Presentation is loading. Please wait.

Presentation is loading. Please wait.

Seminar: Solutions and Infrastructure to ensure Trust in E-Commerce Marco Casassa Mont Trusted E-Services Laboratory Hewlett-Packard.

Similar presentations


Presentation on theme: "Seminar: Solutions and Infrastructure to ensure Trust in E-Commerce Marco Casassa Mont Trusted E-Services Laboratory Hewlett-Packard."— Presentation transcript:

1

2 Seminar: Solutions and Infrastructure to ensure Trust in E-Commerce Marco Casassa Mont marco_casassa-mont@hp.com Trusted E-Services Laboratory Hewlett-Packard Laboratories, Bristol, UK www.hpl.hp.com

3 Presentation Outline 1. Overview of Concepts and basic Infrastructure: - Access Control - PKI & Trust - Policy and Policy Management 2. Solutions and Infrastructure to underpin Trust in E-Commerce: - PASTELS (HPL Bristol): Trust & Authorization Management in B2B 3. Moving Towards the Future - Trust Services eco-system … creating a Safety Net for E-Commerce

4 Terminology Access Control: controllo di accesso Access Control: controllo di accesso Role: ruolo Role: ruolo Authorization: autorizzazione Authorization: autorizzazione Authentication: identificazione Authentication: identificazione Policy: politiche, regole, condizioni Policy: politiche, regole, condizioni PKI: Public Key Infrastructure PKI: Public Key Infrastructure (infrastr. di crittografia pubblica) (infrastr. di crittografia pubblica) Trust: fiducia, … Trust: fiducia, … Certificate, Credential: certificato, credenziale Certificate, Credential: certificato, credenziale

5 PART 1 Overview of Concepts and Basic Infrastructure

6 Access Control Overview

7 Access Control Defines what a user can do on a resource Limits the operations that a user of a system can do It is enforced by a Reference Monitor which mediates every attempted access by a user to objects in the system

8 Access Control Lists User 1 User 2 User 3 User n Resource 1 Resource 2 Resource 3 Resource K R, W, E R R, W E Access Control List Complexity in administering large number of users

9 Role Based Access Control (RBAC) Role (General) : set of actions and responsabilities associated with a particular activity Definition of Roles in the system (administrator, engineer, project manager, etc.) Role: contains authorizations on objects Users are assigned to roles Simple RBAC model = Group-based ACL (Windows NT access control, …)

10 Role Based Access Control (RBAC) User 1 Resource 1: Document XYZ Document XYZ User 2 User 3 Rights 1: - read - read - write - write Rights 2: - read - read Role 1: Manager Role 2: Employee

11 Public Key Infrastructure (PKI) and Trust

12 Outline Basic Problem: Confidence and Trust Background: Cryptography, Digital Signature, Digital Certificates (X509) Public Key Infrastructure (PKI)

13 Basic Problem IntranetExtranetInternet AliceBob Bob and Alice want to exchange data in a digital world. There are Confidence and Trust Issues …

14 Confidence and Trust Issues In the Identity of an Individual or Application AUTHENTICATION That the information will be kept Private CONFIDENTIALITY That information cannot be Manipulated INTEGRITY That information cannot be Disowned NON-REPUDIATION IntranetExtranetInternet Alice Bob

15 Starting Point: Cryptography Cryptography It is the science of making the cost of acquiring or altering data greater than the potential value gained PlaintextEncryptionDecryptionPlaintextCiphertext KeyKey Hello World &$*£(“!273

16 Cryptographic Algorithms All cryptosystems are based only on three Cryptographic Algorithms: MESSAGE DIGEST (MD2-4-5, SHA, SHA-1, …) SECRET KEY (Blowfish, DES, IDEA, RC2-4-5, Triple-DES, …) PUBLIC KEY (DSA, RSA, …) Maps variable length plaintext into fixed length ciphertext No key usage, computationally infeasible to recover the plaintext Encrypt and decrypt messages by using the same Secret Key Encrypt and decrypt messages by using two different Keys: Public Key, Private Key (coupled together) PlaintextEncryptionDecryptionPlaintextCiphertext Key Key

17 Digital Signature A Digital Signature is a data item that vouches the origin and the integrity of a Message IntranetExtranetInternet Alice Bob

18 CERTIFICATE Digital Identity Certificate Issuer Subject Issuer Digital Signature Subject Public Key

19 Digital Certificate How are Digital Certificates Issued? Who is issuing them? Why should I Trust the Certificate Issuer? How can I check if a Certificate is valid? How can I revoke a Certificate? Who is revoking Certificates? Problems Moving towards PKI …

20 Public Key Infrastructure (PKI) A Public Key Infrastructure is an Infrastructure to support and manage Public Key-based Digital Certificates Potentially it is a complex distributed Infrastructure over the Internet

21 Public Key Infrastructure (PKI) on: Focus on: X509 PKI X509 PKI X509 Digital Certificates X509 Digital Certificates  Standards defined by IETF, PKIX WG: http://www.ietf.org/ http://www.ietf.org/ … even if X509 is not the only approach (e.g. SPKI)

22 X509 PKI – Technical View Basic Components: Certificate Authority (CA) Registration Authority (RA) Certificate Distribution System PKI enabled applications “Consumer” Side “Provider” Side

23 X509 PKI – Simple Model CA RA Certification Entity Directory Application Service Remote Person Local Person Certs, CRLs Cert. Request Signed Certificate Internet

24 Try to reflect Real world Trust Models CA RA CA RA LRA CA RA CA RA Directory Services Internet Internet CA Technology Evolution

25 Certificate Revocation List Revoked Certificates remain in CRL until they expire Certificate Revocation List

26 CRL vs OCSP Server UserCA CRL Directory Download CRL CRL User CA CRL Directory Download CRL Certificate IDs to be checked Answer about Certificate States OCSP Server OCSP

27 X509 PKI Trust by Hierarchies and Cross Certification

28 Each entity has its own certificate (and may have more than one). The root CA’s certificate is self signed and each sub-CA is signed by its parent CA. Each CA may also issue CRLs. In particular the lowest level CAs issue CRLs frequently. End entities need to “find” a certificate path to a CA that they trust. Simple Certificate Hierarchy Root CA Sub-CAs End Entities Certification Path

29 123 1.Multiple Roots 2.Simple cross-certificate 3.Complex cross-certificate Cross-Certification and Multiple Hierarchies

30 Things are getting more and more complex when Hierarchies and Cross-Certifications are used X509 PKI Approach to Trust : Problems

31 Identity is Not Enough: Attribute Certificates IETF (PKIX WG) is also defining standards for Attribute Certificates (ACs): Visa Card (Attribute) vs. Passport (Identity) Attribute Certificates specify Attributes associated to an Identity Attribute Certificates don’t contain a Public key but a reference to an Identity Certificate

32 CERTIFICATE Attribute Certificate Issuer Link to Owner’s Identity Certificate Digital Signature Attributes Issuer: Bank of Bristol Serial number: 4776457 Identity certificate link: 64564656 Expiration: 1/12/2001 Attributes Credit card number: 54356 435 2343 Issue date: 23/04/2000 Expiration date: 23/04/2005 Digital Signature: 2kjr3rno2;klnm2

33 Policies and Policy Management

34 34 What is Policy Policy is about the constraints and preferences on the state, or the state transition, of a system. It is a guide on the way to achieving the overall objective which itself is also represented by a desirable system state.

