secure authentication and attribute sharing in federated identity scenarios
DESCRIPTION
In this presentation, I will describe an identity management system that will act as an intermediary between users and service providers, allowing users to authenticate with it while providing identity assurance mechanisms to service providers. The design of this system is aimed to make it less susceptible to the problems imposed by commonly used methods of authentication and attribute verification.TRANSCRIPT
Secure Authentication and Attribute Sharing in Federated Identity ScenariosMoritz Platt 17 October 2014
Agenda
Introduction▼
Federated Identity Management▼
Secure Authentication▼
Identity Assurance ▼
Implementation
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 2
Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation
Introduction
•Bachelor’s Thesis at TU Berlin in the field of Business Informatics• Supervised by Institut für Telekommunikationssysteme1, Fachgebiet
Offene Kommunikationssysteme2
• Supported by Bundesdruckerei
Research Questions•How does a federated identity management system have to be designed to
be attractive to end users and service providers?•What are the security risks resulting from the use of identity management
systems? How can they be diminished?•How can a secure identity management system be implemented techni-
cally?
1 Institute for Telecommunications2 Department of Open Communication Systems
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 3
Federated IdentityManagement
Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation
The Federated Identity Management Landscape
Individual User
Service Providers Identity Providers
Identity Bearing Documents
IdentityIntermediary
SecurityConvenience
Assurance
Proof
Assurance
Assurance
SecurityConvenience
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 5
Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation
FIM Assists Users and Service Providers
• Federated ID Management (FIM) is not an end in itself•Different parties are involved in the FIM process:•Users: individual users of web services• Service Providers, e.g. e-commerce or e-government web applications• Identity Providers, e.g. government entities, institutional providers
•Main goal: Improve processes for users and service providers• Increasing security for users•Providing a convenient/usable interface for users•Providing identity attributes of assured quality to service providers
• Identity attributes are stored centrally with the Identity Intermediary•Users and service providers access the Identity Intermediary to access
identity attributes
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 6
Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation
Users Decide Which Data to Share Case-Dependent
•Authentication must be secure to minimize the risk of identity theft More on that later
• Identity attributes shared must be reliable More on that later
•Unauthorized sharing of a users data must be prevented More on that later
•A user has to have full control about how his data is used•Users have to give clear consent to share data•An access mandate by a user has to be• Limited in time• Limited in scope (e.g. limited to a defined set of attributes)• Limited in audience (e.g. only for a certain service provider)
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 7
Secure Authentication
Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation
Identity Crimes Are on the Rise
• Spectacular Cases•2012 Attack on LinkedIn leads to 6.46 M hashed
user name/password combinations being leaked [Whittaker, 2012]
•2013 Attack on Adobe Systems leads to 38 M user accounts being leaked [Perlroth, 2013]
•2014 1.2 B user name/password combinations stolen by a russian crime ring [Perlroth and Gelles, 2014]
• In 2012, approximately 7% of all U.S. residents age 16 or older were vic-tims of identity theft [Harrell and Langton, 2013]
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 9
Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation
Identity Crimes Are on the Rise
• The U.S. Federal Trade Commission registers complaints about identity theft concerning credit cards, checking or savings accounts, government documents, internet accounts, etc.
• The number of cases is rising continuously[Federal Trade Commission, 2014]
500,000
1,500,000
2,500,000
20132010200720042001
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 10
Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation
Password Authentication Provides Low Security
•An overwhelming majority of online services use user name/password au-thentication
• Low security due to vulnerability to various forms of attacks:•Non-Technical Attacks•Observation while entering a password• Educated guessing of a password• Educated guessing of password recovery information•Abuse of leaked password information•Phishing
• Technical attacks•Brute force guessing•Dictionary based guessing•Compromising a user’s system (Key logging, Traffic Logging)•Compromising communication channels (“Man-in-the-Middle”)•Obtaining passwords/password hashes by hacking
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 11
Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation
Password Authentication Provides Low Usability but Excel-lent Deployability
•Additional to security problems, passwords have low usability [Bonneau et al., 2012]
•High memorywise effort (passwords need to be remembered)•High physical effort (passwords need to be typed)• Scalability for users (more passwords increase the memorywise effort)
• This also leads to insecure user behaviour (simplistic passwords, pass-word reuse, etc.)
