Tehnologia U-Prove

Cuprins
Context
Descriere general
Aspecte de baz ale tehnologiei
Emiterea unui token U-Prove
Tehnici de securitate
Implementri
Concluzii
Context
Dorina organizailor de a-i pstra securizat identitatea
utilizatorilor serviciilor oferite
Factori de influen:
Criterii financiare i de eficien
Schimbul de informaii personale
Ameninrile de securitate (phishing, furt de identitate,
replay etc)
Soluii software/hardware convenionale: OpenID,
Protocoale de autentificare, PKI, eID cards etc
Organizaiile schimb informaii ntre ele ->
clienii pot pierde controlul asupra aciunilor lor
Ameninrile pot aprea din mai multe surse:
persoane interne ru intenionate
hackeri, virui
Ce ne dorim?
Tranzacii securizate fr a oferi posibilitatea
interceptorile de a fura identitatea i de a accesa date
confideniale
Cumprturi online fr a rmne monitorizai
Date personale oferite cat mai puine
Soluia: U-Prove
Cuprins
Context
Descriere general
Aspecte de baz ale tehnologiei
Emiterea unui token U-Prove
Tehnici de securitate
Implementri
Concluzii
Descriere general: U-Prove
Proiect iniiat de Stefan Brands la Credentica
Cumprat de Microsoft n martie 2008
Tehnologie ce permite:
Tranzmiterea unei cantiti minime de informai personale
Reducerea posibilitilor de violare a confidenialitii
Mecanisme avansate de criptografie care previn
posibiltatea ca sistemele sa sustraga informatii despre
utilizatori din multiple surse
Tehnologie cu mai multe nivele de securitate
Informaiile sunt accesate:
direct de la surs (persoana implicat)
intermediari (ageni, brokeri, furnizori externi)
Datele protejate pot fi accesate de intermediari pentru
memorare (folosire offline sau reutilizare)
Organizaiile pot vedea doar informaiile alese de
intermediar
Domenii de utilizare: votul electronic, piaa electronic,
dosare medicale, licitaii online, jocuri online, pot
electronic etc.
Domeniile pot fi extinse: protejarea informaiilor
proceselor, aplicaiilor software, instrumentelor
hardware, serviciilor de cloud computing
Cuprins
Context
Descriere general
Aspecte de baz ale tehnologiei
Emiterea unui token U-Prove
Tehnici de securitate
Implementri
Concluzii
Aspecte de baz ale tehnologiei
Concept de baz:
Token = colecie de informaii variate (atribute) protejate
criptografic
Token-urile sunt emise de o surs autoritar --> user (prin
protocol de emitere)
User --> RP (Relying Party) (prin protocol de prezentare)
String binar => poate fi prezentat peste orice reea electronic
Participanii necesit instrumente virtuale pentru ca
acestea s acioneze n contul lor
Roluli de baz:
Issuer = sursa autoritar
Prover = utilizatorul
Verifier = RP-ul
O entitate poate indeplini mai multe roluri sau un rol
poate fi divizat la mai multe entiti
Cuprins
Context
Descriere general
Aspecte de baz ale tehnologiei
Emiterea unui token U-Prove
Tehnici de securitate
Implementri
Concluzii
Emiterea unui token U-Prove (1)
Se iniiaz o instan de protocol de emitere (Issuer ->
Prover)
= protocol criptografic ce primete ca input atributele ce
necesit codificare
Semntura Issuer-ului nu este o simpl semntur
(RSA/DSA), ci un protocol n mai multe etape (astfel
Prover-ul poate alege ce informaii va ascunde)
Precondiii ale protocolului:
Proverul este eligibil pentru a primi un token
Issuerul se asigur c informaiile din token aparin
proverului corespunztor
Emiterea unui token U-Prove (2)
Protecii oferite de protocol Issuer-ului:
Integritate i autenticitate: token-ul are o semntur digital
ce nu poate fi decriptat (se verific autenticitatea i faptul c
nu a fost alterat)
Prevenirea atacurilor de tip Replay: cheie public cunoscut
doar Proverului (generat aleator de acesta), care nu face
parte din token, ca cea privat => se previne replicarea
tokenului de ctre verifier
Issuer-ul poate genera mai muli tokeni cu aceeai cheie
privat
Cheia public face parte din parametri publici ai Issuer-ului
(echivalentul certificatelor de autorizare PKI), care poate fi
accesat de oricine interesat s verifice Tokenii
emii/prezentai
Problema #1: Security
Compromiterea credenialelor IdP
Identity provider ,
accesul tuturor RPs
Phishingul o industrie n curs de dezvolta
Third parties se da
Strong authentication to IdP is possible, but
authentication to RP is weaker
Issued tokens are software only (token hijacking attacks,
transferability)
IdP is all powerful
IdP (insider, malicious code) can surreptitiously act on the
users behalf
Problema #2: Privacy
IdP can profile users activities
Even if IdP doesnt learn the visited RP, profiling
is possible by colluding parties (or insiders)
Timing correlation
Unique correlation handles (e.g.,
digital signatures, serial numbers, etc.)
