security issues in id management an overview by: dr. magdy el-soudani

Security Issues in ID ManagementAn Overview

By:Dr. Magdy El-Soudani

Regional Seminar on ID Management and E-Signature

2

Agenda

What is ID Management?

ID Management Terminology

Objectives of ID Management

Technology Support of ID Management

Main Issues in ID Management

Security in ID Management

Conclusions


3

Identity management (ID management) is a broad

administrative area that deals with identifying

individuals in a system (such as a country, a

network, or an enterprise) and controlling their

access to resources within that system by

associating user rights and restrictions with the

established identity.

1-What is ID Management?


4

1-What is ID Management? (Ctd.)

The public value of ID system lies in how the resulting information or assets are employed. Its requirements can be used to establish a centralized ID management program, creating a valuable resource that may be leveraged across multiple organizations within a government. For example: A government entitlement program could verify and confirm recipient identity and eligibility at the point of contact to reduce and prevent fraud. A law enforcement agency could confirm first responder status of emergency personnel to ensure security at an incident site.


5

The driver licensing system is a simple example of identity

management: drivers are identified by their license

numbers and user specifications (such as "can not drive

after dark") are linked to the identifying number.

Example of ID System

1-What is ID Management? (Ctd.)


6

Here we are

What is ID Management? √

ID Management Terminology





Conclusions


7

2-ID Management Terminology

Access managementThese are the processes and technologies used to control and monitor network access. Access management features, such as authentication, authorization, trust and security auditing, are part and parcel of the top ID management systems.

CredentialAn identifier employed by the user to gain access to a network. E.g., password, public key infrastructure (PKI) certificate or biometric information (fingerprint, retinal scan).

De-provisioningThe process of removing an identity from an ID repository and terminating access privileges.

Digital identityThe ID itself, including the description of the user and his/her access privileges.


8

2-Terminology Contd.

EntitlementThe set of attributes that specify the access rights and privileges of an authenticated security principal.

Identity lifecycle managementIt refers to the entire set of processes and technologies for maintaining and updating digital identities.

Password resetIn this context, it's a feature of an ID management system that allows users to re-establish their own passwords, relieving the administrators of the job and cutting support calls.

ProvisioningThe process of creating identities, defining their access privileges and adding them to an ID repository.

Security principalA digital identity with one or more credentials that can be authenticated and authorized to interact with the network.


9

Here we are


ID Management Terminology √





Conclusions


10

3-Objectives of ID Management

The core objective is this “ one identity per individual”.

But once that digital ID has been established, it has to be: maintained, modified, and monitored.

Administrators must have the tools and technologies to: change a user's role, to track user activities, and to enforce policies on an ongoing basis.

All these must ensure compliance with corporate policies and government regulations.


11

Here we are



Objectives of ID Management √




Conclusions


12

4-Technology Support for ID Management

The list of technologies that support these objectives include: Password-management tools, Provisioning software, Security-policy enforcement applications, and Reporting and monitoring apps.

These technologies tend to be grouped into software suites with assortments of additional capabilities, from enterprise-wide credential administration to automated smart-card and digital-certificates management.


13

Here we are




Technology Support of ID Management √



Conclusions


14

5-Main Issues in ID Management

The issues involved in creating, using, changing and ending an identity involve technical, procedural, legal and policy dimensions.

Current information management capabilities provide tremendous leverage in accessing, processing, manipulating as well as stealing information.

This raises questions of privacy, and security.

Marazer

Not clear


15

Here we are





Main Issues in ID Management √


Conclusions


16

6-Security in ID Management

6.1 Important Security Concepts

6.2 Requirements of Secure ID Management

System

6.3 Secure ID System Components

6.4 Security Measures in ID Management


17

6.1 Important Security Concepts

ID management must be built on a set of concepts that are capable of providing the five system security (X.800) services and their related mechanisms.

Authentication - assurance that the communicating entity is the one claimed

Access Control - prevention of the unauthorized use of a resource Data Confidentiality –protection of data from unauthorized

disclosure Data Integrity - assurance that data received is as sent by an

authorized entity Non-Repudiation - protection against denial of service by one of the

parties in a communication


18

6.2 Requirements of Secure ID Management System

To implement a secure ID system, a set of requirements must be ensured. Amongst these;

Policies and procedures are in place for both issuing and monitoring the use of the credential.

Training for users and issuers are implemented. A system is established to protect access to the ID holder's information

and to prevent unauthorized viewing or tampering. A security control is in place to provide access to information on the ID

credential to authorized viewers. The ID cards are issued only by the authorized issuing organization. The identity of the individual applying for the ID cards is established. The person to be granted access to the privileges indicated by the

credential is indeed entitled to them, and The ID card is issued to the correct person.


