SlideShare a Scribd company logo
1 of 25
Download to read offline
OTa 2011 Workshop
Security enablers at ericsson
Labs
This is Ericsson




             Ericsson’s first telephone, 1878                            World’s first LTE network, 2009

› We no longer manufacture phones (Sony-Ericsson does)
› More than 40% of the world's mobile traffic passes through Ericsson
  networks
› We have customers in more than 180 countries and over 98,000
  employees
› We are largely a software company

 OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 2
What is Ericsson labs?
Experimental
> Early technology trials



Open innovation
> Apis for new technologies



creativity
> New innovation by developers



50 bn connected devices
> m2m service enablers




     Simplify                                                           Provide         Converse
Hide cloud complexity                                        Easy to use APIs/SDKs    Experts support

Low barriers to entry                                        Early & perpetual beta   Feedback




OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 3
ericsson labs APIs
      Maps & positioning                                          communication                                  security


     3D            Mobile        Mobile                  SMS Send &       Mobile     Group Voice   Mobile Web Security           Oauth2
  Landscape       Location       Maps                     Receive         Push                          Bootstrap      CAPTCHA Framework
                                                                                        Mixer




     Web                                                     Async                                 Identity Management            Key Management
     Maps                                                    Voice                                      Framework                     Service


       Web technologies                                       Media and graphics                    User & network information



                                                           Face          Streaming   Converting           Mobile        Mobile Network    Network
   Web                   Web Background
                                                          Detector                     Media
Connectivity EventSource    Service
                                                                           Media                       Identification     Look-up
                                                                                                                           Look-           Probe




 Web Device     Distributed Web Real-Time
                                Real-                   Text-to-Speech
                                                        Text- to-
 Connectivity Shared Memory Communication


                                                                Machine learning                                NFC & sensors



                                                          Cluster                                  Sensor Networking                     Mobile Sensor
                                                                                                                           Tag Tool
                                                        Constructor                                Application Platform                  Actuator Link

OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 4
sim card Identification


Federated authentication


Delegated authorization


P2p key exchange
Sim card identification
                                                                                                                  1/3

› P The traditional authentication scheme
  with username/password has several
  drawbacks

› Q What if we could use the credentials
  stored on the SIM card instead?
                                                                              password 12345678
› A This is exactly what the 3GPP standard                               123456 123 winner 123456789
  GBA accomplishes. Basically, we replace                                      seinfeld 1234          12345
        – the username with the suscriber identity; and                   Top ten PlayStation Network passwords
        – the password with the subscriber key                                       (Digicure, 2011)


› The MWSB (Mobile Web Secure
  Bootstrapping) enabler allows you to try it
  out in you own web application



                                                                           Attempt to increase security through SMS
                                                                                           verification
 OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 6
Sim card identification
                                                                              2/3




1. The client bootstraps (using the SIM card) with the GBA server and
   obtains a key (Ks_NAF)
2. The client authenticates itself to the web app using HTTP(S) digest with
   the key as password and a temporary identifier (B-TID) as username
3. The web application sends the identifier to the GBA server, receives the
   key, and validates the client supplied password
OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 7
Sim card identification
                                                                                  3/3




  Pros: High security, convenient for the user, standardized
  Cons: Currently not supported by browser – forced to rely on plugin, applet, or re-
   compile browser engine
OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 8
sim card identification


Federated authentication


Delegated authorization


P2p key establishment
federated authentication
                                                                                                         1/3

› P Password management is costly for site
  owners and user experience is negatively                                                           s
  affected due to differing password policies                                                    tion
                                                                                           i   ca
                                                                                        ent
› Q What if site owners could delegate                                                th
                                                                                 au
  authentication to a trusted party where
  authentication can be enforced to be strong?

› A This can be achieved with the OpenID
  protocol where the OpenID Provider acts as
  the trusted party. The security can be further
  improved by combining OpenID with SIM
  based identification.

› The Identity Management Framework on
  Ericsson Labs is running an OpenID
  provider which your web app can use
  (instructions and Java code available)

                                                                          delegated authentication
 OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 10
federated authentication
                                                                                                              2/3




                                                                         How the user authenticates (4) is
                                                                         intentionally left unspecified and both
                                                                         username/password and SIM based
                                                                         identification can be used.




OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 11
Federated authentication
                                                                                                                      3/3




                                                         We




                                                                          Traditional username/password

                                                                         Modified WebKit   GBA applet    GBA plugin




                                                                            SIM based identification (automatic)

OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 12
sim card identification


Federated authentication


Delegated authorization


P2p key establishment
Delegated authorization
                                                                          1/3

› P Users are willing to share limited portions
  of the data but without losing control over
  who is accessing the data and what part of it
  is being accessed.
› Q Why not use a standardized token based
  delegation pattern?

› A Oauth is a IETF effort to standardize and
  isolate the delegated authorization. Making it
  simpler to re use both code and know-how
  about how authorization is handeled.




 OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 14
Delegated authorization
                                                                                                           2/3

Authentication OP
   Server     GBA
                                                                                     Scope     Protected
                                                                                               Resource
                                  ClientID                                 RP
                                  ClientSecret
                                                                          Authorization        Resource
                                  CallbackURI
                                                                             Server             Server
                                                                Code
                     Webclient
                 (service provider)                                                       OauthToken


                                                                                  Authenticate
                                                                                  Authorize

                                                                           Browser

 OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 15
Delegated authorization
                                                                                   3/3
                                                                         Desktop

                                           Mobile




OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 16
sim card identification


Federated authentication


Delegated authorization


P2p key establishment
P2p key establishment
                                                                                                          1/3

› P Up until now we have only considered
  client-server applications where it is
  relatively easy to protect communications
  using TLS/SSL.

  In a P2P application where there is no
  existing trust relation between the parties
  (e.g., certificates or keys), setting up a
  secure channel is more complex.

› Q How can we enable secure, end-to-end
  communication in a P2P application?

› A With the help from a KMS (Key
  Management Server) the two parties are
  able to establish a shared secret key which
  in turn is used to setup the secure channel.
                                                                          VoIP. messaging, file sharing




 OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 18
P2p key establishment
                                                                                             2/3




             › Based on the Mikey-Ticket protocol (RFC 6043) which is designed for high security
               applications (e.g., national safety, police, etc)
             › Note that there must exist a trust relationship between each client and the KMS.
               The 3GPP recommended solution is to use the SIM card.
OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 19
P2p key establishment
                                                                                             3/3




      › The KMS API at Ericsson Labs can be used to secure any type of communication,
        for example VoIP (above figures)
      › Most of the signalling is hidden by the API. Setting up the shared secret key
        requires only a few lines of code
      › The API is written in C but can be still be used in Android using JNI (Java Native
        Interface)
OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 20
How does it all fit
        together?

                      used in                 used in


 SIM identification      Federated AuthN (OpenID)   Delegated AuthZ (OAuth)   P2P Key Est.




›The OAuth Authorization server authenticates the user using OpenID
›The OpenID Provider authenticates the user using SIM card identification
›The P2P key establishment is largely independent from the other tools
(though the peer-KMS trust relation is based on SIM card identification)
Over the Air 2011 Security Workshop
DEMO – Mashing GOOGLE LATITUDE




                                            23 APIs as of end of September 2011.


OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 23
You can try !
Demo-setup                                                                      http://eus2.fuatara.com:8080/latitude/



                                                                HTTP
                                                             REST Endpoint




           Authentication                                         Oauth                       Latitude
               Filter                                           Token Filter                 RestClient




                GMap                                              Fremarker                 Populated
               Mashup                                            Presentation               Data Model




OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 24
Q&A




                                                         Visit: labs.ericsson.com




OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 25

More Related Content

What's hot

SmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseSmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseOKsystem
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketOKsystem
 
A study of image fingerprinting by using visual cryptography
A study of image fingerprinting by using visual cryptographyA study of image fingerprinting by using visual cryptography
A study of image fingerprinting by using visual cryptographyAlexander Decker
 
SMS Passcode - Vcw Sales Presentation
SMS Passcode - Vcw Sales PresentationSMS Passcode - Vcw Sales Presentation
SMS Passcode - Vcw Sales PresentationVCW Security Ltd
 
"Mobile value-chain" by Sundeep Gupta
"Mobile value-chain" by Sundeep Gupta"Mobile value-chain" by Sundeep Gupta
"Mobile value-chain" by Sundeep GuptaAbhilash Ravishankar
 
Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Tor Björn Minde
 
Bloombase Spitfire Messaging Security Server Brochure
Bloombase Spitfire Messaging Security Server BrochureBloombase Spitfire Messaging Security Server Brochure
Bloombase Spitfire Messaging Security Server BrochureBloombase
 
