Presentation is loading. Please wait.

Presentation is loading. Please wait.

Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK InfraSec 2002 InfraSec 2002 Bristol, 01-03 October 2002 Marco Casassa Mont Richard.

Published byGervais Bates Modified over 9 years ago

Similar presentations

Presentation on theme: "Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK InfraSec 2002 InfraSec 2002 Bristol, 01-03 October 2002 Marco Casassa Mont Richard."— Presentation transcript:

1 Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK InfraSec 2002 InfraSec 2002 Bristol, 01-03 October 2002 Marco Casassa Mont Richard Brown marco_casassa-mont@hp.comrichard_brown@hp.com Active Digital Credentials: Dynamic Provision of Up-to-Date Identity Information

2 Outline Problem: Provision of Up-to-Date Certified Information in Dynamic Environments Limitations of Current Solutions Proposed Model: Active Digital Credentials Discussion Conclusions

3 Trends Increase of e-Commerce, B2B and Government Transactions and Interactions on the Internet E-Commerce Initiatives Aiming at Enhancing and Simplifying Customer Experiences (MS Passport, Liberty Alliance) Usage of PKI and Digital Certificates to underpin Government and Business Initiatives Increase of the Number of Interactions with a Lack of Prior Knowledge about the Involved Parties

4 Identities and Profiles are Key Enablers of Interactions and Transactions on the Internet for E-commerce, Enterprises, Social Purposes and with Government Institutions Role of Digital Identities and Profiles

5 Problems Trustworthiness of the Involved Parties Authenticity of Identity and Profile Information Provision of Valid and Up-to-Date Identity and Profile Information

6 Focus of this Work Provision of Up-to-Date Certified Identity and Profile Information in Dynamic Environments: - dynamic changes of financial profile, reputation, rating, etc. depending on transactions, interactions, etc. - dependency on contextual information - …

7 Digital Credentials and Public Key Infrastructures Digital Credentials: Viable Way to Supply Certified Information. PK Infrastructures Provide Mechanisms for Verification of Validity and Trustworthiness of the Involved Parties Support for Lifecycle Management of Credentials

8 Classic X.509 PKI Certification Authority (Credential Issuer) Credential Owner Relying Parties Issuance Disclosure Lifecycle Management Request Interpretation Trusted Information Providers Verification

9 X.509 PKI Certification Authority (CA) must Assess the Validity and Trustworthiness of the Information to be Certified Reliance on CAs for the Provision of Accountable Lifecycle Management of Digital Certificates (including keeping Certificate Revocation Lists - CRLs - up-to-date) Relying Parties must check the validity of Digital Credentials (CRLs, OCSP Responders, etc.)

10 X.509 PKI Complexity of Dealing with Trust Assessment and Validation of Digital Certificates (CA chains) Scalability Problem of Certification Chains Problem of supplying Certified Information in case of Dynamic Contexts: - validity of certified information - accuracy of certified information - trustworthiness of certified information

11 Current Approach for X.509 PKI X.509 Attribute Certificate Signature X.509 Identity Certificate IssuerDN Serial Number Credit card: … Expiration: … CERTIFICATE Separation of “Duties”: X.509 Identity Certificate: “medium-term” certified Information X.509 Attribute Certificate: “short-term” certified Information

12 Issues X.509 Identity and Attribute Certificates contain a Snapshot of the certified Information, at the Issuance Time Short term expiration dates, frequent revocations and Proliferation of Certificates create Complexity and Confusion The whole certificate must be Revoked even if only a subset of the Information contained in a Certificate is not valid anymore The off-line usage of Identity and Attribute Certificates is a myth! Relying Parties must verify (on-line) the validity of Certificates (by accessing CRLs, OCSP, etc.) Certification Authorities should check for the Validity of the Certified Information at the Source of this Information and Update CRLs

13 Issues Alternative PK Approaches (SPKI, etc.) based on Certificates have the same Problem. Alternative Approaches based on on-the-fly Assertion of Identity and Profile Information (for example SAML) only provide a Certified Snapshot of this Information.

