1 Achieving Data Privacy and Security Using Web Services Alfred C. Weaver Professor of Computer Science University of Virginia Charlottesville, Virginia,

1

Achieving Data Privacy and Security Using Web Services

Alfred C. WeaverProfessor of Computer Science

University of VirginiaCharlottesville, Virginia, USA

[email protected]://www.cs.virginia.edu/~acw/

security/

2

Outline

Motivation for data security Security architecture

Web services Trust

Components of security Authentication Authorization Federation

Research issues

3

Data Privacy and Security

Plants

ProcessesDatabases

Desktops

Laptops

PDAs

Cell phones

Global Internet

4

Virtual Factory

5

6

Risks

Access by unauthorized individuals Access denied to authorized

individuals Identity theft and impersonation Authentication techniques of

varying reliability Mobile access devices Viruses and worms

7

Risk Mitigation Requirements

Establish and maintain trust between data requestor and data provider

Techniques must be applicable to both humans and software

Trust decisions must be made without human intervention

8

Outline


Web services Trust


Research issues

9

10

Outline


Web services Trust


Research issues

11

Security Architecture

Based upon web services useful functionality exposed on the

WWW provide fundamental, standardized

building blocks to support distributed computing over the internet

applications communicate using XML documents that are computer-readable

12

Why Web Services?

Internet provides a powerful, standardized, ubiquitous infrastructure whose benefits are impossible to ignore provided that access is reliable,

dependable, and authentic World-wide acceptance

preferential way to interconnect applications in a loosely-coupled, language-neutral, platform-independent way

13

Web Services

Built on four primary technologies eXtensible Markup Language (XML)

format to enable machine-readable text Simple Object Access Protocol (SOAP)

specifies format and content of messages Web Services Description Language

(WSDL) XML document that describes a set of SOAP

messages and how they are exchanged Universal Description, Discovery, and

Integration (UDDI) searchable "whitepage directory" of web

services

14

SOAP Example<soap:Envelope>xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header>

<s:credentials xmlns:s="urn:examples-org:security">

<username>Alfred Weaver</username></s:credentials>

</soap:Header><soap:Body>

<x:TransferFunds xmlns:x="urn:examples-org:banking">

<from>22-342439</from><to>98-283843</to><amount>100.00</amount>

<denomination>USD</denomination></x:TransferFunds>

</soap:Body></soap:Envelope>

TransferFunds (from, to, amount)

15

Outline


Web services Trust


Research issues

16

Trust

Who you are

What

you

can

do

Authentication

Pri

vile

ges

Crede

ntia

ls, a

ttrib

utes

{Authentication, Credentials, Privileges}

Wha

t you

have

17

Outline


Web services Trust


Research issues

18

Authentication

Biometric based upon physical or behavioral

characteristics answers “who are you?”

Digital something you have or know

Two-factor authentication biometric + digital

19

Identification vs. Verification

Identification of all humans, which one are you?

Verification does your biometric (bid sample)

match a previously enrolled biometric template?

20

False Acceptance/Rejection

False acceptance rate (FAR) incorrectly matches a bid sample to an

enrolled template this is very bad FAR must be very, very low

False rejection rate (FRR) fails to match a legitimate bid sample to an

enrolled template this can be an annoyance or a denial of

service FRR must be low if technique is to be used

21

Fingerprints

70 points of differentiation (loops, whirls, deltas, ridges)Even identical twins have differing fingerprint patternsFalse acceptance rate < 0.01%False rejection rate < 1.4%Can distinguish a live fingerFast to enrollInexpensive (~$50-100)

22

Fingerprint Scanners

HP IPAQDigital Persona U.are.U Pro IBM Thinkpad T42

23

Iris Scans

Iris has 266 degrees of freedomIdentical twins have different iris patternsFalse acceptance rate < 0.01%False rejection rate < 0.01%Does take some time and controlled lighting to enrollPattern is stored as a data template, not a pictureFlash light to detect pupil dilation (prove live eye)

24

Physical Biometrics

Fingerprint Iris Retina Hand geometry Finger geometry Face geometry Ear shape

Palm print Smell Thermal face

image Hand vein Fingernail bed DNA

25

Determining a Match

Enrollment produces a template

011010101111011110000001...

