PERSONAL INFORMATION SHARING SERVICES IN THE NEXT GENERATION NETWORK ERA

1
PERSONAL INFORMATION SHARING SERVICES IN THE
NEXT GENERATION NETWORK ERA

• May 1, 2006
• Osamu MIZUNO(), Minoru SAKUMA(),
• Tsuyoshi ABE(), Mitsuhiro OKAMOTO(), Yusuke
  ICHIKAWA() and
• Tetsuya NAKAGAWA()
• ()NTT Information Sharing Platform Laboratories
• ()NTT Network Services Systems Laboratories

2
Contents

• Introduction
• Proposal of Personal Information Communication
  and Navigation Server (PCNS) model
• Study of technical issues
• 1) Authentication between PCNSs
• 2) Authentication between PCNS and user
• 3) PCNS navigation
• Conclusion

3
Background

• Spread of broadband access networks
  (FTTH,DSL,3G)
• Spread of audio/video distribution services
• Fixed-mobile convergence
• Spread of personal collaboration services
• Blogs, SNSs
• Personal domains/URLs (http//sakuma.net/...)
• Personal contents distribution (audio, video)

From site-oriented to user-oriented
4
From Site-oriented to User-oriented
Site-oriented collaboration
Problem 1 Users information is distributed
User As blog
User As Photos
User As schedule
Blog service
Photo service
Calendar service
Problem 2 Customize specification is decided by
the site
Photo share
Calendar
Blog
Problem 3 ID is required when the user wants to
share the information
Problem 3 Each site ID is required when the user
wants to share the information
User B
User A
5
From Site-oriented to User-oriented
User-oriented collaboration
Feature 1 Users information is centralized
User As blog
User As Photos
User As schedule
Blog service
Photo service
Calendar service
Feature 2 Install and customize the service as
the user likes
User As server
Feature 3 Have only one user ID to share the
information
User B
User A
Purpose of our research To develop various
user-oriented personal information
sharing/collaboration services.
6
Service Example Distributed cooperation calendar
Groupware (site-oriented)
Cooperation among servers (user-oriented)
May 1 1000 - meeting co-workers May 2 -
sightseeing friends
May 2 - sightseeing
May 1 1000 - meeting
May 1 1000 meeting
User As schedules
User Xs schedule
User As schedule
User Bs schedule
User Xs server
User As server
User Bs server
Company groupware server
Co-workers
Friends
User X (As friend)
User A
User X (As friend)
User B (As co-worker)
User X cant see user As schedule
User A
User-oriented schedule synchronization
7
Proposal of PCNS model

• PCNS (Personal Communication and Navigation
  Server) model
• Built on a users server.
• Stores various contents.
• Users can manage their contents by themselves.

Features

• (3) Pull-type content acquisition
• ?Prevents SPAM

• (4) Contents acquisition and offering history
  management
• ?Prevents abuse of contents

(1) High-speed network connection between PCNSs
?Transfer large contents
PCNS a
PCNS b

• (2) Direct access from terminals to PCNS via
  high-speed access networks
• ?Easy contents transfer

Contents
High-speed network
B
A
PC
B
A
PC
?
A
A
B
?
B
Digital camera
Digital camera
Music player
TV
Digital video recorder
Digital video recorder
TV
Music player
8
Information Sharing Sequence and Issues
Issue 1 Authentication among PCNSs (callback
authentication)
PCNS a
PCNS b
Authentication Authorization
User As private key
User Bs private key
Navigation functions
Navigation functions
(iii) Pull User As content
User As contents
User Bs contents
(ii) Notify that User As content has been
released
(i) Put User As content
Authentication
Authentication
User device b
User device a
User A
User B
Issue 2 Authentication between user devices and
PCNSs (multi-device authentication)
Issue 3 PCNS navigation
9
Issue 1 Authentication among PCNSs
Issue 1 Authentication among PCNSs (callback
authentication)
Authentication Authorization
PCNS a
PCNS b
Navigation functions
Navigation functions
User As contents
User Bs contents
Authentication
Authentication
User device b
User device a
User A
User B
10
Issue 1 Authentication among PCNSs

