Andreas Leicher

Trust in M2M communication

Machine-to-machine (M2M) communication is viewed as one of the next frontiers in wireless communications. M2M communication applications and scenarios are growing and lead the way to new business cases. Because of the nature of M2M scenarios, involving unguarded, distributed devices, new security threats emerge. The use case scenarios for M2M communication also address the new requirement on flexibility, because of deployment scenarios of the M2ME in the field. We believe that these new requirements require a paradigm shift. One important pillar of such a shift will be a new, more balanced mix of device-centric trust and traditional enforcement of security properties.

Implementation of a Trusted Ticket System

Trusted Computing is a security technology which enables the establishment of trust between multiple parties. Previous work showed that Trusted Computing technology can be used to build tickets, a core concept of Identity Management Systems. Relying solely on the Trusted Platform Module we will demonstrate how this technology can be used in the context of Kerberos for an implementation variant of Identity Management.

Smart OpenID: A Smart Card Based OpenID Protocol

OpenID is a lightweight, easy to implement and deploy approach to Single Sign-On (SSO) and Identity Management (IdM), and has great potential for large scale user adoption especially for mobile applications. At the same time, Mobile Network Operators are increasingly interested in leveraging their existing infrastructure and assets for SSO and IdM. In this paper, we present the concept of Smart OpenID, an enhancement to OpenID which moves part of the OpenID authentication server functionality to the smart card of the user’s device. This seamless, OpenID-conformant protocol allows for scaling security properties, and generally improves the security of OpenID by avoiding the need to send user credentials over the Internet and thus avoid phishing attacks. We also describe our implementation of the Smart OpenID protocol based on an Android phone, which interacts with OpenID-enabled web services.

Scalable Trust Assessment and Remediation of Wireless Devices

In large scale deployments of partly autonomously communicating and connecting network elements, such as the Internet of Things and machine-to-machine devices, trust issues have new qualities. Concurrently, end-user devices are technically open platforms, and also pose security threats on a large scale to users and networks. Thus, fault detection and remediation methods become costly. It is a key challenge to balance the requirements of scalability and cost-effectiveness with desired fine-grained checks and remote remediation. Current technologies, such as Trusted Computing Group’s Trusted Network Connect and Open Mobile Alliance’s Device Management Standards, may not be an ideal fit to the requirements. Extensions like property-based attestation (PBA) are promising, but may require special infrastructure and/or further standardization. We consider an architecture for Platform Validation and Management (PVM) in which designated network entities protect the access network by remotely validating devices before they are allowed to authenticate and gain access. We propose methods to diagnose devices with a granularity which allows also attachment even with partial functionality and methods to remediate faulty devices remotely, i.e., bring them back into a known good state. This approach requires some separation of tasks between network PVM entities and trusted functionalities on devices [1, 2]. Our generic and efficient approach to PVM, rests on three key ingredients: