Tehnologia U-Prove

Cuprins

Context

Descriere generală

Aspecte de bază ale tehnologiei

Emiterea unui token U-Prove

Tehnici de securitate

Implementări

Concluzii

Context

Dorința organizaților de a-și păstra securizat identitatea

utilizatorilor serviciilor oferite

Factori de influență:

Criterii financiare și de eficiență

Schimbul de informații personale

Amenințările de securitate (phishing, furt de identitate,

replay etc)

Soluții software/hardware convenționale: OpenID,

Protocoale de autentificare, PKI, eID cards etc

Organizațiile schimbă informații între ele ->

clienții pot pierde controlul asupra acțiunilor lor

Amenințările pot apărea din mai multe surse:

persoane interne rău intenționate

hackeri, viruși

Ce ne dorim?

Tranzacții securizate fără a oferi posibilitatea

interceptorile de a fura identitatea și de a accesa date

confidențiale

Cumpărături online fără a rămâne monitorizați

Date personale oferite cat mai puține

Soluția: U-Prove

Cuprins

Context

Descriere generală

Aspecte de bază ale tehnologiei

Emiterea unui token U-Prove

Tehnici de securitate

Implementări

Concluzii

Descriere generală: U-Prove

Proiect inițiat de Stefan Brands la Credentica

Cumpărat de Microsoft în martie 2008

Tehnologie ce permite:

Tranzmiterea unei cantități minime de informați personale

Reducerea posibilităților de violare a confidențialității

Mecanisme avansate de criptografie care previn

posibiltatea ca sistemele sa sustraga informatii despre

utilizatori din multiple surse

Tehnologie cu mai multe nivele de securitate

Informațiile sunt accesate:

direct de la sursă (persoana implicată)

intermediari (agenți, brokeri, furnizori externi)

Datele protejate pot fi accesate de intermediari pentru

memorare (folosire offline sau reutilizare)

Organizațiile pot vedea doar informațiile alese de

intermediar

Domenii de utilizare: votul electronic, piața electronică,

dosare medicale, licitații online, jocuri online, poștă

electronică etc.

Domeniile pot fi extinse: protejarea informațiilor

proceselor, aplicațiilor software, instrumentelor

hardware, serviciilor de cloud computing

Cuprins

Context

Descriere generală

Aspecte de bază ale tehnologiei

Emiterea unui token U-Prove

Tehnici de securitate

Implementări

Concluzii

Aspecte de bază ale tehnologiei Concept de bază:

Token = colecție de informații variate (atribute) protejate

criptografic

Token-urile sunt emise de o sursă autoritară --> user (prin

protocol de emitere)

User --> RP (Relying Party) (prin protocol de prezentare)

String binar => poate fi prezentat peste orice rețea electronică

Participanții necesită instrumente virtuale pentru ca

acestea să acționeze în contul lor

Roluli de bază:

Issuer = sursa autoritară

Prover = utilizatorul

Verifier = RP-ul

O entitate poate indeplini mai multe roluri sau un rol

poate fi divizat la mai multe entități

Cuprins

Context

Descriere generală

Aspecte de bază ale tehnologiei

Emiterea unui token U-Prove

Tehnici de securitate

Implementări

Concluzii

Emiterea unui token U-Prove (1)

Se inițiază o instanță de protocol de emitere (Issuer ->

Prover)

= protocol criptografic ce primește ca input atributele ce

necesită codificare

Semnătura Issuer-ului nu este o simplă semnătură

(RSA/DSA), ci un protocol în mai multe etape (astfel

Prover-ul poate alege ce informații va ascunde)

Precondiții ale protocolului:

Proverul este eligibil pentru a primi un token

Issuerul se asigură că informațiile din token aparțin

proverului corespunzător

Emiterea unui token U-Prove (2)

Protecții oferite de protocol Issuer-ului:

Integritate și autenticitate: token-ul are o semnătură digitală

ce nu poate fi decriptată (se verifică autenticitatea și faptul că

nu a fost alterat)

