590 likes | 697 Views
Achieving Data Privacy and Security Using Web Services. Alfred C. Weaver Professor of Computer Science University of Virginia Charlottesville, Virginia, USA weaver@cs.virginia.edu http://www.cs.virginia.edu/~acw/security/. Outline. Motivation for data security Security architecture
E N D
Achieving Data Privacy and Security Using Web Services Alfred C. Weaver Professor of Computer Science University of Virginia Charlottesville, Virginia, USA weaver@cs.virginia.edu http://www.cs.virginia.edu/~acw/security/
Outline • Motivation for data security • Security architecture • Web services • Trust • Components of security • Authentication • Authorization • Federation • Research issues
Data Privacy and Security Plants PDAs Global Internet Processes Laptops Databases Desktops Cell phones
Risks • Access by unauthorized individuals • Access denied to authorized individuals • Identity theft and impersonation • Authentication techniques of varying reliability • Mobile access devices • Viruses and worms
Risk Mitigation Requirements • Establish and maintain trust between data requestor and data provider • Techniques must be applicable to both humans and software • Trust decisions must be made without human intervention
Outline • Motivation for data security • Security architecture • Web services • Trust • Components of security • Authentication • Authorization • Federation • Research issues
Outline • Motivation for data security • Security architecture • Web services • Trust • Components of security • Authentication • Authorization • Federation • Research issues
Security Architecture • Based upon web services • useful functionality exposed on the WWW • provide fundamental, standardized building blocks to support distributed computing over the internet • applications communicate using XML documents that are computer-readable
Why Web Services? • Internet provides a powerful, standardized, ubiquitous infrastructure whose benefits are impossible to ignore • provided that access is reliable, dependable, and authentic • World-wide acceptance • preferential way to interconnect applications in a loosely-coupled, language-neutral, platform-independent way
Web Services • Built on four primary technologies • eXtensible Markup Language (XML) • format to enable machine-readable text • Simple Object Access Protocol (SOAP) • specifies format and content of messages • Web Services Description Language (WSDL) • XML document that describes a set of SOAP messages and how they are exchanged • Universal Description, Discovery, and Integration (UDDI) • searchable "whitepage directory" of web services
SOAP Example <soap:Envelope> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"> <soap:Header> <!-- security credentials --> <s:credentials xmlns:s="urn:examples-org:security"> <username>Alfred Weaver</username> </s:credentials> </soap:Header> <soap:Body> <x:TransferFunds xmlns:x="urn:examples-org:banking"> <from>22-342439</from> <to>98-283843</to> <amount>100.00</amount> <denomination>USD</denomination> </x:TransferFunds> </soap:Body> </soap:Envelope> TransferFunds (from, to, amount)
Outline • Motivation for data security • Security architecture • Web services • Trust • Components of security • Authentication • Authorization • Federation • Research issues
{Authentication, Credentials, Privileges} What you can do Who you are What you have Trust Privileges Authentication Credentials, attributes
Outline • Motivation for data security • Security architecture • Web services • Trust • Components of security • Authentication • Authorization • Federation • Research issues
Authentication • Biometric • based upon physical or behavioral characteristics • answers “who are you?” • Digital • something you have or know • Two-factor authentication • biometric + digital
Identification vs. Verification • Identification • of all humans, which one are you? • Verification • does your biometric (bid sample) match a previously enrolled biometric template?
False Acceptance/Rejection • False acceptance rate (FAR) • incorrectly matches a bid sample to an enrolled template • this is very bad • FAR must be very, very low • False rejection rate (FRR) • fails to match a legitimate bid sample to an enrolled template • this can be an annoyance or a denial of service • FRR must be low if technique is to be used
Fingerprints 70 points of differentiation (loops, whirls, deltas, ridges) Even identical twins have differing fingerprint patterns False acceptance rate < 0.01% False rejection rate < 1.4% Can distinguish a live finger Fast to enroll Inexpensive (~$50-100)
Fingerprint Scanners Digital Persona U.are.U Pro HP IPAQ IBM Thinkpad T42
Iris Scans Iris has 266 degrees of freedom Identical twins have different iris patterns False acceptance rate < 0.01% False rejection rate < 0.01% Does take some time and controlled lighting to enroll Pattern is stored as a data template, not a picture Flash light to detect pupil dilation (prove live eye)
Fingerprint Iris Retina Hand geometry Finger geometry Face geometry Ear shape Physical Biometrics • Palm print • Smell • Thermal face image • Hand vein • Fingernail bed • DNA
011010101111011110000001... Determining a Match • Enrollment produces a template
