Title: Security
1Security
First Steps Towards a Secure Architecure
WU5 Meeting, 30 March 2001 Iwan van
Ophem vanophem_at_cs.utwente.nl
2Security
Security Thing that guards or guarantees safety
of State, company, etc., against espionage,
theft, or other danger. Concise Oxford
Dictionary of Current English, 7th ed.
3Security
Three quality aspects of Data Mich99
- Confidentiality
- Integrity
- Availability
I would like to add
4Security
Information Protection Whole of mechanisms and
procedures that (as adequate as possible) comply
to the demands of confidentiality, integrity,
availability and authentication of information
provisioning. translations from Informatie
Beveiliging. Een blik achter de schermen,TRC,
1994
5Security
The issue is not to make the Architecture 100
secure but rather to make it enough secure for
its purpose!
6Security
Purpose of the PBAarch Allow customers to pay to
their own ISPs for services and/or content
delivered to them from various providers (of
content), while these providers will receive
these payments from their own ISPs. The ISPs
will settle their financial arrangements at the
end of every billing period. Provider Based
Accounting Service For Streaming Video on
Demand, Róbert Párhonyi (Draft)
7Security
- Current Situation
- User are related/subscribed to their own ISP
- Content Providers are contracted to their own
ISP - ISPs should provide an Accounting Payment
Service - Users may use the Accounting Payment Service
- ISPs settle financial agreements periodically
Two security aspects Accounting Payment
Accounting Payment Services are based on TRUST
8Security
In the early days people shook hands, as a sign
for the absence of weapons. Clinking
glasses evolved from pouring wine back and forth
to prove it was not poisoned.
Future
Cooperative Behavior
What is Trust?
Trust is the chicken soup of the social
sciences. It brings us all sorts of good things
- from a willingness to get involved in our
communities to higher rates of economic growth
to making daily life more pleasant.Yet, like
chicken soup, it appears to work somewhat
mysteriously Eric Uslaner
Trust is the expectation that arises within a
community of regular, honest, and cooperative
behavior, based on commonly shared norms, on the
part of the members of that community Francis
Fukuyama
9Security
Cooperative Behavior
Trust
Future
10Security
Level of Trust
Simplicity
Transparency
Both parties are willing to do business with
eachother
Technology
Technology
Policies Law
Policies Law
11Security
People are usually skeptic about Technology
and The Law. Sometimes they just lack trust...
Secondary Trust Issues
Trust in The Law
Trust in Technology
- Secure Mechanisms
- Certificated Technology
- Provide Information
- Familiarity (trust from the past)
- Prevent Cyber Crime
- Chase Cyber Crime
- Convict Cyber Crime
12Security
Client
Server
Trust Relation
Transitive Trust Relation
ISP-A
ISP-B
13Security
Secure Payment?
Trust?
How?
Secure Accounting?
14Security
Low Cost
Fast
Non Repudiation
15Security
Accounting Issues (example)
Aspects
Influence
- Masquerade
- Corruption
- Fabrication
- Replay
- Loss
- Disclosure
- Repudiation
- Intentional Misrouting
- Traffic Analysis
- Denial of Service
- TTPs
- Client
- Content Provider
- ISPs
- Chance for Threat
- Priority of Threat
- Cost
- Speed
- Processing Power
- Organizational
- Etc
16Security
Problem
Threats, Priorities, Chances for mishaps, etc.
They differ for
- Micro Payments
- Low Value Payments
- High Value Payments
- Trust Mechanisms
- Accounting
Conclusion
Choices have to be made...
17Security
Next Step
- Map all Interactions between the entities
- On a scenario base the threats will be derived
- Choose the treats to be solved by security
Payment based, Accounting based, Trust, All
18Security