security issues in id management an overview by: dr. magdy el-soudani
Post on 18-Dec-2015
217 views
TRANSCRIPT
Regional Seminar on ID Management and E-Signature
2
Agenda
What is ID Management?
ID Management Terminology
Objectives of ID Management
Technology Support of ID Management
Main Issues in ID Management
Security in ID Management
Conclusions
Regional Seminar on ID Management and E-Signature
3
Identity management (ID management) is a broad
administrative area that deals with identifying
individuals in a system (such as a country, a
network, or an enterprise) and controlling their
access to resources within that system by
associating user rights and restrictions with the
established identity.
1-What is ID Management?
Regional Seminar on ID Management and E-Signature
4
1-What is ID Management? (Ctd.)
The public value of ID system lies in how the resulting information or assets are employed. Its requirements can be used to establish a centralized ID management program, creating a valuable resource that may be leveraged across multiple organizations within a government. For example: A government entitlement program could verify and confirm recipient identity and eligibility at the point of contact to reduce and prevent fraud. A law enforcement agency could confirm first responder status of emergency personnel to ensure security at an incident site.
Regional Seminar on ID Management and E-Signature
5
The driver licensing system is a simple example of identity
management: drivers are identified by their license
numbers and user specifications (such as "can not drive
after dark") are linked to the identifying number.
Example of ID System
1-What is ID Management? (Ctd.)
Regional Seminar on ID Management and E-Signature
6
Here we are
What is ID Management? √
ID Management Terminology
Objectives of ID Management
Technology Support of ID Management
Main Issues in ID Management
Security in ID Management
Conclusions
Regional Seminar on ID Management and E-Signature
7
2-ID Management Terminology
Access managementThese are the processes and technologies used to control and monitor network access. Access management features, such as authentication, authorization, trust and security auditing, are part and parcel of the top ID management systems.
CredentialAn identifier employed by the user to gain access to a network. E.g., password, public key infrastructure (PKI) certificate or biometric information (fingerprint, retinal scan).
De-provisioningThe process of removing an identity from an ID repository and terminating access privileges.
Digital identityThe ID itself, including the description of the user and his/her access privileges.
Regional Seminar on ID Management and E-Signature
8
2-Terminology Contd.
EntitlementThe set of attributes that specify the access rights and privileges of an authenticated security principal.
Identity lifecycle managementIt refers to the entire set of processes and technologies for maintaining and updating digital identities.
Password resetIn this context, it's a feature of an ID management system that allows users to re-establish their own passwords, relieving the administrators of the job and cutting support calls.
ProvisioningThe process of creating identities, defining their access privileges and adding them to an ID repository.
Security principalA digital identity with one or more credentials that can be authenticated and authorized to interact with the network.
Regional Seminar on ID Management and E-Signature
9
Here we are
What is ID Management? √
ID Management Terminology √
Objectives of ID Management
Technology Support of ID Management
Main Issues in ID Management
Security in ID Management
Conclusions
Regional Seminar on ID Management and E-Signature
10
3-Objectives of ID Management
The core objective is this “ one identity per individual”.
But once that digital ID has been established, it has to be: maintained, modified, and monitored.
Administrators must have the tools and technologies to: change a user's role, to track user activities, and to enforce policies on an ongoing basis.
All these must ensure compliance with corporate policies and government regulations.
Regional Seminar on ID Management and E-Signature
11
Here we are
What is ID Management? √
ID Management Terminology √
Objectives of ID Management √
Technology Support of ID Management
Main Issues in ID Management
Security in ID Management
Conclusions
Regional Seminar on ID Management and E-Signature
12
4-Technology Support for ID Management
The list of technologies that support these objectives include: Password-management tools, Provisioning software, Security-policy enforcement applications, and Reporting and monitoring apps.
These technologies tend to be grouped into software suites with assortments of additional capabilities, from enterprise-wide credential administration to automated smart-card and digital-certificates management.
Regional Seminar on ID Management and E-Signature
13
Here we are
What is ID Management? √
ID Management Terminology √
Objectives of ID Management √
Technology Support of ID Management √
Main Issues in ID Management
Security in ID Management
Conclusions
Regional Seminar on ID Management and E-Signature
14
5-Main Issues in ID Management
The issues involved in creating, using, changing and ending an identity involve technical, procedural, legal and policy dimensions.
Current information management capabilities provide tremendous leverage in accessing, processing, manipulating as well as stealing information.
This raises questions of privacy, and security.