35 Examples of Policies The IT infrastructure of this company must be secure Only authorised people can access company confidential documents Each employee must renew their password every 3 months The network throughput must at least be 2 Mbits/sec

36 Policies Focus on multiple “IT infrastructure” levels Can be very abstract: need for refinement Can be programmatically enforceable or not (focus on the former ones)

37 Policy Targets Network Layer: - routers - firewall - etc. System layer: - OSs - PCs - Servers - Domains - etc. Application Layer: - storage (DBs) - web servers - workflow - etc. Service Layer policies Business Layer

38 38 Policy Refinement Policy P 0 policy P 1,1 Policy P X policy P 1,2 policy P 1,3 I4I4 I4I4 I3I3 I3I3 IiIi IiIi I X,2 I X,1 iterative refinement of policy = State Transition Plan Policy P Y I I = implementable S1S1 S2S2 S3S3 S4S4 SiSi SYSY I Y,1 OBJECTIVE SiSi = desired state high-level description of what to achieve concrete description of state to achieve

39 Policy Refinement: Example The company IT infrastructure must be secure The company network must be secure The company systems must be secure The company applications must be secure … Each PC must run an antivirus Each PC must be Password protected …

40 Work on Policies Imperial College London - Morris Sloman, Emil Lupu http://www.doc.ic.ac.uk/~mss/MSSPubs.html Policies for Distributed Systems (Authorization, Obligation Policies …) IETF working groups: www.ietf.orgwww.ietf.org policies at the networking level Other people: Masullo M.: Policy Management Wies, R. – Neumair, R.: Application of policies Wies: policy specification and transformation Heiler, K.: Policy driven Configuration Mnagement … …

41 Providing Solutions and Infrastructure to underpin Trust in B2B E-Commerce PASTELS PART 2

42 Context Dynamic B2B Environment User x Enterprise 1 OperationWebService1 WebService2 WebService3Operation Operation Operation Operation Operation Operation Service Provider Service Provider K Internet EnterpriseZ B-2-B Enterprise 2 Enterprise 3 Not Trusted Trusted

43 PASTELS Project: Focus Framework to deal with Digital Credentials - End to End Credential Exchange - Solutions for Client and Server Side Integration of Digital Credentials with Authorization at the E-Service level Trust and Trust Management is potentially a huge area. Focus on:

44 E-Market Context Market Governance Market Makers Market Mediator Marketplaces Enterprises Traders Internet Trusted Third Parties

45 Market Governance Market Mediator Marketplaces Bank Enterprise/Trader Credential Validation Authorization Service IC1 Citizenship Credential (AC2) Market Maker CredentialValidation Authorization Credential Usage Monitoring TradingServices Identity Credential (IC1) Financial Credential (AC1) Simplified E-Market Scenario Internet Credential Issuance User

46 Example: Market Maker The Market Maker Administrator has to decide which Credential Issuers it is going to Trust The Administrator has to decide how to deal with Credentials Content: - Attribute Semantic - Defining policies on which Credential Attributes must be accepted - Map to Local Interpretation

47 Example: Market Maker The Administrator has to define Vetting Policies to allow/deny an Enterprise to enter in a Marketplace: - for example based on Credentials content: Credit Limit, Ranking, Issuer of Credentials, etc. “A User with a Credit Limit greater that $100000 and Certified by Issuers “Issuer ABC“ can trade in the Marketplace XYZ, during business hours”

48 Example: Market Maker The Administrator has to define Authorization Policies for Marketplace Services: - for example based on Credentials content: Credit Limit, Citizenship Validity, Ranking, etc. “A User can bid if they have a valid Citizenship, the bid is less than the associated Credit Limit and greater than the current price”

49 PASTELS Infrastructure & Solutions

50 PASTELS: Areas of Interest CredentialValidation Authorization Credential Usage Monitoring Services Enterprise 1 Consumer Enterprise 2 Service Provider Common Trusted Third Parties Client Identity Certificate Server Identity Certificate Server Attribute Credentials Client Attribute Credentials Publishing Mechanism for Semantic of Credential CredentialManagement BrowserPlug-in Infrastructure and solutions to underpin Trust in B2B:

51 PASTELS Models: Credentials, User and Roles, Policies, Services Runtime Validation and Authorization Components

52 PASTELS: Model of Digital Credentials

53 Identity Certificates - real life: your passport, identity card, etc. Attribute Credentials - real life: your driving license, bank statement, your credit card, etc.

