU Privacy Guard)
is a PGP compatible alternative
replacement based on the
OpenPGP standard

Pretty
Good
Privacy
http://www.gnupg.org/

Avoiding web spambots
!Do not use “ mailto: ” TAG
unless encoded –
mailto:hintz@ufl.edu

Source: Thomas Hintz, “Protecting your Internet Privacy”

unless encoded –
!Use a graphic
!Use a graphic @ symbol
!Use TABLE
!Spell out address


unless encoded –
!Use a graphic hintz@ifas.ufl.edu
!Use TABLE
!Spell out address


unless encoded –
!Use a graphic hintz@ifas.ufl.edu
!Use TABLE
!Spell out address

!hintz AT ifas.ufl.edu
!hintz AT ifas DOT ufl DOT edu
!hintz@ifasNOJUNK.ufl.edu (remove NOJUNK)

Would you give personal
information to strangers?


24%
of users have
supplied false
information


24%
of users have
supplied false
information

Create a
Virtual User
John Smith
7/7/77
blue eyes
red hair


24%
of users have Provide accurate
supplied false
personal information
information

ONLY
Create a
Virtual User
if appropriate for the
John Smith
services requested.
7/7/77
blue eyes
red hair


!quot;#$%#&%%'#("&)*+,)-
Anonymity is a shield from the tyranny of the majority.
- US Supreme Court decision No. 93-986, April 19 1995

but what ....
!

! !
Source: Lasse Øverlier, “Anonymity, Privacy and Hidden Services”
60

!quot;#$$%&'()*+',*-$%./-0%#)%01
“Disabling traffic flow analysis”
!

What can be resolved?
!

who communicates to/with whom
!

who communicates when
!

activity type
!

movement
!

chain of command
!

type of information
!

! !
61

!quot;#$%&'$&'quot;'()*+($#quot;,-.
We need to distribute trust quot;#$%&'
!

Use an anonymizing network
!

Independent nodes
!
+0
+,
Encrypted tunnels
!

+-
using (perfect) forward secrecy
!
+.
+/
changing appearance of data
!

Any user, or server, of the
!
+2
+1
network can be the originator 3&4&56$7$&8!&%'94):

torproject.org
(%)*%)
! !

62

And we have not talked about
Semantic technologies “the Web of
!
Services”

the car and future car2x communication
!

and what about all the sensor networks
!

who takes care of my data
!
63

Semantic Web Services

Dynamic

Semantic Web
WWW
Static RDF, RDF(S), OWL
URI, HTML, HTTP

Syntactic Semantic
source: Juan Miguel Gomez, UC3M
64


Web Services
Dynamic
UDDI, WSDL, SOAP

Semantic Web
WWW
URI, HTML, HTTP

Syntactic Semantic
64

Bringing the web
to its full potential

Intelligent Web
Web Services
Dynamic
Services
UDDI, WSDL, SOAP

Semantic Web
WWW
URI, HTML, HTTP

Syntactic Semantic
64

Semantics in Business:
Enable a paradigm switch in searching information
!

From
!
Information Retrieval
–

To
!
Question Answering
–

65

!

Google: “Josef Noll”
From
!
–

To
!
Question Answering
–

65

!

Google: “Josef Noll”
From
!
–

Why did Josef Noll come to
Norway?
To
!
Question Answering
–

“It is important to educate
female engineers, ...”

65

ITEA-Wellcom project
Future TV

source: Sony

And some of the partners working on tomorows TV experience:

66

ITEA-WellCom.org
TV today and tomorrow
Content

TV

STB

67

ITEA-WellCom.org
Content
Service

TV

BT

STB
NFC

67

ITEA-WellCom.org
Content
Service
Trust &
Personalisation
Provider
Commun-
Service
ication
adaptation

Context
(jabber)

TV

BT

STB
NFC

67

Third party business model
• Media,
• Banks, Service providers
Content
provider
• Telecom, Corporate, Home

Service Payment
aggregator provider

Identity and
personalisation
provider
Customer
Authentication
care
and Access
provider

68

• Media,
Content
provider

Service Payment
aggregator
• Service aggregator
provider

• Convenient interfaces
• Ease of use
Identity and
personalisation
provider
Customer
Authentication
care
and Access
provider

68

• Media,
Content
provider

Service Payment
aggregator
• Service aggregator
provider

• Convenient interfaces
• Ease of use
Identity and
personalisation
• Identity and personalisation
provider
provider
Customer
Authentication
care
and Access • Convenience
provider
• Trust

68

The secure element:
SIM card

Identity and
personalisation Service
Authentication
provider aggregator
and Access
provider
Send key and Send info to
credentials recipient

NFC
communication
Send service to
unit

phone
NFC2SIM

SIM
ISO/IEC 7816


The secure element:
SIM card

Identity and
personalisation Service
Authentication
provider aggregator
and Access
provider
Send key and Send info to
• SIM is secure credentials recipient

element NFC
communication
Send service to
unit
• controlled environment phone
NFC2SIM
• over-the-air update
• open for applications
SIM
ISO/IEC 7816

• SIM will be owned
by user
• managed by trusted
third party


Challenges and Benefits

200 Convenience
How insecure is the
of usage
Internet?
Will the phone be the only
150 secure element?

100 Visa and Mastercard
enable convenient small amount
purchases
Are Google, facebook
and flickr more trusted than telecom
50 operators?
Dynamic service environment?
On-the-fly creation of services?
0
2006 2008 2010
Telco favourite Third party favourite 70

Conclusions
• “The last time we were
connected by a wire was at
birth!” [Motorola]
• The service world is wireless
– Q: “what is if you loose your
phone?”
– A: “A real crisis in life!”
• Easy access to devices and
services, dependent on the
context of the user

• Challenges
– get control of complexity
– get people understanding what
they are doing and us
understanding people
http://wiki.unik.no
!

71

Thanks to contributions from
My PhD students György Kálmán, Mohammad M. R. Chowdhury
!

Lasse Øverlier, “Anonymity, Privacy and Hidden Services”, PhD thesis at
!
University of Oslo
Stefan Weiss, “Your Users’ Privacy”, Deloite & Touche, 2007
!

Thomas Hintz, “Protecting your Internet Privacy”, University of Florida, http://
!
notebook.ifas.ufl.edu/privacy/
Wikipedia; Dick Hardt, Identity 2.0
!

Erzsebet Somogyi, UNIK - now CanalDigital.no; Judith Rossebø, Telenor
!

Movation - White paper 'Mobile Phone Evolution', April 2007
!

GPG(GNU Privacy Guard), based on PGP http://www.gnupg.org/
!

Anonymizer http://www.anonymizer.com/
!

Tor network, http://www.torproject.org
!

The New York Times, Sony Europe, Facebook; isolatr.com
!

Heung-Gyoon Ryu from Chungbuk National University, Korea
!

ID theft in seconds, itpro.no
!

72

Privacy issues in network environments

Recomendados

Recomendados

Más contenido relacionado

Destacado

Destacado (7)

Más de Josef Noll

Más de Josef Noll (15)

Último

Último (20)

Privacy issues in network environments