Delegation and Proxy Services in Digital Credential Environments Carlisle Adams School of Information Technology and Engineering University of Ottawa.

Slides:

Advertisements

Similar presentations

Secure Multiparty Computations on Bitcoin

Advertisements

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Public Key Management and X.509 Certificates

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.

Grid Security. Typical Grid Scenario Users Resources.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes Author: Stanislaw Jarecki and Xiaomin Liu University of California, Irvine From:

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Security Management.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 Authentication Protocols Celia Li Computer Science and Engineering York University.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Computer Science Public Key Management Lecture 5.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

14 May 2002© TrueTrust Ltd1 Privilege Management in X.509(2000) David W Chadwick BSc PhD.

Cryptology Digital Signatures and Digital Certificates Prof. David Singer Dept. of Mathematics Case Western Reserve University.

Chapter 10: Authentication Guide to Computer Network Security.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

Trust Anchor Management Problem Statement 69 th IETF Trust Anchor Management BOF Carl Wallace.

ECE454/599 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2012.

Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

Lecture 11: Strong Passwords

Grid Security 1. Grid security is a crucial component Need for secure communication between grid elements  Authenticated ( verify entities are who they.

Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.

Secure Credential Manager Claes Nilsson - Sony Ericsson

SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

Compliance Defects in Public- key Cryptography “ A public-key security system trusts its users to validate each others’s public keys rigorously and to.

1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Csci5233 computer security & integrity 1 Cryptography: an overview.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.

Matej Bel University Cascaded signatures Ladislav Huraj Department of Computer Science Faculty of Natural Sciences Matthias Bel University Banska Bystrica.

Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.

Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.

Security & Privacy. Learning Objectives Explain the importance of varying the access allowed to database elements at different times and for different.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Authorisation, Authentication and Security Guy Warner NeSC Training Team Induction to Grid Computing and the EGEE Project, Vilnius,

Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy.

A Simple Traceable Pseudonym Certificate System for RSA-based PKI SCGroup Jinhae Kim.

Creating and Managing Digital Certificates Chapter Eleven.

Using Public Key Cryptography Key management and public key infrastructures.

Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.

Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.

Electronic Voting R. Newman. Topics Defining anonymity Need for anonymity Defining privacy Threats to anonymity and privacy Mechanisms to provide anonymity.

VOMS Attribute Authorities Michael Helm ESnet/LBNL 23 Feb 2007.

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

AuthZ WG Conceptual Grid Authorization Framework document Presentation of Chapter 2 GGF8 Seattle June 25th 2003 Document AID 222 draft-ggf-authz-framework pdf.

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

1 Secret Handshakes or Privacy-Preserving Interactive Authentication Gene Tsudik University of California, Irvine joint work with: Claude Castelluccia,

Laws for Secure Credentialing

Cryptography: an overview

Chapter 4 Cryptography / Encryption

Presentation transcript:

Delegation and Proxy Services in Digital Credential Environments Carlisle Adams School of Information Technology and Engineering University of Ottawa

Outline Digital Credentials technology Additional Real-World Entities to Consider Delegation (Business Users) Proxy Service (“Ordinary” Users) Conclusions & Future Work

Auth’n and Auth’z Authentication: who you are Authorization: what you’re allowed to do Need to prove to the guard that you own the credentials required for access Often, this proof is done implicitly (through the medium of identity; i.e., through authentication) Privacy-preserving authorization: no identity Login to a members-only website anonymously?

