Why Password- Enabled PKI



Similar documents
Password-Enabled PKI: Virtual Smartcards versus Virtual Soft Tokens

Public Key Infrastructure (PKI)

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1

Contents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008

Server-Assisted Generation of a Strong Secret from a Password

Arcot Systems, Inc. Securing Digital Identities. FPKI-TWG Mobility Solutions Today s Speaker Tom Wu Principal Software Engineer

That Point of Sale is a PoS

PASSWORD MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

Information Security Basic Concepts

Alternative: Strong password Protocols

Authentication Types. Password-based Authentication. Off-Line Password Guessing

White Paper. The Security Advantages of Hardware Tokens over Software Tokens for PKI Applications

Use of tablet devices in NHS environments: Good Practice Guideline

Meeting the FDA s Requirements for Electronic Records and Electronic Signatures (21 CFR Part 11)

WHITE PAPER. Smart Card Authentication for J2EE Applications Using Vintela SSO for Java (VSJ)

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

Advanced Authentication

Chapter 16: Authentication in Distributed System

Strong Authentication for Secure VPN Access

Information Security

CPSC 467b: Cryptography and Computer Security

e-governance Password Management Guidelines Draft 0.1

SECURITY PRACTICES FOR ADVANCED METERING INFRASTRUCTURE Elif Üstündağ Soykan, Seda Demirağ Ersöz , ICSG 2014

Using Entrust certificates with VPN

Sharpen your document and data security HP Security solutions for imaging and printing

Capture Resilient ElGamal Signature Protocols

1. Lifecycle of a certificate

Information Technology Branch Access Control Technical Standard

Authentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques

Secure Login Issues & Solutions

Longmai Mobile PKI Solution

Server Security. Contents. Is Rumpus Secure? 2. Use Care When Creating User Accounts 2. Managing Passwords 3. Watch Out For Aliases 4

WHITE PAPER AUGUST Preventing Security Breaches by Eliminating the Need to Transmit and Store Passwords

Two-Factor Authentication

CS 356 Lecture 28 Internet Authentication. Spring 2013

Fundamentals of Network Security - Theory and Practice-

Content Teaching Academy at James Madison University

Multi-Factor Authentication of Online Transactions

WHITE PAPER Usher Mobile Identity Platform

7 Key Management and PKIs

Mobile Identity: Improved Cybersecurity, Easier to Use and Manage than Passwords. Mika Devonshire Associate Product Manager

ADVANCE AUTHENTICATION TECHNIQUES

PCI Data Security Standards (DSS)

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

Data Protection: From PKI to Virtualization & Cloud

Security Considerations for DirectAccess Deployments. Whitepaper

Multi-factor authentication

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

GE Measurement & Control. Cyber Security for NEI 08-09

Miami University. Payment Card Data Security Policy

Implementing two-factor authentication: Google s experiences. Cem Paya (cemp@google.com) Information Security Team Google Inc.

Smart Card- An Alternative to Password Authentication By Ahmad Ismadi Yazid B. Sukaimi

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Security+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 10 Authentication and Account Management

Cryptography and Network Security Chapter 14

YALE UNIVERSITY DEPARTMENT OF COMPUTER SCIENCE

Deploying Smart Cards in Your Enterprise

BIG DATA: CRYPTOGRAPHICALLY ENFORCED ACCESS CONTROL AND SECURE COMMUNICATION

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016

BlackShield Authentication Service

Security + Certification (ITSY 1076) Syllabus

Securing the Connection with Remote Users Leveraging Strong Authentication and VPNs to Secure Access to the Enterprise

Specific recommendations

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

RSA Solution Brief. RSA SecurID Authentication in Action: Securing Privileged User Access. RSA Solution Brief

Credit Card Security

Lecture VII : Public Key Infrastructure (PKI)

Digital Signatures on iqmis User Access Request Form

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

White Paper: Multi-Factor Authentication Platform

SecureAuth Authentication: How SecureAuth performs what was previously impossible using X.509 certificates

Network and Security Controls

Frequently Asked Questions (FAQs) SIPRNet Hardware Token

Securing Data in the Virtual Data Center and Cloud: Requirements for Effective Encryption

2. Each server or domain controller requires its own server certificate, DoD Root Certificates and enterprise validator installed.

