Title: Achieving Data Privacy and Security Using Web Services
1Achieving Data Privacy and Security Using Web
Services
- Alfred C. Weaver
- Professor of Computer Science
- University of Virginia
- Charlottesville, Virginia, USA
- weaver_at_cs.virginia.edu
- http//www.cs.virginia.edu/acw/security/
2Outline
- Motivation for data security
- Security architecture
- Web services
- Trust
- Components of security
- Authentication
- Authorization
- Federation
- Research issues
3Data Privacy and Security
Plants
PDAs
Global Internet
Processes
Laptops
Databases
Desktops
Cell phones
4Virtual Factory
5 6Risks
- Access by unauthorized individuals
- Access denied to authorized individuals
- Identity theft and impersonation
- Authentication techniques of varying reliability
- Mobile access devices
- Viruses and worms
7Risk Mitigation Requirements
- Establish and maintain trust between data
requestor and data provider - Techniques must be applicable to both humans and
software - Trust decisions must be made without human
intervention
8Outline
- Motivation for data security
- Security architecture
- Web services
- Trust
- Components of security
- Authentication
- Authorization
- Federation
- Research issues
9(No Transcript)
10Outline
- Motivation for data security
- Security architecture
- Web services
- Trust
- Components of security
- Authentication
- Authorization
- Federation
- Research issues
11Security Architecture
- Based upon web services
- useful functionality exposed on the WWW
- provide fundamental, standardized building blocks
to support distributed computing over the
internet - applications communicate using XML documents that
are computer-readable
12Why Web Services?
- Internet provides a powerful, standardized,
ubiquitous infrastructure whose benefits are
impossible to ignore - provided that access is reliable, dependable, and
authentic - World-wide acceptance
- preferential way to interconnect applications in
a loosely-coupled, language-neutral,
platform-independent way
13Web Services
- Built on four primary technologies
- eXtensible Markup Language (XML)
- format to enable machine-readable text
- Simple Object Access Protocol (SOAP)
- specifies format and content of messages
- Web Services Description Language (WSDL)
- XML document that describes a set of SOAP
messages and how they are exchanged - Universal Description, Discovery, and Integration
(UDDI) - searchable "whitepage directory" of web services
14SOAP Example
ltsoapEnvelopegt xmlnssoap"http//schemas.xmlsoap
.org/soap/envelope/"gt ltsoapHeadergt lt!--
security credentials --gt ltscredentials
xmlnss"urnexamples-orgsecurity"gt
ltusernamegtAlfred Weaverlt/usernamegt lt/scredent
ialsgt lt/soapHeadergt ltsoapBodygt ltxTransferFunds
xmlnsx"urnexamples-orgbanking"gt ltfromgt22-34
2439lt/fromgt lttogt98-283843lt/togt ltamountgt100.00lt
/amountgt
ltdenominationgtUSDlt/denominationgt lt/xTransferFund
sgt lt/soapBodygt lt/soapEnvelopegt
TransferFunds (from, to, amount)
15Outline
- Motivation for data security
- Security architecture
- Web services
- Trust
- Components of security
- Authentication
- Authorization
- Federation
- Research issues
16Trust
Privileges
Authentication
Credentials, attributes
17Outline
- Motivation for data security
- Security architecture
- Web services
- Trust
- Components of security
- Authentication
- Authorization
- Federation
- Research issues
18Authentication
- Biometric
- based upon physical or behavioral characteristics
- answers who are you?
- Digital
- something you have or know
- Two-factor authentication
- biometric digital
19Identification vs. Verification
- Identification
- of all humans, which one are you?
- Verification
- does your biometric (bid sample) match a
previously enrolled biometric template?