19

6.3 Secure ID System Components

To implement an efficient and effective secure ID system, many

factors need to be considered.

A secure ID system implementation can include a visual inspection, use

of a personal identification number (PIN), use of a machine-readable card

incorporating integrated chip in addition to the use of a biometric

measurement (e.g., finger print).

It is recommended to use a combination of these technologies to meet

specific security and system requirements.

Once the purpose of the secure ID system has been determined, the

appropriate components for its implementation, security architecture and

distribution life cycle process must be assembled.


20

6.3 Secure ID System Components Contd.

A typical ID management system comprises four basic components:

a directory of the personal data the system uses to define individual users (DB)

a set of tools for adding, modifying and deleting that data

a system that regulates user access, and an auditing and reporting system.


21

Adopted from P. Mrochinski et al, EDS Viewpoint Paper

Issuing Authority

IDM & DB

Access Control

Health & Social Services

Tax & Revenue

Other Agencies or organizations as authorized

Citizen

Auditing & Reporting

6.3 Secure ID System Components Contd.


22

6.3 Secure ID System Components Contd

Security Component Example of Key Design Parameters

ID Card Type of card Technology

Security certification Authority

Network & Infrastructure Access Control Design of secured environment

Cryptography Algorithms, key management

Biometric Biometric used (e.g., fingerprint, signature,..)

Readers Authentication, Secure communications


23


Unauthorized users can be prevented either by filtering the access requests or by preventing unauthorized users from accessing certain (sensitive) targets.

Regulating user access can involve a number of authentication methods for verifying the identity of a user, including passwords, digital certificates, tokens and smart cards.

Hardware tokens and credit-card-sized smart cards have traditionally served as one component in the two-factor authentication scheme, which combines something you know (your password) with something you have (the token or the card) to verify a user's identity.


24


6.4.1 Access Control

6.4.2 Authentication


25


Access control comprises those mechanisms that enforce mediation on subject requests for access to objects as defined in some specified security policy.

An important conceptual model in this context is the reference monitor:


26

Differences in Access Control Policies

The level at which the authorization level is made.

The ways in which users and/or targets can be grouped together for purposes of common handling.

The extent to which policies can be stated in terms of general rules which can be automatically enforced by system components.



27

6.4.2 Authentication

A. Direct authentication1. Based on a shared secret master key2. Based on a public-key system3. Diffie-Hellman

B. Mediated authentication1. Based on key distribution centers2. Kerberos


28

A and B already share a secret key

This key is called the master key “MK”.

MK will only be used rarely, whenever A & B need

to authenticate each other and establish a session

key.

6.4.2 Authentication A. Direct Authentication

1-Authentication based on a shared secret key


29

Risks

No mutual authentication

• Off-line password guessing attack

• Some who reads B’s database can later impersonate A.

A

Initiator

I’m A

Challenge, R

E (MK, R)

B

Responder


1-Authentication based on a shared secret key (ctd.)


30

2-Authentication Based on Public Key

B authenticates A based on her public key signature.B authenticates A if she can decrypt a message encrypted with her public keyRisk : man-in-the middle attack

R

EkuA[R]



31

Protocol Steps

1- A and B know each other’s public key

2- N1 and N2 are random numbers ( to ensure the authenticity

of A and B)

3- After Step 2, A is sure of B’s identity: right response to its

challenge

4- After Step 3, B is sure of A’s identity: right response to its

challenge


2-Authentication Based on Public Key


32


2-Authentication Based on Public Key (Ctd.)


33

Idea: Establish a secret key based on each other’s public keysProtocol1- Alice and Bob need to agree on two large numbers n, g, where n is prime, (n-1)/2 is also prime and some extra conditions are satisfied by g (to defeat math attacks) – these numbers may be public so Alice could generate this on her own2- Alice picks a large (say, 512-bit) number x and B picks another one, say y3- Alice initiates the key exchange protocol by sending Bob a message containing (n,g,gx mod n)

3-Diffie-Hellman key



34

4- Bob sends Alice a message containing gy mod n

5- Alice raises the number Bob sent her to the x-th power

mod n to get the secret key:

(gy mod n)x mod n=gxy mod n

6- Bob raises the number Alice sent to the y-th power

modulo n to get the secret key:

(gx mod n)y mod n=gxy mod n


3-Diffie-Hellman key (Ctd.)


35


3-Diffie-Hellman key (Ctd.)


36

Direct AuthenticationUsing Public Key Infrastructure

Public key system or PKI uses the open and operationally efficient exchange of a "public" key.

In a PKI authentication system, a user registers with a PKI service, often referred to as a certificate authority (CA).

This registration process is required to associate the user with a pair of encryption keys (private and public) that encrypt and decrypt information.