My PC Mistook Me For A Hat
My PC Mistook Me For A HatMy PC Mistook Me For A Hat
My PC Mistook Me For A Hatgopikurup
 
Mdc Brochure
Mdc BrochureMdc Brochure
Mdc Brochuremartgroot
 
0c96052b28b8e9f1cf000000
0c96052b28b8e9f1cf0000000c96052b28b8e9f1cf000000
0c96052b28b8e9f1cf000000authority12
 
Telesemana ce nominum:mef
Telesemana ce nominum:mefTelesemana ce nominum:mef
Telesemana ce nominum:mefRafael Junquera
 
Wayfs and Strays - Jonathan Richardson
Wayfs and Strays - Jonathan RichardsonWayfs and Strays - Jonathan Richardson
Wayfs and Strays - Jonathan RichardsonEduserv
 
Magpie Smart Grid Software Engineering Offering
Magpie Smart Grid Software Engineering OfferingMagpie Smart Grid Software Engineering Offering
Magpie Smart Grid Software Engineering Offeringimpodgirl
 

What's hot (16)

SmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterpriseSmartCard Forum 2010 - Secured Access for enterprise
SmartCard Forum 2010 - Secured Access for enterprise
 
SmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication marketSmartCard Forum 2011 - Evolution of authentication market
SmartCard Forum 2011 - Evolution of authentication market
 
C2MS
C2MSC2MS
C2MS
 
A study of image fingerprinting by using visual cryptography
A study of image fingerprinting by using visual cryptographyA study of image fingerprinting by using visual cryptography
A study of image fingerprinting by using visual cryptography
 
10 fn s15
10 fn s1510 fn s15
10 fn s15
 
SMS Passcode - Vcw Sales Presentation
SMS Passcode - Vcw Sales PresentationSMS Passcode - Vcw Sales Presentation
SMS Passcode - Vcw Sales Presentation
 
"Mobile value-chain" by Sundeep Gupta
"Mobile value-chain" by Sundeep Gupta"Mobile value-chain" by Sundeep Gupta
"Mobile value-chain" by Sundeep Gupta
 
Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010
 
Bloombase Spitfire Messaging Security Server Brochure
Bloombase Spitfire Messaging Security Server BrochureBloombase Spitfire Messaging Security Server Brochure
Bloombase Spitfire Messaging Security Server Brochure
 
My PC Mistook Me For A Hat
My PC Mistook Me For A HatMy PC Mistook Me For A Hat
My PC Mistook Me For A Hat
 
Mdc Brochure
Mdc BrochureMdc Brochure
Mdc Brochure
 
0c96052b28b8e9f1cf000000
0c96052b28b8e9f1cf0000000c96052b28b8e9f1cf000000
0c96052b28b8e9f1cf000000
 
Telesemana ce nominum:mef
Telesemana ce nominum:mefTelesemana ce nominum:mef
Telesemana ce nominum:mef
 
Wayfs and Strays - Jonathan Richardson
Wayfs and Strays - Jonathan RichardsonWayfs and Strays - Jonathan Richardson
Wayfs and Strays - Jonathan Richardson
 
Mobile Service Edge
Mobile Service EdgeMobile Service Edge
Mobile Service Edge
 
Magpie Smart Grid Software Engineering Offering
Magpie Smart Grid Software Engineering OfferingMagpie Smart Grid Software Engineering Offering
Magpie Smart Grid Software Engineering Offering
 

Viewers also liked

Accelerating IoT
Accelerating IoTAccelerating IoT
Accelerating IoTEricsson
 
Serve the next wave - infograph
Serve the next wave - infographServe the next wave - infograph
Serve the next wave - infographEricsson
 
Iot launch
Iot launchIot launch
Iot launchEricsson
 
Ecosystem Power Plays - Tech Vision 2017 Trend 2
Ecosystem Power Plays - Tech Vision 2017 Trend 2Ecosystem Power Plays - Tech Vision 2017 Trend 2
Ecosystem Power Plays - Tech Vision 2017 Trend 2Accenture Technology
 
5G Presentation
5G Presentation5G Presentation
5G PresentationEricsson
 
Predictive Analytics for IoT Network Capacity Planning: Spark Summit East tal...
Predictive Analytics for IoT Network Capacity Planning: Spark Summit East tal...Predictive Analytics for IoT Network Capacity Planning: Spark Summit East tal...
Predictive Analytics for IoT Network Capacity Planning: Spark Summit East tal...Spark Summit
 