20False Acceptance/Rejection
- False acceptance rate (FAR)
- incorrectly matches a bid sample to an enrolled
template - this is very bad
- FAR must be very, very low
- False rejection rate (FRR)
- fails to match a legitimate bid sample to an
enrolled template - this can be an annoyance or a denial of service
- FRR must be low if technique is to be used
21Fingerprints
70 points of differentiation (loops, whirls,
deltas, ridges) Even identical twins have
differing fingerprint patterns False acceptance
rate lt 0.01 False rejection rate lt 1.4 Can
distinguish a live finger Fast to
enroll Inexpensive (50-100)
22Fingerprint Scanners
HP IPAQ
Digital Persona U.are.U Pro
IBM Thinkpad T42
23Iris Scans
Iris has 266 degrees of freedom Identical twins
have different iris patterns False acceptance
rate lt 0.01 False rejection rate lt 0.01 Does
take some time and controlled lighting to
enroll Pattern is stored as a data template, not
a picture Flash light to detect pupil dilation
(prove live eye)
24Physical Biometrics
- Fingerprint
- Iris
- Retina
- Hand geometry
- Finger geometry
- Face geometry
- Ear shape
- Palm print
- Smell
- Thermal face image
- Hand vein
- Fingernail bed
- DNA
25Determining a Match
- Enrollment produces a template
26Determining a Match
- Enrollment produces a template
- Bid sample produces another template
27Determining a Match
- Enrollment produces a template
- Bid sample produces another template
- Hamming distance between them is the degree of
difference
28Behavioral Biometrics
Alfred C. Weaver
- Signature
- Voice
- Keyboard dynamics
29Digital Techniques
- PINs and passwords
- E-tokens
- Smart cards
- RFID
- X.509 certificates
30eToken
- Stores credentials such as passwords, digital
signatures and certificates, and private keys - Some can support on-board authentication and
digital signing
31Smartcard
- Size of a credit card
- Microprocessor and memory
- All data movements encrypted
32RFID
- IC with antenna
- Works with a variety of transponders
- No power supply
- Supplies identity information
- Susceptible to theft and replay attacks
33Authentication Token
ltTrustLevelSecTokengt ltCreatedAtgt
2005-09-20T083000.0000000-0400 lt/CreatedAtgt
ltExpiresAtgt 2005-09-21T083000.0000000-0400
lt/ExpiresAtgt ltUserIDgt 385739601 lt/UserIDgt
ltTokenIssuergt http//cs.virginia.edu/TrustSTS.asmx
lt/TokenIssuergt ltTrustAuthoritygt
http//cs.virginia.edu/TrustAuthority.asmx
lt/TrustAuthoritygt lt/TrustLevelSecTokengt
34Authentication Token
ltTrustLevelSecTokengt ltCreatedAtgt
2005-09-20T083000.0000000-0400 lt/CreatedAtgt
ltExpiresAtgt 2005-09-21T083000.0000000-0400
lt/ExpiresAtgt ltUserIDgt 385739601 lt/UserIDgt
ltTrustLevelgt Fingerprint lt/TrustLevelgt
ltAuthenticationMethodgt Digital Persona U.are.U
lt/AuthenticationMethodgt ltTokenIssuergt
http//cs.virginia.edu/TrustSTS.asmx
lt/TokenIssuergt ltTrustAuthoritygt
http//cs.virginia.edu/TrustAuthority.asmx
lt/TrustAuthoritygt lt/TrustLevelSecTokengt
35X.509 Certificates
- Certificate issued by a trusted Certificate
Authority (e.g., VeriSign) - Contains
- name
- serial number
- expiration dates
- certificate holders public key (used for
encrypting/decrypting messages and digital
signatures) - digital signature of the Certificate Authority
(so recipient knows that the certificate is
valid) - Recipient may confirm identity of the sender with
the Certificate Authority
36Outline
- Motivation for data security
- Security architecture
- Web services
- Trust
- Components of security
- Authentication
- Authorization
- Federation
- Research issues
37Security Assertion Markup Language (SAML)
- Interoperable exchange of security information
enables - web single sign-on
- distributed authorization services
- securing electronic transactions
- Transcends the local security domain
38SAML Assertions
- Assertion is a declaration of facts
- Three types of security assertions
- authentication
- attribute
- authorization decision
39SAML Conceptual Model
40Authentication Assertion
- An issuing authority asserts that
- subject S
- was authenticated by means M
- at time T
- Example
- subject Alfred C. Weaver
- was authenticated by password
- at time 2005-12-14T100200Z
41Example Authentication Assertion
- ltsamlAssertiongt
- AssertionID128.9.167.32.12345678
IssuerRobotics Corporation
IssueInstant2005-12-14T100200Zgt
ltsamlConditions NotBefore2005-12-14T10020
0Z NotAfter2005-12-21T100200Z /gt
ltsamlAuthenticationStatementgt - AuthenticationMethodpassword
AuthenticationInstant2005-12-14T100200Zgt
ltsamlSubjectgt ltsamlNameIdentifier
SecurityDomainrobotics.com
NameAlfred C. Weaver /gt lt/samlSubjectgt
lt/samlAuthenticationStatementgt - lt/samlAssertiongt
42Attribute Assertion
- An issuing authority asserts that
- subject S
- is associated with attributes 1, 2, 3
- with attribute values a, b, c...