54 PASTELS: Attribute Credential Based on Digital Signed XML Attribute Credentials are associated to Identity Certificates by using its Issuer DN and Serial Number: Attribute Credential (XML File) Signature Identity Credential IssuerDN Serial Number Name: … IssuerDN Serial Number Credit card: … Expiration: …

55 PASTELS:Attribute Credentials Attribute Credentials carry “Attributes” with no Explicit Authorization purposes Authorization Policies at Service Level are defined within the Enterprise that provides Services. An Attribute defined in a Credential becomes relevant for Authorization purposes in the context of an Authorization Policy

56 PASTELS: Model of Users and Roles

57 Model - Users, Roles User1 Role1 Role2 User2User3User4 User-Role Association User, Role, User-Role Association Models based on Attributes: - Core Attributes - Management Attributes - Customisable Attributes

58 Name: Marco Casassa Mont Organisation: Company1 email: xyz@company1.com Account creation date: 11/03/1999 Account expiration date: 31/12/1999 createdBy: dddda authorizedBy:cccc Activation Condition: time>9:00, time<16:00 User: XYZ Trade Limit: 500 Core Attributes Management Attributes Customizable Attributes Role Name: Share Trader creation date: 11/03/1999 expiration date: 31/12/1999 createdBy: eeee authorizesBy:ffff Activation Condition: true Role: Share Trader state: active Can Trade Can Trade: yes Core Attributes Management Attributes Customizable Attributes creation date: 11/03/1999 expiration date: 31/12/1999 createdBy: dddda authorizesBy:cccc Activation Condition: true User-Role Association state: active Role Name: Share Trader User Name: Marco Casassa Mont Core Attributes Management Attributes Model - Users, Roles

59 PASTELS: Model of Authorization Policies

60 Policy Logical expression containing constraints on user profile, user’s roles, system information, service parameters, credential content, nature of credentials, external information Java like policy language. No PROLOG. Interpreted at runtime by the Authorization Engine (policy internal representation) Policies can be used to describe constraints of different nature: Validation, Credential Content Management, Authorization

61 Policy Example Authorization Policy: “A User can bid if they have a valid Citizenship Credential, the bid is less than the associated Credit Limit and greater than the current price” EXISTS (ASSIGN(CitizenshipNumber, CONTEXT.CitizenshipNumber)) VERIFY ((CitizenshipNumber.value > 0) && (CitizenshipNumber.propertyQualifier == "attributeCredential") && ASSIGN(CitizenshipCredential, CitizenshipNumber.scope) && (CitizenshipCredential.IssuerDN == “CN=The MarketGovernance, …")) && (bid.bidValue > 0 ) && (bid.bidValue > currentPrice.value ) && (bid.bidValue <= CONTEXT.CreditLimit )

62 PASTELS Model of Services

63 Service 1 Function 1 Function 2 Function 3 Authorization Policies Explicit Service Model

64 Application/Service Name: Trading Service Operation: Offer Parameters: endAuction: Date initialPrice: Integer Operation: Bid Parameters: currentPrice: Integer bid: Integer Authorization Policy Service Model (XML based) EXISTS (ASSIGN(CitizenshipNumber, CONTEXT.CitizenshipNumber)) VERIFY ((CitizenshipNumber.value > 0) && (CitizenshipNumber.propertyQualifier == "attributeCredential") && ASSIGN(CitizenshipCredential, CitizenshipNumber.scope) && (CitizenshipCredential.IssuerDN != “CN=The MarketGovernance,")) && (bid.bidValue > 0 ) && (bid.bidValue > currentPrice.value ) && (bid.bidValue <= CONTEXT.CreditLimit ) Explicit Service Model

