Presentation is loading. Please wait.

Presentation is loading. Please wait.

TeSSA 2 Template © 1999 Juho Heikkilä A Revocation, Validation and Authentication Protocol for SPKI Based Delegation Systems Yki.Kortesniemi, Tero.Hasu.

Similar presentations


Presentation on theme: "TeSSA 2 Template © 1999 Juho Heikkilä A Revocation, Validation and Authentication Protocol for SPKI Based Delegation Systems Yki.Kortesniemi, Tero.Hasu."— Presentation transcript:

1 TeSSA 2 Template © 1999 Juho Heikkilä A Revocation, Validation and Authentication Protocol for SPKI Based Delegation Systems Yki.Kortesniemi, Tero.Hasu Jonna.Sars { Yki.Kortesniemi, Tero.Hasu

2 Template © 1999 Juho Heikkilä TeSSA 2 Outline z Certificates z Revocation z Quota z Proposed changes to SPKI z The revocation protocol z Conclusions

3 Template © 1999 Juho Heikkilä TeSSA 2 Certificates z Certificates are fixed-form digitally signed documents Self-containedSelf-contained z Two main types Name/Identification (e.g. X.509)Name/Identification (e.g. X.509) Authorisation (e.g. SPKI)Authorisation (e.g. SPKI) z SPKI - Simple Public Key Infrastructure Five-tuple: Issuer, Subject, Tag, Delegation, ValidityFive-tuple: Issuer, Subject, Tag, Delegation, Validity

4 Template © 1999 Juho Heikkilä TeSSA 2 Need for revocation z Certificates are good for granting rights z But how do you revoke them in case of exposure of private keyexposure of private key misuse of rightsmisuse of rights z Certificates can not be deleted unlike ACL entriesunlike ACL entries z Requirements for revocation deterministicdeterministic revocation interval controlled by issuerrevocation interval controlled by issuer

5 Template © 1999 Juho Heikkilä TeSSA 2 Current revocation solutions z CRL and variations (e.g. Delta-CRL) Support offline operationSupport offline operation Can include unnecessary information  waste bandwidthCan include unnecessary information  waste bandwidth z Revocation Trees maintaining the tree requires computationmaintaining the tree requires computation z Bill of health

6 Template © 1999 Juho Heikkilä TeSSA 2 SPKI Validity z Several possibilities (all optional) not beforenot before not afternot after CRL (Certificate Revocation List)CRL (Certificate Revocation List) RevalReval –Bill of Health One-timeOne-time –free-form online condition

7 Template © 1999 Juho Heikkilä TeSSA 2 Problems with SPKI z Using CRLs offline is very difficult multiple issuers  multiple CRLsmultiple issuers  multiple CRLs multiple uses  multiple CRLsmultiple uses  multiple CRLs asynchronous  need network connection oftenasynchronous  need network connection often z Consolidating the revocations into only a few CRLs is not good because of different revocation intervals and usesdifferent revocation intervals and uses

8 Template © 1999 Juho Heikkilä TeSSA 2 Need for quota 1/2 z Certificates mainly limit usage to a time interval Within that limit can use the resource at willWithin that limit can use the resource at will z We want more fine grained limits, such as 3 hours per day (e.g. a database)3 hours per day (e.g. a database) 5 times (e.g. a bus ticket)5 times (e.g. a bus ticket) up to $1000 per month (e.g. a credit card)up to $1000 per month (e.g. a credit card)

9 Template © 1999 Juho Heikkilä TeSSA 2 Need for quota 2/2 z Requirements for quota Quota model is selectable by the certificate issuerQuota model is selectable by the certificate issuer Prevents unauthorised usage of quotaPrevents unauthorised usage of quota Prevents unauthorised monitoring of quota usagePrevents unauthorised monitoring of quota usage

10 Template © 1999 Juho Heikkilä TeSSA 2 Proposed changes to SPKI z Deprecate CRL z Introduce Renew z Introduce Limit z Define query format z Define negative replies

11 Template © 1999 Juho Heikkilä TeSSA 2 The revocation protocol 1/2 z Supports all SPKI revocation methods (CRL, D-CRL, bill of health) z Supports quota (new online check type) z Fulfils the requirements deterministic, interval chosen by issuerdeterministic, interval chosen by issuer quota model chosen by issuerquota model chosen by issuer prevents unauthorised usage and monitoring of quotaprevents unauthorised usage and monitoring of quota

12 Template © 1999 Juho Heikkilä TeSSA 2 The revocation protocol 2/2 z Security based on ISAKMP z Operation User establishes connection to verifier (authentication)User establishes connection to verifier (authentication) The chain is completedThe chain is completed User authorises quota checksUser authorises quota checks Simple checks are made (= all except quota)Simple checks are made (= all except quota) Quota checks are madeQuota checks are made Service is grantedService is granted

13 Template © 1999 Juho Heikkilä TeSSA 2 Critique of protocol z Has overhead Can sometimes be distributed over several usesCan sometimes be distributed over several uses z Creates state data in the verifier z Requires online connection

14 Template © 1999 Juho Heikkilä TeSSA 2 Conclusions z Offline revocation methods like CRL are not practical for SPKI z SPKI specification should be completed z Introducing quota opens up new possibilities z Protocol can be implemented on top of ISAKMP or another similar protocol


Download ppt "TeSSA 2 Template © 1999 Juho Heikkilä A Revocation, Validation and Authentication Protocol for SPKI Based Delegation Systems Yki.Kortesniemi, Tero.Hasu."

Similar presentations


Ads by Google