- Example
- Alfred C. Weaver in domain robotics.com
- is associated with attribute Position
- with value Plant Manager
43Example Attribute Assertion
- ltsamlAssertion gt ltsamlConditions /gt
ltsamlAttributeStatementgt ltsamlSubjectgt
ltsamlNameIdentifier SecurityDomainrobo
tics.com NameAlfred C. Weaver /gt
lt/samlSubjectgt ltsamlAttribute
AttributeNamePosition AttributeNamespace
http//robotics.comgt ltsamlAttributeValuegt
Plant Manager - lt/samlAttributeValuegt
lt/samlAttributegt lt/samlAttributeStatementgtlt/s
amlAssertiongt
44Authorization Decision Assertion
- An issuing authority decides whether to grant the
request - by subject S
- for access type A
- to resource R
- given evidence E
- Decision is permit or deny
45Example Authorization Decision Assertion
- ltsamlAssertion gt ltsamlConditions /gt
ltsamlAuthorizationStatementgt - DecisionPermit Resourcehttp//www.r
obotics.com/production.htmlgt ltsamlSubjectgt
ltsamlNameIdentifier
SecurityDomainrobotics.com
NameAlfred C. Weaver /gt lt/samlSubjectgt
lt/samlAuthorizationStatementgtlt/samlAssertiongt
46SAML Conceptual Model
47Outline
- Motivation for data security
- Security architecture
- Web services
- Trust
- Components of security
- Authentication
- Authorization
- Federation
- Research issues
48Federation
- How can identity, once legitimately established
in one trust domain, be reliably and securely
shared with another trust domain?
49Federated ATM Network
Account Number and PIN
Visiting Bank Network
Funds
Network of Trust
Home Bank Network
50Administrative Decision
IP/STS
Yes
Admin
Get identity token
1
3
Requestor
Resource
2
Administrator decides on per request basis
51Basic FederationDirect Trust Token Exchange
IP/STS
IP/STS
Trust
Get accesstoken
Get identity token
1
2
Resource
Requestor
3
52Indirect Trust
IP/STS
B
IP/STS
IP/STS
A
C
1
2
Resource
Requestor
3
C trusts B which vouches for A who vouches for
client
53System Design
54Outline
- Motivation for data security
- Proposed security architecture
- Web services
- Trust
- Components of security
- Authentication
- Authorization
- Federation
- Research issues
55Research Challenges
- Authentication tokens
- SAML permits enumeration, but not substitution,
of acceptable tokens - Trustworthiness varies even within a technology,
but SAML does not capture this distinction - Our TrustLevel concept is just a beginning trust
is more complicated than a number
56Research Challenges
- Authorization rules
- Human organizations are complex, and so are their
rules - Role delegation
- Human/computer interface
57Research Challenges
- Federation
- Currently an infant science
- Many issues surround trust management
- establishment
- representation
- exchange
- enforcement
- storage
- negotiation
58Research Challenges
- Tools and techniques
- how to specify access policies
- locate policy inconsistencies
- human/computer interface
- Formalisms
- need formal methods to structure our thoughts,
processes and implementations - need proofs of correctness
59Achieving Data Privacy and Security Using Web
Services
- Alfred C. Weaver
- Professor of Computer Science
- University of Virginia
- Charlottesville, Virginia, USA
- weaver_at_cs.virginia.edu
- http//www.cs.virginia.edu/acw/security/