Secure Authentication and Attribute Sharing in Federated Identity Scenarios

900 views

Published on

In this presentation, I will describe an identity management system that will act as an intermediary between users and service providers, allowing users to authenticate with it while providing identity assurance mechanisms to service providers. The design of this system is aimed to make it less susceptible to the problems imposed by commonly used methods of authentication and attribute verification.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Secure Authentication and Attribute Sharing in Federated Identity Scenarios

  1. 1. Secure Authentication and Attribute Sharing in Federated Identity Scenarios Moritz Platt 17 October 2014
  2. 2. Agenda Introduction ▼ Federated Identity Management ▼ Secure Authentication ▼ Identity Assurance ▼ Implementation Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 2
  3. 3. Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation Introduction • Bachelor’s Thesis at TU Berlin in the field of Business Informatics • Supervised by Institut für Telekommunikationssysteme1, Fachgebiet Offene Kommunikationssysteme2 • Supported by Bundesdruckerei Research Questions • How does a federated identity management system have to be designed to be attractive to end users and service providers? • What are the security risks resulting from the use of identity management systems? How can they be diminished? • How can a secure identity management system be implemented techni-cally? 1 Institute for Telecommunications 2 Department of Open Communication Systems Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 3
  4. 4. Federated Identity Management
  5. 5. Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation The Federated Identity Management Landscape Individual User Identity Bearing Documents Identity Intermediary Security Convenience Assurance Proof Assurance Security Convenience Assurance Service Providers Identity Providers Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 5
  6. 6. Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation FIM Assists Users and Service Providers • Federated ID Management (FIM) is not an end in itself • Different parties are involved in the FIM process: • Users: individual users of web services • Service Providers, e.g. e-commerce or e-government web applications • Identity Providers, e.g. government entities, institutional providers • Main goal: Improve processes for users and service providers • Increasing security for users • Providing a convenient/usable interface for users • Providing identity attributes of assured quality to service providers • Identity attributes are stored centrally with the Identity Intermediary • Users and service providers access the Identity Intermediary to access identity attributes Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 6
  7. 7. Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation Users Decide Which Data to Share Case-Dependent • Authentication must be secure to minimize the risk of identity theft  More on that later • Identity attributes shared must be reliable  More on that later • Unauthorized sharing of a users data must be prevented  More on that later • A user has to have full control about how his data is used • Users have to give clear consent to share data • An access mandate by a user has to be • Limited in time • Limited in scope (e.g. limited to a defined set of attributes) • Limited in audience (e.g. only for a certain service provider) Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 7
  8. 8. Secure Authentication
  9. 9. Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation Identity Crimes Are on the Rise • Spectacular Cases • 2012 Attack on LinkedIn leads to 6.46 M hashed user name/password combinations being leaked [Whittaker, 2012] • 2013 Attack on Adobe Systems leads to 38 M user accounts being leaked [Perlroth, 2013] • 2014 1.2 B user name/password combinations stolen by a russian crime ring [Perlroth and Gelles, 2014] • In 2012, approximately 7% of all U.S. residents age 16 or older were vic-tims of identity theft [Harrell and Langton, 2013] Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 9
  10. 10. Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation Identity Crimes Are on the Rise • The U.S. Federal Trade Commission registers complaints about identity theft concerning credit cards, checking or savings accounts, government documents, internet accounts, etc. 2,500,000 1,500,000 • The number of cases is rising continuously [Federal Trade Commission, 2014] 500,000 2001 2004 2007 2010 2013 Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 10
  11. 11. Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation Password Authentication Provides Low Security • An overwhelming majority of online services use user name/password au-thentication • Low security due to vulnerability to various forms of attacks: • Non-Technical Attacks • Observation while entering a password • Educated guessing of a password • Educated guessing of password recovery information • Abuse of leaked password information • Phishing • Technical attacks • Brute force guessing • Dictionary based guessing • Compromising a user’s system (Key logging, Traffic Logging) • Compromising communication channels (“Man-in-the-Middle”) • Obtaining passwords/password hashes by hacking Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 11