26

Determining a Match

Enrollment produces a template Bid sample produces another

template

011010101111011110000001...011010101100011110000111...

27

Determining a Match

Enrollment produces a template Bid sample produces another template Hamming distance between them is

the degree of difference

011010101111011110000001...011010101100011110000111...

28

Behavioral Biometrics

Signature Voice Keyboard dynamics

Alfred C. Weaver

29

Digital Techniques

PINs and passwords E-tokens Smart cards RFID X.509 certificates

30

eToken

Stores credentials such as passwords, digital signatures and certificates, and private keys

Some can support on-board authentication and digital signing

31

Smartcard

Size of a credit card Microprocessor and memory All data movements encrypted

32

RFID IC with antenna Works with a

variety of transponders

No power supply Supplies identity

information Susceptible to theft

and replay attacks

33

Authentication Token

<TrustLevelSecToken> <CreatedAt> 2005-09-20T08:30:00.0000000-04:00 </CreatedAt> <ExpiresAt> 2005-09-21T08:30:00.0000000-04:00 </ExpiresAt> <UserID> 385739601 </UserID> <TokenIssuer> http://cs.virginia.edu/TrustSTS.asmx </TokenIssuer> <TrustAuthority> http://cs.virginia.edu/TrustAuthority.asmx </TrustAuthority></TrustLevelSecToken>

34

Authentication Token

<TrustLevelSecToken> <CreatedAt> 2005-09-20T08:30:00.0000000-04:00 </CreatedAt> <ExpiresAt> 2005-09-21T08:30:00.0000000-04:00 </ExpiresAt> <UserID> 385739601 </UserID> <TrustLevel> Fingerprint </TrustLevel> <AuthenticationMethod> Digital Persona U.are.U </AuthenticationMethod> <TokenIssuer> http://cs.virginia.edu/TrustSTS.asmx </TokenIssuer> <TrustAuthority> http://cs.virginia.edu/TrustAuthority.asmx </TrustAuthority></TrustLevelSecToken>

35

X.509 Certificates

Certificate issued by a trusted Certificate Authority (e.g., VeriSign)

Contains name serial number expiration dates certificate holder’s public key (used for

encrypting/decrypting messages and digital signatures)

digital signature of the Certificate Authority (so recipient knows that the certificate is valid)

Recipient may confirm identity of the sender with the Certificate Authority

36

Outline


Web services Trust


Research issues

37

Security Assertion Markup Language (SAML)

Interoperable exchange of security information enables web single sign-on distributed authorization services securing electronic transactions

Transcends the local security domain

38

SAML Assertions

Assertion is a declaration of facts Three types of security assertions

authentication attribute authorization decision

39

SAML Conceptual Model

SAML

AuthenticationAssertion

AttributeAssertion

AuthorizationDecisionAssertion

AuthenticationAuthority

AttributeAuthority

Policy DecisionPoint

Policy EnforcementPoint

Policy Policy Policy

Credentials Collector

System Entity

Application Request

40

Authentication Assertion

An issuing authority asserts that subject S was authenticated by means M at time T

Example subject “Alfred C. Weaver” was authenticated by “password” at time “2005-12-14T10:02:00Z”

41

Example Authentication Assertion

<saml:Assertion> AssertionID=“128.9.167.32.12345678” Issuer=“Robotics Corporation” IssueInstant=“2005-12-14T10:02:00Z”> <saml:Conditions NotBefore=“2005-12-14T10:02:00Z” NotAfter=“2005-12-21T10:02:00Z” /> <saml:AuthenticationStatement> AuthenticationMethod=“password” AuthenticationInstant=“2005-12-14T10:02:00Z”> <saml:Subject> <saml:NameIdentifier SecurityDomain=“robotics.com” Name=“Alfred C. Weaver” /> </saml:Subject> </saml:AuthenticationStatement></saml:Assertion>

42

Attribute Assertion

An issuing authority asserts that subject S is associated with attributes 1, 2, 3… with attribute values a, b, c...

