560 likes | 656 Views
Distributed Data Security for Factory Automation. Alfred C. Weaver Professor of Computer Science University of Virginia. Outline. Motivation for data security Proposed security architecture Web services Trust Authentication Authorization Federation Research issues.
E N D
Distributed Data Security for Factory Automation Alfred C. Weaver Professor of Computer Science University of Virginia
Outline • Motivation for data security • Proposed security architecture • Web services • Trust • Authentication • Authorization • Federation • Research issues
Data Privacy and Security Plants PDAs Global Internet Processes Laptops Databases Desktops Cell phones
Risks • Access by unauthorized individuals • Access denied to authorized individuals • Identity theft and impersonation • Authentication techniques of varying reliability • Mobile access devices • Viruses and worms
Risk Mitigation Requirements • Establish and maintain trust between data requestor and data provider • Techniques must be applicable to both humans and software • Trust decisions must be made without human intervention
Outline • Motivation for data security • Proposed security architecture • Web services • Trust • Authentication • Authorization • Federation • Research issues
Outline • Motivation for data security • Proposed security architecture • Web services • Trust • Authentication • Authorization • Federation • Research issues
Security Architecture • Based upon web services • useful functionality exposed on the WWW • provide fundamental, standardized building blocks to support distributed computing over the internet • applications communicate using XML documents that are computer-readable
Why Web Services? • Internet provides a powerful, standardized, ubiquitous infrastructure whose benefits are impossible to ignore • provided that access is reliable, dependable, and authentic • World-wide acceptance • preferential way to interconnect applications in a loosely-coupled, language-neutral, platform-independent way
Web Services • Built on three primary technologies • Simple Object Access Protocol (SOAP) • specifies format and content of messages • Web Services Description Language (WSDL) • XML document that describes a set of SOAP messages and how they are exchanged • Universal Description, Discovery, and Integration (UDDI) • searchable "whitepage directory" of web services
SOAP Example <soap:Envelope> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <!-- security credentials --> <s:credentials xmlns:s="urn:examples-org:security"> <username>Alfred Weaver</username> <password>jdb5eifgh7a</password> </s:credentials> </soap:Header> <soap:Body> <x:TransferFunds xmlns:x="urn:examples-org:banking"> <from>22-342439</from> <to>98-283843</to> <amount>100.00</amount> <denomination>USD</denomination> </x:TransferFunds> </soap:Body> </soap:Envelope> TransferFunds (from, to, amount)
Outline • Motivation for data security • Proposed security architecture • Web services • Trust • Authentication • Authorization • Federation • Research issues
{Authentication, Credentials, Privileges} Trust Privileges What you can do Who you are Authentication What you have Credentials, attributes
Outline • Motivation for data security • Proposed security architecture • Web services • Trust • Authentication • Authorization • Federation • Research issues
Authentication • Biometric • based upon physical or behavioral characteristics • answers “who are you?” • Digital • something you have or know • Two-factor authentication • biometric + digital
Identification vs. Verification • Identification • of all humans, which one are you? • Verification • does your biometric (bid sample) match a previously enrolled biometric template?
Fingerprint Iris Retina Hand geometry Finger geometry Face geometry Ear shape Physical Biometrics • Palm print • Smell • Thermal face image • Hand vein • Fingernail bed • DNA
Fingerprint Scanners Digital Persona U.are.U Pro HP IPAQ IBM Thinkpad T42
False Acceptance/Rejection • False acceptance rate (FAR) • incorrectly matches a bid sample to an enrolled template • this is very bad • FAR must be very, very low • False rejection rate (FRR) • fails to match a legitimate bid sample to an enrolled template • this is an annoyance • FRR must be low if technique is to be used
Fingerprints 70 points of differentiation (loops, whirls, deltas, ridges) Even identical twins have differing fingerprint patterns False acceptance rate < 0.01% False rejection rate < 1.4% Can distinguish a live finger Fast to enroll Inexpensive (~$50-100) for the reader
Iris Scans Iris has 266 degrees of freedom Identical twins have different iris patterns False acceptance rate < 0.01% False rejection rate < 0.01% Does take some time and controlled lighting to enroll Pattern is stored as a data template, not a picture Flash light to detect pupil dilation (prove live eye)
011010101111011110000001... 011010101100011110000111... Determining a Match • Enrollment produces a template • Bid sample produces another template • Hamming distance between them is the degree of difference
011010101111011110000001... 011010101100011110000111... Determining a Match • Enrollment produces a template • Bid sample produces another template • Hamming distance between them is the degree of difference
Behavioral Biometrics Alfred C. Weaver • Signature • Voice • Keyboard dynamics