Authentication Tokens

Retention & Destruction

ADM:49 DPS POLICY MANUAL Page 1 of 5

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

Cybersecurity and Secure Authentication with SAP Single Sign-On

Franchise Data Compromise Trends and Cardholder. December, 2010

Public Key Infrastructure (PKI)

Securing your Online Data Transfer with SSL

Chapter 10. Cloud Security Mechanisms

On the Limits of Anonymous Password Authentication

CSE543 - Introduction to Computer and Network Security. Module: Public Key Infrastructure

Key Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University

Overview. SSL Cryptography Overview CHAPTER 1

How To Understand And Understand The Security Of A Key Infrastructure

Security Overview for Windows Vista. Bob McCoy, MCSE, CISSP/ISSAP Technical Account Manager Microsoft Corporation

Transcription:

Password Enabled Public-Key Infrastructure (PKI): Virtual Smartcards vs. Virtual Soft Tokens Ravi Sandhu Chief Scientist SingleSignOn.Net & Professor, George Mason University Mihir Bellare Chief Cryptographer SingleSignOn.Net & Professor, Univ. of California--San Diego Ravi Ganesan Chief Executive Officer SingleSignOn.Net 11417 Sunset Hills Rd., Reston, V 20190 1 Why Password- Enabled PKI Smartcards have not happened It s the smartcard readers stupid! Roaming capability is critical Even DoD is stretched in large-scale deployment Trends are not in favor of smartcards Deployment scale of 10 s or even 100 s of millions of users Computing devices are proliferating Large installed base of reader-less computers Smartcards are likely to remain a highassurance niche application 2 1

Solve PKI Gap and Silo Problem Result Phased migration path No quantum jump PKI integral, not silo d PKI with Password Convenience Strong PKI Systems Password Usability PKI Hardened Passwords PKI Capability Weak Password Systems No change for users No change for issuer Eliminate weaknesses 3 Common Misperception Fact: Password based systems are often vulnerable to attacks Myth: Passwords are inherently insecure. Fact: It is completely possible to design a sufficiently secure password system. Designing sufficiently secure password-based systems is non-trivial but it is possible. 4 2

nother Common Misperception Fact: Users hate current password systems that require too many passwords and force too many changes Myth: Users inherently hate passwords. Fact: It is completely possible to design a user friendly password system with PKIenabled Single Sign On. Designing user-friendly and sufficiently secure password-enabled PKI systems is non-trivial but it is possible. 5 Password Vulnerabilities and Counter-Measures Bad password selection enforce complexity rules On-line guessing attack throttling mechanism Off-line guessing (dictionary attacks) don t reveal required information (we know how to design such protocols) Undetected theft and sharing online intrusion detection to discover deter sharing, e.g., sharing reveals sensitive user information Use of same password at strong and weak servers user awareness and education Password reuse don t force unnecessary password changes Server spoofing use secure protocols to prove knowledge of password w/o sending it limit password exposure to trusted servers Server compromise use hardened servers or multiple servers 6 3

Instant roaming capability Proven user acceptance Password Benefits 100 s of millions of passwords usages per day in cyberspace Cheap Self-maintained Password resets Password change 7 How to distribute public-keys Digital Certificates Certificate Revocation Lists Traditional Public-Key Infrastructure (PKI) How to distribute private-keys (long-term) Smartcards The private key never leaves the smartcard Often called a hard token How to distribute private-keys (short-term) Password protected on the hard disk Not very mobile Password protected on a floppy disk Often called a soft token 8 4

Modern Public-Key Infrastructure (PKI) How to distribute public-keys Digital Certificates Certificate Revocation Lists On-line servers for certificate validation How to distribute private-keys (long-term) Smartcards The private key never leaves the smartcard Often called a hard token How to distribute private-keys (short-term) Password protected on the hard disk Not very mobile Password protected on a floppy disk Often called a soft token On-line servers for password-enabled mobility 9 pproaches How to marry PKI and Passwords? pproach 1: Virtual Soft Token Use password to encrypt private key and store it on remote server(s). Need password to RETREIVE private key. pproach 2: Virtual Smartcard The password is part of the composite private key. Need password to USE private key. 10 5

Trivial Insecure Virtual Soft Token Private key encrypted with user s password is stored on an on-line server E pwd (private-key) nyone is allowed to retrieve the encrypted private key Only the user can decrypt it using the password Unacceptable risk due to dictionary attack 11 E pwd (private-key) Cryptographic Camouflage, Hoover and Kausik Dictionary attack Knowledge of public key allows attacker to obtain known plaintext So prohibit knowledge of public key resulting in closed public-key system 12 6

EKE Roaming, Bellovin-Merritt et al Store E pwd (private-key) on server Transmit E K (E pwd (private-key)) where K is a strong symmetric key K is established using passwordbased authenticated key exchange protocol (such as EKE or SPEKE) Immune to off-line dictionary attack 13 Hardened Password Roaming, Kaliski-Ford User s hardened password is retrieved at any computer from two on-line servers Compromise of both servers is required to compromise hardened password Successful retrieval of hardened password requires knowledge of user s password User s private key is retrieved by means of hardened password Once retrieved the user s private key can be freely used on this computer 14 7

lice knows Password, P a Security Servers 1 & 2 Step 1: lice sends P a Step 3 : Get H1 Step 5 : sk for Credentials Step 2: Client Computer starts process Step 8: Use H to decrypt private key D Step 4 : Get H2 Client Computer Step 7: Return Cert and H (D) Step 9: Finally get around to logon or sign operation! Credential Servers 1 & 2 Long term private key is locked with hardened password H. Need duplicate credentials server for redundancy. Step 6: Check if Cert is revoked Revocation Servers 1 & 2 Security server with partial knowledge of H (H1). Need duplicate server for redundancy. Security Servers 3 & 4 OCSP server to check for revocation Security server with remaining knowledge of H (H2). Need duplicate server for redundancy. 15 pproaches How to marry PKI and Passwords? pproach 1: Virtual Soft Token Use password to encrypt private key and store it on remote server(s). Need password to RETREIVE private key. pproach 2: Virtual Smartcard The password is part of the composite private key. Need password to USE private key. 16 8