Marazer

I cannot locate this part


37

This pair of "asymmetric" keys can then be used by the public to associate a digitally signed document with a user known to a trusted CA.

PKI–registered users digitally sign a document by using their PKI private key to encrypt a small mathematic summary of the document. This encrypted summary is sent along with the document.

The public then takes the document and uses the PKI public key posted by the CA to decrypt the summary.

Direct AuthenticationUsing Public Key Infrastructure


38

The proposed standard (1991) is the Digital Signature Standard (DSS) based on ElGamal (a public-key system).

Any public-key systems may be used – the industry de facto choice is RSA.

Direct AuthenticationUsing Digital Signature Standard


39

Digital Signatures using Hash Function

Direct AuthenticationUsing Digital Signature Standard


40

6.4.2 AuthenticationB-Mediated Authentication

1-Using key distribution center (KDC) Each user maintains one single secret key – the one to

communicate with KDC Authentication and all communications go through KDC Alice picks Ks and tells KDC that she wants to talk to

Bob using Ks – A uses secret key KA used only to communicate with KDC KDC decrypts the message and sends Ks to Bob together

with Alice’s id – KDC uses key KB used only to communicate with B

Authentication here is for free – key KA is only known to A and KDC


41

Ks –secret key

Kx X secret key


1-Using key distribution center (KDC) (ctd.)


42

2-Using KerberosKerberos is an authentication protocol used in many systems, including Windows 2000, using the KDC-based approachKerberos was the name of a multihead dog in Greek mythology that used to guard the entrance to HadesDesigned at MIT to allow workstation users to access network resources securely. KerberosProvides centralised private-key third-party authentication in a distributed network, Allows users access to services distributed through network without the needing to trust all workstations.Kerberos v4 is the most widely used version



43

Authentication server (AS) – verifies the user during login. It

shares a secret password with each user (plays the role of the

KDC)

Ticket-granting server (TGS) – issues “proof of identity

tickets”Tickets will be used by the user to perform various jobs

Bob the server – actually does the work Alice needs to do,

based on the identity ticket. Based on the identity ticket will

grant Alice the right she is entitled to.


2-Using Kerberos (ctd.)


44


45

A sits down at an arbitrary public workstation and types her name. Workstation sends her name to the AS in plaintext A sends back a session key KS and a ticket KTGS(A,KS) for TGS – both encrypted with A’s secret keyAt this point the workstation asks for A’s passwordPassword is used to generate the secret key and decrypt the message, obtaining the ticket for TGSPassword is overwritten immediately to make sure it stays inside just for a few milliseconds, it never leaves the workstation; without the password Eve cannot get the ticket for TGS




46

A tells the workstation she needs to contact the file server Bob

3. Workstation sends a message to TGS asking for a ticket to use with Bob

Note: the ticket for TGS is received from AS – this proves to TGS that the

sender is really A

4. TGS creates and sends back a session key KAB for A to use with B TGS

sends a message encrypted with KS so that A can read and get KAB

Alic

eEve




47

Alic

e

Eve

TGS also includes a message intended only for Bob, sending

A’s identity and the key KAB

If Eve replays message 3 she will be foiled by the timestamp t

Even if Eve replays the message quickly she will only get a

copy of message 4 that she cannot read




48

Alice can now communicate with Bob using KAB

Bob confirms he has received the request and is ready to

do the work.




49

Here we are





Main Issues in ID Management √

Security in ID Management √

Conclusions


50

Conclusions

To design and implement secure identity systems, we must think through the entire identity process and chain of trust. A complete identity solution must include policies, procedures and practices that implement the desired level of security and that describe how people interact with the identity system. The solution must start with accurate vetting of the individual’s identity and follow with identity verification processes that provide secure, authorized access to identity information


51

References

1. A primer on electronic document security, www.adobe.com/security, 2007

2. Achieving Compliance with Access Control, Microsoft, December 2005.

3. It Architecture Initiative, Prepared by R. David Vernon,12/01, www.hcfa.gov/hipaa/hipaahm.htm

4. Understanding Digital Identity Management, Phillip J. Windley, Ph.D., [email protected], www.windley.com

5. Identity management, Presented at the NECCC Annual Conference, December 4-6, 2002, New York, NY.

6. Top 10 Ways to Increase Enterprise Security While Reducing Costs, An Oracle White, paper, November 2005.

7. Trustworthy Identity: Strong Authentication & Credential Management, December 2005. http://www.microsoft.com/ windowsserversystem/ overview/benefits/access/ default.mspx.

security issues in id management an overview by: dr. magdy el-soudani

Documents

id management security

id management conclusions

id management systems

id repository

access management features

identity lifecycle management

example of id system

public value of id system