u-prove
TRANSCRIPT
Tehnologia U-Prove
Cuprins
Context
Descriere generală
Aspecte de bază ale tehnologiei
Emiterea unui token U-Prove
Tehnici de securitate
Implementări
Concluzii
Context
Dorința organizaților de a-și păstra securizat identitatea
utilizatorilor serviciilor oferite
Factori de influență:
Criterii financiare și de eficiență
Schimbul de informații personale
Amenințările de securitate (phishing, furt de identitate,
replay etc)
Soluții software/hardware convenționale: OpenID,
Protocoale de autentificare, PKI, eID cards etc
Organizațiile schimbă informații între ele ->
clienții pot pierde controlul asupra acțiunilor lor
Amenințările pot apărea din mai multe surse:
persoane interne rău intenționate
hackeri, viruși
Ce ne dorim?
Tranzacții securizate fără a oferi posibilitatea
interceptorile de a fura identitatea și de a accesa date
confidențiale
Cumpărături online fără a rămâne monitorizați
Date personale oferite cat mai puține
Soluția: U-Prove
Cuprins
Context
Descriere generală
Aspecte de bază ale tehnologiei
Emiterea unui token U-Prove
Tehnici de securitate
Implementări
Concluzii
Descriere generală: U-Prove
Proiect inițiat de Stefan Brands la Credentica
Cumpărat de Microsoft în martie 2008
Tehnologie ce permite:
Tranzmiterea unei cantități minime de informați personale
Reducerea posibilităților de violare a confidențialității
Mecanisme avansate de criptografie care previn
posibiltatea ca sistemele sa sustraga informatii despre
utilizatori din multiple surse
Tehnologie cu mai multe nivele de securitate
Informațiile sunt accesate:
direct de la sursă (persoana implicată)
intermediari (agenți, brokeri, furnizori externi)
Datele protejate pot fi accesate de intermediari pentru
memorare (folosire offline sau reutilizare)
Organizațiile pot vedea doar informațiile alese de
intermediar
Domenii de utilizare: votul electronic, piața electronică,
dosare medicale, licitații online, jocuri online, poștă
electronică etc.
Domeniile pot fi extinse: protejarea informațiilor
proceselor, aplicațiilor software, instrumentelor
hardware, serviciilor de cloud computing
Cuprins
Context
Descriere generală
Aspecte de bază ale tehnologiei
Emiterea unui token U-Prove
Tehnici de securitate
Implementări
Concluzii
Aspecte de bază ale tehnologiei Concept de bază:
Token = colecție de informații variate (atribute) protejate
criptografic
Token-urile sunt emise de o sursă autoritară --> user (prin
protocol de emitere)
User --> RP (Relying Party) (prin protocol de prezentare)
String binar => poate fi prezentat peste orice rețea electronică
Participanții necesită instrumente virtuale pentru ca
acestea să acționeze în contul lor
Roluli de bază:
Issuer = sursa autoritară
Prover = utilizatorul
Verifier = RP-ul
O entitate poate indeplini mai multe roluri sau un rol
poate fi divizat la mai multe entități
Cuprins
Context
Descriere generală
Aspecte de bază ale tehnologiei
Emiterea unui token U-Prove
Tehnici de securitate
Implementări
Concluzii
Emiterea unui token U-Prove (1)
Se inițiază o instanță de protocol de emitere (Issuer ->
Prover)
= protocol criptografic ce primește ca input atributele ce
necesită codificare
Semnătura Issuer-ului nu este o simplă semnătură
(RSA/DSA), ci un protocol în mai multe etape (astfel
Prover-ul poate alege ce informații va ascunde)
Precondiții ale protocolului:
Proverul este eligibil pentru a primi un token
Issuerul se asigură că informațiile din token aparțin
proverului corespunzător
Emiterea unui token U-Prove (2)
Protecții oferite de protocol Issuer-ului:
Integritate și autenticitate: token-ul are o semnătură digitală
ce nu poate fi decriptată (se verifică autenticitatea și faptul că
nu a fost alterat)
Prevenirea atacurilor de tip Replay: cheie publică cunoscută
doar Proverului (generată aleator de acesta), care nu face
parte din token, ca cea privată => se previne replicarea
tokenului de către verifier
Issuer-ul poate genera mai mulți tokeni cu aceeași cheie
privată
Cheia publică face parte din parametri publici ai Issuer-ului
(echivalentul certificatelor de autorizare PKI), care poate fi
accesată de oricine interesat să verifice Tokenii
emiși/prezentați
Problema #1: Security Compromiterea credențialelor IdP –
Identity provider , accesul tuturor RPs
Phishingul – o industrie în curs de dezvolta
Third parties se da
Strong authentication to IdP is possible, but authentication to RP is weaker
Issued tokens are software only (token hijacking attacks, transferability)
IdP is all powerful
IdP (insider, malicious code) can surreptitiously act on the users’ behalf
Problema #2: Privacy
IdP can profile user’s activities
Even if IdP doesn’t learn the visited RP, profiling is possible by colluding parties (or insiders)
Timing correlation
Unique correlation handles (e.g., digital signatures, serial numbers, etc.)