Problem #3: Scalabilitate
Tokenii gata pe loc
IdP disponibil 24/7
IdP punctul central al tuturor dezastrelor
inta atacurilor de tipul Denial of Service
IdP - bottleneck pentru fiecare acces al
utilizatorilor
Wouldnt it be great to have one set of
Tokens and Protocols,
usable through all these classes of
services, providing Advanced Security &
Privacy
U-Prove Privacy by Design
Agenda
Introduction
U-Prove Technology overview
Key scenarios and target customers
U-Prove Community Technology Preview
Conclusions
U-Prove Technology
Strong multi-party security technology for user-centric identity, data
sharing, strong authentication, and digital signature
Allows you to build e-tokens
Has unique security, privacy, and efficiency benefits over conventional
crypto
Whats new?
Stronger security in cross-org environments
E.g. Improved Federation, Anti-phishing
Improved availability and privacy by leveraging
long-lived tokens
Similar to conventional security tokens (X.509, SAML, Kerberos), but
U-Prove tokens contain no inescapable correlation handles
E.g., coins (unlinkable) vs. bills (w/ serial#)
Users can prove properties of the claims
Disclose a subset of the claims
Derived claim: birth date to over-21 proof
Negation: name not on the control list
Not in current version
Gov
Name: Alice Smith
Address: 12 hoghstrasse, GE, Berlin
Adult: Over 18
Name: Alice Smith
Address: 12 hoghstrasse, Berlin, GE
D.O.B: 23-11-1955
Selective disclosure
Local
Referendum
The user can selectively disclose claims in
a U-Prove token issued to her in advance
Even in collusion, the issuing and relying
parties cannot learn more about the user
than what was disclosed
Local
Referendum
Prove that you
are over 18 and
from Berlin
Name: Alice Smith
Address: 12 hoghstrasse, GE, Berlin
Adult: Over 18
Which adult
from Berlin is
this?
Selective disclosure
Gov
?
The user can selectively disclose claims in
a U-Prove token issued to her in advance
Even in collusion, the issuing and relying
parties cannot learn more about the user
than what was disclosed
A glimpse on the magic
How can one hide elements of a Token without
breaking the authenticity?
All attributes are encoded into the Tokens signature
The user can disclose the attributes. The RP does the encoding
before verifying the signature
Or the user can hide the attributes by providing the encoding
himself. The RP can still validate the signature
How can one hide the tokens Public Key from the
Issuer? How can one hide the Issuers signature from
the Issuer?
Cryptographic Blinding.
The issuer signs a blinded/randomized message (Public Key).
The user can will do additional operations to remove the
blinding factor and as such calculate a new signature which can
be validated by RPs
Issuer never sees the real Public Key, nor its signature
Why do we need these features?