Prevenirea atacurilor de tip Replay: cheie publică cunoscută

doar Proverului (generată aleator de acesta), care nu face

parte din token, ca cea privată => se previne replicarea

tokenului de către verifier

Issuer-ul poate genera mai mulți tokeni cu aceeași cheie

privată

Cheia publică face parte din parametri publici ai Issuer-ului

(echivalentul certificatelor de autorizare PKI), care poate fi

accesată de oricine interesat să verifice Tokenii

emiși/prezentați

Problema #1: Security Compromiterea credențialelor IdP –

Identity provider , accesul tuturor RPs

Phishingul – o industrie în curs de dezvolta

Third parties se da

Strong authentication to IdP is possible, but authentication to RP is weaker

Issued tokens are software only (token hijacking attacks, transferability)

IdP is all powerful

IdP (insider, malicious code) can surreptitiously act on the users’ behalf

Problema #2: Privacy

IdP can profile user’s activities

Even if IdP doesn’t learn the visited RP, profiling is possible by colluding parties (or insiders)

Timing correlation

Unique correlation handles (e.g., digital signatures, serial numbers, etc.)

Problem #3: Scalabilitate

Tokenii – gata pe loc

IdP – disponibil 24/7

IdP – punctul central al tuturor dezastrelor

Ținta atacurilor de tipul ‘Denial of Service’

IdP - bottleneck pentru fiecare acces al utilizatorilor

Wouldn’t it be great to have one set of

Tokens and Protocols,

usable through all these classes of

services, providing Advanced Security &

Privacy

U-Prove Privacy by Design

Agenda

Introduction

U-Prove Technology overview

Key scenarios and target customers

U-Prove Community Technology Preview

Conclusions

U-Prove Technology Strong multi-party security technology for user-centric identity, data

sharing, strong authentication, and digital signature

Allows you to build “e-tokens”

Has unique security, privacy, and efficiency benefits over “conventional” crypto

What’s new? Stronger security in cross-org environments

E.g. Improved Federation, Anti-phishing

Improved availability and privacy by leveraging

long-lived tokens

Similar to conventional security tokens (X.509, SAML, Kerberos), but

U-Prove tokens contain no inescapable correlation handles

E.g., coins (unlinkable) vs. bills (w/ serial#)

Users can prove properties of the claims

Disclose a subset of the claims

Derived claim: “birth date” to “over-21 proof”

Negation: name not on the control list

Not in current version

Gov

Name: Alice Smith

Address: 12 hoghstrasse, GE, Berlin

Adult: Over 18

Name: Alice Smith

Address: 12 hoghstrasse, Berlin, GE

D.O.B: 23-11-1955

Selective disclosure

Local

ReferendumThe user can selectively disclose claims in

a U-Prove token issued to her in advance

Even in collusion, the issuing and relying

parties cannot learn more about the user

than what was disclosed

Local

Referendum

Prove that you

are over 18 and

from Berlin

Name: Alice Smith

Address: 12 hoghstrasse, GE, Berlin

Adult: Over 18

Which adult

from Berlin is

this?

Selective disclosure

Gov

?

The user can selectively disclose claims in

a U-Prove token issued to her in advance

Even in collusion, the issuing and relying

parties cannot learn more about the user

than what was disclosed

A glimpse on the magic How can one hide elements of a Token without

breaking the authenticity?

All attributes are encoded into the Token’s signature

The user can disclose the attributes. The RP does the encoding before verifying the signature

Or the user can hide the attributes by providing the encoding himself. The RP can still validate the signature

How can one hide the token’s Public Key from the Issuer? How can one hide the Issuer’s signature from the Issuer?

Cryptographic Blinding.