Regional Seminar on ID Management and E-Signature
15
Here we are
What is ID Management? √
ID Management Terminology √
Objectives of ID Management √
Technology Support of ID Management √
Main Issues in ID Management √
Security in ID Management
Conclusions
Regional Seminar on ID Management and E-Signature
16
6-Security in ID Management
6.1 Important Security Concepts
6.2 Requirements of Secure ID Management
System
6.3 Secure ID System Components
6.4 Security Measures in ID Management
Regional Seminar on ID Management and E-Signature
17
6.1 Important Security Concepts
ID management must be built on a set of concepts that are capable of providing the five system security (X.800) services and their related mechanisms.
Authentication - assurance that the communicating entity is the one claimed
Access Control - prevention of the unauthorized use of a resource Data Confidentiality –protection of data from unauthorized
disclosure Data Integrity - assurance that data received is as sent by an
authorized entity Non-Repudiation - protection against denial of service by one of the
parties in a communication
Regional Seminar on ID Management and E-Signature
18
6.2 Requirements of Secure ID Management System
To implement a secure ID system, a set of requirements must be ensured. Amongst these;
Policies and procedures are in place for both issuing and monitoring the use of the credential.
Training for users and issuers are implemented. A system is established to protect access to the ID holder's information
and to prevent unauthorized viewing or tampering. A security control is in place to provide access to information on the ID
credential to authorized viewers. The ID cards are issued only by the authorized issuing organization. The identity of the individual applying for the ID cards is established. The person to be granted access to the privileges indicated by the
credential is indeed entitled to them, and The ID card is issued to the correct person.
Regional Seminar on ID Management and E-Signature
19
6.3 Secure ID System Components
To implement an efficient and effective secure ID system, many
factors need to be considered.
A secure ID system implementation can include a visual inspection, use
of a personal identification number (PIN), use of a machine-readable card
incorporating integrated chip in addition to the use of a biometric
measurement (e.g., finger print).
It is recommended to use a combination of these technologies to meet
specific security and system requirements.
Once the purpose of the secure ID system has been determined, the
appropriate components for its implementation, security architecture and
distribution life cycle process must be assembled.
Regional Seminar on ID Management and E-Signature
20
6.3 Secure ID System Components Contd.
A typical ID management system comprises four basic components:
a directory of the personal data the system uses to define individual users (DB)
a set of tools for adding, modifying and deleting that data
a system that regulates user access, and an auditing and reporting system.
Regional Seminar on ID Management and E-Signature
21
Adopted from P. Mrochinski et al, EDS Viewpoint Paper
Issuing Authority
IDM & DB
Access Control
Health & Social Services
Tax & Revenue
Other Agencies or organizations as authorized
Citizen
Auditing & Reporting
6.3 Secure ID System Components Contd.
Regional Seminar on ID Management and E-Signature
22
6.3 Secure ID System Components Contd
Security Component Example of Key Design Parameters
ID Card Type of card Technology
Security certification Authority
Network & Infrastructure Access Control Design of secured environment
Cryptography Algorithms, key management
Biometric Biometric used (e.g., fingerprint, signature,..)
Readers Authentication, Secure communications
Regional Seminar on ID Management and E-Signature
23
6.4 Security Measures in ID Management
Unauthorized users can be prevented either by filtering the access requests or by preventing unauthorized users from accessing certain (sensitive) targets.
Regulating user access can involve a number of authentication methods for verifying the identity of a user, including passwords, digital certificates, tokens and smart cards.
Hardware tokens and credit-card-sized smart cards have traditionally served as one component in the two-factor authentication scheme, which combines something you know (your password) with something you have (the token or the card) to verify a user's identity.
Regional Seminar on ID Management and E-Signature
24
6.4 Security Measures in ID Management
6.4.1 Access Control
6.4.2 Authentication
Regional Seminar on ID Management and E-Signature
25
6.4.1 Access Control
Access control comprises those mechanisms that enforce mediation on subject requests for access to objects as defined in some specified security policy.
An important conceptual model in this context is the reference monitor:
Regional Seminar on ID Management and E-Signature
26
Differences in Access Control Policies
The level at which the authorization level is made.
The ways in which users and/or targets can be grouped together for purposes of common handling.
The extent to which policies can be stated in terms of general rules which can be automatically enforced by system components.
6.4.1 Access Control
Regional Seminar on ID Management and E-Signature
27
6.4.2 Authentication
A. Direct authentication1. Based on a shared secret master key2. Based on a public-key system3. Diffie-Hellman
B. Mediated authentication1. Based on key distribution centers2. Kerberos
Regional Seminar on ID Management and E-Signature
28
A and B already share a secret key
This key is called the master key “MK”.
