Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Ravi Sandhu Chief Scientist SingleSignOn.Net & Professor, George Mason University Mihir Bellare Chief Cryptographer SingleSignOn.Net & Professor, Univ.

Published byEric Rice Modified over 10 years ago

Similar presentations

Presentation on theme: "1 Ravi Sandhu Chief Scientist SingleSignOn.Net & Professor, George Mason University Mihir Bellare Chief Cryptographer SingleSignOn.Net & Professor, Univ."— Presentation transcript:

1 1 Ravi Sandhu Chief Scientist SingleSignOn.Net & Professor, George Mason University Mihir Bellare Chief Cryptographer SingleSignOn.Net & Professor, Univ. of California--San Diego Ravi Ganesan Chief Executive Officer SingleSignOn.Net 11417 Sunset Hills Rd., Reston, VA 20190 Password Enabled Public-Key Infrastructure (PKI): Virtual Smartcards vs. Virtual Soft Tokens

2 2 Why Password- Enabled PKI Smartcards have not happened –Its the smartcard readers stupid! –Roaming capability is critical –Even DoD is stretched in large-scale deployment Trends are not in favor of smartcards –Deployment scale of 10s or even 100s of millions of users –Computing devices are proliferating –Large installed base of reader-less computers Smartcards are likely to remain a high- assurance niche application

3 3 Solve PKI Gap and Silo Problem Weak Password Systems Strong PKI Systems PKI Hardened Passwords PKI with Password Convenience Result Phased migration path No quantum jump PKI integral, not silod Password Usability PKI Capability No change for users No change for issuer Eliminate weaknesses

4 4 A Common Misperception Fact: Password based systems are often vulnerable to attacks Myth: Passwords are inherently insecure. Fact: It is completely possible to design a sufficiently secure password system. Designing sufficiently secure password-based systems is non-trivial but it is possible.

5 5 Another Common Misperception Fact: Users hate current password systems that require –too many passwords and –force too many changes Myth: Users inherently hate passwords. Fact: It is completely possible to design a user friendly password system with PKI- enabled Single Sign On. Designing user-friendly and sufficiently secure password-enabled PKI systems is non-trivial but it is possible.

6 6 Password Vulnerabilities and Counter-Measures Bad password selection –enforce complexity rules On-line guessing attack –throttling mechanism Off-line guessing (dictionary attacks) –dont reveal required information (we know how to design such protocols) Undetected theft and sharing –online intrusion detection to discover –deter sharing, e.g., sharing reveals sensitive user information Use of same password at strong and weak servers –user awareness and education Password reuse –dont force unnecessary password changes Server spoofing –use secure protocols to prove knowledge of password w/o sending it –limit password exposure to trusted servers Server compromise –use hardened servers or multiple servers

7 7 Password Benefits Instant roaming capability Proven user acceptance –100s of millions of passwords usages per day in cyberspace Cheap Self-maintained –Password resets –Password change

8 8 Traditional Public-Key Infrastructure (PKI) How to distribute public-keys –Digital Certificates –Certificate Revocation Lists How to distribute private-keys (long-term) –Smartcards The private key never leaves the smartcard Often called a hard token How to distribute private-keys (short-term) –Password protected on the hard disk Not very mobile –Password protected on a floppy disk Often called a soft token

9 9 Modern Public-Key Infrastructure (PKI) How to distribute public-keys –Digital Certificates –Certificate Revocation Lists –On-line servers for certificate validation How to distribute private-keys (long-term) –Smartcards The private key never leaves the smartcard Often called a hard token How to distribute private-keys (short-term) –Password protected on the hard disk Not very mobile –Password protected on a floppy disk Often called a soft token –On-line servers for password-enabled mobility

10 10 Approaches How to marry PKI and Passwords? Approach 1: Virtual Soft Token Use password to encrypt private key and store it on remote server(s). Need password to RETREIVE private key. Approach 2: Virtual Smartcard The password is part of the composite private key. Need password to USE private key.

