Telecommunication Software and Multimedia Laboratory

Seminar on Network Security

Introduction of the topics and some material for the session of

FINEID (Finnish National Electronic Identity)

FINEID (Finnish National Electronic Identity) (HST in Finnish) is the hot topic in doing electronic business today. There are both business needs and governmental interests to make FINEID reality as soon as possible. However there is conflict between the needs to identify and authenticate the participants doing business and yet there are needs to ensure privacy for the participants, even anonymity.

Tutors: Pekka Kanerva and Tommi Elo

Security Services Required for Electronic Transactions in Distributed Networks

Establishing the infrastructure needed for electronic transactions in distributed networks is not easy at all. Discuss the different security services needed for identifying and authenticating the participants. How do we accomplish non-repudiation? How about the exact time when the transaction took place?

FINEID-Project and Need For Privacy

Finland is one of the leading countries concerning the application of electronic ID-Card as nation-widely. The need is to identify people but there is also a constitutional right for privacy. Are these two things in conflict? Discuss the aspects of privacy and identification and some possible means to ensure the privacy for people using FINEID-card

Electronic ID-Cards and Anonymity

What happens for the possibility to make anonymous transactions if people are identified every time they make even a small purchasement in a shop. Is this the beginning of total control and surveillance of citizens? Discuss the different viewpoints to this matter. Is it allright if people can be monitored in their normal duties? Should there be some laws controlling the possibility to monitor people? On the other hand, should it be so that there would be no possibility to do any kind of supervision by anybody?

SSL/TLS certification problems and potential bussiness losses

SSL/TLS PKI is the de facto standard of e-commerce in the Internet today. The Public Key Infrastructure and certification included in the original SSL specification was not designed for e-commerce. Problems and shortcomings are becoming evident as the electronic world uses the SSL/TLS more and more.

Many of the Certification Authorities restrict the liability of their core services. Bussiness loses might be the reason and exploring both the potential amount and quality of these is an important consideration. Since it seems that SSL/TLS will remain the most relevant technique used for some time, it makes sense to learn from the mistakes made in it.

Differences between anonymity and privacy in the electronic world

As e-commerce and electronic identities become more and more prevalent the demand for anonymity and privacy increases. While at the first glance these two basic properties have some similarities they are not the same thing.

Understanding the difference between these two consepts is a rare skill and has not been research too much. Even the most security consious governments might see a diffrence between the two.

Emerging problems of smartcard technologies

Financial industry in particular has its bet on smart card technologies to decrease the fraud rate of its services. Smart cards, while smarter than magnetic stripe cards and memory cards, have severe inherent security problems. Some of the most profound including the trusted terminal problem and unsupervised tamper resistance problem.

Exploring these problems that emerge from the very nature of these devices is an important step in evaluating the future form payment and monetary systems. Alternatives that might allow a more secure option are already popping up, paying via trusted mobile terminals is one example.

Material to begin with

This page is maintained by Network Security teaching staff, E-mail: netsec@tcm.hut.fi -->
The page has last been updated on 9.7.1999
URL: http://www.tcm.hut.fi/Opinnot/Tik-110.501/1999/index.html