MK will only be used rarely, whenever A & B need
to authenticate each other and establish a session
key.
6.4.2 Authentication A. Direct Authentication
1-Authentication based on a shared secret key
Regional Seminar on ID Management and E-Signature
29
Risks
No mutual authentication
• Off-line password guessing attack
• Some who reads B’s database can later impersonate A.
A
Initiator
I’m A
Challenge, R
E (MK, R)
B
Responder
6.4.2 Authentication A. Direct Authentication
1-Authentication based on a shared secret key (ctd.)
Regional Seminar on ID Management and E-Signature
30
2-Authentication Based on Public Key
B authenticates A based on her public key signature.B authenticates A if she can decrypt a message encrypted with her public keyRisk : man-in-the middle attack
R
EkuA[R]
6.4.2 Authentication A. Direct Authentication
Regional Seminar on ID Management and E-Signature
31
Protocol Steps
1- A and B know each other’s public key
2- N1 and N2 are random numbers ( to ensure the authenticity
of A and B)
3- After Step 2, A is sure of B’s identity: right response to its
challenge
4- After Step 3, B is sure of A’s identity: right response to its
challenge
6.4.2 Authentication A. Direct Authentication
2-Authentication Based on Public Key
Regional Seminar on ID Management and E-Signature
32
6.4.2 Authentication A. Direct Authentication
2-Authentication Based on Public Key (Ctd.)
Regional Seminar on ID Management and E-Signature
33
Idea: Establish a secret key based on each other’s public keysProtocol1- Alice and Bob need to agree on two large numbers n, g, where n is prime, (n-1)/2 is also prime and some extra conditions are satisfied by g (to defeat math attacks) – these numbers may be public so Alice could generate this on her own2- Alice picks a large (say, 512-bit) number x and B picks another one, say y3- Alice initiates the key exchange protocol by sending Bob a message containing (n,g,gx mod n)
3-Diffie-Hellman key
6.4.2 Authentication A. Direct Authentication
Regional Seminar on ID Management and E-Signature
34
4- Bob sends Alice a message containing gy mod n
5- Alice raises the number Bob sent her to the x-th power
mod n to get the secret key:
(gy mod n)x mod n=gxy mod n
6- Bob raises the number Alice sent to the y-th power
modulo n to get the secret key:
(gx mod n)y mod n=gxy mod n
6.4.2 Authentication A. Direct Authentication
3-Diffie-Hellman key (Ctd.)
Regional Seminar on ID Management and E-Signature
35
6.4.2 Authentication A. Direct Authentication
3-Diffie-Hellman key (Ctd.)
Regional Seminar on ID Management and E-Signature
36
Direct AuthenticationUsing Public Key Infrastructure
Public key system or PKI uses the open and operationally efficient exchange of a "public" key.
In a PKI authentication system, a user registers with a PKI service, often referred to as a certificate authority (CA).
This registration process is required to associate the user with a pair of encryption keys (private and public) that encrypt and decrypt information.
Regional Seminar on ID Management and E-Signature
37
This pair of "asymmetric" keys can then be used by the public to associate a digitally signed document with a user known to a trusted CA.
PKI–registered users digitally sign a document by using their PKI private key to encrypt a small mathematic summary of the document. This encrypted summary is sent along with the document.
The public then takes the document and uses the PKI public key posted by the CA to decrypt the summary.
Direct AuthenticationUsing Public Key Infrastructure
Regional Seminar on ID Management and E-Signature
38
The proposed standard (1991) is the Digital Signature Standard (DSS) based on ElGamal (a public-key system).
Any public-key systems may be used – the industry de facto choice is RSA.
Direct AuthenticationUsing Digital Signature Standard
Regional Seminar on ID Management and E-Signature
39
Digital Signatures using Hash Function
Direct AuthenticationUsing Digital Signature Standard
Regional Seminar on ID Management and E-Signature
40
6.4.2 AuthenticationB-Mediated Authentication
1-Using key distribution center (KDC) Each user maintains one single secret key – the one to
communicate with KDC Authentication and all communications go through KDC Alice picks Ks and tells KDC that she wants to talk to
Bob using Ks – A uses secret key KA used only to communicate with KDC KDC decrypts the message and sends Ks to Bob together
with Alice’s id – KDC uses key KB used only to communicate with B
Authentication here is for free – key KA is only known to A and KDC
Regional Seminar on ID Management and E-Signature
41
Ks –secret key
Kx X secret key
6.4.2 AuthenticationB-Mediated Authentication
1-Using key distribution center (KDC) (ctd.)