11 11 Trivial Insecure Virtual Soft Token Private key encrypted with users password is stored on an on-line server E pwd (private-key) Anyone is allowed to retrieve the encrypted private key Only the user can decrypt it using the password Unacceptable risk due to dictionary attack

12 12 Cryptographic Camouflage, Hoover and Kausik E pwd (private-key) Dictionary attack –Knowledge of public key allows attacker to obtain known plaintext –So prohibit knowledge of public key resulting in closed public-key system

13 13 EKE Roaming, Bellovin-Merritt et al Store E pwd (private-key) on server Transmit E K (E pwd (private-key)) where K is a strong symmetric key K is established using password- based authenticated key exchange protocol (such as EKE or SPEKE) –Immune to off-line dictionary attack

14 14 Hardened Password Roaming, Kaliski-Ford Users hardened password is retrieved at any computer from two on-line servers –Compromise of both servers is required to compromise hardened password –Successful retrieval of hardened password requires knowledge of users password Users private key is retrieved by means of hardened password Once retrieved the users private key can be freely used on this computer

15 15 Step 5: Ask for Credentials Long term private key is locked with hardened password H. Need duplicate credentials server for redundancy. Credential Servers 1 & 2 Step 6: Check if Cert is revoked OCSP server to check for revocation Revocation Servers 1 & 2 Step 7: Return Cert and H ( D ) Step 8: Use H to decrypt private key D Step 2: Client Computer starts process Client Computer Security server with partial knowledge of H ( H1 ). Need duplicate server for redundancy. Security Servers 1 & 2 Step 3: Get H1 Security server with remaining knowledge of H ( H2 ). Need duplicate server for redundancy. Security Servers 3 & 4 Step 4: Get H2 Step 9: Finally get around to logon or sign operation! Alice knows Password, P a Step 1: Alice sends P a

16 16 Approaches How to marry PKI and Passwords? Approach 1: Virtual Soft Token Use password to encrypt private key and store it on remote server(s). Need password to RETREIVE private key. Approach 2: Virtual Smartcard The password is part of the composite private key. Need password to USE private key.

17 17 Trivial Insecure Virtual Smart Card Keep the private key on an on-line server Use the password as authentication to enable use of the private key on the server Lose non-repudiation

18 18 We want: 2.Alice takes A And creates AA 1.Appliance takes And creates A 3.But (presto!) AAA A C CACA ID: Castle Corp FN: Castle LN: Corp.

19 19 The Practical PKI TM Approach Password Secure Identity Appliance A A A Secure Identity Appliance has key d2 for Alice which ONLY it knows. CA C CACA ID: Castle Corp FN: Castle LN: Corp. As before, Alice has public cert, with public key e, signed by a CA. Process 1.Alice authenticates to appliance, sets up secure channel and sends M. 2.Appliance performs partial signature on M with its key for Alice d2. 3.Alice completes signature with her key d1. Alice has password P which ONLY she knows. Password P expands to key d1 on computer. A A

20 20 Comparison Traditional PKI Keys: a)Alice Public = e b)Alice Private = d c)Alice Cert = C Signing: a) S = Sign (M,d) Send [S, C] to Bob Bob: Gets e from C Does Verify(S,e) = M? Practical PKI TM Keys: a)Alice Public = e b)Alice PKCS5(password, salt, iteration count) = d1 c)Alice Cert = C d)Alice appliance key = d2 Signing: a)Alice logs on to appliance using d1 and creates secure channel a)Spartial = Sign(M,d2) b)S = Sign(Spartial,d1) Send [S, C] to Bob Bob: Gets e from C Does Verify(S,e) = M?

21 21 Comparison Traditional PKI Keys: a)Alice Public = e b)Alice Private = d c)Alice Cert = C Signing: a) S = Sign (M,d) Send [S, C] to Bob Bob: Gets e from C Does Verify(S,e) = M? Practical PKI TM Keys: a)Alice Public = e b)Alice PKCS5(password, salt, iteration count) = d1 c)Alice Cert = C d)Alice appliance key = d2 Signing: a)Alice logs on to appliance using d1 and creates secure channel a)Spartial = Sign(M,d2) b)S = Sign(Spartial,d1) Send [S, C] to Bob Bob: Gets e from C Does Verify(S,e) = M? Difference #1: Alice has short convenient password Difference #2: Alice has to interact with appliance to sign.

