1 achieving data privacy and security using web services alfred c. weaver professor of computer...
TRANSCRIPT
1
Achieving Data Privacy and Security Using Web Services
Alfred C. WeaverProfessor of Computer Science
University of VirginiaCharlottesville, Virginia, USA
[email protected]://www.cs.virginia.edu/~acw/
security/
2
Outline
Motivation for data security Security architecture
Web services Trust
Components of security Authentication Authorization Federation
Research issues
3
Data Privacy and Security
Plants
ProcessesDatabases
Desktops
Laptops
PDAs
Cell phones
Global Internet
6
Risks
Access by unauthorized individuals Access denied to authorized
individuals Identity theft and impersonation Authentication techniques of
varying reliability Mobile access devices Viruses and worms
7
Risk Mitigation Requirements
Establish and maintain trust between data requestor and data provider
Techniques must be applicable to both humans and software
Trust decisions must be made without human intervention
8
Outline
Motivation for data security Security architecture
Web services Trust
Components of security Authentication Authorization Federation
Research issues
10
Outline
Motivation for data security Security architecture
Web services Trust
Components of security Authentication Authorization Federation
Research issues
11
Security Architecture
Based upon web services useful functionality exposed on the
WWW provide fundamental, standardized
building blocks to support distributed computing over the internet
applications communicate using XML documents that are computer-readable
12
Why Web Services?
Internet provides a powerful, standardized, ubiquitous infrastructure whose benefits are impossible to ignore provided that access is reliable,
dependable, and authentic World-wide acceptance
preferential way to interconnect applications in a loosely-coupled, language-neutral, platform-independent way
13
Web Services
Built on four primary technologies eXtensible Markup Language (XML)
format to enable machine-readable text Simple Object Access Protocol (SOAP)
specifies format and content of messages Web Services Description Language
(WSDL) XML document that describes a set of SOAP
messages and how they are exchanged Universal Description, Discovery, and
Integration (UDDI) searchable "whitepage directory" of web
services
14
SOAP Example<soap:Envelope>xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header>
<!-- security credentials --><s:credentials xmlns:s="urn:examples-org:security">
<username>Alfred Weaver</username></s:credentials>
</soap:Header><soap:Body>
<x:TransferFunds xmlns:x="urn:examples-org:banking">
<from>22-342439</from><to>98-283843</to><amount>100.00</amount>
<denomination>USD</denomination></x:TransferFunds>
</soap:Body></soap:Envelope>
TransferFunds (from, to, amount)
15
Outline
Motivation for data security Security architecture
Web services Trust
Components of security Authentication Authorization Federation
Research issues
16
Trust
Who you are
What
you
can
do
Authentication
Pri
vile
ges
Crede
ntia
ls, a
ttrib
utes
{Authentication, Credentials, Privileges}
Wha
t you
have
17
Outline
Motivation for data security Security architecture
Web services Trust
Components of security Authentication Authorization Federation
Research issues
18
Authentication
Biometric based upon physical or behavioral
characteristics answers “who are you?”
Digital something you have or know
Two-factor authentication biometric + digital
19
Identification vs. Verification
Identification of all humans, which one are you?
Verification does your biometric (bid sample)
match a previously enrolled biometric template?
20
False Acceptance/Rejection
False acceptance rate (FAR) incorrectly matches a bid sample to an
enrolled template this is very bad FAR must be very, very low
False rejection rate (FRR) fails to match a legitimate bid sample to an
enrolled template this can be an annoyance or a denial of
service FRR must be low if technique is to be used
21
Fingerprints
70 points of differentiation (loops, whirls, deltas, ridges)Even identical twins have differing fingerprint patternsFalse acceptance rate < 0.01%False rejection rate < 1.4%Can distinguish a live fingerFast to enrollInexpensive (~$50-100)
23
Iris Scans
Iris has 266 degrees of freedomIdentical twins have different iris patternsFalse acceptance rate < 0.01%False rejection rate < 0.01%Does take some time and controlled lighting to enrollPattern is stored as a data template, not a pictureFlash light to detect pupil dilation (prove live eye)
24
Physical Biometrics
Fingerprint Iris Retina Hand geometry Finger geometry Face geometry Ear shape
Palm print Smell Thermal face
image Hand vein Fingernail bed DNA
26
Determining a Match
Enrollment produces a template Bid sample produces another
template
011010101111011110000001...011010101100011110000111...
27
Determining a Match
Enrollment produces a template Bid sample produces another template Hamming distance between them is
the degree of difference
011010101111011110000001...011010101100011110000111...