Example: “Alfred C. Weaver” in domain

“robotics.com” is associated with attribute “Position” with value “Plant Manager”

43

Example Attribute Assertion

<saml:Assertion …> <saml:Conditions …/> <saml:AttributeStatement> <saml:Subject> <saml:NameIdentifier SecurityDomain=“robotics.com” Name=“Alfred C. Weaver” /> </saml:Subject> <saml:Attribute AttributeName=“Position” AttributeNamespace=“http://robotics.com”> <saml:AttributeValue> Plant Manager

</saml:AttributeValue> </saml:Attribute> </saml:AttributeStatement></saml:Assertion>

44

Authorization Decision Assertion

An issuing authority decides whether to grant the request: by subject S for access type A to resource R given evidence E

Decision is permit or deny

45

Example Authorization Decision Assertion

<saml:Assertion …> <saml:Conditions …/> <saml:AuthorizationStatement>

Decision=“Permit” Resource=“http://www.robotics.com/production.html”> <saml:Subject> <saml:NameIdentifier SecurityDomain=“robotics.com” Name=“Alfred C. Weaver” /> </saml:Subject> </saml:AuthorizationStatement></saml:Assertion>

46

SAML Conceptual Model

SAML

AuthenticationAssertion

AttributeAssertion

AuthorizationDecisionAssertion

AuthenticationAuthority

AttributeAuthority

Policy DecisionPoint

Policy EnforcementPoint

Policy Policy Policy

Credentials Collector

System Entity

Application Request

47

Outline


Web services Trust


Research issues

48

Federation

How can identity, once legitimately established in one trust domain, be reliably and securely shared with another trust domain?

49

Federated ATM Network

Account Numberand PIN

Home Bank Network

Visiting Bank Network

Funds Network of Trust

50

Yes

Administrative Decision

Admin

Get identityGet identitytokentoken 11

Requestor

IP/STS

Administrator decides on per request basis

22

33

Resource

51

Basic FederationDirect Trust Token Exchange

TrustTrust

Get identityGet identitytokentoken

Get accessGet accesstokentoken11

33

22

IP/STS IP/STS

Requestor

Resource

52

Indirect Trust

Trust

TrustTrust

Trust

C trusts B which vouches for A who vouches for client

11

33

CC

BB

AA

IP/STS

IP/STS

IP/STS

Requestor Resource

22

53

System Design

54

Outline

Motivation for data security Proposed security architecture

Web services Trust


Research issues

55

Research Challenges

Authentication tokens SAML permits enumeration, but not

substitution, of acceptable tokens Trustworthiness varies even within a

technology, but SAML does not capture this distinction

Our TrustLevel concept is just a beginning; trust is more complicated than a number

56

Research Challenges

Authorization rules Human organizations are complex,

and so are their rules Role delegation Human/computer interface

57

Research Challenges

Federation Currently an infant science Many issues surround trust

management establishment representation exchange enforcement storage negotiation

58

Research Challenges

Tools and techniques how to specify access policies locate policy inconsistencies human/computer interface

Formalisms need formal methods to structure our

thoughts, processes and implementations

need proofs of correctness

59

Achieving Data Privacy and Security Using Web Services

Alfred C. WeaverProfessor of Computer Science

University of VirginiaCharlottesville, Virginia, USA

[email protected]://www.cs.virginia.edu/~acw/

security/

1 Achieving Data Privacy and Security Using Web Services Alfred C. Weaver Professor of Computer Science University of Virginia Charlottesville, Virginia,

Documents