2. EEE 2015,
Cluj NapocaA Distributed - Collaborative Client Certification System
Our Reality Hyperspace
physical limitations
pressure of consequences an easy road to criminality
rules of engagement advantage from braking the rules
competitive world utopian environment
teleportation
3. EEE 2015,
Cluj NapocaA Distributed - Collaborative Client Certification System
Victory favors
the attacker
- energy spent planning
- element of surprize
- cloak of invisibility
- teleportation
The nature of
Internet
4. EEE 2015,
Cluj NapocaA Distributed - Collaborative Client Certification System
A face in
Cyberspace ? Not with Ethernet, TCP, MAC
Yes, for Businesses (sites)
Not, for People (clients)
Yes & No, for People
window for attack
SSL / TLS
In App
(session based)
5. EEE 2015,
Cluj NapocaA Distributed - Collaborative Client Certification System
Certification
Authority
information is public
by nature
information is reliable
few in number by
comparison
information is private
by nature
information is fast
changing and unreliable
privacy and legal
concerns
{
{too many ...
abandoned
in
use
Business
Individual
6. EEE 2015,
Cluj NapocaA Distributed - Collaborative Client Certification System
respects privacy
can manage the number
can provide up to date identification
not for replacing present authentication
it identifies access points, not users
not one CA, but existing actors
For Individuals
Some Differences
Distributed, Collaborative Client
Certification System
7. EEE 2015,
Cluj NapocaA Distributed - Collaborative Client Certification System
PKI system (signature / verfication)
identifies an end point
anonymous, no data collected
some one time issued verification system
wait .... little value ....
installed into networking applications or
directly into the OS
To Individuals
Collaborative Client
Certification Authority
C3 Authority
Client
Certificate
O
8. EEE 2015,
Cluj NapocaA Distributed - Collaborative Client Certification System
Client
Certificate
O
ANONYMOUS
INDIVIDUAL
email providers,
phone companies or
other communication service prviders
Client
Certificate
O
Collaborative Client
Certification Authority
C3 Authority
Degree 1
Certification Authority
1O
CA
weakly reachable,
email, phone, etc.
9. EEE 2015,
Cluj NapocaA Distributed - Collaborative Client Certification System
Client
Certificate
O
ANONYMOUS
INDIVIDUAL
banks, medical institutions,
government entities or,
any entity that comes in physical contact with the individual
Client
Certificate
O
Collaborative Client
Certification Authority
C3 Authority
Degree 2
Certification Authority
2O
CA
strongly identifiable,
physical identity can be
requested from 2o
CA
10. EEE 2015,
Cluj NapocaA Distributed - Collaborative Client Certification System
NOT SO ANONYMOUS
INDIVIDUAL
Collaborative Client
Certification Authority
C3 Authority
OFFENDED
ENTITY
LEGAL
AUTHORITY
warning
arrest
Degree 2
Certification Authority
2O
CA
Degree 1
Certification Authority
1O
CA
11. EEE 2015,
Cluj NapocaA Distributed - Collaborative Client Certification System
Client
Certificate
O
Client
Certificate
O
Client
Certificate
O
INDIVIDUAL
WEB ENTITIES THAT NEED
NO SECURITY
WEB ENTITIES THAT NEED
SOME SECURITY
accept
drop
accept
accept
WEB COMPANIES
DEALING WITH MONEY,
WEB SHOPS, BORKERS, etc
12. EEE 2015,
Cluj NapocaA Distributed - Collaborative Client Certification System
cannot be prevented
can be detected
BigData analyses
track source of SPAM
track source of mallware
block certificate
trigger validation
Client
Certificate
compromised
certificate
- stolen
- recovered from disposed
devices
2O
CYBER CRYMINAL
accept
WEB COMPANIES
DEALING WITH MONEY,
WEB SHOPS, BORKERS, etc
13. EEE 2015,
Cluj NapocaA Distributed - Collaborative Client Certification System
future could be bright .....
BigData analyses
provide statistics to certificate owners
parental control
sign every email, uploaded file by default
empower legitimate users &
hinder criminal activity
challenges .....
adoption
getting companies to collaborate
vendor & business neutral approach