Achieving Data Privacy and Security Using Web Services

1
Achieving Data Privacy and Security Using Web
Services

• Alfred C. Weaver
• Professor of Computer Science
• University of Virginia
• Charlottesville, Virginia, USA
• weaver_at_cs.virginia.edu
• http//www.cs.virginia.edu/acw/security/

2
Outline

• Motivation for data security
• Security architecture
• Web services
• Trust
• Components of security
• Authentication
• Authorization
• Federation
• Research issues

3
Data Privacy and Security
Plants
PDAs
Global Internet
Processes
Laptops
Databases
Desktops
Cell phones
4
Virtual Factory
5

6
Risks

• Access by unauthorized individuals
• Access denied to authorized individuals
• Identity theft and impersonation
• Authentication techniques of varying reliability
• Mobile access devices
• Viruses and worms

7
Risk Mitigation Requirements

• Establish and maintain trust between data
  requestor and data provider
• Techniques must be applicable to both humans and
  software
• Trust decisions must be made without human
  intervention

8
Outline

• Motivation for data security
• Security architecture
• Web services
• Trust
• Components of security
• Authentication
• Authorization
• Federation
• Research issues

9
(No Transcript)
10
Outline

• Motivation for data security
• Security architecture
• Web services
• Trust
• Components of security
• Authentication
• Authorization
• Federation
• Research issues

11
Security Architecture

• Based upon web services
• useful functionality exposed on the WWW
• provide fundamental, standardized building blocks
  to support distributed computing over the
  internet
• applications communicate using XML documents that
  are computer-readable

12
Why Web Services?

• Internet provides a powerful, standardized,
  ubiquitous infrastructure whose benefits are
  impossible to ignore
• provided that access is reliable, dependable, and
  authentic
• World-wide acceptance
• preferential way to interconnect applications in
  a loosely-coupled, language-neutral,
  platform-independent way

13
Web Services

• Built on four primary technologies
• eXtensible Markup Language (XML)
• format to enable machine-readable text
• Simple Object Access Protocol (SOAP)
• specifies format and content of messages
• Web Services Description Language (WSDL)
• XML document that describes a set of SOAP
  messages and how they are exchanged
• Universal Description, Discovery, and Integration
  (UDDI)
• searchable "whitepage directory" of web services

14
SOAP Example
ltsoapEnvelopegt xmlnssoap"http//schemas.xmlsoap
.org/soap/envelope/"gt ltsoapHeadergt lt!--
security credentials --gt ltscredentials
xmlnss"urnexamples-orgsecurity"gt
ltusernamegtAlfred Weaverlt/usernamegt lt/scredent
ialsgt lt/soapHeadergt ltsoapBodygt ltxTransferFunds
xmlnsx"urnexamples-orgbanking"gt ltfromgt22-34
2439lt/fromgt lttogt98-283843lt/togt ltamountgt100.00lt
/amountgt
ltdenominationgtUSDlt/denominationgt lt/xTransferFund
sgt lt/soapBodygt lt/soapEnvelopegt
TransferFunds (from, to, amount)
15
Outline

• Motivation for data security
• Security architecture
• Web services
• Trust
• Components of security
• Authentication
• Authorization
• Federation
• Research issues

16
Trust
Privileges
Authentication
Credentials, attributes
17
Outline

• Motivation for data security
• Security architecture
• Web services
• Trust
• Components of security
• Authentication
• Authorization
• Federation
• Research issues

18
Authentication

• Biometric
• based upon physical or behavioral characteristics
• answers who are you?
• Digital
• something you have or know
• Two-factor authentication
• biometric digital

19
Identification vs. Verification

• Identification
• of all humans, which one are you?
• Verification
• does your biometric (bid sample) match a
  previously enrolled biometric template?