  12. 12. Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation Password Authentication Provides Low Usability but Excel-lent Deployability • Additional to security problems, passwords have low usability [Bonneau et al., 2012] • High memorywise effort (passwords need to be remembered) • High physical effort (passwords need to be typed) • Scalability for users (more passwords increase the memorywise effort) • This also leads to insecure user behaviour (simplistic passwords, pass-word reuse, etc.) • Why are passwords still enduringly successful? • Due to excellent deployability [Bonneau et al., 2012] • High Accessibility • Negligible-Cost-per-User • Server-Compatible • Browser-Compatible • Mature • Non-Proprietary Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 12
  13. 13. Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation Overcoming Passwords: Knowledge and Posession • There were many attemps to supersede passwords with more secure technology • Many are based on hardware devices • Many lacked industry support, open standards or vendor independence • A new emerging standard is FIDO U2F • Supported by an industry consortium (ARM, Google, Mas-tercard, Microsoft, VISA, etc.) • Requires USB/NFC enabled hardware (e.g. Yubico YubiKey NEO) with compact design • Low-level (ADPU) and high-level (Java- Script) APIs • Simple challenge/response logic based on SHA signatures for authentication • Hardware is not commercially available yet • Most promising approach to overcome passwords Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 13
  14. 14. Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation Hardware Authentication Increases Security Passwords FIDO Hardware Resilient-to-Physical-Observation  Resilient-to-Targeted-Impersonation  Resilient-to-Guessing  Resilient-to-Internal-Observation  Resilient-to-Leaks-from-Other-Verifiers  Resilient-to-Phishing  Resilient-to-Theft  Requiring-Explicit-Consent   [Bonneau et al., 2012] • A combination of hardware authentication and passwords (“second factor”) increases security Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 14
  15. 15. Identity Assurance
  16. 16. Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation Components of an Assured Digital Identity Attribute Name Attribute Value LOA First Name Oliver High Last Name Jones High Address Station Road 7 High Post Code M6 5WG High City Salford High E-Mail Address o.jones@example.org Medium Website www.example.org Low • Digital identites consist of attributes and their values • Identity attributes can be more or less reliable/trustworthy • The ISO standard for “Identity proof-ing“ [ISO/IEC WD 29003] defines four levels of assurance (“LOA”): • Low (Little or no confidence in the claimed or asserted identity) • Medium (Some confidence in the claimed or asserted identity) • High (High confidence in the claimed or asserted identity) • Very High (Very high confidence in the claimed or asserted identity) Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 16
  17. 17. Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation Identity Providers Certify User Data • The responsibility of an Identity Provider is to assess the level of assur-ance realistically and provide this assessment to the Identity Intermediary • The obtained data is then stored and disributed by the Identity Intermediary • The Identity Intermediary is agnostic to the way verification is done by an identity provider • There are many ways to obtain high confidence attributes: • Direct transmission of government information (e.g. residential register data) • Public card readers for electronic ID documents (e.g. provided by mu-nicipal administration) • Review of ID documents (e.g. verification of driving licence) by quali-fied staff • Re-use of attributes in an existing business relationship (e.g. payment data) Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 17
  18. 18. Implementation
  19. 19. Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation Recap — The Federated Identity Management Landscape Individual User Identity Intermediary REST API OAuth 2.0 UI REST API Service Providers Identity Providers Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 19
  20. 20. Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation System Overview Server Subsystems User Interfaces/User Devices (A) Tomcat Application Server (D) Identity Intermediary Manage-ment (A.1) Identity Intermediary Reference Implementation (de.mplatt.idi) (A.2) Apache Oltu (org.apache.oltu) (A.3) Hibernate Persistence Framework (org.hibernate) (A.4) Java RESTful Webservice Interfaces (javax.ws.rs) (B) PostgreSQL Database Server Reference Implementation (E) YubiKey NEO FIDO Token Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 20
