Tag Archives: MWS

We had a meeting with our project supervisor Dr.Chandana Gamage today from 3pm to 4pm to discuss about the finalizing of the project and project presentations and demonstrations.

We mainly discussed about the project presentation that is due on the 25th of March and the demonstrations on the 26th of March.  We decided to do the presentation as the group as we could have different components presented by different persons. We are also having another finalizing discussing on the next Monday, the 23rd March.

We also discussed about publishing the research papers. As we already have two papers, which might need some more reviewing, we decided to do that at the earliest we can we have identified some conferenced to which we can submit. We have also decided to go for the third paper titled, “A SOA based eID System”, which we plan to complete in April.

We hope to have all the project work completed by this week so we can get ready for the presentation by the weekend.

We had a meeting with our project supervisor Dr.Chandana Gamage today from 11.30am to 12.45pm.

This is the first meeting after our exams, so the meeting was mainly focused on final stage of the project and completion. The main topics discussed are:

• Completing ICAMES Application.
  • We already had the application prepared and our supervisor checked it and asked us to send it to ICAMES. (It was sent in the evening).
• Project Progress, what needs to be done in coming weeks.
  • Development – Need to complete before 15th March
  • Development – Prepare the standalone application user interface to look like a hand-held.
  • Project Report – Need to complete before 15th March
  • Presentation – Prepare a comparison of eID and OpenID.
• Research Papers, completing and publishing.
  • Complete the main paper by 15th March for submission
  • Work on the second paper in the last 2 weeks of March
  • Can go for a third paper after that
  • We will have to search for other possible places for publication
• Project Documentary
  • Complete by 18th March
  • Will have to do the shooting during next week

We will be having another meeting next week to update on the progress, and to plan for the second paper.

We had a meeting with our project supervisor Dr.Chandana Gamage today from 1.30pm to 2.15pm.

After yesterday’s meeting we had a brainstorming session with all group members and discussed about the options we have for the system architecture of the eID system. So we arrange today’s meeting to discuss further on this and finalize the design. Today’s discussions lead us to a redesign of our architecture. We found that there were some flaws in our earlier architecture, in which the eID WS was sitting on the middle, which could easily lead to problems in terms of load as well as attack prone.

Changes in Design

Some points that were highlighted at the meetings.

• Moving load away from central eID WS server
• One time signed polycies for the relying parties
• Complex functionalities implemented at the WS end
• Mostly all network enabled application are now on web, so better to have a browser plugin

So we decided to make the end-user to be at the end and include one more application to our deliverables list that would be a browser plugin. This plugin will now at as the center point which will handle the message flow from relying party, web service and the eID card.

Read-only memory eID

Also we decided to add one more deliverable to our project in the form of an alternative eID card to smart card based one, using a read-only memory stick. Though this would miss some security advantages, this could give some advantage interms of cost of the device. We will have to explore into this further to get more possible implementation options. We will have to try and find ways to make a normal USB memory stick to a secure one, or else we should find some other alternative that could work for our needs.

Offline Authentication Application

We also discussed about the Offline Authentication Application and how it would work in a practical situation. We discussed to have the following two in this application and to discuss further on this to add any other as needed.

• Signed Photo Verification (Signed by Issuing Authority, updated regularly)
• PoI (Persons of Interest) Checking System

Deliverables

We also finalized our list of final project deliverables with our supervisor as follows.

1. eID card
   • Smart card based
   • Read-only memory based
2. Online Authentication Web Service
3. Browser Plugin for online authentication
4. Offline Authentication Application
5. Card Issuing/Updating Application
6. 2 Research Papers (3rd one if time permits)

We had a meeting with our project supervisor Dr.Chandana Gamage today from 11.45am to 12.45am.

Today’s meeting was very important as we were able to identify many issues and problems to be considered in our project. I think this is due to the shortcomings in our initial design phase, but at least we found this at this point. We identified that the architecture we were working on has some problems and needs some changes. Due to this some of the earlier code of some modules need to be changed significantly. But I think that the way things work…!

Problems we found:

• Session handling through browser (This was misinterpreted at the meeting, hope what we were thinking was OK)
• How we tie up the message flow? – How the transaction is handled among Relying Party, eID Holder, and eID System
• Protecting Privacy in transaction – This will be one big concern, but we need to decide to what level we can do this.
• Possible DoS attacks

Possible solutions:

• A model similar to the Card Space specification (I don’t think this alone will solve our problems)
• But we could adapt something from here to our system
• Changing the message flow,, having user in the middle instead of the eID System in the middle (?)

Java Card:
Discussed about the progress on the eID Card development. As we wanted to use Java Card, decided to order and buy a Java Card and Reader for this purpose. We will have to decide on a suitable card soon and buy as it could help us progress faster. We will have to find a way to get it from Singapore or some place.

Read Only USB Token:
Even though we are doing main development using Java Card, project supervisor suggested us to have another option also with Read-only USB tokens as it could add value to the project. We will have to look into this too.

Admin Matters:

• Need to update the project web site regularly (Seems missing a lot lately)
• Having regular meetings with project supervisor, as it would help us greatly to identify flaws and issues in the project progress.
• We need to speed up thing a little more as we have a lot more to do

We had a meeting with our project supervisor Dr. Chandana Gamage today from 1.15pm to 3.45pm.

Main Points

• Privacy –
  The privacy of the holder will be the key feature in our eID when comparing to other similar implementations. Thus we must ensure privacy protection is there in the very system level.
• Unlinkability –
  This is another feature which should be provided and would be another important aspect. [Example use case: at police check points they need not to keep recording every checked users details, but they can cross check the card ID or serial number with existing suspects list and provide a way to indicate whether to check that person further or not.]
• Back tracking with proper legal concern –
  On the other hand when unlinkability conflicts with the need for back tracking which might be a need for authorities to track back a person in past. But this track back logs should not be used by any person but it should be done with proper legal permission and with the concern of the user.

One solution Dr. Gamage suggested is like this. Encrypt every log save with Sign-Private-(secret—).

Dr. Chandana Gamage suggested that we should study about this issues and come up with possible solutions by next week. He also mentioned that it is better to have a very clear idea about what we are planing to do and then move into developing.

We will also need to make a prototype really ver soon, for the next evaluation.

Rough Architecture Design

We also discussed about a basic overall architecture and few possible use cases of the system.

Used to authenticate the holder to

• A person
  • Online
  • Offline
• A computer/application system
  • Online

1. Access a service from RP
2. Relying Party (RP)
3. Authentication request to eID-WS
4. eID Web Service (eID-WS)
5. Access user eID card connected to user PC
6. Validate user
7. Reply from eID-WS to RP (Yes/No) + Any further detail requested again with the concern of the eID holder
8. Normal operation continues

Development Components

We have divided the project development into the following distinct components, but many of them have interdependency.

• eID Card
• Offline Application/API/Library
• Web Services
  • Request handling – from relying party
  • Request procesing
  • • Accessing eID card – with holder
    • Using back end system and DB
  • Reply request – to relying party
• Back end infrastrcture
  • Key server
  • Database
• Issuing authority application systems