Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Harmonizing Identity andPrivacy in Digital Identity andAuthentication technologiesSimon BlanchetInformation Security & Ris...
Who Am I? Simon Blanchet, CISSP 11+ years in Information System Security Security      Security / Cryptographic Software D...
Who Am I? Crypto / Security Software Developer      Secure Email Solution (X.509, OpenSSL, MS CAPI, …)      Meta-IDS built...
Who Am I? Fun facts:      Own (too) many books on Cryptology and Brewing             Some of which are signed by the autho...
Agenda What this talk IS about / What this talk is NOT about Authentication & Privacy Identity Meta System (IdP, RP, Subje...
What this talk IS about    Digital Identity    Authentication    Digital Privacy in the authentication world    Identity P...
What this talk is NOT about Anonymous browsing MIX networks / Onion Routing Hiding identity at the network level Political...
Authentication & Privacy             Definition, means, why, conflicting /              diametrically opposed concepts?   ...
Identification & Authentication    Identification             Act or process of identifying somebody or something or of be...
Identification vs Authentication    Identification             Ex: “Hi I’m Simon”, “Hi I’m the owner of this car”    Authe...
Authentication (1/2)    Authentication factors             Knowledge         Something you know               Ex: Password...
Authentication (2/2)    SSL Mutual Authentication      Public Key Digital Signature (more on this later…)    Hardware / Se...
Privacy    Ability of a person to control the availability of    information about and exposure of himself or    herself. ...
Anonymity / Pseudonymity    Anonymity             No information linking an identifier to its entity             Identity ...
Security vs Privacy    Is this a real dilemma?    Conflicting / diametrically opposed concepts?    We hear a lot about tra...
Security vs Privacy    Post 9/11             How much privacy are you willing to give up for security?    Security or Priv...
Identity Meta System    IdP - Identity Provider             Issues digital identity                Ex: CA for X.509 Digita...
PKI     IdP is the Certification Authority (CA)                               Authenticate                               V...
Case Study             SSL Mutual Authentication27.10.2011     Application Security Forum - Western Switzerland - 2011   19
SSL Mutual Authentication    Common Trusted IdP (CA) between RP & S    CA issues a digital certificate to Subject         ...
SSL Mutual Authentication    RP is a Web Server configured to require a    client certificate             SSL “Server Hell...
SSL Mutual Authentication               Copyright IBM Corporation 1999, 2011. All Rights Reserved.               This topi...
SSL Mutual Authentication    So the client is only sending his certificate    back to the server or is he?    What else wo...
SSL Mutual Authentication    What can be signed?    Who’s providing the material to sign?             The server only?    ...
Laws of Identity                                      ii.a27.10.2011   Application Security Forum - Western Switzerland - ...
Laws of Identity                                       ii.a1.     User Control and Consent2.     Minimal Disclosure for a ...
Some issues with current                     schemes27.10.2011       Application Security Forum - Western Switzerland - 20...
Privacy Issues with current schemes    IdP sees the certificates it issues    RP can always track the entity authenticatin...
X.509 SSL Mutal Authn (1/2)1. User Control and Consent ✗ / ?             By Default: NO under most common OSes            ...
Issues with X.509 authn (2/2)    Cert contains direct unique identifiers such as:             Subject Key Identifier ( 2.5...
Cryptographic Primitives27.10.2011       Application Security Forum - Western Switzerland - 2011   31
Cryptographic Primitives    RSA    Discrete Logarithm Problem (DLP)    Zero-Knowledge Proof (ZKP)             Prover     S...
RSA    P & Q: Large random prime numbers    n = P * Q Modulus common to privkey & pubkey    Compute φ(n) = (p – 1)(q – 1) ...
Discrete Logarithm Problem    g and h are elements of a finite cyclic group G then a    solution x of the equation gx = h ...
Zero Knowledge ProofFor Children… (from Jean-Jacques Quisquater’s paper*)Repeat until confidence level is reached…•    htt...
Introducing digital credential• Issuing protocol                    Blind Signature      – Subject can (blind) “randomize”...
Conclusion Pseudonymity != Anonymity Security XOR Privacy? NOT Really Liberty VS Control THE real question Most current au...