Using U-Prove will provide privacy by design
Applications can still use unique identifiers but can chose
to hide them where it makes sense. This is impossible with
classical techniques such as X.509
Much richer set of protocols for doing our todays digital
transactions
X.509 correlation handles by design
Every transaction involves the Public Key which is a unique
identifier
Issuer signs the users Public Key. This signature is again a
unique identifier
RP uses the Public Key to validate signature
X.509 attributes are stored in certificate and will always
be presented and stored (e.g. National Identifiers in eID)
U-Prove Token Details
University
Gov
Bookstore
Trusted device
A trusted device (smartcard, TPM chip,
remote service) can hold part of the tokens
private key (even those issued by other
issuers) and efficiently help presenting
them
Underlying crypto
Based on the Brands protocols
30+ papers (from 93 onward)
MIT Press book, foreword by Ron Rivest
Issuance uses a restrictive blind signature
Issuer knows the attributes, but never sees the
resulting public key and signature on tokens
Presentation uses a proof of knowledge
Prove a secret without leaking any info about it
Generalization of the Schnorr protocol
Agenda
Introduction
U-Prove Technology overview
Key scenarios and target customers
U-Prove Community Technology Preview
Conclusions
Key markets and customers
E-Government
Health Record Management
Cloud computing
Dont trust us service providers
Advertizing
Privacy-protecting ad platform
E-Cash
Technology history
National Security
Need-to-know access
Local
Authority
Central
Governmen
t
Trust
Identity Providers
Parking Permit Application
Attribute Providers
Citizen
Trust
U-Prove
Agent
AtP2 AtP1
IdP2 IdP1
Benefits App
Job Search App
Other App
Parking Permit App
Service STS Service STS
Parking Permit
Use Attribute Providers to provide Authorization
information
Dont Store all information in one database
Use Federation Protocols
Use Minimal Disclosure
Collect Valued Attributes from different locations
Loose coupling
Claims-Based Architecture
U-Prove Agent collects claims on behalf of the user
Client or Cloud Service
Privacy by Design
e-Participation Application
e-Referendum
Unique e-Referendum Requirements
True identities to validate whether user is eligable to participate
Anonymous Transactions
Unlinkable when doing transactions on the same site (e.g. Multiple referenda)
Protected by U-Prove
Access Application
Prove Identity using eID, receive Ballot
Check claims
UID one ballot per UID
>18y?
Community?
Present Ballot
1
2
3
4
User
U-Prove
Agent
e-Referendum
App
U-Prove
Issuer
e-Referendum Flow
eParticipation White Paper & Video
http://www.microsoft.com/mscorp/twc/endtoendtrust/vision/eid.aspx
Agenda
Introduction
U-Prove Technology overview
Key scenarios and target customers
U-Prove Community Technology Preview
Conclusions
Resources
www.microsoft.com/uprove
U-Prove CTP Portal
http://www.credentica.com/the_mit_pressb
ook.html
Rethinking Public Key Infrastructures and
Digital Certificates; Building in Privacy
Dr. Stefan Brands
Published in 2000
Now available as free ebook
http://blogs.technet.com/identity
U-Prove CTP contents
Specs (released under OSP)
Crypto specification
Integration into the ID metasystem spec
WS-Trust/information card profile
Identity platform integration
Modified version of CardSpace 2.0
Extension to Windows Identity Foundation (WIF)
Modified version of AD FS 2.0
Open-source crypto SDKs
Posted on Code Gallery, under the BSD license
Java and .Net versions
CTP features
The CTP implements a minimal, yet fundamental set of features:
Selective disclosure (i.e., no derived claims)
Unlinkability of token issuance and presentation
Long-lived token support
User-signed presentation tokens
Data signature (in crypto SDKs only)
Agenda
Introduction
U-Prove Technology overview
Key scenarios and target customers
U-Prove Community Technology Preview
Conclusions
Summary of benefits
Support for full privacy spectrum
From anonymity, to pseudonymity, to full identification
Maintains strong accountability (revocation, audit trail, misuse tracing)
Minimal disclosure and user control
Strong multi-party security
Phishing-resistant strong authentication
Eliminates some insider attacks at IdP / CA
Lending / pooling / reuse protections
Efficient hardware protection
On-demand or disconnected presentations
More Benefits
Allows to marriage unmarriagiable requirements
eID identifiers , unlinkability & anonymity
More broader benefit
Privacy By Design
Patent Free
Open Source
Incubation!
2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.