technology overview for fpki twg may 2, 2002. 2novomodo inc. agenda company introduction novomodo...
Post on 19-Dec-2015
215 views
TRANSCRIPT
Technology OverviewTechnology Overviewforfor
FPKI TWGFPKI TWGMay 2, 2002May 2, 2002
2NOVOMODO Inc.
AgendaAgenda Company Introduction
NOVOMODO Basics
Advanced Features
Application Examples
Summary
3NOVOMODO Inc.
About NOVOMODOAbout NOVOMODO
Software product company focused on validation
security and privilege management
Founded by Dr. Silvio Micali in 2001 to bring
about a “new way” of approaching business
problems associated with validation & privileges
Validation technology in production use at MIT –
160,000 certs issued over 18 months
“Alpha” product release available for evaluation
4NOVOMODO Inc.
NOVOMODONOVOMODO Executive Team
Silvio Micali – Founder and Chief ScientistProfessor of Computer Science at MIT
Peter Hussey – CEOFormer President of CyberTrust and Baltimore Americas
Robert Dulude – SVP and Chief Security OfficerFormer VP at CyberTrust and Baltimore
William Ang – VP EngineeringPartner at TechSquare, Inc.
TBA – CFOCo-founder of two successful financial services firms, COO and EVP of several firms
TBA - VP Sales and MarketingVP sales positions at Lotus and others
5NOVOMODO Inc.
NOVOMODO AdvisorsNOVOMODO AdvisorsAllan Borodin, University of Toronto
Manuel Blum, Carnegie Mellon University
Mihir Bellare, University of California - San Diego
David Campbell, Director, Innovation Advisors
Steve Cohn, COO Nevo Technologies
Shafi Goldwasser, MIT
Mike Kaplan, CTO SafeNet
Charles Rackoff, University of Toronto
Ronald Rivest, MIT
Phil Rogaway, University of California – Davis
Jeff Schiller, MIT & IETF
6NOVOMODO Inc.
NOVOMODO Missionbecome the global leader in
Certificate Validationand
Dynamic Privilege Management
7NOVOMODO Inc.
Some DefinitionsSome Definitions
Authentication is proving your claimed identity
The picture on your driver’s license
Authorization is granting privileges (user/process)
Privilege to drive
Validation is verifying your privileges and attributes
Your privilege to drive has not been revoked
Your address on your license is current
8NOVOMODO Inc.
eSecurity SolutioneSecurity Solution
NOVOMODO technology provides:
Validation that is simple, secure, cost effective and truly scales Scalable = no degradation in performance or cost
effectiveness as move to 10s millions
Two-party validation for off-line situations Dynamic privilege management
Multiple privileges using a single certificate
Expires7/31/2002
Sally Student
909090909VALID4.26.02
20-byte
Validation
Token• Unforgeable
– Works only with proper document and date• Simple
– 20 bytes• Fast
– A few hashes (10,000 times faster than one digital signature)• Public
– Can post on the Web!
PROOF
NOVOMODO Validation
NOVOMODO Validation
Expires7/31/2002
Sally Student
909090909VALID4.26.02
20-byte
Validation
Token PROOF
Validation Authority
909090909VALID4.27.02
day 2 909090909VALID4.28.02
day 3909090909REVOKED
day 4 909090909VALID4.26.02
day 1
Basics
NOVOMODO Basics
ValidationAuthority
Single Vault
NO Vaults!
Validation Responders
*** PCCell phoneSmartcardPDALaptop
Web MerchantFinancial Service ProviderCorporate NetworkHealth Care Data RecordsGovernmental IDs/Access802.11 “hot-spots”
SubscriberRelying Party
OKS #
OCSP
SecureScalableCost effectiveEasily managed
NOVOMODO Basics
ValidationAuthority
Single Vault
NO Vaults!
Validation Responders
*** PCCell phoneSmartcardPDALaptop
Web MerchantFinancial Service ProviderCorporate NetworkHealth Care Data RecordsGovernmental IDs/Access802.11 “hot-spots”
SubscriberRelying Party
OKS #
SecureScalableCost effectiveEasily managed
No connecting infrastructure required!
NOVOMODO 2-PARTY Validation
Network Gateway & Responder
ValidationAuthority
Cell PhonePDABluetooth deviceSmartcardSubway ticketsTollbooth
Wireless Platform
Val. Token “Push”(e.g., silent SMS)
OKOK
Wireless,
Physical Access Control,
…
Offline Validation!NO 3rd Party Call!
Unique to NOVOMODO Relying PartyLogical or Physical Access
Dynamic Privilege Management
NOVOMODO
Low-levelclearance
Medium-levelclearance
High-levelclearance
PurchasingPower
Database Access
Dynamic Privilege Management: Example
909090909VALID4.26.02
909090909VALID4.26.02
On The CertOn The Cert
PKI EnabledApplication
Access
Low-levelclearance
Medium-levelclearance
High-levelclearance
PurchasingPower
Database Access
PKI EnabledApplication
Access
Dynamic Privilege Management
909090909VALID4.26.02
909090909VALID4.26.02
On The CertOn The Cert
Low-levelclearance
Medium-levelclearance
High-levelclearance
PurchasingPower
Database Access
Dynamic Privilege Management
On The CertOn The Cert
909090909VALID4.27.02
909090909VALID4.27.02
PKI EnabledApplication
Access
Low-levelclearance
Medium-levelclearance
High-levelclearance
PurchasingPower
Database Access
Dynamic Privilege Management
On The CertOn The Cert
909090909VALID4.27.02
909090909VALID4.27.02
PKI EnabledApplication
Access
Low-levelclearance
Medium-levelclearance
High-levelclearance
PurchasingPower
Database Access
Dynamic Privilege Management
On The CertOn The Cert
909090909VALID4.28.02
909090909VALID4.28.02
909090909VALID4.28.02
PKI EnabledApplication
Access
Dynamic Privilege Management
Unique ToUnique ToNOVOMODO !NOVOMODO !