65 PASTELS Distributed System Run-time

66 enterprise 3 e-service credentials e-service PASTELS framework e-service enterprise 2 e-service credentials PASTELS framework e-service enterprise 1 user Browser the Internet SSL active session High Level Interaction user attribute credentials storage view server credentials PULL server credentials SSL active session PULL server credentials PULL newly-issued user credentials PUSH user credentials

67 PASTELS Framework Runtime Components - Login Service: manages login, after basic authentication - Session Manager: manages user sessions - Credential Validation Manager: validation of Credentials - Credential Content Manager: manages credential’s content - User Context Manager: collects user’s profile, roles and credentials - Authorization Server: Policy driven Authorization Server - Credential Proxy: PUSH/PULL of credentials (browser plug-in) - User Context Gateway: gateway to the Credential Usage Monitoring Sys - Object Pool Manager: cache for user’s profile, roles and credentials

68 Services Web Server Function Plug In Remote User’s Browser Credentials RemoteEnterprise Internet SSL Enterprise User’s Goal: Access Service

69 Services CredentialValidation Web Server Function Plug In Remote User’s Browser Credentials RemoteEnterprise Enterprise Internet SSL Login Service Identity Certificate Session Manager Identity Certificate Validation OCSP/CVSP CA AA

70 Services Authorization Authorization Server Server CredentialValidation Web Server Function Plug In Remote User’s Browser Credentials RemoteEnterprise Enterprise Internet SSL Policy Evaluation Request Login Service OCSP/CVSP CA AA Session Manager - Service Model - Authorization Policies Policies Credential Validation and Management Policies Identity Certificate Validation

71 Services Authorization Authorization Server Server CredentialValidation Web Server Function Plug In Remote User’s Browser Credentials RemoteEnterprise Enterprise Internet SSL Policy Evaluation Request Login Service OCSP/CVSP CA AA Session Manager Credential Content Mgmt Policy Evaluation Request Abstractor - Service Model - Authorization Policies Policies Credential Validation and Management Policies Identity Certificate Content Mgmt

72 Services Authorization Authorization Server Server CredentialValidation Web Server Function Plug In Remote User’s Browser Credentials RemoteEnterprise Enterprise Internet SSL Policy Evaluation Request Login Service OCSP/CVSP CA AA Session Manager Credential Content Mgmt Policy Evaluation Request Abstractor Users’ profiles Users’ Roles Users’ Identity Credentials Users’ Attribute Credential Users’ Anonymous Credential Object Pool Manager (Cache) User Context Repository UserContextManager - Service Model - Authorization Policies Policies Credential Validation and Management Policies User Context Manager

73 Services Authorization Authorization Server Server CredentialValidation Web Server Function Plug In Remote User’s Browser Credentials RemoteEnterprise Enterprise Internet SSL Policy Evaluation Request Login Service OCSP/CVSP CA AA Session Manager Credential Content Mgmt Policy Evaluation Request Abstractor Users’ profiles Users’ Roles Users’ Identity Credentials Users’ Attribute Credential Users’ Anonymous Credential Object Pool Manager (Cache) User Context Repository UserContextManager - Service Model - Authorization Policies Policies Credential Validation and Management Policies Credentials Usage Monitoring Service User Context Gateway Link to “TrustView”

74 Services Authorization Authorization Server Server CredentialValidation Web Server Function Plug In Remote User’s Browser Credentials RemoteEnterprise Enterprise Internet SSL Policy Evaluation Request Login Service OCSP/CVSP CA AA Session Manager Credential Content Mgmt Policy Evaluation Request Abstractor Users’ profiles Users’ Roles Users’ Identity Credentials Users’ Attribute Credential Users’ Anonymous Credential Object Pool Manager (Cache) User Context Repository UserContextManager - Service Model - Authorization Policies Policies Credential Validation and Management Policies Credentials Usage Monitoring Service User Context Gateway Credential Proxy Push Credential Pushing a User’s Attribute Credential

