(Research) Bluetooth Tracking without Discoverability / (Skills) Deploying web user authentication with Shibboleth

Add to your list(s) Download to your calendar using vCal

• Simon Hay and Sören Preibusch
• Monday 18 May 2009, 14:00-15:00
• FW26, William Gates Building.

If you have a question about this talk, please contact Andrew Rice.

Research: Bluetooth Tracking without Discoverability, Simon Hay

Outdoor location-based services are now prevalent due to advances in mobile technology and GPS . Indoors, however, even coarse location remains unavailable. Bluetooth has been identified as a potential location technology that mobile consumer devices already support,easing deployment and maintenance. However, Bluetooth tracking systems to date have relied on the Bluetooth inquiry mode to constantly scan for devices. This process is very slow and can be a security and privacy risk. In this paper we investigate an alternative: connection-based tracking. This permits tracking of a previously identified handset within a field of fixed base stations. Proximity is determined by creating and monitoring low-level Bluetooth connections that do not require authorisation. We investigate the properties of the low-level connections both theoretically and in practice, and show how to construct a building-wide tracking system based on this technique. We conclude that the technique is a viable alternative to inquiry-based Bluetooth tracking.

Skills: Deploying web user authentication with Shibboleth, Sören Preibusch

Shibboleth is a set of policies and protocols providing an access control system for web-based resources. It is similar to that currently provided by Raven, but extended and standardised to allow users from multiple organisations to access resources provided by other independent organisations. Compared to Raven, Shibboleth involves a higher implementation effort, yet supports a broader range of platforms for deployment. Service providers can define more fine-grained rules for access control and the identity of authenticated users need not be disclosed (privacy-preserving single-sign on).

This talk is intended for Web authors and developers envisioning to set up user authorisation and authentication. I will briefly review the architecture and underlying Web service infrastructure for Shibboleth and sketch typical deployment scenarios. More prominently, I will share my own experiences in becoming the owner of the first Shibboleth-protected web site in the University.

This talk is part of the Computer Laboratory Digital Technology Group (DTG) Meetings series.

This talk is included in these lists:

• All Talks (aka the CURE list)
• Cambridge talks
• Computer Laboratory Digital Technology Group (DTG) Meetings
• Computer Laboratory Security Seminar
• Department of Computer Science and Technology talks and seminars
• FW26, William Gates Building
• Interested Talks
• School of Technology
• Security-related talks
• Trust & Technology Initiative - interesting events
• bld31

Note that ex-directory lists are not shown.