Trusted Systems Laboratory Hewlett-Packard Labs, Bristol, UK Adaptive Identity Management: Vision and Technology Development Overview Marco Casassa Mont (marco_casassa-mont@hp.com) Pete Bramhall (pete_bramhall@hp.com)

Identity Management Landscape Identity Management is a Core Aspect in many different Contexts, but … Enterprise & Business Integration E-Commerce Different Competing Aspects and Perspectives: Web Service Frameworks enterprise focus vs. consumer focus mobility vs. centralisation legislation vs. self-regulation owners’ control vs. organisations’ control privacy vs. free market … Government & Legislation Identity Management Privacy, Trust, Security Mobility Appliances, Devices No One Size Fits All … Policies 05/05/2019 Adaptive Identity Management - Technologies Overview

Adaptive Identity Management - Technologies Overview Identity Aspects [1] Identity Information Multiple Attributes Multiple Views Multiple Contexts and Stakeholders Distributed Control Different degrees of Awareness Multiple Identities Associated to Entities (people, devices, services, etc.) 05/05/2019 Adaptive Identity Management - Technologies Overview

Adaptive Identity Management - Technologies Overview Identity Aspects [2] Complexity of Identity Information Identity Information is Subject to Changes, over time 05/05/2019 Adaptive Identity Management - Technologies Overview

Current Identity Management Identity Management is Part of a Complex Ecosystem Many Technology, Products, Solutions … Lack of Flexibility, Interoperability and Management Integration Smart Cards PKI IBE Web Services RBAC Biometrics TCPA/TCG NGSCB XML SAML Liberty Trusted Platforms EPAL P3P … 05/05/2019 Adaptive Identity Management - Technologies Overview

Emerging Trends and Issues On Demand, Adaptive Infrastructures Ubiquitous and Pervasive Computing Trusted Platforms and Systems Digital Rights Management … Issues Privacy Identity Thefts and Frauds Lack Of Control Accountability Complexity … 05/05/2019 Adaptive Identity Management - Technologies Overview

Emerging Requirements Integration Rationalisation Flexibility Context Awareness Privacy Management Control Over Identity Flow Delegation Of Control Accountability Management Simplicity\Usability 05/05/2019 Adaptive Identity Management - Technologies Overview

Adaptive Identity Management - Technologies Overview Our Vision Adaptive Identity Management 05/05/2019 Adaptive Identity Management - Technologies Overview

Vision: Adaptive Identity Management (AIM) Core Properties Integrated and Collaborative Management of Identity Management Tasks Policy-Driven Management Context Awareness 05/05/2019 Adaptive Identity Management - Technologies Overview

Vision: Adaptive Identity Management (AIM) Open API Standardisation Management Proxies Cooperation at different Levels of Abstraction Policy Languages Integration of Identity, Trust, Privacy, Security Aspects Delegation of Policy Refinement Scalability Across Boundaries and Domains 05/05/2019 Adaptive Identity Management - Technologies Overview

Moving Towards AIM: Accountable Identity and Privacy Management [1] Privacy Protection via High-Level, Sticky Policies Accountability Enforcement via TTPs User Control Leverage IBE to Enforce Sticky Policies Leverage Trusted Platforms Leverage Tagged OS Leverage HSA 05/05/2019 Adaptive Identity Management - Technologies Overview

Moving Towards AIM: Accountable Identity and Privacy Management [2] Integration of Multiple Constraints at Different Levels of Abstraction via Sticky Policies Authoring of Sticky Policies based on Templates and Policy Wizard 05/05/2019 Adaptive Identity Management - Technologies Overview

Technology Development Overview 05/05/2019 Adaptive Identity Management - Technologies Overview

Hardware Security Appliance (HSA) Concept Systems can be subverted HSA We are using such devices as service delivery mechanisms so that an independent service runs on the device. It has its own trust domain – it can be thought of as creating a virtual trust domain in the wider IT systems. To do this the service has its own identity and is configured with a set of policies defining who can administer and control this service (even remotely). In fact the ability to execute policies along with the standard HSM crypto functions. This combination of policy and keys is at the heart of many of the solutions so lets illustrate some of these solutions Of course being on trusted hardware this can be placed right next inside the IT infrastructure to whom services are being delivered. App Control Other Processes Worm Virus Hacker App Process policy HSA Service API System Server Administrator 05/05/2019 Adaptive Identity Management - Technologies Overview

