340 likes | 506 Views
May 15, 2003. Access Management in Critical Information Infrastructures. Dr. Stefan Brands brands@credentica.com. 15th annual Canadian Information Technology Security Symposium May 12 - 15, 2003 Ottawa Congress Centre. Presented to:. Critical Information Infrastructures.
E N D
May 15, 2003 Access Management in Critical Information Infrastructures Dr. Stefan Brands brands@credentica.com 15th annual Canadian Information Technology Security Symposium May 12 - 15, 2003Ottawa Congress Centre Presented to:
Critical Information Infrastructures • “Information-centric infrastructures essential to the defense and economic prosperity of a society, and to the well-being of its people” • Strong reliance on effective management and sharing of sensitive information • Examples: • Telecommunications • The supply of utilities • Banking and finance networks • Public transportation • National defense • Health care
Information management trends • Information recorded & managed in electronic form • Increasing data volume & sensitivity • Increasing numbers of trust domains desiring ability to interact (open systems) • Data sharing over open networks • Physical trust domains are disappearing • Proliferation in number and type of access devices: • Personal Computers • Personal Digital Assistants • Mobile phones • …
Benefits of electronic records • Efficient data sharing across corporate boundaries • Reusability of recorded information • Reduce errors • Enhance productivity (notably of administrators) • Location-”independence” of records: • In central database • Distributed across databases (possibly “federated”) • User-controlled record • User-held record (smartcard, PDA, PC, …) • Open up new opportunities
Security issues • Data must be made selectively accessible • Must be able to base authorization decisions on access requestor rather than (only) on data itself • No longer adequate: Vulnerability assessment products and services, fire-walls, anti-virus software & hardware, intrusion detection applications • Authorization is next major security requirement • Can grant authorization on the basis of: identity, assumed role, privileges, entitlements, personal characteristics, profile data, qualifications, group membership, other credentials, payment, …
Security of electronic records • Complexity of “ownership” when data sharing is goal: • Many may be authorized to read, add or update information • Many may need to rely on data in same record • Access provider perspective: • OK: others can view data (to be informed & check for errors) • Not OK: others can add, delete, modify, or prevent updating of data • Challenge: Solve multi-party rights management problem (good solution meets “any” rights setting) • Must address two basic authentication problems: • Authenticate access requests to record entries • Authenticate record entries themselves
Not a solution: single sign-on • Avoids duplication of passwords by giving users a single password for all resources • Only authenticates access requestor, does not deal with authentication of data entries in records • Liberty Alliance, MS Passport, … • A user convenience, not a security solution • Highly insecure for managing access to sensitive information over open networks • J. Lewis (CEO of Burton Group): “Single sign-on is a security compromise waiting to happen”
Secure access management • Security must be tied to the information itself • Most secure approach: public key cryptography • Secret keys never leave confines of their storage device • Avoids key distribution problem of symmetric-key crypto • Offers non-repudiation (digital signatures) • Two fundamentally different public-key approaches: • X.509-style PKI • Identity certificates • Attribute certificates (Privilege Management Infrastructure) • Digital Credentials • Seamless hybrid between identity and attribute certificates • With security, privacy, scalability & performance benefits
X.509-style PKI • Revolves around the distribution and management of digital identity certificates • Invented in 1978 to facilitate message encryption • In line with original goal, X.509 certificates provide: • Confidentiality of data in transit (through encryption) • User authentication (ensures messages are encrypted under right public key & prevents man-in-the-middle attack) • Data integrity (prevent tampering with data in transit) • Non-repudiation (proof of sender’s identity) • Access control was never a design requirement (irrelevant for message encryption infrastructure!)