  21. 21. Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation User Interface • Service providers request data from users through OAuth 2.0 requests • Users are then redirected to the authentication page https://localhost:8080/idi/auth?client_id=ec3ec0e5-d6b9-472c-a611-1b87f301bfdc&response_type=code&scope=read:firstname%20read:date IDI Identity Intermediary Sign-In The service provider Smith’s Bikes is requesting one-time access to your personal data stored by the Identity Intermediary Service. The service provider requests the following attributes: • E-Mail Address • Last Name • First Name • Address of Residence Do you want to share these personal attributes with Smith’s Bikes? You will have the chance to review the attributes before making your final decision. No. Cancel Sign In. Yes. Review these attributes. Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 21
  22. 22. Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation User Interface • Users then log on • Authorization requires a local device (“FIDO” token) and a password https://localhost:8080/idi/confirm IDI Intermediary Sign-In To share data with Smith’s Bikes please perform FIDO multi-factor authentication. Authenticate with your local device The authentication process can be performed in various ways depending on the vendor of the FIDO token used. Authentication normally takes place via USB or wirelessly. Enter your IDI password Password Submit Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 22
  23. 23. Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation User Interface • Users then have the chance to review the attributes shared • Data can be concealed on a per-attribute basis https://localhost:8080/idi/review IDI Identity Intermediary Sign-In Please review the data you are going to share with Smith’s Bikes: E-Mail Address o.jones@example.org Last Name Jones First Name Oliver Address of Residence Station Road 7, Salford M6 5WG Do you want to share these personal attributes with Smith’s Bikes? No. Cancel Sign In. Yes. Share these attributes. Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 23
  24. 24. Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation Data Encryption • Confirmed attributes will be encrypted for the requesting service provider based on a public key provided • The data for a service provider can only be decrypted with his private key RB RA1 RA2 I U S1 S2 I U S1 S2 I U S1 S2 I U S1 S2 I U S1 S2 I U S1 S2 A1 A2 A3 • Realised through a combination of multiple cryptographical methods on the server side and client side (W3C Web Cryptography API) Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 24
  25. 25. Conclusion
  26. 26. Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation The implementation is a step in the right direction • The implementation shows that the concept works, but … • … there is a trade-off between security and usability. • … FIDO U2F specifications are still in a maturing phase. • … FIDO U2F tokens only provide signature capabilities (no advanced cryptographic functions). • Still, the combination of Federated IDM + FIDO U2F has great potential • Success depends on a network of service providers/identity providers and high market penetration of FIDO U2F tokens Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 26
  27. 27. Discussion
  28. 28. Appendix
  29. 29. Appendix Bibliography Bonneau, J., Herley, C., Oorschot, P. C. v. and Stajano, F. The quest to replace passwords: A framework for comparative evaluation of Web authentication schemes University of Cambridge, Computer Laboratory, 2012 (UCAM-CL-TR-817) Federal Trade Commission Consumer Sentinel Network Data Book for January - December 2013 Federal Trade Commission, 2014 Harrell, E. and Langton, L. Victims of Identity Theft, 2012 U.S. Department of Justice, Office of Justice Programs, Bureau of Justice Statistics, 2013 (NCJ 243779) ISO/IEC Information technology – Security techniques – Identity proofing International Organization for Standardization, 2012 (WD 29003) Perlroth, N. Adobe Hacking Attack Was Bigger Than Previously Thought http://bits.blogs.nytimes.com/2013/10/29/adobe-online-attack-was-bigger-than-previously-thought 2013 Perlroth, N. and Gelles, D. Russian Hackers Amass Over a Billion Internet Passwords http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html 2014 Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 29
  30. 30. Appendix Illustration Credit Icons Page 5, 19: Business by Thomas Helbig from The Noun Project Passport by Hunor Csaszar from The Noun Project Identification by Stefan Spieler from The Noun Project shop by Christian Wad from The Noun Project institution by Christian Wad from The Noun Project Cloud by matthew hall from The Noun Project Page 8: Keys by Joe Harrison from The Noun Project Page 15: Identification by Stefan Spieler from The Noun Project Page 20: USB Flash Drive by Michael Rowe from The Noun Project Computer by Océan Bussard from The Noun Project Website by Mister Pixel from The Noun Project Page 25: Adventure by Ben Markoch from The Noun Project Page 27: Icon by buzzyrobot from The Noun Project Photography Page 1: “Antique Keys” by Simon Greig is licensed under a Attribution-NonCommercial-ShareAlike 2.0 Generic license. Based on a work at https://www.flickr.com/photos/xrrr/3892883749. To view a copy of this license, visit https://creativecommons.org/licenses/by-nc-sa/ 2.0/legalcode. Page 13: “YubiKey NEO on Keychain” from http://www.yubico.com/press/images/. Used in accordance with the usage policy available online 2014-09-20. Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 30

×