The Challenges of Online Identity Assurance in a Judicial Setting Alison Knight, Supervisors: Prof. Steve Saxby (Law) & Dr. Mark Weal (ECS) Law ILAWS dog.

Slides:



Advertisements
Similar presentations
Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.
Advertisements

Digital Identity is a set of attributes of a person or company in a specific domain. An entity has multiple Digital Identities. Identity is a set of attributes.
1 Jan 2013 © Health Level Seven International ®, Inc. All Rights Reserved. HL7 International and Health Level Seven International are registered.
Identity Assurance at Virginia Tech CSG January 13, 2010 Mary Dunker
Functional component terminology - thoughts C. Tilton.
Lecture 23 Internet Authentication Applications
Authentication & Kerberos
INFORMATION TECHNOLOGY LAW LECTURE 3- ELECTRONIC SIGNATURE Dr. Kadir Bas.
The key aim for the week is: To ensure children are able to recognise and challenge bullying behaviour wherever it happens - whether face to face or in.
A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
User Managed Privacy Using Distributed Trust Privacy and Security Research Workshop Carnegie Mellon University May 29-30, 2002 Lark M. Allen / Wave Systems.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
CSE331: Introduction to Networks and Security Lecture 24 Fall 2002.
Wildman Harrold | 225 West Wacker Drive | Chicago, IL | (312) | wildman.com Wildman, Harrold, Allen & Dixon LLP Identity Management: The.
Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.
Republic of Sudan Ministry of Telecoms & Information Technology National Committee for Digital Certification ELECTRONIC ID IN ONLINE ADMISSION FOR UNIVERSITIES.
Masud Hasan Secure Project 1. Secure It uses Digital Certificate combined with S/MIME capable clients to digitally sign and.
Virtual Private Networks Alberto Pace. IT/IS Technical Meeting – January 2002 What is a VPN ? u A technology that allows to send confidential data securely.
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
Information Security for Managers (Master MIS)
Identity Management Report By Jean Carreon and Marlon Gonzales.
Architectural Considerations for GEOPRIV/ECRIT Presentation given by Hannes Tschofenig.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
A DESCRIPTION OF CONCEPTS AND PLANS MAY 14, 2014 A. HUGHES FOR TFTM The Identity Ecosystem DISCUSSION DRAFT 1.
OHT 11.1 © Marketing Insights Limited 2004 Chapter 9 Analysis and Design EC Security.
Identity Assurance Services For Preventing Identity Theft Bob Pinheiro Robert Pinheiro Consulting LLC
Possible elements of the technical standards Pre-sessional consultations on registries Bonn, 2-3 June 2002 Andrew Howard UNFCCC secretariat
Logo Add Your Company Slogan China Financial Certification Authority Third-party certification authority Team 13 :吉露露、吴莹莹、潘韦韦 ( CFCA )
Le Trong Ngoc Security Fundamentals Entity Authentication Mechanisms 4/2011.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.
Preparing for and Conducting Election Day: John Bennett Greater London Returning Officer Systems and Logistics.
You Can’t Get There From Here! Prof. Neil Barrett BCS Oxford – 29 th Nov
Identity Crisis: Global Challenges of Identity Protection in a Networked World Alison Knight.
Ning Zhang, the University of Manchester, UK David Groep, National Institute for Nuclear and High Energy Physics, NL Blair Dillaway, OGF Security Area.
Lecture 13 Page 1 Advanced Network Security Authentication and Authorization in Local Networks Advanced Network Security Peter Reiher August, 2014.
Introduction to Biometrics Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #18 Biometrics Applications - III October 26, 2005.
Anonymity on Web Transaction Department of Computer Science Ball State University Research Methods - CS 689 Uday Adhikari 7 th Dec
UNIT 12 The Internet By Nahed AlSalah 1 Computer Terminologieg unit12 Nahed AlSalah.
Kerberos Guilin Wang School of Computer Science 03 Dec
Codes & Ciphers Ltd 12 Duncan Road Richmond, Surrey TW9 2JD Information Security Group Royal Holloway, University of London Egham, Surrey TW20 0EX Impersonation.
Fraudsters’ Accounts Malek Costa, CPA Head of Group Compliance BLOM Bank sal.
Security & Privacy. Learning Objectives Explain the importance of varying the access allowed to database elements at different times and for different.
Protecting Yourself on Social Media – Friend Requests And Messages.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Internet safety By Kenan.  Viruses are written by malicious programmers who wish to cause problems for other computer users.  The primary source of.
INTRODUCTION TO BIOMATRICS ACCESS CONTROL SYSTEM Prepared by: Jagruti Shrimali Guided by : Prof. Chirag Patel.
Access Control / Authenticity Michael Sheppard 11/10/10.
Digital Marketing For Small Business Today’s Topic: Social Media Marketing.
1 Pertemuan 8 Internal Control System Matakuliah:A0274/Pengelolaan Fungsi Audit Sistem Informasi Tahun: 2005 Versi: 1/1.
Attribute Delivery - Level of Assurance Jack Suess, VP of IT
User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.
Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.
LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.
Content Introduction History What is Digital Signature Why Digital Signature Basic Requirements How the Technology Works Approaches.
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Identity and Access Management
Online platforms Brussels, September 2016.
Pooja programmer,cse department
Laws for Secure Credentialing
The main cause for that are the famous phishing attacks, in which the attacker directs users to a fake web page identical to another one and steals the.
Unit# 5: Internet and Worldwide Web
Security Mechanisms Network Security.
Presentation transcript:

