slide1 l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
FileSpace An alternative to CardSpace that supports MultipleToken Authorisation and Portability Between Devices PowerPoint Presentation
Download Presentation
FileSpace An alternative to CardSpace that supports MultipleToken Authorisation and Portability Between Devices

Loading in 2 Seconds...

play fullscreen
1 / 32

FileSpace An alternative to CardSpace that supports MultipleToken Authorisation and Portability Between Devices - PowerPoint PPT Presentation


  • 155 Views
  • Uploaded on

FileSpace An alternative to CardSpace that supports MultipleToken Authorisation and Portability Between Devices. David Chadwick University of Kent. Contents. Problem statement and solution idea User experiences of using InfoCards and FileSpace At service provision time

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'FileSpace An alternative to CardSpace that supports MultipleToken Authorisation and Portability Between Devices' - johana


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

FileSpaceAn alternative to CardSpace that supports MultipleToken Authorisation and Portability Between Devices

David Chadwick

University of Kent

NIST IDTrust 2009

contents
Contents
  • Problem statement and solution idea
  • User experiences of using InfoCards and FileSpace
    • At service provision time
    • At Card/File issuing time
  • Technical properties of FileSpace
  • Detailed Comparison of FileSpace and InfoCards
  • Conclusion

NIST IDTrust 2009

problem statement
Problem Statement
  • A user typically has multiple cards
    • today each plastic card issuer only puts one attribute on a card, Visa member, AAA frequent flyer, IEEE member etc. so why expect that in InfoCards all this information will be on one card. It wont.
  • But she can only use one of these cards in any given InfoCard/CardSpace transaction
  • Insufficient for many purposes
    • buy a book at a discount using Visa card and student card
    • access patient data using Doctor card and hospital employee card
  • Users need to be able to select/present multiple cards
  • Cards may not be easily transported to all devices
    • e.g. use on a mobile phone
    • initial version of CardSpace did not have an export capability

NIST IDTrust 2009

solution idea
Solution Idea
  • Instead of cards, use files
  • Files are an existing well known concept to all computer users
  • Users are already familiar them, know how to drag and drop, copy, delete them etc.
  • So if every credential (plastic card) becomes a file, then user can copy them easily between devices, send multiple files to service providers etc.

NIST IDTrust 2009

user selects filespace
User Selects FileSpace

LOGIN

InfoCard

FileSpace

NIST IDTrust 2009

user selects files to upload
User Selects Files To Upload

LOGIN

InfoCard

FileSpace

NIST IDTrust 2009

user is asked to confirm he is father christmas
User is asked to Confirm he isFather Christmas

LOGIN

InfoCard

FileSpace

NIST IDTrust 2009

user s private key could be in a hardware token
User’s Private Key could be in a hardware token

IBM’s ZTIC USB device

Mobile Phone

NIST IDTrust 2009

then ask for electronic card file to be created
Then Ask For Electronic Card/File to be Created
  • User may need to select which attribute(s) to be included or IDP may choose them
  • In FileSpace, there is an additional step of sending your Certificate (e.g. Father Christmas) and proving ownership

NIST IDTrust 2009

creating a new identity
Creating a New Identity
  • In CardSpace we have self issued cards, whereby a user enters his own attributes into his cards
  • In FileSpace we have new identity cards, either self issued (e.g. Father Christmas) or issued by a CA such as Versign (e.g. my Bill Gates cert) (so not much difference there then !)

NIST IDTrust 2009

basic principles of filespace
Basic Principles of FileSpace
  • Clearly Separate Authentication from Authorisation by having separate tokens
  • Have multiple Authz Tokens linked to one Authn Token
    • Each Authz Token provides an attribute assertion from a trusted authoritative source
  • Have one Authn Token per Pseudonym
    • this is purely a handle on which to hang the Authz tokens. The pseudonym can be anything
    • user can have as many pseudonyms as he wishes

NIST IDTrust 2009

token lifetimes
Token Lifetimes
  • All FileSpace tokens are long lived and can be used repeatedly
    • User has to authenticate to service provider that he is the holder of all of them at time of use
  • In CardSpace all tokens are short lived and issued on demand
    • this requires authn to the card issuer each time a service is required
  • Each FileSpace Authz Token can be independently revoked by the issuer (AA)
    • so if user looses his private key he can ask AAs to revoke his authz credentials (no need to revoke authn credential)

NIST IDTrust 2009

authn tokens
Authn Tokens
  • Public key certificate containing any subject DN the issuer chooses to put there, subject to it being globally unique (which is mandatory in X.509 anyway!!)
  • Can be user generated (self issued)
    • unique DN can be generated by having public key id RDN + user provided CN RDN
  • Can be CA generated
    • unique DN can be CA name plus user provided CN RDN
  • It does not matter since it is not used for authorisation, only for authentication
  • Contains a pointer to where relying party can find private key in order to validate that the current user is the holder of the private key – solves the Discovery problem
    • could be mobile phone number, or “user’s browser”

NIST IDTrust 2009

authz tokens
Authz Tokens
  • Are standard claims/assertions/certificates that say this subject has this attribute, signed by issuer
  • However, subject id and attribute are encrypted (indirectly) to key public key of subject
    • Can be lost or stolen but are worthless to finder/thief because he cant decrypt them
  • Only valid once subject proves to RP that he has the decryption key
  • In practise we encrypt to a symmetric key and encrypt symmetric key to public key of subject then subject can decrypt symmetric key and encrypt it to public key of RP allowing RP to read the contents

NIST IDTrust 2009

service provision
Service Provision
  • User selects set of Authz Tokens and the matching Authn Token to send to service provider (through file upload function)
  • SP reads location of private key from Authn token and sends a message containing tokens and asking for decryption keys
  • User is asked to confirm SP can have these tokens, then enters PIN to private key and device creates decryption keys for the SP and returns them

NIST IDTrust 2009

protocol exchange
Protocol Exchange
  • SP-> private key location:

{{authzCredi} i=1 to n, nonce1, ts1, SPPKC}signSP

  • Private key location -> SP:

{{sni, encKeyi} i=1 to n, nonce1, nonce2, ts2, SP}signUser

  • Where:
    • n is the number of authorisation credentials to be decrypted
    • SPPKC is public key certificate of Service Provider
    • nonce is a random number and ts is a short time in the future (say 2 seconds)
    • sni is serial number of ith authorisation credential
    • encKeyi is symmetric key used to encrypt the contents of authorisation credential i, encrypted to the public key of the recipient SP

NIST IDTrust 2009

detailed comparison 1
Detailed Comparison (1)

NIST IDTrust 2009

detailed comparison 2
Detailed Comparison (2)

NIST IDTrust 2009

detailed comparison 3
Detailed Comparison (3)

NIST IDTrust 2009

slide30

Merging InfoCards and FileSpace

David Chadwick

NIST IDTrust 2009

conclusion
Conclusion
  • FileSpace overcomes a major disadvantage of CardSpace/InfoCards, that of not being able to send multiple cards
  • FileSpace does not lose out on usability since users already know how to use files (and it could be integrated into Card Selectors)
  • It has a number of security advantages as well
    • better privacy protection at the IdP
    • don’t need to worry about securing the desktop (unless private keys are held there)

NIST IDTrust 2009

any questions
Any Questions?

NIST IDTrust 2009