Regional Seminar on ID Management and E-Signature
42
2-Using KerberosKerberos is an authentication protocol used in many systems, including Windows 2000, using the KDC-based approachKerberos was the name of a multihead dog in Greek mythology that used to guard the entrance to HadesDesigned at MIT to allow workstation users to access network resources securely. KerberosProvides centralised private-key third-party authentication in a distributed network, Allows users access to services distributed through network without the needing to trust all workstations.Kerberos v4 is the most widely used version
6.4.2 AuthenticationB-Mediated Authentication
Regional Seminar on ID Management and E-Signature
43
Authentication server (AS) – verifies the user during login. It
shares a secret password with each user (plays the role of the
KDC)
Ticket-granting server (TGS) – issues “proof of identity
tickets”Tickets will be used by the user to perform various jobs
Bob the server – actually does the work Alice needs to do,
based on the identity ticket. Based on the identity ticket will
grant Alice the right she is entitled to.
6.4.2 AuthenticationB-Mediated Authentication
2-Using Kerberos (ctd.)
Regional Seminar on ID Management and E-Signature
45
A sits down at an arbitrary public workstation and types her name. Workstation sends her name to the AS in plaintext A sends back a session key KS and a ticket KTGS(A,KS) for TGS – both encrypted with A’s secret keyAt this point the workstation asks for A’s passwordPassword is used to generate the secret key and decrypt the message, obtaining the ticket for TGSPassword is overwritten immediately to make sure it stays inside just for a few milliseconds, it never leaves the workstation; without the password Eve cannot get the ticket for TGS
6.4.2 AuthenticationB-Mediated Authentication
2-Using Kerberos (ctd.)
Regional Seminar on ID Management and E-Signature
46
A tells the workstation she needs to contact the file server Bob
3. Workstation sends a message to TGS asking for a ticket to use with Bob
Note: the ticket for TGS is received from AS – this proves to TGS that the
sender is really A
4. TGS creates and sends back a session key KAB for A to use with B TGS
sends a message encrypted with KS so that A can read and get KAB
Alic
eEve
6.4.2 AuthenticationB-Mediated Authentication
2-Using Kerberos (ctd.)
Regional Seminar on ID Management and E-Signature
47
Alic
e
Eve
TGS also includes a message intended only for Bob, sending
A’s identity and the key KAB
If Eve replays message 3 she will be foiled by the timestamp t
Even if Eve replays the message quickly she will only get a
copy of message 4 that she cannot read
6.4.2 AuthenticationB-Mediated Authentication
2-Using Kerberos (ctd.)
Regional Seminar on ID Management and E-Signature
48
Alice can now communicate with Bob using KAB
Bob confirms he has received the request and is ready to
do the work.
6.4.2 AuthenticationB-Mediated Authentication
2-Using Kerberos (ctd.)
Regional Seminar on ID Management and E-Signature
49
Here we are
What is ID Management? √
ID Management Terminology √
Objectives of ID Management √
Technology Support of ID Management √
Main Issues in ID Management √
Security in ID Management √
Conclusions
Regional Seminar on ID Management and E-Signature
50
Conclusions
To design and implement secure identity systems, we must think through the entire identity process and chain of trust. A complete identity solution must include policies, procedures and practices that implement the desired level of security and that describe how people interact with the identity system. The solution must start with accurate vetting of the individual’s identity and follow with identity verification processes that provide secure, authorized access to identity information
Regional Seminar on ID Management and E-Signature
51
References
1. A primer on electronic document security, www.adobe.com/security, 2007
2. Achieving Compliance with Access Control, Microsoft, December 2005.
3. It Architecture Initiative, Prepared by R. David Vernon,12/01, www.hcfa.gov/hipaa/hipaahm.htm
4. Understanding Digital Identity Management, Phillip J. Windley, Ph.D., [email protected], www.windley.com
5. Identity management, Presented at the NECCC Annual Conference, December 4-6, 2002, New York, NY.
6. Top 10 Ways to Increase Enterprise Security While Reducing Costs, An Oracle White, paper, November 2005.
7. Trustworthy Identity: Strong Authentication & Credential Management, December 2005. http://www.microsoft.com/ windowsserversystem/ overview/benefits/access/ default.mspx.