•Why are passwords still enduringly successful?•Due to excellent deployability [Bonneau et al., 2012]
•High Accessibility•Negligible-Cost-per-User• Server-Compatible•Browser-Compatible•Mature•Non-Proprietary
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 12
Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation
Overcoming Passwords: Knowledge and Posession
• There were many attemps to supersede passwords with more secure technology
•Many are based on hardware devices•Many lacked industry support, open standards or vendor independence•A new emerging standard is FIDO U2F• Supported by an industry consortium (ARM, Google, Mas-
tercard, Microsoft, VISA, etc.)•Requires USB/NFC enabled hardware (e.g. Yubico
YubiKey NEO) with compact design• Low-level (ADPU) and high-level (Java-
Script) APIs• Simple challenge/response logic based
on SHA signatures for authentication•Hardware is not commercially available yet•Most promising approach to overcome passwords
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 13
Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation
Hardware Authentication Increases Security
Passwords FIDO HardwareResilient-to-Physical-Observation
Resilient-to-Targeted-Impersonation
Resilient-to-Guessing
Resilient-to-Internal-Observation
Resilient-to-Leaks-from-Other-Verifiers
Resilient-to-Phishing
Resilient-to-Theft
Requiring-Explicit-Consent
[Bonneau et al., 2012]
•A combination of hardware authentication and passwords (“second factor”) increases security
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 14
Identity Assurance
Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation
Components of an Assured Digital Identity
Attribute Name Attribute Value LOA
First Name Oliver High
Last Name Jones High
Address Station Road 7 High
Post Code M6 5WG High
City Salford High
E-Mail Address [email protected] Medium
Website www.example.org Low
•Digital identites consist of attributes and their values
• Identity attributes can be more or less reliable/trustworthy
• The ISO standard for “Identity proof-ing“ [ISO/IEC WD 29003] defines four levels of assurance (“LOA”):• Low (Little or no confidence in
the claimed or asserted identity)•Medium (Some confidence in the claimed or asserted identity)•High (High confidence in the claimed or asserted identity)•Very High (Very high confidence in the claimed or asserted identity)
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 16
Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation
Identity Providers Certify User Data
• The responsibility of an Identity Provider is to assess the level of assur-ance realistically and provide this assessment to the Identity Intermediary
• The obtained data is then stored and disributed by the Identity Intermediary
• The Identity Intermediary is agnostic to the way verification is done by an identity provider
• There are many ways to obtain high confidence attributes:•Direct transmission of government information (e.g. residential register
data)•Public card readers for electronic ID documents (e.g. provided by mu-
nicipal administration)•Review of ID documents (e.g. verification of driving licence) by quali-
fied staff•Re-use of attributes in an existing business relationship (e.g. payment
data)
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 17
Implementation
Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation
Recap — The Federated Identity Management Landscape
Individual User
Service Providers Identity Providers
IdentityIntermediary
REST API
REST API
OAuth 2.0 UI
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 19
Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation
System Overview
User Interfaces/User DevicesServer Subsystems
(A.1) Identity IntermediaryReference Implementation(de.mplatt.idi)
(A.2) Apache Oltu(org.apache.oltu)
(A.3) Hibernate PersistenceFramework(org.hibernate)
(A.4) Java RESTful WebserviceInterfaces(javax.ws.rs)
(B) PostgreSQL Database Server
(A) Tomcat Application Server (D) Identity Intermediary Manage-ment Reference Implementation
(E) YubiKey NEO FIDO Token
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 20
Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation
User Interface
• Service providers request data from users through OAuth 2.0 requests•Users are then redirected to the authentication page
https://localhost:8080/idi/auth?client_id=ec3ec0e5-d6b9-472c-a611-1b87f301bfdc&response_type=code&scope=read:firstname%20read:date
IDIIdentity Intermediary Sign-In
The service provider Smith’s Bikes is requesting one-time access to your personal data stored by the Identity Intermediary Service.
The service provider requests the following attributes:
• E-Mail Address • Last Name • First Name • Address of Residence
Do you want to share these personal attributes with Smith’s Bikes? You will have the chance to review the attributes before making your final decision.
Yes. Review these attributes.No. Cancel Sign In.
