10/20/2011Pomcor 1 Deployment and Usability of Cryptographic Credentials Francisco Corella Karen Lewison Pomcor.

Slides:

Advertisements

Similar presentations

Presence, Security and Privacy. VON The Current Environment Many Faces of Security Authentication Verify someone is who they.

Advertisements

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Digital Certificate Installation & User Guide For Class-2 Certificates.

Digital Certificate Installation & User Guide For Class-2 Certificates.

CP3397 ECommerce.

MyProxy: A Multi-Purpose Grid Authentication Service

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.

9/11/2012Pomcor 1 Techniques for Implementing Derived Credentials Francisco Corella Karen Lewison Pomcor (

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

7/11/2011Pomcor 1 Pros and Cons of U-Prove, Idemix and Other Privacy-Enhancing Technologies Francisco Corella Karen Lewison Pomcor.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Key Provisioning Use Cases and Requirements 67 th IETF KeyProv BOF – San Diego Mingliang Pei 11/09/2006.

Grid Security. Typical Grid Scenario Users Resources.

CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Kerberos and PKI Cooperation Daniel Kouřil, Luděk Matyska, Michal Procházka Masaryk University AFS & Kerberos Best Practices Workshop 2006.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

Electronic Transaction Security (E-Commerce)

November 1, 2006Sarah Wahl / Graduate Student UCCS1 Public Key Infrastructure By Sarah Wahl.

Using Digital Credentials On The World-Wide Web M. Winslett.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

Web Application Authentication with PKI & Other Functions Bill Weems & Mark B. Jones Academic Technology University of Texas Health Science Center at Houston.

CSCI 6962: Server-side Design and Programming

Digital Certificate Installation & User Guide For Class - 2 Certificates.

OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.

BZUPAGES.COM Electronic Payment Systems Most of the electronic payment systems on internet use cryptography in one way or the other to ensure confidentiality.

SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.

Masud Hasan Secue VS Hushmail Project 2.

Digital Certificates Made Easy Sam Lutgring Director of Informational Technology Services Calhoun Intermediate School District.

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

SODA Archiving October 2013

1 Using EMV cards for Single Sign-On 26 th June st European PKI Workshop Andreas Pashalidis and Chris J. Mitchell.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Configuring Directory Certificate Services Lesson 13.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

1 DCS 835 – Computer Networking and the Internet Digital Certificate and SSL (rev ) Team 1 Rasal Mowla (project leader) Alvaro Restrepo, Carlos.

Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.

Building Security into Your System Bill Major Gregory Ponto.

CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.

The FIDO Approach to Privacy Hannes Tschofenig, ARM Limited 1.

MEMBERSHIP AND IDENTITY Active server pages (ASP.NET) 1 Chapter-4.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.

Step 1 Remove the wifi Network which is already connected.

1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

05/03/2011Pomcor 1 Meeting the Privacy Goals of NSTIC in the Short Term Presentation at the 2011 Internet Identity Workshop Francisco Corella and Karen.

Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.

TOPIC: HTTPS (Security protocol)

Data and Applications Security Developments and Directions

MMA MarketLink Easy, step by step enrollment!

Securing Windows 7 Lesson 10.

Install AD Certificate Services

Process flow Kindly note: This presentation is automated – please do not click any of your mouse buttons or keyboard keys.

Unit 8 Network Security.

Electronic Payment Security Technologies

Presentation transcript:

10/20/2011Pomcor 1 Deployment and Usability of Cryptographic Credentials Francisco Corella Karen Lewison Pomcor

10/20/2011Pomcor 2 Outline Privacy requires cryptographic credentials The deployment problem User experience Open question: how to explain unlinkability to the user

10/20/2011Pomcor 3 Privacy without Passwords Requires Cryptographic Credentials Levels of Privacy LOP 0: Online identity provider LOP 1: Offline issuer, linkable certificates LOP 2: Issuance-show unlinkability LOP 3: Issuance-show + multi-show unlinkability LOPs 1, 2 and 3 require cryptographic credentials

10/20/2011Pomcor 4 The Deployment Problem PKI certificates are a mature technology, but they have not been widely deployed on the Web for user authentication Why? Because they are not well supported by current Web technology By contrast server certificates have been very successful because they are well supported

10/20/2011Pomcor 5 What ’ s Missing in Current Web Technology Consistent support in browsers Full support in the core Web protocols (HTTP, TLS) Mechanism for issuing credentials automatically to the browser

10/20/2011Pomcor 6 Browser Should Manage and Present Credentials … because user should not have to install any software Browser could associate credentials with different personas (e.g. work vs. personal ) Syncing credentials between browsers on different devices is easy by equipping each browser with key pairs for encryption and signature

10/20/2011Pomcor 7 Cryptographic Credentials Should be Supported by HTTP and TLS The relying party should ask for specific credentials or attributes in an HTTP response message The browser would then present credentials within TLS, after the handshake, in a separate TLS layer to be specified

10/20/2011Pomcor 8 Credentials Should be Issued Automatically to the Browser Interactive issuance protocols would be run within TLS, in a separate TLS layer to be specified, eliminating HTTP and application overhead TLS would then interleave protocol interactions with transmission of application layer data Cryptographic protocols could use the PRF facility provided by TLS

10/20/2011Pomcor 9 User Experience Browser takes care of all the details User clicks on login button or requests functionality that requires authentication Relying party asks for credentials, which browser locates in its credential store or in smart card, possibly based on currently active persona Browser may or may not ask for permission to present the credentials “ Don ’ t ask again ”

10/20/2011Pomcor 10 Open Question User is entitled to know the privacy provided by each credential How can that be explained to a casual user? Unlinkability is not a trivial concept Unlinkability does not matter if disclosed attributes uniquely identify the user Are LOPs the answer?