The primary goal of the project is to develop strong authentication for mobile e-identities. The communication needs of mobile devices and their mobile users have drastically grown because of the proliferation of such communication and consumer electronics devices. The nature of these connections is defined by two cross requirements:
- the establishment of the connection should be as simple as possible for as many types of devices as possible; and at the same time
- the value of the services used via the connection and the sensitivity of the transferred data requires a secure connection, where the communicating parties can be adequately, securely identified (authenticated).
To make the establishment of these connections simpler, the Near Field Communication (NFC) technology was created; however, regarding authentication, the hard-to solve contrast of security and usability limits the possibilities – and this also stays true for mobile devices. Nevertheless, both areas try to serve an ever stronger market need, which wants to propagate the – mainly consumer – electronics devices and the content services based on them, for consumers and providers as well. Starting from these obvious market needs, following the already existing trends in communication technologies (mostly NFC), within this project we wish to research software solutions that work without hardware tokens yet are secure (SoftSecure) and technical solutions securing the ad-hoc connections of the devices (Secure NFC); then based on the results of the research, to develop products and services. Below we introduce the market needs that make the subject of the application, the two directions of the research; furthermore we give a short overview about the NFC technology and its challenges related to security. The nature of the two research directions are totally different, therefore the goals and later the description of the project activities also differ:
- SoftSecure is an untrodden path, a vision about the possibility of secure authentication without hardware devices,
- Secure NFC aims at realizing actual security goals holding onto an existing technological and business trend.
Authenticating electronic identities has become a key problem, and the lack of solutions hinder the implementation of complex services. The stakes are high: we are talking about a content market of several tens of billion USD, the creation of which is in the very business interest of the more than 600 GSM and several hundred non-GSM operators of the world, and which in the past and following years did and will draw huge investments to establish a broadband infrastructure (3G+). However, in order to realize a financially feasible content service model, strong e-identity is/will be needed. Without this it is impossible to build a sustainable business model behind the content industry and without a reliable business model it is impossible to draw the necessary investments and create the content industry; and lacking this, the current, already made huge telecommunication infrastructure investments become in danger. The above simple train of thoughts show clearly that establishing a strong e-identity is a key issue.
Identity management in general is a very popular topic, which popularity is further increased by the constant growth of identity theft, i.e. frauds based on stealing electronic identity. Mobile devices (operating systems, etc.) are further exposed to such attacks as the actual attacks are easier to realize because of the mobility (ad hoc connections), and because the operating systems, etc. have only more rudimentary defenses. Identity theft can mean both corrupting the identity of the person using the system (impersonation) or faking the communicating devices (spoofing).
Consequently, strong user and device identification (authentication) is a problem to be solved, which is a key challenge of the present and future on an international scale, in particularly in the area of the quickly developing mobile and consumer electronics devices.