HSA – Trust Domains IT Infrastructure HSA Based Service Service API (Key use, Authentication, Authorisation, Audit.... Management Policies Service Identity Management Interface (Constrained by Policy) Signed Chain of Management events Network System Administrators Domain Service Administrator 05/05/2019 Adaptive Identity Management - Technologies Overview

TCPA/TCG - Implementation Status Trusted Platform Modules (TPM) based on 1.1b specification available Atmel Infineon National Semiconductor Compliant PC platforms shipping now HP-Protect Tools Embedded Security available on D530 business desktops IBM ThinkPad notebooks and NetVista desktops Increasing application support RSA Secure ID, Checkpoint VPN, Verisign PTA National Infineon Atmel Note: Modules shown are for test & debug. Actual system implementation may vary. 05/05/2019 Adaptive Identity Management - Technologies Overview

Adaptive Identity Management - Technologies Overview Secure Data Tagging Data comes with tags that reflect policies All data is tagged; the tag specifies how to handle data whether it is private, confidential, sensitive etc Works with standard applications Policy is enforced by the OS kernel irrespective of application behaviour Even a compromised application can’t leak your confidential data - a virus might send emails on your behalf, but it can’t send any confidential data in them (it’ll be encrypted or never sent, depending on policy) Transparent and automatic application of policy to data No action is needed by users or applications for this to happen and there need be no change application or user behaviour 05/05/2019 Adaptive Identity Management - Technologies Overview

Policy distribution and enforcement Policy Creation and Translation System policies created in dflow compiler Policy File in Internal Format Every tagging-aware device to be governed by a data usage policy In the ideal business environment, standard policies are published from a central location and dynamically propagated to policy aware devices Control Enforcement Tagged Data Decision Policy evaluation engine Flow causing operation yes, no, more checks 05/05/2019 Adaptive Identity Management - Technologies Overview

What is Identifier-based Encryption (IBE)? It is an Emerging Cryptography Technology HP Approach based on Elliptic-Curve Crypography Based on a Three-Player Model: Sender, Receiver, Trust Authority (Trusted Third Party) Same Strength as RSA Usage: for Encryption/Decryption, Signatures, Role-based Applications, Policy Enforcement, etc. 05/05/2019 Adaptive Identity Management - Technologies Overview

Adaptive Identity Management - Technologies Overview IBE Core Properties 1st Property: Any Kind of “String” (or Sequence of Bytes) Can Be Used as an IBE Encryption Key: for example a Role, Terms and Conditions, an e-Mail Address, a Picture, a Disclosure Time 2nd Property: The Generation of IBE Decryption Keys Can Be Postponed in Time, even Long Time After the Generation of the Correspondent IBE Encryption Key 3rd Property: Reliance on at Least a Trust Authority (Trusted Third Party) for the Generation of IBE Decryption Key 05/05/2019 Adaptive Identity Management - Technologies Overview

IBE Three-Player Model Alice Trust Authority Bob 4. Alice Sends the encrypted Message to Bob, along with the Encryption Key 4 2. Alice knows the Trust Authority's published value of Public Detail N It is well known or available from reliable source 2 3. Alice chooses an appropriate Encryption Key. She encrypts the message: Encrypted message = {E(msg, N, encryption key)} 3 5. Bob requests the Decryption Key associated to the Encryption Key to the relevant Trust Authority. 5 6. The Trust Authority issues an IBE Decryption Key corresponding to the supplied Encryption Key only if it is happy with Bob’s entitlement to the Decryption Key. It needs the Secret to perform the computation. 6 1. Trust Authority - Generates and protects a Secret - Publishes a Public Detail N 1 05/05/2019 Adaptive Identity Management - Technologies Overview

Active Digital Credentials Active Digital Credential: Up-to-Date Certified Information Integration of Procedures Within Digital Credentials to Retrieve Certified Up-to-Date Information along with its Trust Evaluation 05/05/2019 Adaptive Identity Management - Technologies Overview