Upload
jaser
View
38
Download
1
Tags:
Embed Size (px)
DESCRIPTION
May 15, 2003. Access Management in Critical Information Infrastructures. Dr. Stefan Brands [email protected]. 15th annual Canadian Information Technology Security Symposium May 12 - 15, 2003 Ottawa Congress Centre. Presented to:. Critical Information Infrastructures. - PowerPoint PPT Presentation
Citation preview
Access Management in Critical Information Infrastructures
May 15, 2003
Presented to:
15th annual Canadian Information Technology Security Symposium
May 12 - 15, 2003Ottawa Congress Centre
Dr. Stefan [email protected]
2
Critical Information Infrastructures
“Information-centric infrastructures essential to the defense and economic prosperity of a society, and to the well-being of its people”
Strong reliance on effective management and sharing of sensitive information
Examples: – Telecommunications– The supply of utilities– Banking and finance networks– Public transportation– National defense– Health care
3
Information management trends
Information recorded & managed in electronic form Increasing data volume & sensitivity Increasing numbers of trust domains desiring ability
to interact (open systems) Data sharing over open networks Physical trust domains are disappearing Proliferation in number and type of access devices:
– Personal Computers– Personal Digital Assistants– Mobile phones– …
4
Benefits of electronic records
Efficient data sharing across corporate boundaries Reusability of recorded information Reduce errors Enhance productivity (notably of administrators) Location-”independence” of records:
– In central database– Distributed across databases (possibly “federated”)– User-controlled record– User-held record (smartcard, PDA, PC, …)
Open up new opportunities
5
Security issues
Data must be made selectively accessible Must be able to base authorization decisions on
access requestor rather than (only) on data itself No longer adequate: Vulnerability assessment
products and services, fire-walls, anti-virus software & hardware, intrusion detection applications
Authorization is next major security requirement Can grant authorization on the basis of: identity,
assumed role, privileges, entitlements, personal characteristics, profile data, qualifications, group membership, other credentials, payment, …
6
Security of electronic records
Complexity of “ownership” when data sharing is goal:– Many may be authorized to read, add or update information– Many may need to rely on data in same record
Access provider perspective:– OK: others can view data (to be informed & check for errors)– Not OK: others can add, delete, modify, or prevent
updating of data Challenge: Solve multi-party rights management
problem (good solution meets “any” rights setting) Must address two basic authentication problems:
– Authenticate access requests to record entries– Authenticate record entries themselves
7
Avoids duplication of passwords by giving users a single password for all resources
Only authenticates access requestor, does not deal with authentication of data entries in records
Liberty Alliance, MS Passport, … A user convenience, not a security solution Highly insecure for managing access to sensitive
information over open networks J. Lewis (CEO of Burton Group): “Single sign-on is a
security compromise waiting to happen”
Not a solution: single sign-on
8
Secure access management
Security must be tied to the information itself Most secure approach: public key cryptography
– Secret keys never leave confines of their storage device– Avoids key distribution problem of symmetric-key crypto– Offers non-repudiation (digital signatures)
Two fundamentally different public-key approaches:– X.509-style PKI
Identity certificates Attribute certificates (Privilege Management Infrastructure)
– Digital Credentials Seamless hybrid between identity and attribute certificates With security, privacy, scalability & performance benefits
9
X.509-style PKI
Revolves around the distribution and management of digital identity certificates
Invented in 1978 to facilitate message encryption In line with original goal, X.509 certificates provide:
– Confidentiality of data in transit (through encryption)– User authentication (ensures messages are encrypted
under right public key & prevents man-in-the-middle attack)– Data integrity (prevent tampering with data in transit) – Non-repudiation (proof of sender’s identity)
Access control was never a design requirement (irrelevant for message encryption infrastructure!)