• Usage cases of authentication among PCNSs
• Allow access when the users get to know each
  other
• Deny access when users terminate their
  relationship
• Existing authentication methods
• Share private key/information between thembasic
  authentication, Kerberos
• Share public key between them PKI, PGP
• Problems of these methods
• Registration with a trusted 3rd party is needed
• Speedy key revocation is difficult

• Proposed method
• Callback authentication method

11
Issue 1 Architecture of Callback Authentication
Method

• Each user has an address list and a private key
• They exchange addresses (callback addresses)
  offline (e.g. address cards) and build a trust
  chain

User As PCNS Pa (http//www.userA.jp)
User Bs PCNS Pb
Private key Ka
Private key Kb
Contents
Contents
Address (callback address) list
Address (callback address) list

• User Address
• B

User Address A http//www.userA.jp
High-speed network
User B
User A
12
Issue 1 Callback Authentication Sequence
User A
User As PCNS Pa
User Bs PCNS Pb
Address A

• Requests
• Bs contents

(ii) Requests Bs contents
(iii) Sends challenge data C
Private key Ka
(iv) Creates authenticator T T hash(C Ka)
(v) Sends authenticator T
Address
(vi) Address
(vii) Sends C T to As address (callback)
Private key Ka
(viii) Verifies T hash(C Ka)?
(ix) Sends result (OK/NG)
(x) Sends content if OK
(xi) Sends content
13
Issue 1 Advantages of Callback Authentication

• No trusted 3rd party required
• Trust model is based on address exchange between
  users.
• Trust chain can be built with anybody.
• Uses only owners private key and another
  person's address
• Easy key management
• Only have to manage private key
• No key exchange required
• Easy to build trust chain
• Only have to exchange addresses (e.g., address
  cards)
• Enables speedy revocation
• Only have to delete the address from the address
  list

14
Issue 2 Authentication between PCNS and User
Authentication Authorization
PCNS a
PCNS b
Navigation functions
Navigation functions
User As contents
User Bs contents
Authentication
Authentication
User device b
User device a
User A
User B
Issue 2 Authentication between user devices and
PCNSs (multi-device authentication)
15
Issue 2 Authentication between PCNS and User

• Risk of password authentication method
• Password theft at public terminals.
• One-time password, smart card, USB key? Special
  devices required? Users must carry devices
  Service providers must support and maintain
  devices

• Proposed method
• Multi-device authentication method
• Features of the method
• Cellular phone is used instead of an OTP
  generator
• User is authenticated using email and device ID
  of the cellular phone

16
Issue 2 Sequence of Multi-device Authentication
Method
Creates temporary URL including user ID
PCNS
User
(i) Enters user ID
(ii) Sends temporary URL by email
(iii) Returns terminal ID



Checks terminal ID in database
??????????
(iv) Provides content
Clicks on temporary URL in email
17
Issue 2 Advantages of multi-device
authentication method

• Users dont have to carry authentication devices
  (e.g. OTP cards)
• Difficult to spoof because cellular phone
  terminal ID cannot be modified except by the
  terminal vendor
• If the user ID is stolen, user will realize
  because notification email will be sent to
  his/her cellular phone.

18
Issue 3 PCNS Navigation
Authentication Authorization
PCNS a
PCNS b
Navigation functions
Navigation functions
User As contents
User Bs contents
Authentication
Authentication
User device b
User device a
User A
User B
Issue 3 PCNS navigation
19
Issue 3 PCNS Navigation

• Find contents in distributed PCNS environment
• Edit contents for easy management or sharing

• Retrieval function
• Searches contents
• Advanced searching (e.g., conceptual retrieval
  engine)

User As friends

• (2) Filtering function
• Filters contents that the user wants
• Recommender systems

PCNS
PCNS

• (3) Editing function
• Automatic tagging
• Format conversion(size, resolution)

PCNS a
PCNS b
Contents that user A likes
Pictures of Budapest
Notification
B
A
PC
B
PC
A
?
A
A
B
?
Digital camera
B
Digital camera
Music player
User A
TV
Digital video recorder
Digital video recorder
TV
Music player
User B
20
Conclusion

• User-oriented personal information sharing
  model
• PCNS model
• Technical issues
• 1) Authentication between PCNSs callback
  authentication
• 2) Authentication between PCNS and user
  multi-device authentication
• 3) PCNS navigation
• Remaining issues
• PCNS-based distributed applications (e.g.
  calendar)
• PCNS navigation