011010101111011110000001... 011010101100011110000111... Determining a Match • Enrollment produces a template • Bid sample produces another template
011010101111011110000001... 011010101100011110000111... Determining a Match • Enrollment produces a template • Bid sample produces another template • Hamming distance between them is the degree of difference
Behavioral Biometrics Alfred C. Weaver • Signature • Voice • Keyboard dynamics
Digital Techniques • PINs and passwords • E-tokens • Smart cards • RFID • X.509 certificates
Stores credentials such as passwords, digital signatures and certificates, and private keys Some can support on-board authentication and digital signing eToken
Smartcard • Size of a credit card • Microprocessor and memory • All data movements encrypted
IC with antenna Works with a variety of transponders No power supply Supplies identity information Susceptible to theft and replay attacks RFID
Authentication Token <TrustLevelSecToken> <CreatedAt> 2005-09-20T08:30:00.0000000-04:00 </CreatedAt> <ExpiresAt> 2005-09-21T08:30:00.0000000-04:00</ExpiresAt> <UserID> 385739601</UserID> <TokenIssuer> http://cs.virginia.edu/TrustSTS.asmx</TokenIssuer> <TrustAuthority> http://cs.virginia.edu/TrustAuthority.asmx</TrustAuthority> </TrustLevelSecToken>
Authentication Token <TrustLevelSecToken> <CreatedAt> 2005-09-20T08:30:00.0000000-04:00 </CreatedAt> <ExpiresAt> 2005-09-21T08:30:00.0000000-04:00</ExpiresAt> <UserID> 385739601</UserID> <TrustLevel> Fingerprint </TrustLevel> <AuthenticationMethod> Digital Persona U.are.U </AuthenticationMethod> <TokenIssuer> http://cs.virginia.edu/TrustSTS.asmx</TokenIssuer> <TrustAuthority> http://cs.virginia.edu/TrustAuthority.asmx</TrustAuthority> </TrustLevelSecToken>
X.509 Certificates • Certificate issued by a trusted Certificate Authority (e.g., VeriSign) • Contains • name • serial number • expiration dates • certificate holder’s public key (used for encrypting/decrypting messages and digital signatures) • digital signature of the Certificate Authority (so recipient knows that the certificate is valid) • Recipient may confirm identity of the sender with the Certificate Authority
Outline • Motivation for data security • Security architecture • Web services • Trust • Components of security • Authentication • Authorization • Federation • Research issues
Security Assertion Markup Language (SAML) • Interoperable exchange of security information enables • web single sign-on • distributed authorization services • securing electronic transactions • Transcends the local security domain
SAML Assertions • Assertion is a declaration of facts • Three types of security assertions • authentication • attribute • authorization decision
Authentication Assertion • An issuing authority asserts that • subject S • was authenticated by means M • at time T • Example • subject “Alfred C. Weaver” • was authenticated by “password” • at time “2005-12-14T10:02:00Z”
Example Authentication Assertion <saml:Assertion> AssertionID=“128.9.167.32.12345678” Issuer=“Robotics Corporation” IssueInstant=“2005-12-14T10:02:00Z”> <saml:Conditions NotBefore=“2005-12-14T10:02:00Z” NotAfter=“2005-12-21T10:02:00Z” /> <saml:AuthenticationStatement> AuthenticationMethod=“password” AuthenticationInstant=“2005-12-14T10:02:00Z”> <saml:Subject> <saml:NameIdentifier SecurityDomain=“robotics.com” Name=“Alfred C. Weaver” /> </saml:Subject> </saml:AuthenticationStatement> </saml:Assertion>
Attribute Assertion • An issuing authority asserts that • subject S • is associated with attributes 1, 2, 3… • with attribute values a, b, c... • Example: • “Alfred C. Weaver” in domain “robotics.com” • is associated with attribute “Position” • with value “Plant Manager”
Example Attribute Assertion • <saml:Assertion …> <saml:Conditions …/> <saml:AttributeStatement> <saml:Subject> <saml:NameIdentifier SecurityDomain=“robotics.com” Name=“Alfred C. Weaver” /> </saml:Subject> <saml:Attribute AttributeName=“Position” AttributeNamespace=“http://robotics.com”> <saml:AttributeValue>Plant Manager • </saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement></saml:Assertion>
Authorization Decision Assertion • An issuing authority decides whether to grant the request: • by subject S • for access type A • to resource R • given evidence E • Decision is permit or deny
<saml:Assertion …> <saml:Conditions …/> <saml:AuthorizationStatement> Decision=“Permit” Resource=“http://www.robotics.com/production.html”> <saml:Subject> <saml:NameIdentifier SecurityDomain=“robotics.com” Name=“Alfred C. Weaver” /> </saml:Subject> </saml:AuthorizationStatement></saml:Assertion> Example Authorization Decision Assertion
Outline • Motivation for data security • Security architecture • Web services • Trust • Components of security • Authentication • Authorization • Federation • Research issues
Federation • How can identity, once legitimately established in one trust domain, be reliably and securely shared with another trust domain?
Federated ATM Network Account Number and PIN Visiting Bank Network Funds Network of Trust Home Bank Network
Administrative Decision IP/STS Yes Admin Get identity token 1 3 Requestor Resource 2 Administrator decides on per request basis