notarized federated identity management for web services michael t. goodrich roberto tamassia...
Post on 16-Dec-2015
220 Views
Preview:
TRANSCRIPT
Notarized Federated Notarized Federated Identity Management for Identity Management for
Web ServicesWeb Services
Michael T. GoodrichMichael T. Goodrich Roberto Tamassia Roberto Tamassia Danfeng Yao Danfeng Yao Brown UniversityBrown UniversityUniversity of California, IrvineUniversity of California, Irvine
Work supported in part by the National Science Foundation Work supported in part by the National Science Foundation and by IAM Technology, Inc.and by IAM Technology, Inc.
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 22
OutlineOutline
Introduction to federated identity management Introduction to federated identity management (FIM) (FIM)
Notarized federated identity management model Notarized federated identity management model and protocoland protocol
STMS and its application in notarized FIMSTMS and its application in notarized FIM Identity theft and proposed countermeasureIdentity theft and proposed countermeasure
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 33
MotivationMotivation Digital identity management (DIM) Digital identity management (DIM)
To protect sensitive personal information in on-line transactionsTo protect sensitive personal information in on-line transactions Users tend to choose weak passwordsUsers tend to choose weak passwords
As the number of passwords to remember increasesAs the number of passwords to remember increases Single sign-on (SSO) and federated identity Single sign-on (SSO) and federated identity
management management A user logs in only once to a site, then is automatically A user logs in only once to a site, then is automatically
authenticatedauthenticated Cookie-based SSO approach (used by Microsoft Cookie-based SSO approach (used by Microsoft
Passport)Passport) Does not support cross-domain single sign-onDoes not support cross-domain single sign-on
Approach using cryptographic-enabled assertionsApproach using cryptographic-enabled assertions Secure Assertion Markup Language (SAML)Secure Assertion Markup Language (SAML)
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 44
SSO and FIMSSO and FIM
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 55
Provider model in SAMLProvider model in SAML
Specially designed for general cross-domain Specially designed for general cross-domain single sign-onsingle sign-on
Identity Provider (IdP)Identity Provider (IdP) IdP is the system that asserts information about a IdP is the system that asserts information about a
subjectsubject Service Provider (SeP)Service Provider (SeP)
SeP is the system that relies on the information SeP is the system that relies on the information supplied to it by the identity providersupplied to it by the identity provider
Relying partyRelying party Used in Liberty Alliance Federated Identity Used in Liberty Alliance Federated Identity
Management for single sign-onManagement for single sign-on
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 66
Identity FederationIdentity Federation
Websites of different admin domains need to trust each Websites of different admin domains need to trust each other's access control verdicts other's access control verdicts
Circle of trustCircle of trust IssuesIssues
How to securely maintain the identity federation when members How to securely maintain the identity federation when members may leave or join the circle of trust?may leave or join the circle of trust?
How to provide separation of IdP and SeP for the privacy How to provide separation of IdP and SeP for the privacy protection of the user?protection of the user?
These questions have not been extensively studiedThese questions have not been extensively studied Existing SSO solutions assume pre-established trust relationship Existing SSO solutions assume pre-established trust relationship
among providersamong providers IdP and SeP communicate to each other during SSO processIdP and SeP communicate to each other during SSO process
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 77
Notarized Federated Identity Notarized Federated Identity Management Management
We introduce a trusted third-party, called We introduce a trusted third-party, called notary notary serverserver
The notary information of an assertion provides The notary information of an assertion provides its trustworthiness its trustworthiness
Distributed implementation of the notarized Distributed implementation of the notarized federated identity management framework using federated identity management framework using STMSSTMS
We also present a robust authentication protocol We also present a robust authentication protocol that is resilient against identity theft attacks, that is resilient against identity theft attacks, using identity-based encryptionusing identity-based encryption
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 88
NotarizationNotarization
Notary server Notary server Third party trusted by identity providers and service Third party trusted by identity providers and service
providersproviders Notarizes assertions submitted by identity providers Notarizes assertions submitted by identity providers Answers queries on notarized assertions asked by the Answers queries on notarized assertions asked by the
service providersservice providers Prevents direct communication between the identity Prevents direct communication between the identity
provider and the service providerprovider and the service provider Notarized assertionNotarized assertion
Generated by identity providerGenerated by identity provider Authenticated by notary serverAuthenticated by notary server Trusted by service providerTrusted by service provider
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 99
Security RequirementsSecurity Requirements
Security Security A polynomial-time adversary cannot forge a valid A polynomial-time adversary cannot forge a valid
notarized assertionnotarized assertion SecrecySecrecy
Notarized assertion should not leak sensitive Notarized assertion should not leak sensitive information of a user to unauthorized parties, information of a user to unauthorized parties, including the notary serverincluding the notary server
AccountabilityAccountability Identity providers should be held accountable for the Identity providers should be held accountable for the
assertions that they generate; and for any assertions that they generate; and for any unauthorized information disclosure about the userunauthorized information disclosure about the user
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 1010
Overview of Notarized FIMOverview of Notarized FIM
SePSePUserUser
IdPIdP
Notary Notary ServerServer
1. Service request1. Service request
2. S_ID, attr. 2. S_ID, attr. namesnames
8. Notarized blinded assertion8. Notarized blinded assertion
3. Authenticates3. Authenticates
4. Signed S_ID, 4. Signed S_ID, attr. namesattr. names
5. Signed blinded 5. Signed blinded assertion with assertion with hashed_IDhashed_ID
6. Query for hashed_ID6. Query for hashed_ID
7. Notarized blinded assertion 7. Notarized blinded assertion
9. Unblind 9. Unblind and verifyand verify
S_ID: session IDS_ID: session IDHashed_ID: hashed S_IDHashed_ID: hashed S_IDAttr. Name: name of attribute required by SePAttr. Name: name of attribute required by SeP
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 1111
Protocol Design ChallengesProtocol Design Challenges
How to protect the identity of the user from the service How to protect the identity of the user from the service provider?provider?