© flickr.com/horiavarlan              horiavarlan                                     Questions                           ...
Thank You! / Merci!         Simon Blanchet         simon.blanchet@gmail.com         http://ch.linkedin.com/in/sblanchet   ...
References (1/2)i.          Microsoft’s Vision for an Identity Metasystem       a.       http://www.identityblog.com/stori...
References (2/2)v.           7 Laws of Identity, Ann Cavoukian        a.      http://www.ipc.on.ca/images/Resources/up-7la...
Upcoming SlideShare
Loading in …5
×

ASFWS 2011: Harmonizing Identity and Privacy in Digital Identity and Authentication technologies

When we think about authentication and more specifically about strong authentication mechanisms based on cryptographic primitives, we first think about techniques generating non-repudiable identity proofs. It seems like the more “secure” an authentication scheme is, the less control the Subject have over its privacy using it. Facing the Security vs Privacy debate, we might be tempted to intuitively (but wrongly) assume that those concepts are diametrically opposed.
In this talk, the presenter will introduce some concepts and associated techniques which
could be leveraged to provide secure authentication without sacrificing privacy. This talk
will first highlight the privacy side effects associated with the classical authentication
schemes based on X.509 certificates before having a closer look at selective disclosure,
ZKIP, Digital Credential and their implementations in the real world.

Application Security Forum 2011
27.10.2011 - Yverdon-les-Bains (Switzerland)
Speaker: Simon Blanchet

  • Login to see the comments

  • Be the first to like this

ASFWS 2011: Harmonizing Identity and Privacy in Digital Identity and Authentication technologies

  1. 1. Harmonizing Identity andPrivacy in Digital Identity andAuthentication technologiesSimon BlanchetInformation Security & Risk Team Leader - Application Security{Undisclosed} Private Bank
  2. 2. Who Am I? Simon Blanchet, CISSP 11+ years in Information System Security Security Security / Cryptographic Software Developer Information Security Professional (Application / Software Security) in Private Banking Hooked: Computers, BBSes, “hacking scene” Computer Science Passionate about Cryptology (Classical, Applied) & Software (In)Security27.10.2011 Application Security Forum - Western Switzerland - 2011 2
  3. 3. Who Am I? Crypto / Security Software Developer Secure Email Solution (X.509, OpenSSL, MS CAPI, …) Meta-IDS built on OpenBSD (aggregation, correlation) Digital Credential initial PoC / SDK Information Security Professional (Swiss Banking) Application Security Architect (PKI, AAA, libs (authn, crypto), …) Smartcard Programming & Integration (PKCS11, APDUS) Application Security Team Lead – Private Bank Software Security, ARA, Threat Modeling, Security Testing27.10.2011 Application Security Forum - Western Switzerland - 2011 3
  4. 4. Who Am I? Fun facts: Own (too) many books on Cryptology and Brewing Some of which are signed by the author with dedication Foodies, Beer aficionado Urban travelers, love languages27.10.2011 Application Security Forum - Western Switzerland - 2011 4
  5. 5. Agenda What this talk IS about / What this talk is NOT about Authentication & Privacy Identity Meta System (IdP, RP, Subject / Principal, …) PKI, X.509, Case Study: SSL mutual authentication Introducing the Laws of Identity Some issues with current authentication schemes Introducing Elementary Cryptographic Primitives Introducing Digital Credential27.10.2011 Application Security Forum - Western Switzerland - 2011 5
  6. 6. What this talk IS about Digital Identity Authentication Digital Privacy in the authentication world Identity Provider, Relying Parties, Subject Limitations of current implementations Elementary cryptographic primitives RSA, Digital Signature, Discrete Logarithms, ZKIP, Blind Signature, Selective Disclosure, …27.10.2011 Application Security Forum - Western Switzerland - 2011 6
