Photographic Work Exhibited and participation in the Photography Festival and Symposium 'Darmstädter Tage der Fotografie', Darmstädter, Germany, (21 - 23 April 2006)

Billingham took part in the symposium and photography festival 'Darmstädter Tage der Fotografie', Symposium, Darmstädter, Germany, 2006. Other speakers included Celia Lunsford, Bernd Neugebauer and Prof Gernot Bohme. There was an illustrated catalogue to the symposium. The symposium was part of the 'Darmstädter Tage der Fotografie' Photography Festival held annually and Billingham also had photographic work from the series ;Rays a Laugh' and "Landscapes 2001 - 2003' exhibited. Other exhibiting artists included Elinor Carucci, Nathalie Latham and Spencer Murphy. There was also a fully illustrated catalogue to the Festival exhibition

eines Doktor-Ingenieurs (Dr.-Ing.) von Diplom-Informatiker

Based on the success of mobile telephony in the recent past, many observers expect mobility in conjunction with mobile devices to open up a wide field for novel applications. Many experts predict the arrival of new services, such as mobile commerce, location-based services, multimedia messaging, and mobile gaming. They claim that this new class of mobile applications will constitute a main driving-force for technological advancements at least for the next decade. Also, in the third generation of mobile telephony, we expect to observe the logical next step: the convergence of mobile appliances into a new generation of smart devices, such as smartphones. Today, we can distinguish three basic categories of mobile devices: (i) specialized devices, such as special-purpose systems or mobile phones, (ii) devices that are more flexible, such as personal digital assistants (PDAs), and (iii) real general-purpose devices, such as laptop computers. The next generation of devices will be unifying distinct features of the categories named above. Such devices will become flexible, lightweight, and mobile at the same time. This meets a basic requirement found in the vision of ubiquitous and pervasive computing. The latter vision places its main focus on smart mobile devices as the enabling technology for interaction of mobile users with the surrounding infrastructure. Another trend expected is based on the observation that more and more artifacts in the infrastructur

Mobile Security with Smartcards

Mobility in conjunction with communication facilities in the form of mobile telephony seems to be one of the major technology trends observed throughout the last decade. Many experts and analysts expect that the arrival of mobile services such as mobile commerce, location-based services, multi-media messaging, and mobile gaming in the third generation of mobile networks will be the next step in this success story. However, protecting service providers from fraud and mobile users from new threats such as identity theft or other attacks on privacy and security matters is equally challenging. Historically, cryptography has been used to protect information in the digital world from eavesdropping or tampering. In future person-to-person and person-to-service interaction scenarios cryptography will be of at least equal importance. However, the situation today is not people-centric but more application-centric, i.e. for each application new security measures are defined and implemented. As an example one may just consider that almost any access control in the Internet is managed through simple account/password schemes different for each application. But passwords are known to be a generally weak security measure in many practical settings. From the user perspective the account/password approach additionally leads to numerous login accounts an individual has to manage - something which is inconvenient and as a consequence often error-prone. Cryptographic measures can be applied but shifting towards such mechanisms especially in mobile settings is often hard to implement since people cannot easily carry around their personal cryptographic keys, let alone memorize them or input them when needed. Therefore, we believe that some kind of personal security assistant or device is needed that safely keeps a user's security-sensitive data and enforces the user's security-related interests. Otherwise, people will be forced to use traditional weak protection mechanisms that are applicable without strong cryptographic measures - a situation we do not think is desirable in the digital age of tomorrow. Smartcards are devices that could be used to solve at least some of the problems mentioned. They are tamper-resistant, can safely store information, are able to perform unobserved (cryptographic) operations, and can be conveniently carried around. As such they seem to be ideal candidates for personal security modules. However, it is yet unclear how smartcards can be empowered to actually play the role of true personal and ubiquitous security modules. Furthermore, the smartcard alone is not sufficient to act as a security module since it lacks reasonable user interfaces such as a display and input facilities. Thus, suitable terminals are needed that allow users to communicate with their smartcards, i.e. personal security modules are comprised of suitable terminals and personalized smartcards that work together in order to fulfill the users' needs. Henceforth, this thesis will contribute approaches, architectures, protocols, and systems how smartcards can be put in place to become true security modules for people in the digital age. The most visible contributions of this thesis are as follows: The JiniCard framework for the integration of off-the-shelf smartcards into local environments. It enables smartcards that have traditionally played the role of passive servers to become truely active entities after they are inserted into suitably configured card terminals. Users could carry around their smartcard, insert them into available readers and make immediate use of their security services. The approach is centered around the idea to dynamically instantiate ``software substitutes'' for resource-limited devices such as smartcards. The so-called Personal Card Assistant approach solving the problem of smartcard usage in a ``hostile'' environment. It is comprised of an off-the-shelf personalized user terminal - such as a PDA - that cooperates with a personal smartcard. The personal terminal is used instead of terminals considered to be public, i.e. it acts as a ``trust amplifier'' for its user. The advantage is that mobile users communicate with their smartcard through their own mobile terminal which they possibly consider much more trustworthy than other unknown components. The personal terminal and the smartcard are linked together using cryptographic measures such that no device is usable without the other. The WebSIM system that integrates into the Internet the SIM smartcards found in all GSM mobile phones. In this approach people now can use mobile phones as ``wireless smartcard readers'' which are reachable from the Internet by means of a small HTTP Web server implemented in the SIM. This approach allows among others to perform security-critical operations such as authentication to be initiated from a remote context, e.g. from an Internet shop. Hence, smartcards become Internet nodes that encapsulate security services a mobile user offers to peers. The SIMspeak platform allowing for the execution of mobile code within a smartcard. This approach was motivated by the need for end-to-end secure communication between a service provider and its customer and the ability to easily create electronic signatures on small devices. It allows a service provider to ``rent'' persistent storage on a user's personal smartcard, e.g. to store cryptographic keys used to send end-to-end encrypted mobile code from the provider to the user's smartcard. The smartcard then becomes the most active component in a personal security module and uses available terminals to communicate with its user. This approach essentially shifts as much security-critical components and computations as possible from less trustworthy components into the secure context of the smartcard. This approach leads to new trust models for smartcard issuers which can be particularly well applied in the context of electronic signature creation in mobile scenarios. These results can be used independently from each other but equally well composed into more general security solutions. As such they can be considered as building blocks enabling the composition of suitable personal security modules meeting the personal security demands of the future. Summing up, this thesis provides solutions to the question how smartcards can become true personal security modules. It does this by proposing concrete architectures and protocols all of which have been prototypically implemented to yield meaningful proofs-of-concepts

Doktor-Ingenieur (Dr.-Ing.)

genehmigt