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 21
Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation
User Interface
•Users then log on•Authorization requires a local device (“FIDO” token) and a password
https://localhost:8080/idi/confirm
IDIIntermediary Sign-In
To share data with Smith’s Bikes please perform FIDO multi-factor authentication.
Authenticate with your local deviceThe authentication process can be performed in various ways depending on the vendor of the FIDO token used. Authentication normally takes place via USB or wirelessly.
Enter your IDI password
Password Submit
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 22
Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation
User Interface
•Users then have the chance to review the attributes shared•Data can be concealed on a per-attribute basis
https://localhost:8080/idi/review
IDIIdentity Intermediary Sign-In
Please review the data you are going to share with Smith’s Bikes:
E-Mail Address [email protected] Last Name Jones First Name Oliver Address of Residence Station Road 7, Salford M6 5WG
Do you want to share these personal attributes with Smith’s Bikes?
Yes. Share these attributes.No. Cancel Sign In.
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 23
Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation
Data Encryption
•Confirmed attributes will be encrypted for the requesting service provider based on a public key provided
• The data for a service provider can only be decrypted with his private key
I U S1 S2
I U S1 S2
I U S1 S2
I U S1 S2 I U S1 S2
I U S1 S2
RB RA1 RA2
A1
A2
A3
•Realised through a combination of multiple cryptographical methods on the server side and client side (W3C Web Cryptography API)
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 24
Conclusion
Introduction > Federated ID Management > Secure Authentication > ID Assurance > Implementation
The implementation is a step in the right direction
• The implementation shows that the concept works, but …•… there is a trade-off between security and usability.•… FIDO U2F specifications are still in a maturing phase.•… FIDO U2F tokens only provide signature capabilities (no advanced
cryptographic functions).
• Still, the combination of Federated IDM + FIDO U2F has great potential
• Success depends on a network of service providers/identity providers and high market penetration of FIDO U2F tokens
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 26
Discussion
Appendix
BibliographyBonneau, J., Herley, C., Oorschot, P. C. v. and Stajano, F.
The quest to replace passwords: A framework for comparative evaluation of Web authentication schemesUniversity of Cambridge, Computer Laboratory, 2012 (UCAM-CL-TR-817)
Federal Trade CommissionConsumer Sentinel Network Data Book for January - December 2013Federal Trade Commission, 2014
Harrell, E. and Langton, L.Victims of Identity Theft, 2012U.S.DepartmentofJustice,OfficeofJusticePrograms,BureauofJusticeStatistics,2013(NCJ243779)
ISO/IECInformation technology – Security techniques – Identity proofingInternational Organization for Standardization, 2012 (WD 29003)
Perlroth, N.Adobe Hacking Attack Was Bigger Than Previously Thoughthttp://bits.blogs.nytimes.com/2013/10/29/adobe-online-attack-was-bigger-than-previously-thought2013
Perlroth, N. and Gelles, D.Russian Hackers Amass Over a Billion Internet Passwordshttp://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html2014
Appendix
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 29
Illustration CreditIcons
Page 5, 19:Business by Thomas Helbig from The Noun ProjectPassport by Hunor Csaszar from The Noun ProjectIdentificationbyStefanSpielerfromTheNounProjectshop by Christian Wad from The Noun Projectinstitution by Christian Wad from The Noun ProjectCloud by matthew hall from The Noun Project
Page 8:Keys by Joe Harrison from The Noun Project
Page 15:IdentificationbyStefanSpielerfromTheNounProject
Page 20:USB Flash Drive by Michael Rowe from The Noun ProjectComputer by Océan Bussard from The Noun ProjectWebsite by Mister Pixel from The Noun Project
Page 25:Adventure by Ben Markoch from The Noun Project
Page 27:Icon by buzzyrobot from The Noun Project
PhotographyPage 1:
“Antique Keys” by Simon Greig is licensed under a Attribution-NonCommercial-ShareAlike 2.0 Generic license. Based on a work athttps://www.flickr.com/photos/xrrr/3892883749.Toviewacopyofthislicense,visithttps://creativecommons.org/licenses/by-nc-sa/2.0/legalcode.
Page 13:“YubiKey NEO on Keychain” from http://www.yubico.com/press/images/. Used in accordance with the usage policy available online 2014-09-20.
Appendix
Final Presentation on Secure Authentication and Attribute Sharing in Federated Identity Scenarios 30