22 22 Comparison Traditional PKI Keys: a)Alice Public = e b)Alice Private = d c)Alice Cert = C Signing: a) S = Sign (M,d) Send [S, C] to Bob Bob: Gets e from C Does Verify(S,e) = M? Practical PKI TM Keys: a)Alice Public = e b)Alice PKCS5(password, salt, iteration count) = d1 c)Alice Cert = C d)Alice appliance key = d2 Signing: a)Alice logs on to appliance using d1 and creates secure channel a)Spartial = Sign(M,d2) b)S = Sign(Spartial,d1) Send [S, C] to Bob Bob: Gets e from C Does Verify(S,e) = M? NOTHING ELSE CHANGES!!!!

23 23 Strong Fraud Management ID stolen Theft detected Theft reported CA revokes ID A CACA ID: Alice FN: Alice LN: Smith Email:alice@cc.com. CACA Recipient (we hope) stops accepting ID Velocity Checking Easy to report ID CANNOT BE USED ANY FURTHER! INSTANT, COMPLETE, REVOCATION

24 24 Strong Fraud Management ID stolen Theft detected Theft reported CA revokes ID A CACA ID: Alice FN: Alice LN: Smith Email:alice@cc.com. CACA Recipient (we hope) stops accepting ID Velocity Checking Easy to report ID CANNOT BE USED ANY FURTHER! INSTANT, COMPLETE, REVOCATION Consumer or CSR can use password to revoke instantly! Every signature requires appliance interaction. So appliance logs can be used for velocity checking. Every signature requires appliance interaction. Once revoked key cannot be used further! Instant, complete revocation!

25 25 SingleSignOn.Net Practical PKI TM solution –Ease of use: password based –Quick to deploy –Simple to manage with least privilege –Velocity checking and instant revocation –Reusable for multiple applications Web, Wireless, VPN, email, etc. –Use existing standards and widely deployed technologies

26 26 Summary Password enabled solutions are poised to jump start the stalled PKI car. Major vendors jumping into password enabled solutions using on-line servers is a good sign. Many servers are not all good, and have quality/security downside. Making password a part of the composite private key (virtual smartcards) provides substantial advantages over using password to retrieve private key (virtual soft tokens).

Download ppt "1 Ravi Sandhu Chief Scientist SingleSignOn.Net & Professor, George Mason University Mihir Bellare Chief Cryptographer SingleSignOn.Net & Professor, Univ."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
1 Rethinking Password Strategies Ravi Sandhu Chief Scientist 703 283 3484

1 Rethinking Password Strategies Ravi Sandhu Chief Scientist
ISA 662 Internet Security Protocols Kerberos Prof. Ravi Sandhu.

ISA 662 Internet Security Protocols Kerberos Prof. Ravi Sandhu.
PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.

PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.
1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.

1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.
© 1998-2003 ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Building Confidence in E-government Services ITU-T Workshop on.

© ITU Telecommunication Development Bureau (BDT) – E-Strategy Unit.. Page - 1 Building Confidence in E-government Services ITU-T Workshop on.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13

Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.

Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.
Security in Open Environments

Security in Open Environments
1 Kerberos Anita Jones November, 2006. 2 Kerberos * : Objective Assumed environment Assumed environment –Open distributed environment –Wireless and Ethernetted.

1 Kerberos Anita Jones November, Kerberos * : Objective Assumed environment Assumed environment –Open distributed environment –Wireless and Ethernetted.
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Kerberos and X.509 Fourth Edition by William Stallings

Kerberos and X.509 Fourth Edition by William Stallings
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.

2  Industry trends and challenges  Windows Server 2012: Modern workstyle, enabled  Access from virtually anywhere, any device  Full Windows experience.
Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Fundamentals of Information Systems Security.

© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Fundamentals of Information Systems Security.

Similar presentations

Ads by Google