Title: Security Solution for an Open Framework for Personal Services HoaBinh Nguyen Eurcom Institute DEA RS
1Security Solution for an Open Framework for
Personal ServicesHoa-Binh Nguyen--Eurécom
InstituteDEA RSDGemplus Research Lab.
2Agenda
- Accessing Distributed Services
- Personal Naming Directory Service (PNDS)
- Solution for PNDS Access Control
- Solution for Service Access Control
- Conclusion
3Accessing Distributed Services
4Distributed Environment
PNDS
5Naming Directory Services
- Key Components in Distributed Systems
- Facilitate Services Location and Access
- Applications deal with object names rather than
addresses - Enable cooperation among distributed objects
- Attributes can describe objects
- Binding Lookup Service
- Different types of naming services
- DNS IP adresses
- COS Naming CORBA objects
- RMI Registry Java objects
- PNDS Personal services (user profiles, address
book, ...)
6Challenges/Objectives
- Mobility
- User roaming
- Service roaming
- Want to guaranty
- Services access availability
- Services personalization
- Services security
To introduce an open and secure framework allowing
- Service providers
- to easily develop and deploy services
- to control service access
- Users
- transparent access to services through the
lookup service
7Personal Naming Directory Service(PNDS)
8Personal Naming Directory Service(PNDS)
- Fits into a Smart Card portable between
different terminals and networks - Can be personalized according to user services
and preferences - Forwards the request to another naming server
- Can secure access to services
Smart Card
Remote Naming Servers
9Integration within JNDI framework
- Private Attributes FN,FL,PN,PL
- Object Reference
- Object Serialization (future)
10Accessing a service Lookup (example of a
Purse object)
Ref
ProxyFactory
PURSE
interface
Proxy
Client Terminal
Ref
ProxyFactory
PNDS
PURSE
s
Proxy
11PNDS Security Objectives
- Personalization
- Availability
- transparent deployment of proxieson client
terminals (factories) - But Security is limited
- a unique PIN code (in-card)
- no security on server side (free access)
- Tree access control
- leaf creation/deletion
- information access modification
- Service access control
- user authentication
- control of service access rights
12Access Control
- ACL (Access Control List)
- list of users and operations associated to each
resource Resource 1 (User AR,W, User BR) - always possible to add/remove a user from the
list - time cost in verifying users rights in case of
long list of users - Capabilities
- list of resources and operations granted to each
user User A ( Re1R,W, Re2R, Re3R,W,X) - difficult to control the propagation. Can be
copied or stolen --gt can be carried by smart
cards ? - capabilities without identity and with identity
--gt Certificate
13Solution for PNDS Access Control
14ACL for PNDS Access Control (1/3)
- Names
- Unique string of Unicode identifying users
outside the card - IDs
- Unique number inside the card
- Two names may not have the same IDs in different
cards
- Navigating authentication methods
- searchEntry(), searchAttribute(),
authentication() . - Entry access methods
- addEntry(), addAttribute()
- Attribute access methods
- getAttributeValue(), changeAttributeValue()
S
15ACL for PNDS Access Control (2/3)
- Free access for navigating authentication
methods - Each entry has a condition for each entry access
method - Each attribute has two access conditions for
read and write value
16ACL for PNDS Access Control (3/3)
Name IDs Info Option
ACL UserList Anonymous 0
null 1 2
null Cardholder 1 PIN1
1 2 null Card manager 2
PIN2 1 2
null Service providers 3 Key3 1
2 null Fidelo service 10
Key10 1 2
null AirFrance 11 Key11 1
10 null Hertz
12 Key1 1 10 null
Service clients 13 null 0
10 (11, 12)
Public interface Security public void
authentication(byte userName,byte pin)
public void addUser(byte userName,byte key,
byte option public void addGroup(byte
groupName) public void addUserToGroup(byte
userName,byte groupName) ..
17Solution for Service Access Control
18Service Access Control (1/5)
- Capability suited for service access control
- many users/operations for a single service
- capabilities stored in PNDS tree and used during
the lookup operation
- Access rights
- list of permitted method indexes
- array of boolean true,false,true
19Service Access Control (2/5)
- Access Control Gate
- control the service access
- filter the method invocation from a client
- assure a (secure) communication with the proxy
20Service Access Control (3/5)
- Control Gate Server
- authenticate a client at the first time
- verify the validity of capabilities
- generate an Access Control Gate to each client
21Service Access Control (4/5)
- Personal Naming Directory Service (PNDS)
- facilitate the service access from a client
- pass a capability to the Control Gate Server in
a secure way - deploy the access control gate proxy for the
client
22Service Access Control (5/5)
- PNDS plays the role as a Kerberos Server
- PNDS PNDSCardService share a secret key
- PNDS Control Gate Server also share a secret
key
Terminal
Control Gate Server
23Client in the TerminalService in the Card with
PNDS
Terminal
JNDI
PNDSCardService
Gate Interface
Access Control Gate
PNDS
service
Service
Smart card
24How to Implement an Access Control Gate
Public interface Purse int getBalance()
void Debit(int amount) void Credit(int amount)
Public interface Gate public void
accessRights(boolean right, byte key) public
boolean authenticate(byte key) public void
reset()
Public class PurseControlGate implements
Purse,Gate private Purse p private boolean3
accessRights private byte sessionKey private
boolean authenticationOk false PurseControlGat
e(Purse p) this.p p public void
accessRight (boolean accessRights, byte
sessionKey) arrayCopy(accessRights,this.access
Rights) arrayCopy(sessionKey,this.sessionKey)
public boolean authenticate(byte key) if
(Util.arrayCompare(sessionKey,key)
0) authenticateOK true else authenticateOK
false public int getBalance() if
((accessRightsGET_BALANCE) authenticateOK)
return p.getBalance() else UserException.ThrowIt(
METHOD_NOT_PERMITTED) ..
25Conclusion
- Model of tree access control based on
- ACL
- Access rights well defined
- Cryptographic authentication protocol
- Service access control based on
- Capabilities
- Control Gate Server
- Access Control Gates
- Proxies
- Cryptographic algorithms
Service access security
26Involved Technologies
- Smart Cards Technologies
- Java Card 2.1
- Open Card Framework (OCF)
- Visa Open Platform (VOP)
- Java Naming and Directory Interface (JNDI)
- Access Control
27Acknowledgements
- Gemplus Research Lab
- Eurécom Institute
- DEA RSD