20
False Acceptance/Rejection

• False acceptance rate (FAR)
• incorrectly matches a bid sample to an enrolled
  template
• this is very bad
• FAR must be very, very low
• False rejection rate (FRR)
• fails to match a legitimate bid sample to an
  enrolled template
• this can be an annoyance or a denial of service
• FRR must be low if technique is to be used

21
Fingerprints
70 points of differentiation (loops, whirls,
deltas, ridges) Even identical twins have
differing fingerprint patterns False acceptance
rate lt 0.01 False rejection rate lt 1.4 Can
distinguish a live finger Fast to
enroll Inexpensive (50-100)
22
Fingerprint Scanners
HP IPAQ
Digital Persona U.are.U Pro
IBM Thinkpad T42
23
Iris Scans
Iris has 266 degrees of freedom Identical twins
have different iris patterns False acceptance
rate lt 0.01 False rejection rate lt 0.01 Does
take some time and controlled lighting to
enroll Pattern is stored as a data template, not
a picture Flash light to detect pupil dilation
(prove live eye)
24
Physical Biometrics

• Fingerprint
• Iris
• Retina
• Hand geometry
• Finger geometry
• Face geometry
• Ear shape

• Palm print
• Smell
• Thermal face image
• Hand vein
• Fingernail bed
• DNA

25
Determining a Match

• Enrollment produces a template

26
Determining a Match

• Enrollment produces a template
• Bid sample produces another template

27
Determining a Match

• Enrollment produces a template
• Bid sample produces another template
• Hamming distance between them is the degree of
  difference

28
Behavioral Biometrics
Alfred C. Weaver

• Signature
• Voice
• Keyboard dynamics

29
Digital Techniques

• PINs and passwords
• E-tokens
• Smart cards
• RFID
• X.509 certificates

30
eToken

• Stores credentials such as passwords, digital
  signatures and certificates, and private keys
• Some can support on-board authentication and
  digital signing

31
Smartcard

• Size of a credit card
• Microprocessor and memory
• All data movements encrypted

32
RFID

• IC with antenna
• Works with a variety of transponders
• No power supply
• Supplies identity information
• Susceptible to theft and replay attacks

33
Authentication Token
ltTrustLevelSecTokengt ltCreatedAtgt
2005-09-20T083000.0000000-0400 lt/CreatedAtgt
ltExpiresAtgt 2005-09-21T083000.0000000-0400
lt/ExpiresAtgt ltUserIDgt 385739601 lt/UserIDgt
ltTokenIssuergt http//cs.virginia.edu/TrustSTS.asmx
lt/TokenIssuergt ltTrustAuthoritygt
http//cs.virginia.edu/TrustAuthority.asmx
lt/TrustAuthoritygt lt/TrustLevelSecTokengt
34
Authentication Token
ltTrustLevelSecTokengt ltCreatedAtgt
2005-09-20T083000.0000000-0400 lt/CreatedAtgt
ltExpiresAtgt 2005-09-21T083000.0000000-0400
lt/ExpiresAtgt ltUserIDgt 385739601 lt/UserIDgt
ltTrustLevelgt Fingerprint lt/TrustLevelgt
ltAuthenticationMethodgt Digital Persona U.are.U
lt/AuthenticationMethodgt ltTokenIssuergt
http//cs.virginia.edu/TrustSTS.asmx
lt/TokenIssuergt ltTrustAuthoritygt
http//cs.virginia.edu/TrustAuthority.asmx
lt/TrustAuthoritygt lt/TrustLevelSecTokengt
35
X.509 Certificates

• Certificate issued by a trusted Certificate
  Authority (e.g., VeriSign)
• Contains
• name
• serial number
• expiration dates
• certificate holders public key (used for
  encrypting/decrypting messages and digital
  signatures)
• digital signature of the Certificate Authority
  (so recipient knows that the certificate is
  valid)
• Recipient may confirm identity of the sender with
  the Certificate Authority

36
Outline

• Motivation for data security
• Security architecture
• Web services
• Trust
• Components of security
• Authentication
• Authorization
• Federation
• Research issues

37
Security Assertion Markup Language (SAML)

• Interoperable exchange of security information
  enables
• web single sign-on
• distributed authorization services
• securing electronic transactions
• Transcends the local security domain

38
SAML Assertions

• Assertion is a declaration of facts
• Three types of security assertions
• authentication
• attribute
• authorization decision

39
SAML Conceptual Model
40
Authentication Assertion

• An issuing authority asserts that
• subject S
• was authenticated by means M
• at time T
• Example
• subject Alfred C. Weaver
• was authenticated by password
• at time 2005-12-14T100200Z