Problem #3: Scalabilitate
Tokenii – gata pe loc
IdP – disponibil 24/7
IdP – punctul central al tuturor dezastrelor
Ținta atacurilor de tipul ‘Denial of Service’
IdP - bottleneck pentru fiecare acces al utilizatorilor
Wouldn’t it be great to have one set of
Tokens and Protocols,
usable through all these classes of
services, providing Advanced Security &
Privacy
U-Prove Privacy by Design
Agenda
Introduction
U-Prove Technology overview
Key scenarios and target customers
U-Prove Community Technology Preview
Conclusions
U-Prove Technology Strong multi-party security technology for user-centric identity, data
sharing, strong authentication, and digital signature
Allows you to build “e-tokens”
Has unique security, privacy, and efficiency benefits over “conventional” crypto
What’s new? Stronger security in cross-org environments
E.g. Improved Federation, Anti-phishing
Improved availability and privacy by leveraging
long-lived tokens
Similar to conventional security tokens (X.509, SAML, Kerberos), but
U-Prove tokens contain no inescapable correlation handles
E.g., coins (unlinkable) vs. bills (w/ serial#)
Users can prove properties of the claims
Disclose a subset of the claims
Derived claim: “birth date” to “over-21 proof”
Negation: name not on the control list
Not in current version
Gov
Name: Alice Smith
Address: 12 hoghstrasse, GE, Berlin
Adult: Over 18
Name: Alice Smith
Address: 12 hoghstrasse, Berlin, GE
D.O.B: 23-11-1955
Selective disclosure
Local
ReferendumThe user can selectively disclose claims in
a U-Prove token issued to her in advance
Even in collusion, the issuing and relying
parties cannot learn more about the user
than what was disclosed
Local
Referendum
Prove that you
are over 18 and
from Berlin
Name: Alice Smith
Address: 12 hoghstrasse, GE, Berlin
Adult: Over 18
Which adult
from Berlin is
this?
Selective disclosure
Gov
?
The user can selectively disclose claims in
a U-Prove token issued to her in advance
Even in collusion, the issuing and relying
parties cannot learn more about the user
than what was disclosed
A glimpse on the magic How can one hide elements of a Token without
breaking the authenticity?
All attributes are encoded into the Token’s signature
The user can disclose the attributes. The RP does the encoding before verifying the signature
Or the user can hide the attributes by providing the encoding himself. The RP can still validate the signature
How can one hide the token’s Public Key from the Issuer? How can one hide the Issuer’s signature from the Issuer?
Cryptographic Blinding.