How to blind the content of an assertion from the notary How to blind the content of an assertion from the notary server?server?
How to unblind by the service provider?How to unblind by the service provider? How to hold the identity provider accountable for How to hold the identity provider accountable for
unauthorized disclosure?unauthorized disclosure? Our solution uses lightweight crypto primitives Our solution uses lightweight crypto primitives
hash functionhash function XORXOR symmetric encryptionsymmetric encryption digital signature digital signature
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 1212
Implementation of NotarizedImplementation of NotarizedFIM ProtocolFIM Protocol
Two public parameters Two public parameters PP11, P, P22 The user and SeP compute a session_ID The user and SeP compute a session_ID NN
XOR each party’s random stringXOR each party’s random string The user requests IdP to generate assertions The user requests IdP to generate assertions
Signed request to IdP for accountabilitySigned request to IdP for accountability IdP blinds an assertion IdP blinds an assertion
Computes the hashed_ID Computes the hashed_ID h = Hash(N, Ph = Hash(N, P11)) Generates an assertion Generates an assertion SS using using hh for index for index Computes the blinding factor Computes the blinding factor K = Hash(N, PK = Hash(N, P22)) Encrypts Encrypts SS with with KK using a symmetric encryption scheme using a symmetric encryption scheme Blinded assertion is called S’Blinded assertion is called S’
IdP submits an assertion to the notary serverIdP submits an assertion to the notary server Sign Sign S’S’ with its private key with its private key Notary server stores Notary server stores S’S’, and stores the signature for , and stores the signature for
accountabilityaccountability
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 1313
Implementation of the notarized Implementation of the notarized FIM protocol (Cont’d)FIM protocol (Cont’d)
The user queries for an assertion of a hashed_IDThe user queries for an assertion of a hashed_ID Computes the hashed_ID Computes the hashed_ID h = Hash(N, Ph = Hash(N, P11)) Queries the notary server for assertions of Queries the notary server for assertions of hh
Notary server notarizes an assertionNotary server notarizes an assertion Retrieves the blinded assertion Retrieves the blinded assertion S’S’ Signature approach: Signs Signature approach: Signs S’S’ with its private key with its private key STMS approach: computes the proof for STMS approach: computes the proof for S’S’
The user unblinds and verifies an assertionThe user unblinds and verifies an assertion The user verifies the notary informationThe user verifies the notary information Computes the blinding factor Computes the blinding factor K = Hash(N, PK = Hash(N, P22)) Decrypts Decrypts S’S’ with with KK and obtains and obtains SS Detect unauthorized information disclosureDetect unauthorized information disclosure
The service provider unblinds and verifies the assertionThe service provider unblinds and verifies the assertion
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 1414
Privacy and AccountabilityPrivacy and Accountability
S_ID, S_ID, assertionassertion
Blinded Blinded assertionassertion
UserUser IdPIdP SePSeP
Notary Notary ServerServer
AccessAccess
AccessesAccesses
IdPIdP
UserUserStored byStored by
SignsSigns
Request Request for attributesfor attributes
AssertionsAssertionsto notaryto notary
SignsSigns
Stored byStored by Notary Notary ServerServer
IdPIdP
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 1515
Notary server realization: STMSNotary server realization: STMS The Secure Transaction Management System The Secure Transaction Management System
[Goodrich, Tamassia et al.] implements an authenticated [Goodrich, Tamassia et al.] implements an authenticated dictionarydictionary
SourceSource
Responder AResponder A
Responder BResponder BDSDS
DSDS
DSDS
tt
Basis Basis (signed)(signed)UpdatesUpdates
UserUser
QueryQuery
ResponseResponse
AnswerAnswerProofProofBasis (signed)Basis (signed)
tt
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 1616
STMS in Notarized FIMSTMS in Notarized FIM
NotaryNotarySourceSource
SePSePUserUser
IdPIdP
1. Service request1. Service request
2. S_ID, attr. 2. S_ID, attr. namesnames
8. Notarized blinded assertion8. Notarized blinded assertion
3. Authenticates3. Authenticates
4. Signed S_ID, 4. Signed S_ID, attr. namesattr. names
5. Signed blinded 5. Signed blinded assertion with assertion with hashed_IDhashed_ID
6. Query for hashed_ID6. Query for hashed_ID
7. Notarized blinded assertion 7. Notarized blinded assertion
9. Unblind 9. Unblind and verifyand verify
Signed STMS Signed STMS basis, updates per basis, updates per time quantumtime quantum
NotaryNotaryResponderResponder
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 1717
Outline of the talkOutline of the talk