Applying PKI to access control • PKI vendors currently distorting their technology to do access control (encryption is not big market need …) • Their approach: • Individual to provide digital identity certificate to gain access • Certificate serves as strongly authenticated pointer to on-line databases entries • Access provider to retrieve all data for authorization decision • = Credit card infrastructure on steroids … • Authentication for message encryption very different from access control to sensitive data (unique needs for privacy, security, scalability & performance)
The irony; a historical perspective • Diffie-Hellman invention of asymmetric crypto (1976): • Setting: Encrypted communication over open network • Sender to encrypt message with public key of recipient • To prevent man-in-the-middle attack, on-line & secure (read-only) database lists “name”– “public key” bindings • Kohnfelder’s bachelor’s thesis (1978): • Database problems: bottleneck & vulnerable to attacks • Identity certificates proposed to address both problems • Irony of digital identity certificates for access control: • Both problems are back with a vengeance • New problems that were irrelevant in original setting
… not to mention the revocation database, common to everyone Verifiers must look up all authorization data themselves … … but all these databases may be in different trust / administrative domains …
PKI & access control: problems (1) • Non-scalable beyond pre-established trust domains: • Access provider relies on the availability, correctness, and timeliness of authorization data • Poor security: • Access right cloning and lending: no cryptographic protection • Misuse of online databases by hackers and insiders • Vulnerable to denial-of-service attacks: • Strong reliance on real-time availability of online databases • Online certificate status validation • Increases risk of identity theft: • Inescapable system-wide identification • Strong reliance on central databases
PKI & access control: problems (2) • Not suitable for use with smartcards: • Cannot use low-cost smartcards: • Storage problem • Need crypto co-processor for exponentiations • Elliptic-Curve cryptography is only partial solution • Application provider must place very strong trust in parties involved in smartcard manufacturing, masking, initialization, application loading, and personalization. Attacks: • Overt or covert leakage of secrets and other confidential data • Uniqueness, randomness, and secrecy of secret keys?? • Fake-terminal attacks • Selective “failure” attacks based on dynamic inputs • Problems worsen for multi-application smartcards
PKI & access control: problems (3) • Managed services are intrusive: • Online Certificate Status Providers able to learn competitive/sensitive data in real time: • Identities of access requestors (and access providers) • Peak hours • Typically: nature of the transaction • Possibly: transaction details • Certificate Authorities must know the identity and any other attributes that go into the certificates they issue • Online Certificate Status Providers & Certificate Authorities & on-line database maintainers can disrupt operations on the basis of transaction-specific knowledge in real time
PKI & access control: problems (4) • Privacy-invasive (roots inescapable systemic identification deep into information infrastructure): • Public keys = strongly authenticated “super-SSNs”: • Globally unique identification numbers • Inescapably travel along with each and every action taken • Obtained by access provider & third parties (providers of authorization databases & online certificate status verifiers) • Always leave behind undeniable digital evidence of the requestor’s identity (due to digital signing of nonces) • Problems with data protection legislation, unbridled use of PKI may be unconstitutional • Access providers & third parties cannot prevent receiving identifiable data
Bad “solutions” (quick fixes) • Identity certificates that specify a “pseudonym” or a “role” instead of a real name: • Does not address privacy problems (remember: tracing can be done on the basis of the public keys in certificates) • May weaken security (accountability, fraud containment, …) • Issue different identity certificates for different uses: • False sense of privacy: like using SSNs, credit card numbers, and health insurance numbers for all actions! • Damages functionality: creates separate “islands” that cannot communicate (bridge-CAs undo purpose & create new scalability and trust problems) • Scalability & smartcard inefficiency even worse
Another bad “solution” • Privilege Management infrastructure (PMI): • X.509 attribute certificates specify relevant attribute data • Addresses availability problem, but exacerbates all other problems: • Attribute certificates must be linked to (and sent along with) base identity certificate to prevent pooling of privileges • Even more devastating for privacy (all the attributes within a certificate must be known to the CA & must be disclosed when showing the certificate) • No mechanisms to prevent discarding, updating-prevention, lending, and cloning • Smartcard inefficiency even worse • Must manage and revoke an abundance of certificates
Privacy – a brief digress • “The right of individuals to determine for themselves when, how, and to what extent information about them is communicated to others” • In electronic world: virtually no grey areas between privacy & inescapable systemic identification • Different manifestations for: • Individuals (ROI hard to quantify) • Companies (competitive intelligence, liability issues) • Critical information infrastructures (monitoring threats) • Security safeguards deal with unauthorized outsiders, but most threats come from authorized insiders
Security is NOT privacy Technology can address security without addressing privacy, but may introduce new security concerns! OECD FIPs: • Collection Limitation • Data Quality • Purpose Specification • Use Limitation • Openness • Individual Participation • Accountability 5. Security safeguards (incl. confidentiality) Wolves in sheep’s clothing: • Ubiquitous surveillance • cameras • National ID chipcards • PKI for access control • …