14 Our Proposal: Active Digital Credentials

15 Active Digital Credential Objectives: It is a Certified Collection of Attributes along with Embedded Mechanisms to Retrieve and Calculate Attributes’ Values by Executing Local Computation Cope with Dynamic Identity and Profile Information (financial, trust, rating, etc.) Provision of Up-to-Date Certified Information and Added-value Aggregation of this Information Address the Complexity of Current Lifecycle Management by Reducing the need for Certificate Revocation

16 Active Digital Credential Model Extension of Current Digital Certificate Model, by adding Dynamic Computational Aspects Described in the Context of the X.509 PKI Context (but not limited to the X.509 Model) Work in progress …

17 LocalProcessing Bank Enterprise Government Attribute Name Attribute Value Validity/ Trust Credit Limit Credit Rating Location … Attributes Active Digital Credential Local/Remote Interactions

18 Active Digital Credential Attribute 1 Attribute n Attribute Properties Trustworthiness ….. Function 1 Value Function 2 Function j Function k Function 3 Value Trustworthiness Attribute Properties ….. Function x Function y Global Trust Attribute Validity Attribute ….. Payload Trust Info & Signature E X T E R N A L S O U R C E S Code Active Digital Credential

19 Active Digital Credential Trusted Information Providers Credential IssuerCredential OwnerRelying Parties Dynamic Content Provision Issuance Disclosure Lifecycle Management Model Request Interpretation Embedded Code Local Processing

20 Active Digital Credentials: Properties Embedded Code Provides Dynamic and Fine-Grained Evaluation of: Values of Credential Attributes Validity and Trustworthiness of these Attributes Validity and Trustworthiness of the Whole Digital Credential Local Elaboration Allows: Aggregation of Multiple Attribute Values Correlation of Information Fetched from Heterogeneous Sources

21 Active Digital Credentials: Properties The Validity and Trustworthiness of an Active Credentials and any of its Attributes does not need to be Binary (Valid, Not Valid). Fuzziness is allowed. Some of the Credential Attributes Might Not be Valid Anymore, but this Does Not Necessarily Compromise the Validity of the Entire Credential and the other Attributes Embedded Functions can be used to Implement Fine-Grained Decaying Credentials, depending on the Time Factor

22 Active Digital Credentials: Properties Attributes Values can be disclosed only at the Interpretation Phase, after “Trust Establishment” between the Relying Party and the Information Provider. Privacy Management. Identity Certificates of Trusted Information Providers can be Embedded, for Security Reasons

23 Scenario 1: Consumer-Service Provider

24 Scenario 2: Federated Identity Management Credential Issuer Credential Issuance Credential Owner Relying Party Trust Relationships Digital Credentials Lifecycle management Active Credentials Identity Providers Active Credentials Trust Relationships Trust Relationships Information Providers 1 2 3 4

25 Credential Owner Need to Trust a Credential Issuer (as for traditional PKI …) Might have to make the Credential Issuer aware of the Relevant Information Providers Can decide which Information can be Accessed by the Credentials Can set Access Control Policies (at the Information Provider site) on this Information Some of this Policies can be set by other Parties (Enterprise, Government, etc.)

26 Credential Issuer (CA) Responsible for Assessing: Correctness of the embedded functions (it might write them) Trustworthiness of the Information Providers Trustworthiness of the Users that request Credentials It Must be Accountable (need for Auditing Mechanisms) Responsible for Active Credentials’ Lifecycle Management It Needs to Establish Trust Relationships with Information Providers

27 Relying Party Need to Trust Credential Issuers (as for traditional PKI …) Uses the Added-Value Information (fine-grained trust and validity evaluation for attributes and the overall credentials, aggregated information, etc.) provided by the Interpretation of Active Credentials to Draw his/her Own Conclusions Relies on the Correctness of the Embedded Functions and Makes use of an Extended Infrastructure to Verify and Execute Active Digital Credentials

28 Active Digital Credential Interpretation Infrastructure Communication Mechanisms Validation & Verification Authorization Logging Local System Context Credential Interpreter API Applications & Services Secure Interpretation Environment, Based on Virtual Machines