30
eToken
Stores credentials such as passwords, digital signatures and certificates, and private keys
Some can support on-board authentication and digital signing
32
RFID IC with antenna Works with a
variety of transponders
No power supply Supplies identity
information Susceptible to theft
and replay attacks
33
Authentication Token
<TrustLevelSecToken> <CreatedAt> 2005-09-20T08:30:00.0000000-04:00 </CreatedAt> <ExpiresAt> 2005-09-21T08:30:00.0000000-04:00 </ExpiresAt> <UserID> 385739601 </UserID> <TokenIssuer> http://cs.virginia.edu/TrustSTS.asmx </TokenIssuer> <TrustAuthority> http://cs.virginia.edu/TrustAuthority.asmx </TrustAuthority></TrustLevelSecToken>
34
Authentication Token
<TrustLevelSecToken> <CreatedAt> 2005-09-20T08:30:00.0000000-04:00 </CreatedAt> <ExpiresAt> 2005-09-21T08:30:00.0000000-04:00 </ExpiresAt> <UserID> 385739601 </UserID> <TrustLevel> Fingerprint </TrustLevel> <AuthenticationMethod> Digital Persona U.are.U </AuthenticationMethod> <TokenIssuer> http://cs.virginia.edu/TrustSTS.asmx </TokenIssuer> <TrustAuthority> http://cs.virginia.edu/TrustAuthority.asmx </TrustAuthority></TrustLevelSecToken>
35
X.509 Certificates
Certificate issued by a trusted Certificate Authority (e.g., VeriSign)
Contains name serial number expiration dates certificate holder’s public key (used for
encrypting/decrypting messages and digital signatures)
digital signature of the Certificate Authority (so recipient knows that the certificate is valid)
Recipient may confirm identity of the sender with the Certificate Authority
36
Outline
Motivation for data security Security architecture
Web services Trust
Components of security Authentication Authorization Federation
Research issues
37
Security Assertion Markup Language (SAML)
Interoperable exchange of security information enables web single sign-on distributed authorization services securing electronic transactions
Transcends the local security domain
38
SAML Assertions
Assertion is a declaration of facts Three types of security assertions
authentication attribute authorization decision
39
SAML Conceptual Model
SAML
AuthenticationAssertion
AttributeAssertion
AuthorizationDecisionAssertion
AuthenticationAuthority
AttributeAuthority
Policy DecisionPoint
Policy EnforcementPoint
Policy Policy Policy
Credentials Collector
System Entity
Application Request
40
Authentication Assertion
An issuing authority asserts that subject S was authenticated by means M at time T
Example subject “Alfred C. Weaver” was authenticated by “password” at time “2005-12-14T10:02:00Z”
41
Example Authentication Assertion
<saml:Assertion> AssertionID=“128.9.167.32.12345678” Issuer=“Robotics Corporation” IssueInstant=“2005-12-14T10:02:00Z”> <saml:Conditions NotBefore=“2005-12-14T10:02:00Z” NotAfter=“2005-12-21T10:02:00Z” /> <saml:AuthenticationStatement> AuthenticationMethod=“password” AuthenticationInstant=“2005-12-14T10:02:00Z”> <saml:Subject> <saml:NameIdentifier SecurityDomain=“robotics.com” Name=“Alfred C. Weaver” /> </saml:Subject> </saml:AuthenticationStatement></saml:Assertion>
42
Attribute Assertion
An issuing authority asserts that subject S is associated with attributes 1, 2, 3… with attribute values a, b, c...
Example: “Alfred C. Weaver” in domain
“robotics.com” is associated with attribute “Position” with value “Plant Manager”
43
Example Attribute Assertion
<saml:Assertion …> <saml:Conditions …/> <saml:AttributeStatement> <saml:Subject> <saml:NameIdentifier SecurityDomain=“robotics.com” Name=“Alfred C. Weaver” /> </saml:Subject> <saml:Attribute AttributeName=“Position” AttributeNamespace=“http://robotics.com”> <saml:AttributeValue> Plant Manager
</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement></saml:Assertion>
44
Authorization Decision Assertion
An issuing authority decides whether to grant the request: by subject S for access type A to resource R given evidence E
Decision is permit or deny
45
Example Authorization Decision Assertion
<saml:Assertion …> <saml:Conditions …/> <saml:AuthorizationStatement>
Decision=“Permit” Resource=“http://www.robotics.com/production.html”> <saml:Subject> <saml:NameIdentifier SecurityDomain=“robotics.com” Name=“Alfred C. Weaver” /> </saml:Subject> </saml:AuthorizationStatement></saml:Assertion>
46
SAML Conceptual Model
SAML
AuthenticationAssertion
AttributeAssertion
AuthorizationDecisionAssertion
AuthenticationAuthority
AttributeAuthority
Policy DecisionPoint
Policy EnforcementPoint
Policy Policy Policy
Credentials Collector
System Entity
Application Request
47
Outline
Motivation for data security Security architecture
Web services Trust
Components of security Authentication Authorization Federation
Research issues
48
Federation
How can identity, once legitimately established in one trust domain, be reliably and securely shared with another trust domain?
49
Federated ATM Network
Account Numberand PIN
Home Bank Network
Visiting Bank Network
Funds Network of Trust
50
Yes
Administrative Decision
Admin
Get identityGet identitytokentoken 11
Requestor
IP/STS
Administrator decides on per request basis
22
33
Resource
51
Basic FederationDirect Trust Token Exchange
TrustTrust
Get identityGet identitytokentoken
Get accessGet accesstokentoken11
33
22
IP/STS IP/STS
Requestor
Resource
52
Indirect Trust
Trust
TrustTrust
Trust
C trusts B which vouches for A who vouches for client
11
33
CC
BB
AA
IP/STS
IP/STS
IP/STS
Requestor Resource
22
54
Outline
Motivation for data security Proposed security architecture
Web services Trust
Components of security Authentication Authorization Federation
Research issues
55
Research Challenges
Authentication tokens SAML permits enumeration, but not
substitution, of acceptable tokens Trustworthiness varies even within a
technology, but SAML does not capture this distinction
Our TrustLevel concept is just a beginning; trust is more complicated than a number
56
Research Challenges
Authorization rules Human organizations are complex,
and so are their rules Role delegation Human/computer interface
57
Research Challenges
Federation Currently an infant science Many issues surround trust
management establishment representation exchange enforcement storage negotiation
58
Research Challenges
Tools and techniques how to specify access policies locate policy inconsistencies human/computer interface
Formalisms need formal methods to structure our
thoughts, processes and implementations
need proofs of correctness
59
Achieving Data Privacy and Security Using Web Services
Alfred C. WeaverProfessor of Computer Science
University of VirginiaCharlottesville, Virginia, USA
[email protected]://www.cs.virginia.edu/~acw/
security/