  7. 7. What this talk is NOT about Anonymous browsing MIX networks / Onion Routing Hiding identity at the network level Political statement / Privacy evangelism 27.10.2011 Application Security Forum - Western Switzerland - 2011 7
  8. 8. Authentication & Privacy Definition, means, why, conflicting / diametrically opposed concepts? Security vs Privacy debate27.10.2011 Application Security Forum - Western Switzerland - 2011 8
  9. 9. Identification & Authentication Identification Act or process of identifying somebody or something or of being identified. So, it’s an act or process of showing who somebody is. Act of claiming an identity, where an identity is a set of one or more signs signifying a distinct entity. Authentication Act or process of proving something to be valid, genuine or true about someone’s identity. Act of verifying that identity, where a verification consists in establishing, to the satisfaction of the verifier, that the sign signifies the entity.27.10.2011 Application Security Forum - Western Switzerland - 2011 9
  10. 10. Identification vs Authentication Identification Ex: “Hi I’m Simon”, “Hi I’m the owner of this car” Authentication Ex: “Hi I’m Simon, here’s my passport” Something I own Passport Ex: “Hi I’m Simon, here’s my passport and let me sign this piece of paper” Something I own Passport Something I am My signature27.10.2011 Application Security Forum - Western Switzerland - 2011 10
  11. 11. Authentication (1/2) Authentication factors Knowledge Something you know Ex: Password, Pin code, Passphrase, answer to a special ? Ownership Something you own Ex: Security Token, Cell phone, Private Key associated to a cert Inherence Something you do or are Ex: Fingerprint, voice, retina (think biometrics) Multi-factor Authentication Any combination of more than one of the above…27.10.2011 Application Security Forum - Western Switzerland - 2011 11
  12. 12. Authentication (2/2) SSL Mutual Authentication Public Key Digital Signature (more on this later…) Hardware / Security Token Shared Secret Key Authentication OTP based on Shared Secret + Time OTP based on Shared Secret + Counter OTP based on Shared Secret + Challenge The minimum requirement of any token is at least an inherent unique identity… OpenID / SAML / …27.10.2011 Application Security Forum - Western Switzerland - 2011 12
  13. 13. Privacy Ability of a person to control the availability of information about and exposure of himself or herself. It is related to being able to function in society anonymously (including pseudonymous or blind credential identification)27.10.2011 Application Security Forum - Western Switzerland - 2011 13
  14. 14. Anonymity / Pseudonymity Anonymity No information linking an identifier to its entity Identity that is not bound or linked to an entity Obscuring the identity of an entity Pseudonymity Pseudonym is a fictitious identifier which is not immediately associated to an entity Ex: Pen names, Nicknames, … Linking & Tracking possible, pseudo revealed: Game Over27.10.2011 Application Security Forum - Western Switzerland - 2011 14
  15. 15. Security vs Privacy Is this a real dilemma? Conflicting / diametrically opposed concepts? We hear a lot about trading your Privacy to increase your Security in airport security Full-Body Scanners anyone?27.10.2011 Application Security Forum - Western Switzerland - 2011 15
  16. 16. Security vs Privacy Post 9/11 How much privacy are you willing to give up for security? Security or Privacy? Fundamental dichotomy? NOT really… Security affects Privacy when its based on identity Real question: Liberty versus Control Quoting Benjamin Franklin: "Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety."27.10.2011 Application Security Forum - Western Switzerland - 2011 16
  17. 17. Identity Meta System IdP - Identity Provider Issues digital identity Ex: CA for X.509 Digital Certificate RP - Relying Parties Requires identity / Trust IdP Ex: Mutual SSL authn protected web server S / P – Subject / Principal Entities about whom claims are made Ex: Individual owning a cert & its associated private key27.10.2011 Application Security Forum - Western Switzerland - 2011 17