29 Security Considerations Relying Party Information Providers/ Credential Issuers Information Service - Check the Identity of Remote Parties Against List of Trusted Identity Certificates Embedded in the Active Digital Credential - Check Signatures of the Inputs Received by Information Providers

30 Security Considerations Relying Party Information Providers/ Credential Issuers Information Service - Check Identity of Remote Party - Check the Requests sent by Active Credentials Functions (such as ref. numbers, Credential Digest, etc.) against policies (set by the Credential Owner, etc.) - Digitally Sign (and Encrypt) the Disclosed Information

31 Security Considerations Relying Party Information Providers/ Credential Issuers Information Service Secure, Encrypted Channel (SSL …)

32 Discussion Active Digital Credentials Depend on On-line Interactions with Third Parties. The Availability of a Communication Infrastructure might be a Potential Issue (but similar problem exists for traditional credentials …) More Flexibility and Reduced Dependency on Changes of the Certified Information. Does it Really Imply a Simplified Credential Lifecycle Management? Active Digital Credentials can help Credentials’ Owners to Explicitly Control the Disclosures of their Information

33 Discussion The Technology Necessary to Build Active Digital Credentials is Available, especially in term of Security (secure channels, encryption, signatures, etc.) Requires Trust and Reliance on Credential Issuers and Information Providers. Auditing Mechanisms are necessary to underpin Accountability. We extend the PKI Model, but we Do Not Change the Underlying Trust Model.

34 Current and Future Work Build a Working Prototype in a Realistic Environment (such as Federated Identity Management) Explore, for Real, the Feasibility of the Proposed Model Investigate the Implications in term of Life-cycle Management (especially for the Embedded Code)

35 Conclusions The Provision of Up-to-Date Certified Information is an Issue in case of Dynamic Environment. Traditional PKI has Limitations, due to the Static Nature of Digital Certificates Active Digital Credential Model: Embedding Certified Code within Digital Credentials for Retrieval, Processing, Aggregation and Evaluation of Identity and Profile Information Potential Advantages in term of Flexibility and Longevity of Active Digital Credentials Work in Progress …

36

Download ppt "Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK InfraSec 2002 InfraSec 2002 Bristol, 01-03 October 2002 Marco Casassa Mont Richard."

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.
Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.

Secure Naming structure and p2p application interaction IETF - PPSP WG July 2010 Christian Dannewitz, Teemu Rautio and Ove Strandberg.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
A Framework for Distributed OCSP without Responders Certificate

A Framework for Distributed OCSP without Responders Certificate
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, 2013 © Ravi Sandhu World-Leading Research.

1 Privacy Prof. Ravi Sandhu Executive Director and Endowed Chair March 8, © Ravi Sandhu World-Leading Research.
Extended Validation Models in PKI Alternatives and Implications Marc Branchaud John Linn

Extended Validation Models in PKI Alternatives and Implications Marc Branchaud John Linn
Certificates Last Updated: Aug 29, 2013. A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.
7/11/2011Pomcor 1 Pros and Cons of U-Prove, Idemix and Other Privacy-Enhancing Technologies Francisco Corella Karen Lewison Pomcor.

7/11/2011Pomcor 1 Pros and Cons of U-Prove, Idemix and Other Privacy-Enhancing Technologies Francisco Corella Karen Lewison Pomcor.
Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.

Donkey Project Introduction and ideas around February 21, 2003 Yuri Demchenko.
Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.

Geneva, Switzerland, 2 June 2014 Introduction to public-key infrastructure (PKI) Erik Andersen, Q.11 Rapporteur, ITU-T Study Group 17 ITU Workshop.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct, 17 2012.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Negotiated Revealing of Trader’s Credentials in e-Marketplaces: Dealing with Trust and Privacy Issues Marco Casassa Mont, Mike Yearworth

Negotiated Revealing of Trader’s Credentials in e-Marketplaces: Dealing with Trust and Privacy Issues Marco Casassa Mont, Mike Yearworth
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Public Key Infrastructure (X509 PKI)

Public Key Infrastructure (X509 PKI)
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Similar presentations

Ads by Google