The Challenges of Online Identity Assurance in a Judicial Setting Alison Knight, Supervisors: Prof. Steve Saxby (Law) & Dr. Mark Weal (ECS) Law ILAWS dog judge! Welcome User 39 … Who are you today? …

Our life in data… from cradle to grave The potential to chronicle individual lives exceeds anything previous in human history The ‘datafication’ of our lives involves a large ecosystem of participants, including identity intermediaries

Identity assurance is characterised by identification and authentication processes Authentication is the process of associating attributes with a known entity 1-factor authentication 2-factor authentication 3-factor authentication Self-assertion Third party verification Direct verification Detailed direct verification The user makes a self-assertion of identity and there are no checks Verification of identity is direct and detailed (e.g. for passport) Verification of identity is direct (e.g. background check of clients) Verification is left to third party (e.g. phone number) Identification is the process that makes known an entity in a given domain 1) ISO/IEC Strong Digital Identities are characterised by a process of identification and authentication that is able to ensure the verification of the data provided by the individual and the secure authentication to its user profile Soft Digital Identities, although sometimes they are used for commercial transactions (i.e. Amazon), do not require identification and authentication processes with high security levels (e.g. Social Networking Sites). These soft identities normally consist of a user name and a password plus several attributes needed to use the specific services Strong Digital Identities are characterised by a process of identification and authentication that is able to ensure the verification of the data provided by the individual and the secure authentication to its user profile Soft Digital Identities, although sometimes they are used for commercial transactions (i.e. Amazon), do not require identification and authentication processes with high security levels (e.g. Social Networking Sites). These soft identities normally consist of a user name and a password plus several attributes needed to use the specific services + - Level of trust The authentication is done through something that you know, or you have (i.e. password) The authentication is done through something that you know and you have (i.e. token and PIN) The authentication is done through something that you know, you are and you have (i.e. token, PIN, biometric)

What is the problem for the courts?

Research scope: example – how do the courts authenticate authorship of a piece of social media text? Direct evidence Circumstantial evidence Court Individual A? Presented by Individual B impersonating Individual A?

Technical challenges of authenticating authorship of online text How do courts establish who is behind the keyboard? O Basic traceability issues Who is behind an IP address? Can you fake ‘metadata’ (machine-generated data about data)? O The ‘account owner’ gap Who uses an account? Passwords are poor identifiers

Research value – trending now… “ Social media (criminal law, evidence and procedure): The criminal law and criminal rules of evidence and procedure may not have kept pace with the technological and social developments flowing from the rapid and widespread take- up of social media, such as Twitter and Facebook. …There are evidential challenges, for example in proving authorship and in relation to the technology used to generate and communicate messages through these media.” Law Commission 2013, consultation for 12 th programme of law reform, c start? “In relation to the problem of matching internet protocol addresses [to particular internet users], my Government will bring forward proposals to enable the … investigation of crime in cyberspace.“ (Background briefing note: “…need to know who used a certain IP address at a given point in time”) Queen’s Speech to Parliament in 2013

Thank you for listening Comments & Questions? More information at:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.