Trivial Insecure Virtual Smart Card Keep the private key on an on-line server Use the password as authentication to enable use of the private key on the server Lose non-repudiation 17 We want: 1. ppliance takes ID: Castle Corp FN: Castle LN: CCorp C. C nd creates 2. lice takes 3. But (presto!) nd creates 18 9

Password Secure Identity ppliance C ID: Castle Corp FN: Castle C LN: Corp. C. The Practical PKI TM pproach lice has password P which ONLY she knows. Password P expands to key d1 on computer. Secure Identity ppliance has key d2 for lice which ONLY it knows. s before, lice has public cert, with public key e, C signed by a C. Process 1. lice authenticates to appliance, sets up secure channel and sends M. 2. ppliance performs partial signature on M with its key for lice d2. 3. lice completes signature with her key d1. 19 Comparison Traditional PKI Keys: a) lice Public = e b) lice Private = d c) lice Cert = C Signing: a) S = Sign (M,d) Send [S, C] to Bob Practical PKI TM Keys: a) lice Public = e b) lice PKCS5(password, salt, iteration count) = d1 c) lice Cert = C d) lice appliance key = d2 Signing: a) lice logs on to appliance using d1 and creates secure channel a) Spartial = Sign(M,d2) b) S = Sign(Spartial,d1) Send [S, C] to Bob Bob: Gets e from C Does Verify(S,e) = M? Bob: Gets e from C Does Verify(S,e) = M? 20 10

Traditional PKI Keys: a) lice Public = e b) lice Private = d c) lice Cert = C Signing: a) S = Sign (M,d) Send [S, C] to Bob Difference #2: lice has to interact with appliance to sign. Difference #1: lice has short convenient password Comparison Practical PKI TM Keys: a) lice Public = e b) lice PKCS5(password, salt, iteration count) = d1 c) lice Cert = C d) lice appliance key = d2 Signing: a) lice logs on to appliance using d1 and creates secure channel a) Spartial = Sign(M,d2) b) S = Sign(Spartial,d1) Send [S, C] to Bob Bob: Gets e from C Does Verify(S,e) = M? Bob: Gets e from C Does Verify(S,e) = M? 21 Comparison Traditional PKI Keys: a) lice Public = e b) lice Private = d c) lice Cert = C Signing: a) S = Sign (M,d) Send [S, C] to Bob Practical PKI TM Keys: a) lice Public = e b) lice PKCS5(password, salt, iteration count) = d1 c) lice Cert = C d) lice appliance key = d2 Signing: a) lice logs on to appliance using d1 and creates secure channel a) Spartial = Sign(M,d2) b) S = Sign(Spartial,d1) Send [S, C] to Bob NOTHING ELSE CHNGES!!!! Bob: Gets e from C Does Verify(S,e) = M? Bob: Gets e from C Does Verify(S,e) = M? 22 11

ID: lice FN: lice.. ID: lice FN: lice.. C C Strong Fraud Management Velocity Checking Easy to report ID CNNOT BE USED NY FURTHER! INSTNT, COMPLETE, REVOCTION LN: Smith Email:alice@cc.com ID stolen Theft detected Theft reported C revokes ID Recipient (we hope) stops accepting ID 23 Every signature requires appliance interaction. So appliance logs can be used for velocity checking. Consumer or CSR can use password to revoke instantly! Strong Fraud Management Every signature requires appliance interaction. Once revoked key cannot be used further! Instant, complete revocation! Velocity Checking Easy to report ID CNNOT BE USED NY FURTHER! INSTNT, COMPLETE, REVOCTION LN: Smith Email:alice@cc.com ID stolen Theft detected Theft reported C revokes ID Recipient (we hope) stops accepting ID 24 12

SingleSignOn.Net Practical PKI TM solution Ease of use: password based Quick to deploy Simple to manage with least privilege Velocity checking and instant revocation Reusable for multiple applications Web, Wireless, VPN, email, etc. Use existing standards and widely deployed technologies 25 Summary Password enabled solutions are poised to jump start the stalled PKI car. Major vendors jumping into password enabled solutions using on-line servers is a good sign. Many servers are not all good, and have quality/security downside. Making password a part of the composite private key (virtual smartcards) provides substantial advantages over using password to retrieve private key (virtual soft tokens). 26 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information