Digital Techniques • PINs and passwords • E-tokens • Smart cards • RFID • X.509 certificates
Stores credentials such as passwords, digital signatures and certificates, and private keys Some can support on-board authentication and digital signing eToken
Smart Card • Size of a credit card • Microprocessor and memory • All data movements encrypted
IC with antenna Works with a variety of transponders No power supply Supplies identity information Susceptible to theft and replay attacks RFID
X.509 Certificates • Certificate issued by a trusted Certificate Authority (e.g., VeriSign) • Contains • name • serial number • expiration dates • certificate holder’s public key (used for encrypting/decrypting messages and digital signatures) • digital signature of the Certificate Authority (so recipient knows that the certificate is valid) • Recipient may confirm identity of the sender with the Certificate Authority
Authentication Token <TrustLevelSecToken> <CreatedAt> 2005-09-20T08:30:00.0000000-04:00 </CreatedAt> <ExpiresAt> 2005-09-21T08:30:00.0000000-04:00</ExpiresAt> <UserID> 385739601</UserID> <TokenIssuer> http://cs.virginia.edu/TrustSTS.asmx</TokenIssuer> <TrustAuthority> http://cs.virginia.edu/TrustAuthority.asmx</TrustAuthority> </TrustLevelSecToken>
Authentication Token <TrustLevelSecToken> <CreatedAt> 2005-09-20T08:30:00.0000000-04:00 </CreatedAt> <ExpiresAt> 2005-09-21T08:30:00.0000000-04:00</ExpiresAt> <UserID> 385739601</UserID> <TrustLevel> Fingerprint </TrustLevel> <AuthenticationMethod> Digital Persona U.are.U </AuthenticationMethod> <TokenIssuer> http://cs.virginia.edu/TrustSTS.asmx</TokenIssuer> <TrustAuthority> http://cs.virginia.edu/TrustAuthority.asmx</TrustAuthority> </TrustLevelSecToken>
Outline • Motivation for data security • Proposed security architecture • Web services • Trust • Authentication • Authorization • Federation • Research issues
Security Assertion Markup Language (SAML) • Applications require interoperable security solutions that transcend the boundaries of single security domains • Interoperable exchange of security information is essential to enable • web single sign-on • distributed authorization services • securing electronic transactions • SAML addresses these issues
SAML Assertions • An assertion is a declaration of facts about a subject • SAML has three kinds, all related to security: • authentication • attribute • authorization decision
Authentication Assertion • An issuing authority asserts that • subject S • was authenticated by means M • at time T • Example • subject “Alfred C. Weaver” • was authenticated by “password” • at time “2005-09-18T10:02:00Z”
Example Authentication Assertion <saml:Assertion> AssertionID=“128.9.167.32.12345678” Issuer=“Robotics Corporation” IssueInstant=“2005-09-19T10:02:00Z”> <saml:Conditions NotBefore=“2005-09-19T10:02:00Z” NotAfter=“2005-09-23T10:02:00Z” /> <saml:AuthenticationStatement> AuthenticationMethod=“password” AuthenticationInstant=“2005-09-18T10:02:00Z”> <saml:Subject> <saml:NameIdentifier SecurityDomain=“robotics.com” Name=“Alfred C. Weaver” /> </saml:Subject> </saml:AuthenticationStatement> </saml:Assertion>
Attribute Assertion • An issuing authority asserts that • subject S • is associated with attributes 1, 2, 3… • with attribute values a, b, c... • Example: • “Alfred C. Weaver” in domain “robotics.com” • is associated with attribute “Position” • with value “Plant Manager”
Example Attribute Assertion • <saml:Assertion …> <saml:Conditions …/> <saml:AttributeStatement> <saml:Subject> <saml:NameIdentifier SecurityDomain=“robotics.com” Name=“Alfred C. Weaver” /> </saml:Subject> <saml:Attribute AttributeName=“Position” AttributeNamespace=“http://robotics.com”> <saml:AttributeValue>Plant Manager • </saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement></saml:Assertion>
Authorization Decision Assertion • An issuing authority decides whether to grant the request: • by subject S • for access type A • to resource R • given evidence E • The subject could be a human or software • The resource is any object • data, web page, web service, etc.
<saml:Assertion …> <saml:Conditions …/> <saml:AuthorizationStatement> Decision=“Permit” Resource=“http://www.robotics.com/production.html”> <saml:Subject> <saml:NameIdentifier SecurityDomain=“robotics.com” Name=“Alfred C. Weaver” /> </saml:Subject> </saml:AuthorizationStatement></saml:Assertion> Example Authorization Decision Assertion
Outline • Motivation for data security • Proposed security architecture • Web services • Trust • Authentication • Authorization • Federation • Research issues
Federation • Web services single sign-on • How can identity, once legitimately established in one trust domain, be reliably and securely shared with another trust domain? • How does authentication transfer? • What are you authorized to do in a different trust domain?
Federated ATM Network Account Number and PIN Visiting Bank Network Funds Network of Trust Home Bank Network
Administrative Decision IP/STS Yes Admin Get identity token 1 3 Requestor Resource 2 Administrator decides on per request basis
Basic FederationDirect Trust Token Exchange IP/STS IP/STS Trust Get accesstoken Get identity token 1 2 Resource Requestor 3
Trust Trust Indirect Trust IP/STS B IP/STS IP/STS A C 1 2 Resource Requestor 3 C trusts B which vouches for A who vouches for client