Digital Credentials Brands (Rethinking PKIs and Dig. Certs) Your credentials: encoded into your public key, h Your public key: certified by a trusted authority Digital signature on public key means that the authority warrants that (i) there are credentials encoded into this key, and (ii) whoever knows the private key corresponding to this public key is the legitimate owner of these credentials In a transaction: you prove credential ownership You reveal your certificate (i.e., public key and authority’s signature on this public key) to the guard The guard removes the required credentials from the public key (h becomes h’), and you show that you know the private key corresponding to this modified public key, h’

Issuing Protocol a, PK h = Alice’s public key = f(Alice’s attribute values, PK) c = f(h, a) Random a, public key PK c, attribute values r = f(c, CA’s private key) r c’ = f(c) r’ = f(r) Alice’s digital credential is h and the CA’s signature on h is (c’, r’) Alice CA

Showing Protocol Alice Bob m Nonce m r i = f(Alice’s secret attribute values, m) h, (c’, r’), r i, claimed attribute values h’ = f(h, m) Are r i and the claimed attributes a private key for h’?

Our Research Our work has focused on modifying / extending Brands’ protocols to make them more suitable for two practical, real-world types of people Business users (delegation of credentials in a corporate setting)  Joint work with David Knox “Ordinary” users (use of a constrained device with limited memory and processing power)  Joint work with Daniel Shapiro and Vishal Thareja

Delegation Original proposal for digital credentials ensures that credentials cannot be passed on (e.g., sensitive information encoded into key so that you can’t give any credentials to another entity without also giving this information) However, in many business environments, there are legitimate requirements for constrained credential delegation (e.g., manager on vacation)

Delegation of Credentials Delegator (A), Delagatee (D), Verifier (B) Key pairs are created for the delagatee and the verifier; these have a mathematical relationship to the delagator’s key pair. All three public keys are certified by the authority.

Digital Credential “Triples” Where So that

Delegation of Credentials Delegator (A), Delagatee (D), Verifier (B) A gives the (x i -m i ) values to Del along with the secret value delta, and gives the secret value beta to Bob Scenario 1: A reveals some credentials to D (by revealing the corresponding m i values). D can now prove ownership of any subset of these to B (using D’s certificate, A’s certificate, and B’s certificate), without revealing others Scenario 2: A reveals m i values to B but not to D. D is able to prove ownership of (x i - m i ) values to B so that B learns x i values but D does not Scenario 3: A reveals m i values to B but not to D. D is able to prove properties of corresponding credentials to B without either entity being able to determine the actual credential values Any of these may be useful in a corporate environment A decides who she wants to trust, and to what extent

Our Research Our work has focused on modifying / extending Brands’ protocols to make them more suitable for two practical, real-world types of people Business users (delegation of credentials in a corporate setting)  Joint work with David Knox Ordinary users (use of a constrained device with limited memory and processing power)  Joint work with Daniel Shapiro and Vishal Thareja

Constrained Devices In many real-world situations, Alice may not have her digital credentials physically with her (and/or may not have the protocol engine and processing power to engage in the required showing protocol) In particular, Alice may have only a cell phone or PDA with her (very common scenario these days) How can we incorporate digital credentials in such environments? Use a proxy service…

Overall Architecture Biometric (voice print) over SSL to Login 1 Normal showing protocol, but giving proof of blinded credentials 2 Graphical pwd over SSL to unblind cred. (authorize trans.) 3 Proxy stores (blinded) dig. cred.

Proxy Service Alice has a proxy service to store her (blinded) digital credential, and to engage in the showing protocol on her behalf Alice uses her constrained device (e.g., cell phone) to log into / initiate the proxy, and to authorize the completed transaction (unblind the relevant attributes) at the verifier Alice is able to use digital credentials technology without a powerful laptop and without having to place undue trust in the proxy

Conclusions Digital Credentials Allow entities to choose which attributes to reveal to whom in particular situations (potentially an important tool in helping to prevent identity theft) In many environments An entity may wish / need to “lend” some attributes to another entity (typically subject to some constraints) so that specific transactions can occur An entity may wish / need to “outsource” storage and processing to a proxy service and use only a constrained device (such as a cell phone or PDA) Goal of this work: To combine the above notions: to maintain user choice in what attributes are revealed, even when they are held by another entity

Directions for Further Work Implementation and analysis of proposals Complexity, usability, performance impact, etc. Other extensions for additional environments What other real-world entities may be able to usefully employ digital credential technology?