MARKETING TECHNOLOGY LUMAscape
MARKETING TECHNOLOGY LUMAscapeMARKETING TECHNOLOGY LUMAscape
MARKETING TECHNOLOGY LUMAscapeLUMA Partners
 
Mobile Broadband For Everyone
Mobile Broadband For Everyone Mobile Broadband For Everyone
Mobile Broadband For Everyone Rene Summer
 
The Six Distinctions of Procurement
The Six Distinctions of ProcurementThe Six Distinctions of Procurement
The Six Distinctions of ProcurementAccenture Operations
 
AI is the New UI - Tech Vision 2017 Trend 1
AI is the New UI - Tech Vision 2017 Trend 1AI is the New UI - Tech Vision 2017 Trend 1
AI is the New UI - Tech Vision 2017 Trend 1Accenture Technology
 
DMI 2017 Mobile Trends
DMI 2017 Mobile TrendsDMI 2017 Mobile Trends
DMI 2017 Mobile TrendsDMI
 
Digital Trends in 2017: Making Business Impact in a Changing World
Digital Trends in 2017: Making Business Impact in a Changing WorldDigital Trends in 2017: Making Business Impact in a Changing World
Digital Trends in 2017: Making Business Impact in a Changing WorldEdelman
 
Fjord Trends 2017
Fjord Trends 2017 Fjord Trends 2017
Fjord Trends 2017 Fjord
 

Viewers also liked (18)

Accelerating IoT
Accelerating IoTAccelerating IoT
Accelerating IoT
 
Serve the next wave - infograph
Serve the next wave - infographServe the next wave - infograph
Serve the next wave - infograph
 
Iot launch
Iot launchIot launch
Iot launch
 
Ecosystem Power Plays - Tech Vision 2017 Trend 2
Ecosystem Power Plays - Tech Vision 2017 Trend 2Ecosystem Power Plays - Tech Vision 2017 Trend 2
Ecosystem Power Plays - Tech Vision 2017 Trend 2
 
5G Presentation
5G Presentation5G Presentation
5G Presentation
 
Predictive Analytics for IoT Network Capacity Planning: Spark Summit East tal...
Predictive Analytics for IoT Network Capacity Planning: Spark Summit East tal...Predictive Analytics for IoT Network Capacity Planning: Spark Summit East tal...
Predictive Analytics for IoT Network Capacity Planning: Spark Summit East tal...
 
MARKETING TECHNOLOGY LUMAscape
MARKETING TECHNOLOGY LUMAscapeMARKETING TECHNOLOGY LUMAscape
MARKETING TECHNOLOGY LUMAscape
 
Mobile Broadband For Everyone
Mobile Broadband For Everyone Mobile Broadband For Everyone
Mobile Broadband For Everyone
 
The Six Distinctions of Procurement
The Six Distinctions of ProcurementThe Six Distinctions of Procurement
The Six Distinctions of Procurement
 
MOBILE LUMAscape
MOBILE LUMAscapeMOBILE LUMAscape
MOBILE LUMAscape
 
DISPLAY LUMAscape
DISPLAY LUMAscapeDISPLAY LUMAscape
DISPLAY LUMAscape
 
AI is the New UI - Tech Vision 2017 Trend 1
AI is the New UI - Tech Vision 2017 Trend 1AI is the New UI - Tech Vision 2017 Trend 1
AI is the New UI - Tech Vision 2017 Trend 1
 
DMI 2017 Mobile Trends
DMI 2017 Mobile TrendsDMI 2017 Mobile Trends
DMI 2017 Mobile Trends
 
Digital Trends in 2017: Making Business Impact in a Changing World
Digital Trends in 2017: Making Business Impact in a Changing WorldDigital Trends in 2017: Making Business Impact in a Changing World
Digital Trends in 2017: Making Business Impact in a Changing World
 
Fjord Trends 2017
Fjord Trends 2017 Fjord Trends 2017
Fjord Trends 2017
 
Key Digital Trends for 2017
Key Digital Trends for 2017Key Digital Trends for 2017
Key Digital Trends for 2017
 
Technology Vision 2017 - Overview
Technology Vision 2017 - OverviewTechnology Vision 2017 - Overview
Technology Vision 2017 - Overview
 
Content Marketing Predictions 2017
Content Marketing Predictions 2017Content Marketing Predictions 2017
Content Marketing Predictions 2017
 

Similar to Over the Air 2011 Security Workshop

An Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIsAn Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIsEricsson Labs
 