10
Applying PKI to access control
PKI vendors currently distorting their technology to do access control (encryption is not big market need …)
Their approach:– Individual to provide digital identity certificate to gain access– Certificate serves as strongly authenticated pointer to on-
line databases entries– Access provider to retrieve all data for authorization decision
= Credit card infrastructure on steroids … Authentication for message encryption very different
from access control to sensitive data (unique needs for privacy, security, scalability & performance)
11
The irony; a historical perspective
Diffie-Hellman invention of asymmetric crypto (1976): – Setting: Encrypted communication over open network– Sender to encrypt message with public key of recipient – To prevent man-in-the-middle attack, on-line & secure
(read-only) database lists “name”– “public key” bindings Kohnfelder’s bachelor’s thesis (1978):
– Database problems: bottleneck & vulnerable to attacks– Identity certificates proposed to address both problems
Irony of digital identity certificates for access control:– Both problems are back with a vengeance– New problems that were irrelevant in original setting
12
Verifiers must look up all
authorization data themselves
…
… but all these databases may be in
different trust / administrative
domains …
… not to mention the revocation database, common to everyone
13
PKI & access control: problems (1)
Non-scalable beyond pre-established trust domains:– Access provider relies on the availability, correctness, and
timeliness of authorization data Poor security:
– Access right cloning and lending: no cryptographic protection– Misuse of online databases by hackers and insiders– Vulnerable to denial-of-service attacks:
Strong reliance on real-time availability of online databases Online certificate status validation
– Increases risk of identity theft: Inescapable system-wide identification Strong reliance on central databases
14
PKI & access control: problems (2)
Not suitable for use with smartcards:– Cannot use low-cost smartcards:
Storage problem Need crypto co-processor for exponentiations Elliptic-Curve cryptography is only partial solution
– Application provider must place very strong trust in parties involved in smartcard manufacturing, masking, initialization, application loading, and personalization. Attacks:
Overt or covert leakage of secrets and other confidential data Uniqueness, randomness, and secrecy of secret keys?? Fake-terminal attacks Selective “failure” attacks based on dynamic inputs
– Problems worsen for multi-application smartcards
15
PKI & access control: problems (3)
Managed services are intrusive: – Online Certificate Status Providers able to learn
competitive/sensitive data in real time: Identities of access requestors (and access providers) Peak hours Typically: nature of the transaction Possibly: transaction details
– Certificate Authorities must know the identity and any other attributes that go into the certificates they issue
– Online Certificate Status Providers & Certificate Authorities & on-line database maintainers can disrupt operations on the basis of transaction-specific knowledge in real time
16
PKI & access control: problems (4)
Privacy-invasive (roots inescapable systemic identification deep into information infrastructure):
– Public keys = strongly authenticated “super-SSNs”: Globally unique identification numbers Inescapably travel along with each and every action taken Obtained by access provider & third parties (providers of
authorization databases & online certificate status verifiers)– Always leave behind undeniable digital evidence of the
requestor’s identity (due to digital signing of nonces)– Problems with data protection legislation, unbridled use of
PKI may be unconstitutional– Access providers & third parties cannot prevent receiving
identifiable data
17
Bad “solutions” (quick fixes)
Identity certificates that specify a “pseudonym” or a “role” instead of a real name:
– Does not address privacy problems (remember: tracing can be done on the basis of the public keys in certificates)
– May weaken security (accountability, fraud containment, …) Issue different identity certificates for different uses:
– False sense of privacy: like using SSNs, credit card numbers, and health insurance numbers for all actions!
– Damages functionality: creates separate “islands” that cannot communicate (bridge-CAs undo purpose & create new scalability and trust problems)
– Scalability & smartcard inefficiency even worse
18
Another bad “solution”
Privilege Management infrastructure (PMI): – X.509 attribute certificates specify relevant attribute data– Addresses availability problem, but exacerbates all other
problems: Attribute certificates must be linked to (and sent along with)
base identity certificate to prevent pooling of privileges Even more devastating for privacy (all the attributes within a
certificate must be known to the CA & must be disclosed when showing the certificate)
No mechanisms to prevent discarding, updating-prevention, lending, and cloning
Smartcard inefficiency even worse Must manage and revoke an abundance of certificates
19
Privacy – a brief digress
“The right of individuals to determine for themselves when, how, and to what extent information about them is communicated to others”
In electronic world: virtually no grey areas between privacy & inescapable systemic identification
Different manifestations for:– Individuals (ROI hard to quantify)– Companies (competitive intelligence, liability issues)– Critical information infrastructures (monitoring threats)
Security safeguards deal with unauthorized outsiders, but most threats come from authorized insiders
20
1. Collection Limitation
2. Data Quality
3. Purpose Specification
4. Use Limitation
6. Openness
7. Individual Participation
8. Accountability
5. Security safeguards(incl. confidentiality)
Technology can address security without addressing privacy, but may introduce
new security concerns!
OECD FIPs:
Security is NOT privacy
Wolves in sheep’s clothing:• Ubiquitous surveillance cameras • National ID chipcards• PKI for access control• …
21
Privacy-respecting security
Not so much about anonymity, as about controlling who can learn what as data flows through system
Covers spectrum between mandatory identifiability and the maximum level of privacy afforded (“slider”)
Example: client identifies to access provider, access provider de-identifies non-repudiable transaction evidence for third party (PKI cannot do this!)
Privacy is good for security: – Non-identifiable (unlinkable) records & record access reduce
vulnerability to hackers & (authorized!) insiders– Decentralized approach reduces denial of service attacks
22
Digital Credentials
Achieve security, privacy & efficiency simultaneously Like digital signatures but much more powerful Three basic uses in access control:
– To authenticate data entries in records– To authenticate pointers to records– For digitally signed audit trails & receipts
“CA” binds attributes to Digital Credential public key:– User can allow CA to learn only an attribute property– User can blind Digital Credential public key & CA’s digital
signature (but not the attributes)– User can selectively disclose attribute property to verifier– User must know all attributes to show certificate
23
User can “blind” (randomize) the
certificate’s public key…
… and also the signature of the CA …
… but cannot modify the
attributes the CA certifies for him.