• Revocation + Reissuance
• Same Certificate, multiple privileges, multiple authorities
• Low-cost independent control
Tenants
Dynamic Privilege Management
Unique ToUnique ToNOVOMODO !NOVOMODO !
• Revocation + Reissuance
• Same Certificate, multiple privileges, multiple authorities
• Low-cost independent control
Smart Access Card
Validation Responders
***
IndependentValidation Authorities
Smart Card with Single Certificate but
Dynamic Cert Management
Share Card, Cert, Infrastructure, …
RETAIN CONTROL !
NAVY
ROOSEVELT
NAVY
Department of Defense
RSVT
OK
OK
Donald Rumsfeld
Secretary of Defense
Pentagon
Washington, DC
#1234567
Department of Defense
NAVY
Department of Defense
RSVT
24
Simple DeploymentFunctional Block Diagram
NovomodoValidationAuthority
SUBSCRIBER
NovomodoResponders
CA
RADPM
Relying PartyApplication
LDAP
25NOVOMODO Inc.
Enabling FlexibilityEnabling FlexibilityArchitecture OptionsArchitecture Options
VA VA VA
CA
Rsp Rsp
Rsp Rsp
CA
VA
CA CA
Rsp Rsp
Rsp Rsp
VA VA VA
CA
Rsp Rsp
Rsp Rsp
CA CA
26NOVOMODO Inc.
SummarySummary Technology is simple, secure and scales
Attractive alternative to OCSP Near real time off-line validation
Ideal for wireless platforms Ideal for physical access via smartcards & biometrics
Dynamic privilege management – for 1st time: Multiple privileges on single certificate Multiple privileges independently controlled Privileges can be pre-positioned for future use Replaces unworkable attribute certificates
Unique to Novomodo
28
Background on one-way hashing• H is easy to compute (10,000 times faster than signature)• H is hard to invert (e.g., SHA-1)
• If X is 20 bytes = 160 bits, then there are 2160 possible X’s– even at 1 trillion hashes/sec, it takes 1028 years to try them all
>> than the lifetime of the universe
X H(X)
EASY
HARD
29
NOVOMODO Validation
VA generates a secret random 20-byte value X0
VA computes X1 = H(X0) X1
H
X364
X365
VA computes X364 = H(X363)H
H
VA computes X365 = H(X364)
...
VA computes X363 = H(X362) X363
H
H...
30X0
X1
X364
...
X365
X363
H
H
H
H
H
secr
et
added to certificate
NOVOMODO Validation
31X0
X1
...
X365
X363
H
H
H
H
H
X364
C =SIGCA(serial number,PKU, U, issue date, exp. date, , ...)
if C is valid the next day, VA reveals X364
if C is valid 1 day after next, VA reveals X363
if C is valid D days before expiration,VA reveals XD
Cost of validity proof to VA: table lookup
Cost of verification: a few hashes
X364
X363
C is valid on issue dateNOVOMODO Validation
32
NOVOMODO Revocation
C =SIGCA(serial number,PKU, U, issue date, exp. date,
VA generates a secret random 20-byte value Y0
VA computes Y1 = H(Y0) H
To prove that C is revoked: reveal Y0
,.)
NOVOMODO: definitive, fast proofs of either validity or revocation!
Token
X0
X1
...
X363
H
H
H
H
H
X364X364
X363Y0
Y0
Y0
Y1X365 ,
33
Separation of CA from VAC =SIGCA
, ...)
CA
Makes Cert
VA Manages the Cert
VA
(serial number,PKU, , issue date, exp. date,
X0
X1
X364
...
X363
H
H
H
H
H
X365
Authenticates User
RA
Only VA can release tokens! X100
Signs Cert
U
34
(sn, PKU, U, i.d., e.d., , ,…, )
Multiple Privileges in One Cert
C =SIGCA
Z1
HA1
H
B1
H
...H
...H
...H
Z365
H
A365
H
B365
HZ364
HA364
H
B364
HZ363
HA363
H
B363
H
Z0B0A0 …
CA
VASecLev 1 SecLev 2 SecLev n
RA
A364
A362
B363
Validator releases the 20-byte proof for the right Sec Lev for that day KEEP SAME CERT!!
35
(sn, PKU, U, i.d., e.d., , ,…, )
NOVOMODO: Independent Validators
C =SIGCAZ365A365 B365
Z1
Z364
...
Z363
H
H
H
H
H
A1
A364
...
A363
H
H
H
H
H
B1
B364
...
B363
H
H
H
H
H
Z0B0A0 …VA VB
VZ
CA
“Landlord” CA
Independent VAs:
Each VA manages
“own privileges”!
A364
Return
B363
Z364
Z271
OCSPOCSP
serial #
SubscriberE-BusinessRelying Party
Dig. Sig.
yes/noSK
***
SK
Secure Vaults(to protect secret signing key SK)
digital signature
costly to compute
costly to check
OC
SP
Single privilege
Doesn’t scale
Vaults vulnerable
Costly deployment
Return