Mobile Web Security Bootstrap on Ericsson Labs
Mobile Web Security Bootstrap on Ericsson LabsMobile Web Security Bootstrap on Ericsson Labs
Mobile Web Security Bootstrap on Ericsson LabsEricsson Labs
 
Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Ericsson Labs
 
Distributed Shared Memory on Ericsson Labs
Distributed Shared Memory on Ericsson LabsDistributed Shared Memory on Ericsson Labs
Distributed Shared Memory on Ericsson LabsEricsson Labs
 
Mobile application platforms - Introduction
Mobile application platforms - IntroductionMobile application platforms - Introduction
Mobile application platforms - IntroductionMobileMonday Switzerland
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1changcai
 
Rebaca Technologies Corporate Overview
Rebaca Technologies Corporate OverviewRebaca Technologies Corporate Overview
Rebaca Technologies Corporate Overviewsumitkhandelwal
 
Multicore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data CentersMulticore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data Centersscarisbrick
 
VoLTE & RCS Revolutionizing Enterprise UC
VoLTE & RCS Revolutionizing Enterprise UCVoLTE & RCS Revolutionizing Enterprise UC
VoLTE & RCS Revolutionizing Enterprise UCRADVISION Ltd.
 
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseCA API Management
 
OSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOpenStorageSummit
 
El video en un mundo de colaboración
El video en un mundo de colaboraciónEl video en un mundo de colaboración
El video en un mundo de colaboraciónMundo Contact
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...Novell
 
Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile AuthenticationFIDO Alliance
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk OverviewSplunk
 
Top Ten Imperatives for Service Providers
Top Ten Imperatives for Service ProvidersTop Ten Imperatives for Service Providers
Top Ten Imperatives for Service ProvidersJuniper Networks
 
Level 3 Collaboration Presentation
Level 3  Collaboration PresentationLevel 3  Collaboration Presentation
Level 3 Collaboration Presentationnateallen1
 

Similar to Over the Air 2011 Security Workshop (20)

An Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIsAn Overview of All Ericsson Labs APIs
An Overview of All Ericsson Labs APIs
 
Mobile Web Security Bootstrap on Ericsson Labs
Mobile Web Security Bootstrap on Ericsson LabsMobile Web Security Bootstrap on Ericsson Labs
Mobile Web Security Bootstrap on Ericsson Labs
 
Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010Ericsson Labs at SotM 2010
Ericsson Labs at SotM 2010
 
Monetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksMonetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless Networks
 
Distributed Shared Memory on Ericsson Labs
Distributed Shared Memory on Ericsson LabsDistributed Shared Memory on Ericsson Labs
Distributed Shared Memory on Ericsson Labs
 
Mobile application platforms - Introduction
Mobile application platforms - IntroductionMobile application platforms - Introduction
Mobile application platforms - Introduction
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1
 
Rebaca Technologies Corporate Overview
Rebaca Technologies Corporate OverviewRebaca Technologies Corporate Overview
Rebaca Technologies Corporate Overview
 
Multicore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data CentersMulticore I/O Processors In Virtual Data Centers
Multicore I/O Processors In Virtual Data Centers
 
VoLTE & RCS Revolutionizing Enterprise UC
VoLTE & RCS Revolutionizing Enterprise UCVoLTE & RCS Revolutionizing Enterprise UC
VoLTE & RCS Revolutionizing Enterprise UC
 
Mwc wip jam jabber sdk final
Mwc wip jam jabber sdk finalMwc wip jam jabber sdk final
Mwc wip jam jabber sdk final
 
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the EnterpriseBeyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
Beyond MDM: 5 Things You Must do to Secure Mobile Devices in the Enterprise
 
OSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal SternOSS Presentation Keynote by Hal Stern
OSS Presentation Keynote by Hal Stern
 
El video en un mundo de colaboración
El video en un mundo de colaboraciónEl video en un mundo de colaboración
El video en un mundo de colaboración
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
 
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
How to Implement Cloud Security: The Nuts and Bolts of Novell Cloud Security ...
 