User can disclose only the minimal attribute property the Verifier needs
to know … … but needs to know all the attributes in the
certificate to make his own signature with the certificate’s secret key
24
25
26
Digital Credentials properties (1)
Fully adaptable levels of privacy: – Allow anonymous, pseudonymous, and role-based access– Principle of least authority; selective/minimal disclosure– Reverse authentication: data does not meet conditions– Recertification and updating: present Digital Credential
without revealing current attribute values– Dossier-resistance: leave no or partial non-repudiable
transaction evidence to verifier– Credential verifier can selectively discard data before
passing on digital evidence to third party– Reveal no or partial attribute data to Credential Authorities– Smartcard cannot leak sensitive data to outside world
27
Digital Credentials properties (2)
Security protections:– No pooling of privileges (multiple Digital Credentials can be
shown to contain same built-in identifier without disclosing it)– Lending protection: Embed client-confidential data into Digital
Credential (legitimate owner need never disclose it)– Discarding protection: Lump negative data in base Digital
Credential (e.g., drunk driving mark into driver’s license)– Limited-show credentials: Embedded identifier (or value) will
be exposed if and only if Credential shown too many times– Audit capability:
Digital audit trails & receipts facilitate dispute resolution Non-identified audit trail cannot be disavowed by originator Self-signed fraud confessions for lending and reuse
28
Digital Credentials properties (3)
Smartcard Implementations: – Manage billions of Credentials using 8-bit smart-card chip (off-
load storage and computational burden to user device)– Application provider can arbitrarily minimize level of trust
placed in smartcard (through application software)– Secure multi-application smartcards:
Different application providers can share same secret key to derive card security
Digital Credentials have uncorrelated secret keys (unknown even to card supplier) and can be revoked separately
Different applications using same smartcard are fire-walled through user software (not card software!)
Leakage of a card’s key does not allow fraud beyond the security functionality the card was supposed to add
29
Digital Credentials properties (4)
Managed services: – Credential Authorities certify sensitive information without being
able to learn the data– Revocation Authorities can validate certificates without being
able to identify the clients of organizations– Role of tamper-resistant smartcard can be outsourced
Peer-to-peer support: – Individuals can store and manage their own credentials– Unauthorized users cannot modify, discard, lend, pool, or
prevent the updating of information they hold– In the extreme: do away with central databases by securely
distributing all database entries to data subjects– Multi-purpose and multi-application certificates
30
Digital Credentials: not a whim
Limited implementation experience (but for another application, which never caught on commercially):
– CAFE & OPERA (2 EU SR&ED projects, involving KPN, Gemplus, Siemens & 15 others): e-cash on a smartcard, with field trials from 1996 to 1999
– Zeroknowledge Systems: e-cash on a RIM Blackberry Protocols described in open literature:
– 32 publications since 1993 at major crypto & privacy forums– 315-page MIT Press book with foreword by prof. Ron Rivest
Scrutinized by world’s top cryptographers (Shamir, Rivest, Schnorr, etc.)
Acclaim from security, legal & privacy experts
31
“an important landmark”Dr. Ronald L. Rivest (Webster Professor of Electrical
Engineering and Computer Science at MIT), August 2000
“minimizing the risks of all the interested actors”Electronic Privacy Information Center & Privacy International, 2001
“a superior alternative to conventional approaches to PKI”Dr. Roger Clarke (consultant in the management of
information and information technology), 2001
“security without sacrificing privacy”Dr. Hal Abelson (Professor at the Artificial
Intelligence Laboratory, MIT), August 2000
“the state of the art”Dr. A. Michael Froomkin (Professor of Law,
University of Miami), August 2000
“shows ways to do digital certificates without giving so much power to the system owner”
Former Chief Privacy Counselor to the Clinton Administration, Dr. Peter Swire, April 2001
Sample acclaim
32
Credential Management Platform
Leverages Digital Credentials technology A continuum between local and remote records Automated sharing and synchronization of certified
data in accordance with application-specific rules Roaming access to records & access tokens Multiple protocols for gaining access to electronic
records with varying levels of active participation Delegation certificates (limited-time or limited-use) Fine-grained multi-party rights management Optional: encrypt record entries & access requests
33
34
Additional Information
Digital Credentials overviews– Non-technical 2-pager:
www.ercim.org/publication/Ercim_News/enw49/brands.html– Semi-technical 40-page overview:
www.credentica.com/technology/overview.pdf– Technical 350-page book with formal security analysis:
www.credentica.com/technology/book.html
CMP architecture overview: ls6-www.informatik.uni-dortmund.de/issi/cred_ws/papers/brands.pdf