  18. 18. PKI IdP is the Certification Authority (CA) Authenticate Validate CSR Issue Cert Cryptographic IdP binding Identity + Public Key Subjec Access Request RP t Certificate + Proof ofKeep Private Key possession private keySign(Attrib + Pub Key) CSR27.10.2011 Application Security Forum - Western Switzerland - 2011 18
  19. 19. Case Study SSL Mutual Authentication27.10.2011 Application Security Forum - Western Switzerland - 2011 19
  20. 20. SSL Mutual Authentication Common Trusted IdP (CA) between RP & S CA issues a digital certificate to Subject Client-side key pair generation PKCS10 Certificate Signing Request sent to CA CA authenticate Subject & verify proof of possession of associated Private Key CA issues X.509 certificate to Subject27.10.2011 Application Security Forum - Western Switzerland - 2011 20
  21. 21. SSL Mutual Authentication RP is a Web Server configured to require a client certificate SSL “Server Hello” – “Client Certificate Request” $ openssl s_server -www -key myca_privkey.pem -cert myca.pem -state -msg -debug -Verify myca.pem27.10.2011 Application Security Forum - Western Switzerland - 2011 21
  22. 22. SSL Mutual Authentication Copyright IBM Corporation 1999, 2011. All Rights Reserved. This topics URL: http://publib.boulder.ibm.com/infocenter/wmqv7/v7r0/topic/com.ibm.mq.csqzas.doc/sy10660_.htm27.10.2011 sy10660_ Application Security Forum - Western Switzerland - 2011 22
  23. 23. SSL Mutual Authentication So the client is only sending his certificate back to the server or is he? What else would be needed and why? Proof of possession of associated private key A certificate is public by definition … How to prove to a RP that we own such key? Someone said “Digital Signature”? What is really signed here? Why?27.10.2011 Application Security Forum - Western Switzerland - 2011 23
  24. 24. SSL Mutual Authentication What can be signed? Who’s providing the material to sign? The server only? The client only? Both? Why? What can go wrong if not both? What’s the outcome of all of this? Server obtain a proof that the Client owns the private key associated with the cert shown27.10.2011 Application Security Forum - Western Switzerland - 2011 24
  25. 25. Laws of Identity ii.a27.10.2011 Application Security Forum - Western Switzerland - 2011 25
  26. 26. Laws of Identity ii.a1. User Control and Consent2. Minimal Disclosure for a Constrained Use3. Justifiable Parties4. Directed Identity5. Pluralism of Operators and Technologies6. Human Integration7. Consistent Experience Across Contexts27.10.2011 Application Security Forum - Western Switzerland - 2011 26
  27. 27. Some issues with current schemes27.10.2011 Application Security Forum - Western Switzerland - 2011 27
  28. 28. Privacy Issues with current schemes IdP sees the certificates it issues RP can always track the entity authenticating RP can store all the certificates presented Different RPs can exchange & link those certificates ALL the attributes contained in the certificate are disclosed to the RP CRLs are distributed to all RP27.10.2011 Application Security Forum - Western Switzerland - 2011 28
  29. 29. X.509 SSL Mutal Authn (1/2)1. User Control and Consent ✗ / ? By Default: NO under most common OSes MS CAPI Private Key Security Level2. Minimal Disclosure for a Constrained Use ✗ ALL attributes embedded in the cert are disclosed27.10.2011 Application Security Forum - Western Switzerland - 2011 29
  30. 30. Issues with X.509 authn (2/2) Cert contains direct unique identifiers such as: Subject Key Identifier ( 2.5.29.14 ) IssuerDN + Serial Number Common Name* Cert contains indirect unique identifiers: Public Key CA’s Signature Computed Thumbprint27.10.2011 Application Security Forum - Western Switzerland - 2011 30
  31. 31. Cryptographic Primitives27.10.2011 Application Security Forum - Western Switzerland - 2011 31
  32. 32. Cryptographic Primitives RSA Discrete Logarithm Problem (DLP) Zero-Knowledge Proof (ZKP) Prover Subject Verifier RP Blind Signature Selective Disclosure27.10.2011 Application Security Forum - Western Switzerland - 2011 32