The issuer signs a blinded/randomized message (Public Key). The user can will do additional operations to remove the blinding factor and as such calculate a new signature which can be validated by RPs

Issuer never sees the real Public Key, nor its signature

Why do we need these features? Using U-Prove will provide privacy by design

Applications can still use unique identifiers but can chose to hide them where it makes sense. This is impossible with classical techniques such as X.509

Much richer set of protocols for doing our today’s digital transactions

X.509 – correlation handles by design

Every transaction involves the Public Key which is a unique identifier

Issuer signs the user’s Public Key. This signature is again a unique identifier

RP uses the Public Key to validate signature

X.509 attributes are stored in certificate and will always be presented and stored (e.g. National Identifiers in eID)

U-Prove Token Details

UniversityGov

Bookstore

Trusted device

A trusted device (smartcard, TPM chip,

remote service) can hold part of the tokens’

private key (even those issued by other

issuers) and efficiently help presenting

them

Underlying crypto

Based on the Brands protocols

30+ papers (from ‘93 onward)

MIT Press book, foreword by Ron Rivest

Issuance uses a “restrictive blind signature”

Issuer knows the attributes, but never sees the resulting public key and signature on tokens

Presentation uses a proof of knowledge

Prove a secret without leaking any info about it

Generalization of the Schnorr protocol

Agenda

Introduction

U-Prove Technology overview

Key scenarios and target customers

U-Prove Community Technology Preview

Conclusions

Key markets and customers E-Government

Health Record Management

Cloud computing

“Don’t trust us” service providers

Advertizing

Privacy-protecting ad platform

E-Cash

Technology history

National Security

Need-to-know access

Local

AuthorityCentral

Governmen

t

Trust

Identity Providers

Parking Permit Application

Attribute Providers

Citizen

Trust

U-Prove Agent

AtP2AtP1

IdP2IdP1

Benefits App

Job Search App

Other App

Parking Permit App

Service STSService STS

Parking Permit Use Attribute Providers to provide Authorization

information

Don’t Store all information in one database

Use Federation Protocols

Use Minimal Disclosure

Collect Valued Attributes from different locations

Loose coupling

Claims-Based Architecture

U-Prove Agent collects claims on behalf of the user

Client or Cloud Service

Privacy by Design

e-Participation Application

e-Referendum

Unique e-Referendum Requirements

True identities to validate whether user is eligable to participate

Anonymous Transactions

Unlinkable when doing transactions on the same site (e.g. Multiple referenda)

Protected by U-Prove

Access Application

Prove Identity using eID, receive Ballot

Check claims

UID– one ballot per UID

>18y?

Community?

Present Ballot

1

2

3

4

UserU-Prove

Agent

e-Referendum

App

U-Prove

Issuer

e-Referendum Flow

eParticipation White Paper & Video

http://www.microsoft.com/mscorp/twc/endtoendtrust/vision/eid.aspx

Agenda

Introduction

U-Prove Technology overview

Key scenarios and target customers

U-Prove Community Technology Preview

Conclusions

Resourceswww.microsoft.com/uprove

U-Prove CTP Portal

http://www.credentica.com/the_mit_pressbook.html

Rethinking Public Key Infrastructures and Digital Certificates; Building in Privacy

Dr. Stefan Brands

Published in 2000

Now available as free ebook

http://blogs.technet.com/identity

U-Prove CTP contents Specs (released under OSP)

Crypto specification

Integration into the ID metasystem spec

WS-Trust/information card profile

Identity platform integration

Modified version of CardSpace 2.0

Extension to Windows Identity Foundation (WIF)

Modified version of AD FS 2.0

Open-source crypto SDKs

Posted on Code Gallery, under the BSD license

Java and .Net versions

CTP features

The CTP implements a minimal, yet fundamental set of features:

Selective disclosure (i.e., no derived claims)

Unlinkability of token issuance and presentation

Long-lived token support

User-signed presentation tokens

Data signature (in crypto SDKs only)

Agenda

Introduction

U-Prove Technology overview

Key scenarios and target customers

U-Prove Community Technology Preview

Conclusions

Summary of benefitsSupport for full privacy spectrum

From anonymity, to pseudonymity, to full identification

Maintains strong accountability (revocation, audit trail, misuse tracing)

Minimal disclosure and user control

Strong multi-party security

Phishing-resistant strong authentication

Eliminates some insider attacks at IdP / CA

Lending / pooling / reuse protections

Efficient hardware protection

On-demand or disconnected presentations

More Benefits

Allows to marriage “unmarriagiable” requirements

eID identifiers , unlinkability & anonymity

More broader benefit

“Privacy By Design”

Patent Free

Open Source

Incubation!

© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.

The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market

conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.

MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.