[VOIPSEC] Identity Management and VoIP and More

Leslie Asamoa-Krodua leslie at asamoa.fi
Wed Apr 19 12:58:41 BST 2006 

Hello All,

I recently completed a major study on VoIP security initiated to  
understand the impact of this means within this enterprise. The  
bottom line is that VoIP although ACL'd still lacks the necessary  
control and tracking because its so easy to impersonate in the  
virtual world.

I then started wondering what eminent, real world, solutions may save  
this great technology like it saved our society. I then started  
dwelling on passports and driving licenses. In all forms of the  
Internet, and maybe this is because of its simplicity or the  
intention of simplifying this technology (Internet) that such  
mechanisms of control have been avoided.

RATHER, the Internet is rigged with passwords and user names; and  
then I thought, well if that is the case; and IF simplicity is what I  
am really gunning for, would I love to log into my car before I go to  
work?

Would I like to provide my user name and password before I purchase  
an item from a store?

Its obvious isn't it? Well then why does this requirement fall on us  
within the Internet? Because I would rather, and I imagine it to be  
so, shortly, not have to log into a PC to use an application. I would  
expect that the PC was like a Kiosk and I could access whatever  
application IN a PERSONALISED way.

This drew my to thinking how the talk of MIKEY for VoIP sounds like a  
solution I would propose. But this problem is not limited to VoIP  
only, its everywhere and security issues are hard to resolve because  
we do not know who started it! And so we cannot ask the WHY and HOW.

Well I want to be able to. And so going from Smart cards to  
Certificates embedded into 'wallets' or credit cards or house keys, I  
would like to find a way to deal with this. And enable a kiosking  
mode where personalisation and identity are managed in a different  
way. and in parallel bring that implementation to the handset or soft  
client.

If VoIP could do anything for 911, it should be able to tell the  
emergency services who you are and not just where you are.

Leslie Asamoa-Krodua
Asamoa Oy
http://dev.asamoa.fi

More information about the Voipsec mailing list