75 Services Authorization Authorization Server Server CredentialValidation Web Server Function Plug In Remote User’s Browser Credentials RemoteEnterprise Enterprise Internet SSL Policy Evaluation Request Login Service OCSP/CVSP CA AA Session Manager Credential Content Mgmt Policy Evaluation Request Abstractor Users’ profiles Users’ Roles Users’ Identity Credentials Users’ Attribute Credential Users’ Anonymous Credential Object Pool Manager (Cache) User Context Repository UserContextManager - Service Model - Authorization Policies Policies Credential Validation and Management Policies Credentials Usage Monitoring Service User Context Gateway CredentialIssuer/Push Credential Proxy Pull Credential Pulling Attribute Credentials

76 Services UserContextManager Credentials Usage Monitoring Service Authorization Authorization Server Server - Service Model - Authorization Policies Policies Credential Validation and Management Policies CredentialValidation Web Server Session Manager Authorization Request Function CredentialIssuer/Pusher Plug In Remote User’s Browser Credentials RemoteEnterprise Enterprise Internet SSL Policy Evaluation Request Credential Proxy Credential Content Mgmt Policy Evaluation Request User Context Users’ profiles Users’ Roles Users’ Identity Credentials Users’ Attribute Credential Users’ Anonymous Credential Login Service User Context Gateway Abstractor Object Pool Manager (Cache) Repository OCSP/CVSP CA AA Authorization at Service Level

77 Credential Usage Monitoring Service

78 PASTELS Prototype Prototype leverages State of the Art technology: Prototype leverages State of the Art technology: - PKI and PKI toolkits (Baltimore UniCERT, J/PKI-Plus) - PKI and PKI toolkits (Baltimore UniCERT, J/PKI-Plus) - Signed XML (Baltimore X/Secure) - Signed XML (Baltimore X/Secure) - SSL with full handshake - SSL with full handshake - Web server technology (IIS, JWS) - Web server technology (IIS, JWS) - Enterprise Java Beans (EJB) - Enterprise Java Beans (EJB) - Relational Database (MS SQL Server, MS Access) - Relational Database (MS SQL Server, MS Access) - Object Oriented Database (Cloudscape) - Object Oriented Database (Cloudscape)

79 Trust Management Prior Relevant Work SPKI (Ellison): Delegation Model PolicyMaker (Blaze): Trust Management System - Assertions of certificates and policies - Policy: key local policy - Verify that actions conform to policies and credentials IETF: X509 RFC, Attribute Certificate RFC

80 Trust Management Prior Relevant Work KeyNote (Blaze): Trust Management System - It derives from PolicyMaker - Common language for credentials and policies - Policy: action permitted by the holder of a public key REFEREE (LaMacchia): Trust Management System - Environment to evaluate compliance with policies - Self-regulated by policies - Based on Credentials

81 PART 3 Moving Towards … The Future …

82 Dealing with things when they go wrong … Trust Services as a Safety Net For E-Commerce Internet B-2-BEnterpriseUser Enterprise User Trust Services

83 Moving Trust to the E-World Trust Services exist in the physical world. In the E- World the wheels still need greasing. However, the interactions are different. Notary Dispute Resolution Underwriter Repository Identity tracking

84 Greasing the wheels of E-Commerce Notary Restoration Services Access Control Evidential Analysis Identity tracking Storage -contracts -keys -evidential -documents Monitoring real time Reliable Messaging Underwriter Credential Management Policy Trust Service Eco-system

85 Trust Services Research Problems … Integrity Authenticity Confidentiality Non-Repudiation Longevity Survivability Accountability Simplicity

86


Download ppt "Seminar: Solutions and Infrastructure to ensure Trust in E-Commerce Marco Casassa Mont Trusted E-Services Laboratory Hewlett-Packard."

Similar presentations


Ads by Google