Security Solution for an Open Framework for Personal Services HoaBinh Nguyen Eurcom Institute DEA RS - PowerPoint PPT Presentation
1 / 27
Title:
Security Solution for an Open Framework for Personal Services HoaBinh Nguyen Eurcom Institute DEA RS
Description:
Binding & Lookup Service. Different types of naming services. DNS : IP adresses ... Unique number inside the card. Two names may not have the same IDs in ... – PowerPoint PPT presentation
Number of Views:96
Avg rating:3.0/5.0
Title: Security Solution for an Open Framework for Personal Services HoaBinh Nguyen Eurcom Institute DEA RS
1
Security Solution for an Open Framework for
Personal ServicesHoa-Binh Nguyen--Eurécom
InstituteDEA RSDGemplus Research Lab.
2
Agenda
- Accessing Distributed Services
- Personal Naming Directory Service (PNDS)
- Solution for PNDS Access Control
- Solution for Service Access Control
- Conclusion
3
Accessing Distributed Services
4
Distributed Environment
PNDS
5
Naming Directory Services
- Key Components in Distributed Systems
- Facilitate Services Location and Access
- Applications deal with object names rather than
addresses - Enable cooperation among distributed objects
- Attributes can describe objects
- Binding Lookup Service
- Different types of naming services
- DNS IP adresses
- COS Naming CORBA objects
- RMI Registry Java objects
- PNDS Personal services (user profiles, address
book, ...)
6
Challenges/Objectives
- Mobility
- User roaming
- Service roaming
- Want to guaranty
- Services access availability
- Services personalization
- Services security
To introduce an open and secure framework allowing
- Service providers
- to easily develop and deploy services
- to control service access
- Users
- transparent access to services through the
lookup service
7
Personal Naming Directory Service(PNDS)
8
Personal Naming Directory Service(PNDS)
- Fits into a Smart Card portable between
different terminals and networks - Can be personalized according to user services
and preferences - Forwards the request to another naming server
- Can secure access to services
Smart Card
Remote Naming Servers
9
Integration within JNDI framework
- Private Attributes FN,FL,PN,PL
- Object Reference
- Object Serialization (future)
10
Accessing a service Lookup (example of a
Purse object)
Ref
ProxyFactory
PURSE
interface
Proxy
Client Terminal
Ref
ProxyFactory
PNDS
PURSE
s
Proxy
11
PNDS Security Objectives
- Personalization
- Availability
- transparent deployment of proxieson client
terminals (factories) - But Security is limited
- a unique PIN code (in-card)
- no security on server side (free access)
- Tree access control
- leaf creation/deletion
- information access modification
- Service access control
- user authentication
- control of service access rights
12
Access Control
- ACL (Access Control List)
- list of users and operations associated to each
resource Resource 1 (User AR,W, User BR) - always possible to add/remove a user from the
list - time cost in verifying users rights in case of
long list of users - Capabilities
- list of resources and operations granted to each
user User A ( Re1R,W, Re2R, Re3R,W,X) - difficult to control the propagation. Can be
copied or stolen --gt can be carried by smart
cards ? - capabilities without identity and with identity
--gt Certificate
13
Solution for PNDS Access Control
14
ACL for PNDS Access Control (1/3)
- Names
- Unique string of Unicode identifying users
outside the card - IDs
- Unique number inside the card
- Two names may not have the same IDs in different
cards
- Navigating authentication methods
- searchEntry(), searchAttribute(),
authentication() . - Entry access methods
- addEntry(), addAttribute()
- Attribute access methods
- getAttributeValue(), changeAttributeValue()
S
15
ACL for PNDS Access Control (2/3)
- Free access for navigating authentication
methods - Each entry has a condition for each entry access
method - Each attribute has two access conditions for
read and write value
16
ACL for PNDS Access Control (3/3)
- Authentication table
Name IDs Info Option
ACL UserList Anonymous 0
null 1 2
null Cardholder 1 PIN1
1 2 null Card manager 2
PIN2 1 2
null Service providers 3 Key3 1
2 null Fidelo service 10
Key10 1 2
null AirFrance 11 Key11 1
10 null Hertz
12 Key1 1 10 null
Service clients 13 null 0
10 (11, 12)
- Security Interface
Public interface Security public void
authentication(byte userName,byte pin)
public void addUser(byte userName,byte key,
byte option public void addGroup(byte
groupName) public void addUserToGroup(byte
userName,byte groupName) ..
17
Solution for Service Access Control
18
Service Access Control (1/5)
- Capability suited for service access control
- many users/operations for a single service
- capabilities stored in PNDS tree and used during
the lookup operation
- Access rights
- list of permitted method indexes
- array of boolean true,false,true
19
Service Access Control (2/5)
- Access Control Gate
- control the service access
- filter the method invocation from a client
- assure a (secure) communication with the proxy
20
Service Access Control (3/5)
- Control Gate Server
- authenticate a client at the first time
- verify the validity of capabilities
- generate an Access Control Gate to each client
21
Service Access Control (4/5)
- Personal Naming Directory Service (PNDS)
- facilitate the service access from a client
- pass a capability to the Control Gate Server in
a secure way - deploy the access control gate proxy for the
client
22
Service Access Control (5/5)
- PNDS plays the role as a Kerberos Server
- PNDS PNDSCardService share a secret key
- PNDS Control Gate Server also share a secret
key
Terminal
Control Gate Server
23
Client in the TerminalService in the Card with
PNDS
Terminal
JNDI
PNDSCardService
Gate Interface
Access Control Gate
PNDS
service
Service
Smart card
24
How to Implement an Access Control Gate
Public interface Purse int getBalance()
void Debit(int amount) void Credit(int amount)
Public interface Gate public void
accessRights(boolean right, byte key) public
boolean authenticate(byte key) public void
reset()
Public class PurseControlGate implements
Purse,Gate private Purse p private boolean3
accessRights private byte sessionKey private
boolean authenticationOk false PurseControlGat
e(Purse p) this.p p public void
accessRight (boolean accessRights, byte
sessionKey) arrayCopy(accessRights,this.access
Rights) arrayCopy(sessionKey,this.sessionKey)
public boolean authenticate(byte key) if
(Util.arrayCompare(sessionKey,key)
0) authenticateOK true else authenticateOK
false public int getBalance() if
((accessRightsGET_BALANCE) authenticateOK)
return p.getBalance() else UserException.ThrowIt(
METHOD_NOT_PERMITTED) ..
25
Conclusion
- Model of tree access control based on
- ACL
- Access rights well defined
- Cryptographic authentication protocol
- Service access control based on
- Capabilities
- Control Gate Server
- Access Control Gates
- Proxies
- Cryptographic algorithms
Service access security
26
Involved Technologies
- Smart Cards Technologies
- Java Card 2.1
- Open Card Framework (OCF)
- Visa Open Platform (VOP)
- Java Naming and Directory Interface (JNDI)
- Access Control
27
Acknowledgements
- Gemplus Research Lab
- Eurécom Institute
- DEA RSD