  33. 33. RSA P & Q: Large random prime numbers n = P * Q Modulus common to privkey & pubkey Compute φ(n) = (p – 1)(q – 1) Choose an integer e such that 1 < e < φ(n) and gcd(e,φ(n)) = 1 public key d = e–1 mod φ(n) private key Encryption-Decryption / Signature-Validation ENC/DEC: c = me (mod n), m = cd (mod n) SIG/VAL: s = hd (mod n), h = se (mod n) h’=h?27.10.2011 Application Security Forum - Western Switzerland - 2011 33
  34. 34. Discrete Logarithm Problem g and h are elements of a finite cyclic group G then a solution x of the equation gx = h is called a discrete logarithm to the base g of h in the group G. Given g ≠1 and a random h := gx, it is not possible to find x from computational complexity standpoint.27.10.2011 Application Security Forum - Western Switzerland - 2011 34
  35. 35. Zero Knowledge ProofFor Children… (from Jean-Jacques Quisquater’s paper*)Repeat until confidence level is reached…• http://en.wikipedia.org/wiki/Zero-knowledge_proof 27.10.2011 Application Security Forum - Western Switzerland - 2011 35
  36. 36. Introducing digital credential• Issuing protocol Blind Signature – Subject can (blind) “randomize” its public key – IdP can still sign without “knowing” the public key – The resulting IdP signature is also “blinded” from the IdP perspective• Showing protocol Selective Disclosure – Subject can blind, hence selectively disclose only the attributes he wishes to do to the RP (Verifier)27.10.2011 Application Security Forum - Western Switzerland - 2011 36
  37. 37. Conclusion Pseudonymity != Anonymity Security XOR Privacy? NOT Really Liberty VS Control THE real question Most current authentication schemes were not built with “privacy” in mind and currently don’t comply with the “7 Laws of Identity” Some cryptographic constructs exists to implement privacy and empower the Subject Implementations of those constructs already exist 27.10.2011 Application Security Forum - Western Switzerland - 2011 37
  38. 38. © flickr.com/horiavarlan horiavarlan Questions Questions ?27.10.2011 Application Security Forum - Western Switzerland - 2011 38
  39. 39. Thank You! / Merci! Simon Blanchet simon.blanchet@gmail.com http://ch.linkedin.com/in/sblanchet SLIDES A TELECHARGER PROCHAINEMENT: http://slideshare.net/ASF-WS27.10.2011 Application Security Forum - Western Switzerland - 2011 39
  40. 40. References (1/2)i. Microsoft’s Vision for an Identity Metasystem a. http://www.identityblog.com/stories/2005/10/06/IdentityMetasystem.pdfii. The Laws of Identity, Kim Cameron a. http://www.identityblog.com/stories/2005/05/13/TheLawsOfIdentity.pdfiii. Rethinking Public Key Infrastructures and Digital Certificates, Stefan Brands a. http://mitpress.mit.edu/catalog/item/default.asp?sid=DB63048D-0822-4233-8765- 55C534600287&ttype=2&tid=3801 b. http://www.credentica.com/the_mit_pressbook.htmliv. Work of David Chaum & Stefan Brands, School of Computer Science and Statistics at Trinity College Dublin (Michael Peirce’s homepage) a. http://ntrg.cs.tcd.ie/mepeirce/Project/chaum.html b. http://ntrg.cs.tcd.ie/mepeirce/Project/Mlists/brands.htmlv. The Id Element a. http://channel9.msdn.com/Shows/Identity b. http://channel9.msdn.com/shows/Identity/Deep-Dive-into-U-Prove-Cryptographic-protocols27.10.2011 Application Security Forum - Western Switzerland - 2011 40
  41. 41. References (2/2)v. 7 Laws of Identity, Ann Cavoukian a. http://www.ipc.on.ca/images/Resources/up-7laws_whitepaper.pdfvi. The problem(s) with OpenID, The Identity Corner a. http://www.untrusted.ca/cache/openid.htmlvii. An Overview of an SSL Handshake & How SSL provides authentication, confidentiality, and integrity a. http://publib.boulder.ibm.com/infocenter/wmqv7/v7r0/advanced/print.jsp?topic=/com.ibm.mq. csqzas.doc/sy10670_.htm&isSelectedTopicPrint=true b. http://publib.boulder.ibm.com/infocenter/wmqv7/v7r0/index.jsp?topic=%2Fcom.ibm.mq.csqzas .doc%2Fsy10660_.htmviii. Links Blog (Identity), Ben Laurie a. http://www.links.org/?cat=8ix. U-Prove Crypto SDK V1.1 (Java Edition) - Apache 2.0 open-source license a. http://archive.msdn.microsoft.com/uprovesdkjavax. Random Thoughts on Digital Identity, Digital Identity Glossary a. http://blog.onghome.com/glossary.htm27.10.2011 Application Security Forum - Western Switzerland - 2011 41

×