Introduction to federated ID Introduction to federated ID Provider model in SAMLProvider model in SAML Notarized federated identity management model Notarized federated identity management model
and protocoland protocol Identity theft and countermeasureIdentity theft and countermeasure
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 1818
An authentication protocol robust An authentication protocol robust against identity theftagainst identity theft
Identity theft causesIdentity theft causes Private information insecurely stored and enteredPrivate information insecurely stored and entered
• On credit card company’s computers, in DMV’s cabinets, in your bank, in On credit card company’s computers, in DMV’s cabinets, in your bank, in your trash can …your trash can …
How to proactively control the release of your private information?How to proactively control the release of your private information? Secure storageSecure storage
• Prevent dumpster divingPrevent dumpster diving Safe disclosureSafe disclosure
• Prevent shoulder surfingPrevent shoulder surfing With minimal changes to current financial and administrative With minimal changes to current financial and administrative
infrastructureinfrastructure Existing approachesExisting approaches
Centralized processing Centralized processing Heavy-weight Zero-knowledge proofsHeavy-weight Zero-knowledge proofs
Our approachOur approach To design a lightweight authentication protocol using identity-based To design a lightweight authentication protocol using identity-based
encryptionencryption
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 1919
An authentication protocol with identity-based encryption
UserUserIdentityIdentityProviderProvider
3. Submits 3. Submits identity-identity-based public key based public key forfor
authenticationauthentication
6. Is the6. Is the identity-basedidentity-basedpublic keypublic key revoked?revoked?
1. 1. Registers Registers identity-basedidentity-basedpublic keypublic key
2. Issues corresponding2. Issues correspondingprivate keyprivate key
RevocationRevocationServerServer Periodic updates ofPeriodic updates of
revokedrevoked identity-basedidentity-basedpublic keyspublic keys
4. Challenge ciphertext4. Challenge ciphertext
5. Result of decryption with5. Result of decryption withprivate keyprivate key
ID ID AuthorityAuthority
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 2020
Related workRelated work
Anonymous credentials [Camenisch Lysyanskaya 01] Anonymous credentials [Camenisch Lysyanskaya 01] [Camenisch Herreweghen 02][Camenisch Herreweghen 02]
Federated ID management models [Camenisch et al 05] Federated ID management models [Camenisch et al 05] [Bhargav-Spantzel Squicciarini Bertino 05] [Bhargav-Spantzel Squicciarini Bertino 05] [Pfitzmann Waidner 03][Pfitzmann Waidner 03]
Web service framework [Bonatti Samarati 02]Web service framework [Bonatti Samarati 02] Identity theft detection [van Oorschot Stubblebine 05]Identity theft detection [van Oorschot Stubblebine 05] Identity-based encryption [Boneh Franklin 01]Identity-based encryption [Boneh Franklin 01] SAML [OASIS], WS-Federation [IBM et al]SAML [OASIS], WS-Federation [IBM et al]
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 2121
ConclusionsConclusions
Notarized federated identity management is a solution Notarized federated identity management is a solution for establishing trust in web servicesfor establishing trust in web services
Notary server provides an anchor of trustNotary server provides an anchor of trust Notarized FIM protocol provides accountability, privacy, Notarized FIM protocol provides accountability, privacy,
and secrecy for participantsand secrecy for participants IBE-based credentials and exchanges hold promises for IBE-based credentials and exchanges hold promises for
identity theft solutionsidentity theft solutions
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 2222
AcknowledgementsAcknowledgements
David Croston at IAM Technology, IncDavid Croston at IAM Technology, Inc
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 2323
DBSec 2006DBSec 2006 Notarized Federated Identity ManagementNotarized Federated Identity Management 2424
Generations of the modelGenerations of the model
UserUser
IdPIdP
1. Service request1. Service request
2. S_ID, attr. names2. S_ID, attr. names
8. Notarized blinded assertion8. Notarized blinded assertion
3. Authenticates3. Authenticates
4. Signed S_ID, 4. Signed S_ID, attr. namesattr. names
5. Signed blinded 5. Signed blinded assertion with assertion with hashed_IDhashed_ID
6. Query for hashed_ID6. Query for hashed_ID
7. Notarized blinded assertion 7. Notarized blinded assertion
9. Unblind 9. Unblind and verifyand verify
S_ID: One-time session IDS_ID: One-time session IDHashed_ID: hashed S_IDHashed_ID: hashed S_IDAttr. Name: name of attribute required by SePAttr. Name: name of attribute required by SeP
Optional pathOptional path
Notary Notary ServerServerNotary Notary
ServerServer
SeP BSeP B
SeP A SeP A
top related