Market Study on Mobile Authentication
Market Study on Mobile AuthenticationMarket Study on Mobile Authentication
Market Study on Mobile Authentication
 
Splunk Overview
Splunk OverviewSplunk Overview
Splunk Overview
 
Top Ten Imperatives for Service Providers
Top Ten Imperatives for Service ProvidersTop Ten Imperatives for Service Providers
Top Ten Imperatives for Service Providers
 
Level 3 Collaboration Presentation
Level 3  Collaboration PresentationLevel 3  Collaboration Presentation
Level 3 Collaboration Presentation
 

More from Ericsson Labs

Capillary Networks integrates the machine and IoT devices as integral part of...
Capillary Networks integrates the machine and IoT devices as integral part of...Capillary Networks integrates the machine and IoT devices as integral part of...
Capillary Networks integrates the machine and IoT devices as integral part of...Ericsson Labs
 
Ericsson 5 g at mobile world congress 2014
Ericsson 5 g at mobile world congress 2014 Ericsson 5 g at mobile world congress 2014
Ericsson 5 g at mobile world congress 2014 Ericsson Labs
 
Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research
Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research
Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research Ericsson Labs
 
NoSQL Slideshare Presentation
NoSQL Slideshare Presentation NoSQL Slideshare Presentation
NoSQL Slideshare Presentation Ericsson Labs
 
Ericsson Application Awards 2014
Ericsson Application Awards 2014Ericsson Application Awards 2014
Ericsson Application Awards 2014Ericsson Labs
 
5G for the Networked Society beyond 2020
5G for the Networked Society beyond 20205G for the Networked Society beyond 2020
5G for the Networked Society beyond 2020Ericsson Labs
 
3D visual communication
3D visual communication3D visual communication
3D visual communicationEricsson Labs
 
Openflow Stanford University - Ericsson Collaboration
Openflow Stanford University - Ericsson CollaborationOpenflow Stanford University - Ericsson Collaboration
Openflow Stanford University - Ericsson CollaborationEricsson Labs
 
Federated Networked Cloud
Federated Networked CloudFederated Networked Cloud
Federated Networked CloudEricsson Labs
 
Technology Challenges in the Networked Society
Technology Challenges in the Networked SocietyTechnology Challenges in the Networked Society
Technology Challenges in the Networked SocietyEricsson Labs
 
The Connected Megacity
The Connected MegacityThe Connected Megacity
The Connected MegacityEricsson Labs
 
The Networked Society
The Networked SocietyThe Networked Society
The Networked SocietyEricsson Labs
 
Towards Timely Efficient Semantic Reasoning for the Networked Society
Towards Timely Efficient Semantic Reasoning for the Networked SocietyTowards Timely Efficient Semantic Reasoning for the Networked Society
Towards Timely Efficient Semantic Reasoning for the Networked SocietyEricsson Labs
 
Web Connectivity on Ericsson Labs
Web Connectivity on Ericsson LabsWeb Connectivity on Ericsson Labs
Web Connectivity on Ericsson LabsEricsson Labs
 
Stream analytics for churn prediction from Ericsson Research
Stream analytics for churn prediction from Ericsson ResearchStream analytics for churn prediction from Ericsson Research
Stream analytics for churn prediction from Ericsson ResearchEricsson Labs
 
Geo Location Messaging on Ericsson Labs
Geo Location Messaging on Ericsson LabsGeo Location Messaging on Ericsson Labs
Geo Location Messaging on Ericsson LabsEricsson Labs
 
Mobile Monday Athens 111003
Mobile Monday Athens 111003Mobile Monday Athens 111003
Mobile Monday Athens 111003Ericsson Labs
 
Mobile Monday London M2M Event 110516
Mobile Monday London M2M Event 110516Mobile Monday London M2M Event 110516
Mobile Monday London M2M Event 110516Ericsson Labs
 
OAuth2 on Ericsson Labs
OAuth2 on Ericsson LabsOAuth2 on Ericsson Labs
OAuth2 on Ericsson LabsEricsson Labs
 

More from Ericsson Labs (20)

Capillary Networks integrates the machine and IoT devices as integral part of...
Capillary Networks integrates the machine and IoT devices as integral part of...Capillary Networks integrates the machine and IoT devices as integral part of...
Capillary Networks integrates the machine and IoT devices as integral part of...
 