The issuer signs a blinded/randomized message (Public Key). The user can will do additional operations to remove the blinding factor and as such calculate a new signature which can be validated by RPs
Issuer never sees the real Public Key, nor its signature
Why do we need these features? Using U-Prove will provide privacy by design
Applications can still use unique identifiers but can chose to hide them where it makes sense. This is impossible with classical techniques such as X.509
Much richer set of protocols for doing our today’s digital transactions
X.509 – correlation handles by design
Every transaction involves the Public Key which is a unique identifier
Issuer signs the user’s Public Key. This signature is again a unique identifier
RP uses the Public Key to validate signature
X.509 attributes are stored in certificate and will always be presented and stored (e.g. National Identifiers in eID)
U-Prove Token Details
UniversityGov
Bookstore
Trusted device
A trusted device (smartcard, TPM chip,
remote service) can hold part of the tokens’
private key (even those issued by other
issuers) and efficiently help presenting
them
Underlying crypto
Based on the Brands protocols
30+ papers (from ‘93 onward)
MIT Press book, foreword by Ron Rivest
Issuance uses a “restrictive blind signature”
Issuer knows the attributes, but never sees the resulting public key and signature on tokens
Presentation uses a proof of knowledge
Prove a secret without leaking any info about it
Generalization of the Schnorr protocol
Agenda
Introduction
U-Prove Technology overview
Key scenarios and target customers
U-Prove Community Technology Preview
Conclusions
Key markets and customers E-Government
Health Record Management
Cloud computing
“Don’t trust us” service providers
Advertizing
Privacy-protecting ad platform
E-Cash
Technology history
National Security
Need-to-know access
Local
AuthorityCentral
Governmen
t
Trust
Identity Providers
Parking Permit Application
Attribute Providers
Citizen
Trust
U-Prove Agent
AtP2AtP1
IdP2IdP1
Benefits App
Job Search App
Other App
Parking Permit App
Service STSService STS
Parking Permit Use Attribute Providers to provide Authorization
information
Don’t Store all information in one database
Use Federation Protocols
Use Minimal Disclosure
Collect Valued Attributes from different locations
Loose coupling
Claims-Based Architecture
U-Prove Agent collects claims on behalf of the user
Client or Cloud Service
Privacy by Design
e-Participation Application
e-Referendum
Unique e-Referendum Requirements
True identities to validate whether user is eligable to participate
Anonymous Transactions
Unlinkable when doing transactions on the same site (e.g. Multiple referenda)
Protected by U-Prove
Access Application
Prove Identity using eID, receive Ballot
Check claims
UID– one ballot per UID
>18y?
Community?
Present Ballot
1
2
3
4
UserU-Prove
Agent
e-Referendum
App
U-Prove
Issuer
e-Referendum Flow
eParticipation White Paper & Video
http://www.microsoft.com/mscorp/twc/endtoendtrust/vision/eid.aspx
Agenda
Introduction
U-Prove Technology overview
Key scenarios and target customers
U-Prove Community Technology Preview
Conclusions
Resourceswww.microsoft.com/uprove
U-Prove CTP Portal
http://www.credentica.com/the_mit_pressbook.html
Rethinking Public Key Infrastructures and Digital Certificates; Building in Privacy
Dr. Stefan Brands
Published in 2000
Now available as free ebook
http://blogs.technet.com/identity
U-Prove CTP contents Specs (released under OSP)
Crypto specification
Integration into the ID metasystem spec
WS-Trust/information card profile
Identity platform integration
Modified version of CardSpace 2.0
Extension to Windows Identity Foundation (WIF)
Modified version of AD FS 2.0
Open-source crypto SDKs
Posted on Code Gallery, under the BSD license
Java and .Net versions
CTP features
The CTP implements a minimal, yet fundamental set of features:
Selective disclosure (i.e., no derived claims)
Unlinkability of token issuance and presentation
Long-lived token support
User-signed presentation tokens
Data signature (in crypto SDKs only)
Agenda
Introduction
U-Prove Technology overview
Key scenarios and target customers
U-Prove Community Technology Preview
Conclusions
Summary of benefitsSupport for full privacy spectrum
From anonymity, to pseudonymity, to full identification
Maintains strong accountability (revocation, audit trail, misuse tracing)
Minimal disclosure and user control
Strong multi-party security
Phishing-resistant strong authentication
Eliminates some insider attacks at IdP / CA
Lending / pooling / reuse protections
Efficient hardware protection
On-demand or disconnected presentations
More Benefits
Allows to marriage “unmarriagiable” requirements
eID identifiers , unlinkability & anonymity
More broader benefit
“Privacy By Design”
Patent Free
Open Source
Incubation!
© 2010 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market
conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.