Privacy-respecting security • Not so much about anonymity, as about controlling who can learn what as data flows through system • Covers spectrum between mandatory identifiability and the maximum level of privacy afforded (“slider”) • Example: client identifies to access provider, access provider de-identifies non-repudiable transaction evidence for third party (PKI cannot do this!) • Privacy is good for security: • Non-identifiable (unlinkable) records & record access reduce vulnerability to hackers & (authorized!) insiders • Decentralized approach reduces denial of service attacks
Digital Credentials • Achieve security, privacy & efficiency simultaneously • Like digital signatures but much more powerful • Three basic uses in access control: • To authenticate data entries in records • To authenticate pointers to records • For digitally signed audit trails & receipts • “CA” binds attributes to Digital Credential public key: • User can allow CA to learn only an attribute property • User can blind Digital Credential public key & CA’s digital signature (but not the attributes) • User can selectively disclose attribute property to verifier • User must know all attributes to show certificate
… but cannot modify the attributes the CA certifies for him. User can “blind” (randomize) the certificate’s public key… … and also the signature of the CA … User can disclose only the minimal attribute property the Verifier needs to know … … but needs to know all the attributes in the certificate to make his own signature with the certificate’s secret key
Digital Credentials properties (1) • Fully adaptable levels of privacy: • Allow anonymous, pseudonymous, and role-based access • Principle of least authority; selective/minimal disclosure • Reverse authentication: data does not meet conditions • Recertification and updating: present Digital Credential without revealing current attribute values • Dossier-resistance: leave no or partial non-repudiable transaction evidence to verifier • Credential verifier can selectively discard data before passing on digital evidence to third party • Reveal no or partial attribute data to Credential Authorities • Smartcard cannot leak sensitive data to outside world
Digital Credentials properties (2) • Security protections: • No pooling of privileges (multiple Digital Credentials can be shown to contain same built-in identifier without disclosing it) • Lending protection: Embed client-confidential data into Digital Credential (legitimate owner need never disclose it) • Discarding protection: Lump negative data in base Digital Credential (e.g., drunk driving mark into driver’s license) • Limited-show credentials: Embedded identifier (or value) will be exposed if and only if Credential shown too many times • Audit capability: • Digital audit trails & receipts facilitate dispute resolution • Non-identified audit trail cannot be disavowed by originator • Self-signed fraud confessions for lending and reuse
Digital Credentials properties (3) • Smartcard Implementations: • Manage billions of Credentials using 8-bit smart-card chip (off-load storage and computational burden to user device) • Application provider can arbitrarily minimize level of trust placed in smartcard (through application software) • Secure multi-application smartcards: • Different application providers can share same secret key to derive card security • Digital Credentials have uncorrelated secret keys (unknown even to card supplier) and can be revoked separately • Different applications using same smartcard are fire-walled through user software (not card software!) • Leakage of a card’s key does not allow fraud beyond the security functionality the card was supposed to add
Digital Credentials properties (4) • Managed services: • Credential Authorities certify sensitive information without being able to learn the data • Revocation Authorities can validate certificates without being able to identify the clients of organizations • Role of tamper-resistant smartcard can be outsourced • Peer-to-peer support: • Individuals can store and manage their own credentials • Unauthorized users cannot modify, discard, lend, pool, or prevent the updating of information they hold • In the extreme: do away with central databases by securely distributing all database entries to data subjects • Multi-purpose and multi-application certificates
Digital Credentials: not a whim • Limited implementation experience (but for another application, which never caught on commercially): • CAFE & OPERA (2 EU SR&ED projects, involving KPN, Gemplus, Siemens & 15 others): e-cash on a smartcard, with field trials from 1996 to 1999 • Zeroknowledge Systems: e-cash on a RIM Blackberry • Protocols described in open literature: • 32 publications since 1993 at major crypto & privacy forums • 315-page MIT Press book with foreword by prof. Ron Rivest • Scrutinized by world’s top cryptographers (Shamir, Rivest, Schnorr, etc.) • Acclaim from security, legal & privacy experts
Sample acclaim “an important landmark” Dr. Ronald L. Rivest (Webster Professor of Electrical Engineering and Computer Science at MIT), August 2000 “minimizing the risks of all the interested actors” Electronic Privacy Information Center & Privacy International, 2001 “a superior alternative to conventional approaches to PKI” Dr. Roger Clarke (consultant in the management of information and information technology), 2001 “security without sacrificing privacy” Dr. Hal Abelson (Professor at the Artificial Intelligence Laboratory, MIT), August 2000 “the state of the art” Dr. A. Michael Froomkin (Professor of Law, University of Miami), August 2000 “shows ways to do digital certificates without giving so much power to the system owner” Former Chief Privacy Counselor to the Clinton Administration, Dr. Peter Swire, April 2001
Credential Management Platform • Leverages Digital Credentials technology • A continuum between local and remote records • Automated sharing and synchronization of certified data in accordance with application-specific rules • Roaming access to records & access tokens • Multiple protocols for gaining access to electronic records with varying levels of active participation • Delegation certificates (limited-time or limited-use) • Fine-grained multi-party rights management • Optional: encrypt record entries & access requests
Additional Information • Digital Credentials overviews • Non-technical 2-pager: www.ercim.org/publication/Ercim_News/enw49/brands.html • Semi-technical 40-page overview: www.credentica.com/technology/overview.pdf • Technical 350-page book with formal security analysis: www.credentica.com/technology/book.html • CMP architecture overview: ls6-www.informatik.uni-dortmund.de/issi/cred_ws/papers/brands.pdf • brands@credentica.com