Ericsson 5 g at mobile world congress 2014
Ericsson 5 g at mobile world congress 2014 Ericsson 5 g at mobile world congress 2014
Ericsson 5 g at mobile world congress 2014
 
Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research
Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research
Evolved Cloud Collaboration Presentation at MWC14 by Ericsson Research
 
NoSQL Slideshare Presentation
NoSQL Slideshare Presentation NoSQL Slideshare Presentation
NoSQL Slideshare Presentation
 
Ericsson Application Awards 2014
Ericsson Application Awards 2014Ericsson Application Awards 2014
Ericsson Application Awards 2014
 
5G for the Networked Society beyond 2020
5G for the Networked Society beyond 20205G for the Networked Society beyond 2020
5G for the Networked Society beyond 2020
 
3D visual communication
3D visual communication3D visual communication
3D visual communication
 
Openflow Stanford University - Ericsson Collaboration
Openflow Stanford University - Ericsson CollaborationOpenflow Stanford University - Ericsson Collaboration
Openflow Stanford University - Ericsson Collaboration
 
Federated Networked Cloud
Federated Networked CloudFederated Networked Cloud
Federated Networked Cloud
 
Exploring Big Data
Exploring Big DataExploring Big Data
Exploring Big Data
 
Technology Challenges in the Networked Society
Technology Challenges in the Networked SocietyTechnology Challenges in the Networked Society
Technology Challenges in the Networked Society
 
The Connected Megacity
The Connected MegacityThe Connected Megacity
The Connected Megacity
 
The Networked Society
The Networked SocietyThe Networked Society
The Networked Society
 
Towards Timely Efficient Semantic Reasoning for the Networked Society
Towards Timely Efficient Semantic Reasoning for the Networked SocietyTowards Timely Efficient Semantic Reasoning for the Networked Society
Towards Timely Efficient Semantic Reasoning for the Networked Society
 
Web Connectivity on Ericsson Labs
Web Connectivity on Ericsson LabsWeb Connectivity on Ericsson Labs
Web Connectivity on Ericsson Labs
 
Stream analytics for churn prediction from Ericsson Research
Stream analytics for churn prediction from Ericsson ResearchStream analytics for churn prediction from Ericsson Research
Stream analytics for churn prediction from Ericsson Research
 
Geo Location Messaging on Ericsson Labs
Geo Location Messaging on Ericsson LabsGeo Location Messaging on Ericsson Labs
Geo Location Messaging on Ericsson Labs
 
Mobile Monday Athens 111003
Mobile Monday Athens 111003Mobile Monday Athens 111003
Mobile Monday Athens 111003
 
Mobile Monday London M2M Event 110516
Mobile Monday London M2M Event 110516Mobile Monday London M2M Event 110516
Mobile Monday London M2M Event 110516
 
OAuth2 on Ericsson Labs
OAuth2 on Ericsson LabsOAuth2 on Ericsson Labs
OAuth2 on Ericsson Labs
 

Recently uploaded

Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 

Recently uploaded (20)

Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 

Over the Air 2011 Security Workshop

  • 1. OTa 2011 Workshop Security enablers at ericsson Labs
  • 2. This is Ericsson Ericsson’s first telephone, 1878 World’s first LTE network, 2009 › We no longer manufacture phones (Sony-Ericsson does) › More than 40% of the world's mobile traffic passes through Ericsson networks › We have customers in more than 180 countries and over 98,000 employees › We are largely a software company OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 2
  • 3. What is Ericsson labs? Experimental > Early technology trials Open innovation > Apis for new technologies creativity > New innovation by developers 50 bn connected devices > m2m service enablers Simplify Provide Converse Hide cloud complexity Easy to use APIs/SDKs Experts support Low barriers to entry Early & perpetual beta Feedback OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 3
  • 4. ericsson labs APIs Maps & positioning communication security 3D Mobile Mobile SMS Send & Mobile Group Voice Mobile Web Security Oauth2 Landscape Location Maps Receive Push Bootstrap CAPTCHA Framework Mixer Web Async Identity Management Key Management Maps Voice Framework Service Web technologies Media and graphics User & network information Face Streaming Converting Mobile Mobile Network Network Web Web Background Detector Media Connectivity EventSource Service Media Identification Look-up Look- Probe Web Device Distributed Web Real-Time Real- Text-to-Speech Text- to- Connectivity Shared Memory Communication Machine learning NFC & sensors Cluster Sensor Networking Mobile Sensor Tag Tool Constructor Application Platform Actuator Link OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 4
  • 5. sim card Identification Federated authentication Delegated authorization P2p key exchange
  • 6. Sim card identification 1/3 › P The traditional authentication scheme with username/password has several drawbacks › Q What if we could use the credentials stored on the SIM card instead? password 12345678 › A This is exactly what the 3GPP standard 123456 123 winner 123456789 GBA accomplishes. Basically, we replace seinfeld 1234 12345 – the username with the suscriber identity; and Top ten PlayStation Network passwords – the password with the subscriber key (Digicure, 2011) › The MWSB (Mobile Web Secure Bootstrapping) enabler allows you to try it out in you own web application Attempt to increase security through SMS verification OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 6
  • 7. Sim card identification 2/3 1. The client bootstraps (using the SIM card) with the GBA server and obtains a key (Ks_NAF) 2. The client authenticates itself to the web app using HTTP(S) digest with the key as password and a temporary identifier (B-TID) as username 3. The web application sends the identifier to the GBA server, receives the key, and validates the client supplied password OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 7
  • 8. Sim card identification 3/3 Pros: High security, convenient for the user, standardized Cons: Currently not supported by browser – forced to rely on plugin, applet, or re- compile browser engine OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 8
  • 9. sim card identification Federated authentication Delegated authorization P2p key establishment
  • 10. federated authentication 1/3 › P Password management is costly for site owners and user experience is negatively s affected due to differing password policies tion i ca ent › Q What if site owners could delegate th au authentication to a trusted party where authentication can be enforced to be strong? › A This can be achieved with the OpenID protocol where the OpenID Provider acts as the trusted party. The security can be further improved by combining OpenID with SIM based identification. › The Identity Management Framework on Ericsson Labs is running an OpenID provider which your web app can use (instructions and Java code available) delegated authentication OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 10
  • 11. federated authentication 2/3 How the user authenticates (4) is intentionally left unspecified and both username/password and SIM based identification can be used. OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 11
  • 12. Federated authentication 3/3 We Traditional username/password Modified WebKit GBA applet GBA plugin SIM based identification (automatic) OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 12
  • 13. sim card identification Federated authentication Delegated authorization P2p key establishment
  • 14. Delegated authorization 1/3 › P Users are willing to share limited portions of the data but without losing control over who is accessing the data and what part of it is being accessed. › Q Why not use a standardized token based delegation pattern? › A Oauth is a IETF effort to standardize and isolate the delegated authorization. Making it simpler to re use both code and know-how about how authorization is handeled. OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 14
  • 15. Delegated authorization 2/3 Authentication OP Server GBA Scope Protected Resource ClientID RP ClientSecret Authorization Resource CallbackURI Server Server Code Webclient (service provider) OauthToken Authenticate Authorize Browser OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 15
  • 16. Delegated authorization 3/3 Desktop Mobile OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 16
  • 17. sim card identification Federated authentication Delegated authorization P2p key establishment
  • 18. P2p key establishment 1/3 › P Up until now we have only considered client-server applications where it is relatively easy to protect communications using TLS/SSL. In a P2P application where there is no existing trust relation between the parties (e.g., certificates or keys), setting up a secure channel is more complex. › Q How can we enable secure, end-to-end communication in a P2P application? › A With the help from a KMS (Key Management Server) the two parties are able to establish a shared secret key which in turn is used to setup the secure channel. VoIP. messaging, file sharing OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 18
  • 19. P2p key establishment 2/3 › Based on the Mikey-Ticket protocol (RFC 6043) which is designed for high security applications (e.g., national safety, police, etc) › Note that there must exist a trust relationship between each client and the KMS. The 3GPP recommended solution is to use the SIM card. OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 19
  • 20. P2p key establishment 3/3 › The KMS API at Ericsson Labs can be used to secure any type of communication, for example VoIP (above figures) › Most of the signalling is hidden by the API. Setting up the shared secret key requires only a few lines of code › The API is written in C but can be still be used in Android using JNI (Java Native Interface) OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 20
  • 21. How does it all fit together? used in used in SIM identification Federated AuthN (OpenID) Delegated AuthZ (OAuth) P2P Key Est. ›The OAuth Authorization server authenticates the user using OpenID ›The OpenID Provider authenticates the user using SIM card identification ›The P2P key establishment is largely independent from the other tools (though the peer-KMS trust relation is based on SIM card identification)
  • 23. DEMO – Mashing GOOGLE LATITUDE 23 APIs as of end of September 2011. OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 23
  • 24. You can try ! Demo-setup http://eus2.fuatara.com:8080/latitude/ HTTP REST Endpoint Authentication Oauth Latitude Filter Token Filter RestClient GMap Fremarker Populated Mashup Presentation Data Model OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 24
  • 25. Q&A Visit: labs.ericsson.com OTA workshop 2011 | Public | © Ericsson AB 2011 | 2011-08-30 | Page 25