1 / 16

GUIDE-ME: Georgia Tech User-Centric Identity Management Environment

GUIDE-ME: Georgia Tech User-Centric Identity Management Environment. Mustaque Ahamad Georgia Tech Information Security Center Joint work with Professor Doug Blough and David Bauer, Jeff King, Daisuke Mashima, Swapaneel Ambre and Amogh Budhkar. Supported by I3P, Nortel and Equifax.

avi
Download Presentation

GUIDE-ME: Georgia Tech User-Centric Identity Management Environment

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GUIDE-ME: Georgia Tech User-Centric Identity Management Environment Mustaque Ahamad Georgia Tech Information Security Center Joint work with Professor Doug Blough and David Bauer, Jeff King, Daisuke Mashima, Swapaneel Ambre and Amogh Budhkar. Supported by I3P, Nortel and Equifax.

  2. GUIDE-ME BASICS • Digital identity – entities have a defined set of attributes, defined by the entity itself or by an authority (e.g., employer) • Allows an individual to maintain multiple identities • Entities make claims about identities • Credentials include claims and evidence that can be used to verify the claims • Relying parties receive and check credentials

  3. GUIDE-ME APPROACH • Disclosing the minimum information a relying party needs • Users wants to provide the least amount of attributes and evidence needed for a transaction • Being able to control when and where a credential used • Credential use is monitored so users can choose to know when and how their credentials are used • Avoiding over-reliance on identity providers • Symmetric relationship between providers and consumers of credentials

  4. Identity Provider Identity Agent claims claims claims Identity Agent Identity Agent claims Identity Provider Identity Agent = entity, e.g. person, service, device,system = initiating party = relying party GUIDE-ME ARCHITECTURE

  5. Usage Scenario RELYING PARTY (RP) RP sends request for attributes which it needs along with authorization token from user. USER (w/ Local IdA) IDENTITY PROVIDER (IP) Attributes disclosed to RP, User ID, Device ID, Nonces Send minimum-disclosure credential Remote IdA Monitoring Agent

  6. Key Components • Local Identity Agent (IdA) • Runs on a device with the user a • Generates authorization token for remote IdA upon request from user. • Holds user’s private key and other authentication information • Network Resident Identity Agent • Stores longer term credentials signed by IdP and local identity agent • Generates minimum-disclosure credentials and release them to RP. • Monitoring Agent • Obtain usage information from RP or network IdA • Detects and reports anomaly to human users via out-of-band channel

  7. Minimum Attribute Disclosure(Bauer and Blough) • Standard digital certificates have serious limitations • All or nothing disclosure of identity • Instead of a few big claims (name, address, DNS name), have many fine-grain claims

  8. Date-of-birth Example • Instead of date-of-birth = 01-02-1980, have: • birth_year <= 1993 (age >= 13 years)‏ • birth_year <= 1988 (age >= 18 years)‏ • birth_year <= 1985 (age >= 21 years)‏ • birth_year <= 1981 (age >= 25 years)‏ • birth_year = 1980 • birth_month = 01 • birth_day = 02

  9. Using Merkle Hash Trees Replace the flat identity in a certificate with a Merkle Hash Tree of identity sub-claims

  10. Merkle Hash Tree - Advantages • Ties many sub-claims to a single hash value or a single certificate • Owner can chose exactly which claims to release at a given time • Easily scales to thousands of sub-claims • Reduces needed space and time compared to having many certificates • Reduces information disclosure even in the event of a compromised private key

  11. Modified Hash Tree Add special nodes that have their own certificates associated with them. These special nodes form the root nodes of their own subtrees.

  12. Modified Hash Tree - Advantages • Multiple trees from different identity providers can be combined under a single tree • Identity providers do not have access to all information about the user • Identity providers are only responsible for claims related to their subject area • User only has to keep track of one credential

  13. Controlling Credential Use • Monitoring agent must know when a user credential is used • Cryptographic techniques such as designated signature verifier and conditional digital signatures • Relying party cannot establish validity of credential without communication with another party such as monitoring agent • Monitoring agent implements an anomaly detection model for credential use

  14. Identity Usage Anomaly Detection and User Notification • Challenging because of the availability of limited amount of credential use information • Using context information • Time, location, IP address, device characteristics etc. • Credential use history (as in financial fraud detection) • Reducing false positive to minimize unnecessary user notifications • User input can help tune the model • Need reliable out-of-band channel for notifying users

  15. Conclusions • Empowering users and enterprises in managing identity credentials • Cryptographic protocols for minimum disclosure and credential misuse detection • Policy negotiation facilitated by flexibility offered by sub-claims • Recovering from compromised identity agents • Assessing user expectations and engagement in managing identity • Concrete application scenarios for financial and healthcare domains

  16. Questions?

More Related