Presentation is loading. Please wait.

Presentation is loading. Please wait.

Delegation and Proxy Services in Digital Credential Environments Carlisle Adams School of Information Technology and Engineering University of Ottawa.

Published byPaul Hoover Modified over 9 years ago

Similar presentations

Presentation on theme: "Delegation and Proxy Services in Digital Credential Environments Carlisle Adams School of Information Technology and Engineering University of Ottawa."— Presentation transcript:

1 Delegation and Proxy Services in Digital Credential Environments Carlisle Adams School of Information Technology and Engineering University of Ottawa

2 Outline Digital Credentials technology Additional Real-World Entities to Consider Delegation (Business Users) Proxy Service (“Ordinary” Users) Conclusions & Future Work

3 Auth’n and Auth’z Authentication: who you are Authorization: what you’re allowed to do Need to prove to the guard that you own the credentials required for access Often, this proof is done implicitly (through the medium of identity; i.e., through authentication) Privacy-preserving authorization: no identity Login to a members-only website anonymously?

4 Digital Credentials Brands (Rethinking PKIs and Dig. Certs) Your credentials: encoded into your public key, h Your public key: certified by a trusted authority Digital signature on public key means that the authority warrants that (i) there are credentials encoded into this key, and (ii) whoever knows the private key corresponding to this public key is the legitimate owner of these credentials In a transaction: you prove credential ownership You reveal your certificate (i.e., public key and authority’s signature on this public key) to the guard The guard removes the required credentials from the public key (h becomes h’), and you show that you know the private key corresponding to this modified public key, h’

5 Issuing Protocol a, PK h = Alice’s public key = f(Alice’s attribute values, PK) c = f(h, a) Random a, public key PK c, attribute values r = f(c, CA’s private key) r c’ = f(c) r’ = f(r) Alice’s digital credential is h and the CA’s signature on h is (c’, r’) Alice CA

6 Showing Protocol Alice Bob m Nonce m r i = f(Alice’s secret attribute values, m) h, (c’, r’), r i, claimed attribute values h’ = f(h, m) Are r i and the claimed attributes a private key for h’?

7 Our Research Our work has focused on modifying / extending Brands’ protocols to make them more suitable for two practical, real-world types of people Business users (delegation of credentials in a corporate setting)  Joint work with David Knox “Ordinary” users (use of a constrained device with limited memory and processing power)  Joint work with Daniel Shapiro and Vishal Thareja

8 Delegation Original proposal for digital credentials ensures that credentials cannot be passed on (e.g., sensitive information encoded into key so that you can’t give any credentials to another entity without also giving this information) However, in many business environments, there are legitimate requirements for constrained credential delegation (e.g., manager on vacation)

9 Delegation of Credentials Delegator (A), Delagatee (D), Verifier (B) Key pairs are created for the delagatee and the verifier; these have a mathematical relationship to the delagator’s key pair. All three public keys are certified by the authority.

10 Digital Credential “Triples” Where So that

11 Delegation of Credentials Delegator (A), Delagatee (D), Verifier (B) A gives the (x i -m i ) values to Del along with the secret value delta, and gives the secret value beta to Bob Scenario 1: A reveals some credentials to D (by revealing the corresponding m i values). D can now prove ownership of any subset of these to B (using D’s certificate, A’s certificate, and B’s certificate), without revealing others Scenario 2: A reveals m i values to B but not to D. D is able to prove ownership of (x i - m i ) values to B so that B learns x i values but D does not Scenario 3: A reveals m i values to B but not to D. D is able to prove properties of corresponding credentials to B without either entity being able to determine the actual credential values Any of these may be useful in a corporate environment A decides who she wants to trust, and to what extent

12 Our Research Our work has focused on modifying / extending Brands’ protocols to make them more suitable for two practical, real-world types of people Business users (delegation of credentials in a corporate setting)  Joint work with David Knox Ordinary users (use of a constrained device with limited memory and processing power)  Joint work with Daniel Shapiro and Vishal Thareja

13 Constrained Devices In many real-world situations, Alice may not have her digital credentials physically with her (and/or may not have the protocol engine and processing power to engage in the required showing protocol) In particular, Alice may have only a cell phone or PDA with her (very common scenario these days) How can we incorporate digital credentials in such environments? Use a proxy service…

14 Overall Architecture Biometric (voice print) over SSL to Login 1 Normal showing protocol, but giving proof of blinded credentials 2 Graphical pwd over SSL to unblind cred. (authorize trans.) 3 Proxy stores (blinded) dig. cred.

15 Proxy Service Alice has a proxy service to store her (blinded) digital credential, and to engage in the showing protocol on her behalf Alice uses her constrained device (e.g., cell phone) to log into / initiate the proxy, and to authorize the completed transaction (unblind the relevant attributes) at the verifier Alice is able to use digital credentials technology without a powerful laptop and without having to place undue trust in the proxy

16 Conclusions Digital Credentials Allow entities to choose which attributes to reveal to whom in particular situations (potentially an important tool in helping to prevent identity theft) In many environments An entity may wish / need to “lend” some attributes to another entity (typically subject to some constraints) so that specific transactions can occur An entity may wish / need to “outsource” storage and processing to a proxy service and use only a constrained device (such as a cell phone or PDA) Goal of this work: To combine the above notions: to maintain user choice in what attributes are revealed, even when they are held by another entity

17 Directions for Further Work Implementation and analysis of proposals Complexity, usability, performance impact, etc. Other extensions for additional environments What other real-world entities may be able to usefully employ digital credential technology?

Download ppt "Delegation and Proxy Services in Digital Credential Environments Carlisle Adams School of Information Technology and Engineering University of Ottawa."

Similar presentations

Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]

Claudia Diaz, Hannelore Dekeyser, Markulf Kohlweiss, Girma Nigusse K.U.Leuven IDIS Workshop 29/05/2008 [Work done in the context of the ADAPID project]
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.

Lect. 18: Cryptographic Protocols. 2 1.Cryptographic Protocols 2.Special Signatures 3.Secret Sharing and Threshold Cryptography 4.Zero-knowledge Proofs.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.

IAW 2006 Cascaded Authorization with Anonymous- Signer Aggregate Signatures Danfeng Yao Department of Computer Science Brown University Joint work with.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University.

Privacy-Preserving Trust Negotiations Mikhail Atallah Department of Computer Science Purdue University.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes Author: Stanislaw Jarecki and Xiaomin Liu University of California, Irvine From:

Unlinkable Secret Handshakes and Key-Private Group Key Management Schemes Author: Stanislaw Jarecki and Xiaomin Liu University of California, Irvine From:
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Similar presentations

Ads by Google