Check out the new USENIX Web site.

7 Perspectives on Security

Security should play a central role in the Personal Naming and Directory Service. However, scope of this paper is only limited to decribe PNDS itself and its integration into distributed systems. Therefore, we focuse our discussion on presenting only some possible mecanisms to deploy security within the PNDS. We consider the following security concerns :

  1. Controling the accesses to PNDS and its data,
  2. The role of the PNDS in the overall security architecture of a distributed application.

7.1 Access Control

Access to the PNDS information is currently permitted after typing the right PIN code, nothing is supplied otherwise. However a PNDS may consist of several services for various external applications with different types of accessing users. Access to pieces of information may require a specific authorisation.

A first approach of this problem may lead to identify two kinds of users, each one having a different level of access privileges to read/write parts of the PNDS :

  1. a cardholder level, which allow users to modify entries from their personal profiles and applications (e.g., Personal Address Book),
  2. an administrator level (i.e., network and/or service providers), which allow service an/or network providers to remotely manage (update) service profile entries.

Different PIN codes can be assigned to different privilege levels, and access conditions have to be set and verifyied at the context level .

7.2 Security Architecture

The other perspective concerns the overall security of distributed applications. Extensive security can be implemented for naming and directory services. PNDS can act as a keys and certificates provider, and is able to use cryptographic features provided as part of the smartcard operating system.

Possible roles of PNDS in the security of distributed application over the Internet are illustrated on figure 6. The Secure Socket Layer (SSL) is used to authenticate users to other naming servers on the network (i.e., referrals), while the Remote Keys Encryption Protocol (RKEP) [ref 20] is used to secure content (i.e., cipher/decipher mail folders). Part of such a security architecture has already been demonstrated by Gemplus in the Vault prototype [ref 21].

Image mail.gif

Figure 6 - Example of a PNDS-based Security Architecture

[Section 8] [Table of contents]