41
Example Authentication Assertion

• ltsamlAssertiongt
• AssertionID128.9.167.32.12345678
  IssuerRobotics Corporation
  IssueInstant2005-12-14T100200Zgt
  ltsamlConditions NotBefore2005-12-14T10020
  0Z NotAfter2005-12-21T100200Z /gt
  ltsamlAuthenticationStatementgt
• AuthenticationMethodpassword
  AuthenticationInstant2005-12-14T100200Zgt
  ltsamlSubjectgt ltsamlNameIdentifier
  SecurityDomainrobotics.com
  NameAlfred C. Weaver /gt lt/samlSubjectgt
  lt/samlAuthenticationStatementgt
• lt/samlAssertiongt

42
Attribute Assertion

• An issuing authority asserts that
• subject S
• is associated with attributes 1, 2, 3
• with attribute values a, b, c...
• Example
• Alfred C. Weaver in domain robotics.com
• is associated with attribute Position
• with value Plant Manager

43
Example Attribute Assertion

• ltsamlAssertion gt ltsamlConditions /gt
  ltsamlAttributeStatementgt ltsamlSubjectgt
  ltsamlNameIdentifier SecurityDomainrobo
  tics.com NameAlfred C. Weaver /gt
  lt/samlSubjectgt ltsamlAttribute
  AttributeNamePosition AttributeNamespace
  http//robotics.comgt ltsamlAttributeValuegt
  Plant Manager
• lt/samlAttributeValuegt
  lt/samlAttributegt lt/samlAttributeStatementgtlt/s
  amlAssertiongt

44
Authorization Decision Assertion

• An issuing authority decides whether to grant the
  request
• by subject S
• for access type A
• to resource R
• given evidence E
• Decision is permit or deny

45
Example Authorization Decision Assertion

• ltsamlAssertion gt ltsamlConditions /gt
  ltsamlAuthorizationStatementgt
• DecisionPermit Resourcehttp//www.r
  obotics.com/production.htmlgt ltsamlSubjectgt
  ltsamlNameIdentifier
  SecurityDomainrobotics.com
  NameAlfred C. Weaver /gt lt/samlSubjectgt
  lt/samlAuthorizationStatementgtlt/samlAssertiongt

46
SAML Conceptual Model
47
Outline

• Motivation for data security
• Security architecture
• Web services
• Trust
• Components of security
• Authentication
• Authorization
• Federation
• Research issues

48
Federation

• How can identity, once legitimately established
  in one trust domain, be reliably and securely
  shared with another trust domain?

49
Federated ATM Network
Account Number and PIN
Visiting Bank Network
Funds
Network of Trust
Home Bank Network
50
Administrative Decision
IP/STS
Yes
Admin
Get identity token
1
3
Requestor
Resource
2
Administrator decides on per request basis
51
Basic FederationDirect Trust Token Exchange
IP/STS
IP/STS
Trust
Get accesstoken
Get identity token
1
2
Resource
Requestor
3
52
Indirect Trust
IP/STS
B
IP/STS
IP/STS
A
C
1
2
Resource
Requestor
3
C trusts B which vouches for A who vouches for
client
53
System Design
54
Outline

• Motivation for data security
• Proposed security architecture
• Web services
• Trust
• Components of security
• Authentication
• Authorization
• Federation
• Research issues

55
Research Challenges

• Authentication tokens
• SAML permits enumeration, but not substitution,
  of acceptable tokens
• Trustworthiness varies even within a technology,
  but SAML does not capture this distinction
• Our TrustLevel concept is just a beginning trust
  is more complicated than a number

56
Research Challenges

• Authorization rules
• Human organizations are complex, and so are their
  rules
• Role delegation
• Human/computer interface

57
Research Challenges

• Federation
• Currently an infant science
• Many issues surround trust management
• establishment
• representation
• exchange
• enforcement
• storage
• negotiation

58
Research Challenges

• Tools and techniques
• how to specify access policies
• locate policy inconsistencies
• human/computer interface
• Formalisms
• need formal methods to structure our thoughts,
  processes and implementations
• need proofs of correctness

59
Achieving Data Privacy and Security Using Web
Services

• Alfred C. Weaver
• Professor of Computer Science
• University of Virginia
• Charlottesville, Virginia, USA
• weaver_at_cs.virginia.edu
• http//www.cs.virginia.edu/acw/security/