Secure Credential Manager Claes Nilsson - Sony Ericsson 2009-12-15.

Slides:

Advertisements

Similar presentations

Chapter 6 Server-side Programming: Java Servlets

Advertisements

Towards Remote Policy Enforcement for Runtime Protection of Mobile Code Using Trusted Computing Xinwen Zhang Francesco Parisi-Presicce Ravi Sandhu

0 McLean, VA August 8, 2006 SOA, Semantics and Security.

1 The phone in the cloud Utilizing resources hosted anywhere Claes Nilsson.

Thomas S. Messerges, Ezzat A. Dabbish Motorola Labs Shin Seung Uk.

Chapter 14 – Authentication Applications

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

Applet Security Gunjan Vohra. What is Applet Security? One of the most important features of Java is its security model. It allows untrusted code, such.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Copyright© Trusted Computing Group - Other names and brands are properties of their respective owners. Slide #1 Tightening the Network: Network.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

Fine Granularity Policy Based Device Access Security Claes Nilsson - Sony Ericsson

Creating a Secured and Trusted Information Sphere in Different Markets Giuseppe Contino.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Chapter 10: Authentication Guide to Computer Network Security.

Windows.Net Programming Series Preview. Course Schedule CourseDate Microsoft.Net Fundamentals 01/13/2014 Microsoft Windows/Web Fundamentals 01/20/2014.

JavaScript & jQuery the missing manual Chapter 11

Confidential Confidential Rev PA11 Access to local device functionality through REST APIs Johan Apelqvist Research Manager R&T Advanced Concepts.

Key Management with the Voltage Data Protection Server Luther Martin IEEE P May 7, 2007.

Copyright Protection Allowing for Fair Use Team 9 David Dobbs William Greenwell Jennifer Kahng Virginia Volk.

Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)

Shib-Grid Integrated Authorization (Shintau) George Inman (University of Kent) TF-EMC2 Meeting Prague, 5 th September 2007.

OpenPASS Open Privacy, Access and Security Services “Quis custodiet ipsos custodes?”

SAML CCOW Work Item HL7 Working Group Meeting San Antonio - January 2008 Presented by: David Staggs, JD CISSP VHA Office of Information Standards.

Java 2 security model Valentina Casola. Components of Java the development environment –development lifecycle –Java language features –class files and.

A Flexible Access Control Model for Web Services Elisa Bertino CERIAS and CS Department, Purdue University Joint work with Anna C. Squicciarini – University.

Harshavardhan Achrekar - Grad Student Umass Lowell presents 1 Scenarios Authentication Patterns Direct Authentication v/s Brokered Authentication Kerberos.

Secure Active Network Prototypes Sandra Murphy TIS Labs at Network Associates March 16,1999.

Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.

DIGITAL SIGNATURE. GOOD OLD DAYS VS. NOW GOOD OLD DAYS FILE WHATEVER YOU WANT – PUT ‘NA’ OR ‘-’ OR SCRATCH OUT FILE BACK DATED, FILE BLANK FORMS, FILE.

Shibboleth: An Introduction

Secure Systems Research Group - FAU SW Development methodology using patterns and model checking 8/13/2009 Maha B Abbey PhD Candidate.

Shibboleth: Installation and Deployment Scott Cantor July 29, 2002 Scott Cantor July 29, 2002.

Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

THE DEVIL IS IN THE (IMPLEMENTATION) DETAILS: AN EMPIRICAL ANALYSIS OF OAUTH SSO SYSTEMS SAN-TSAI SUN & KONSTANTIN BEZNOSOV PRESENTED BY: NAZISH KHAN COMPSCI.

Jaas Introduction. Outline l General overview of Java security Java 2 security model How is security maintained by Java and JVM? How can a programmer.

Deconstructing API Security

Your friend, Bluestem. What is Bluestem? “Bluestem is a software system which enables one or more high-security SSL HTTP servers in a domain (entrusted.

Wireless and Mobile Security

Pkiuniversity.com. Alice Bob Honest Abe’s CA Simple PKI hierarchy.

Bridge Certification Architecture A Brief Overview by Tim Sigmon May, 2000.

CSI 3125, Preliminaries, page 1 SERVLET. CSI 3125, Preliminaries, page 2 SERVLET A servlet is a server-side software program, written in Java code, that.

Web Services Security Patterns Alex Mackman CM Group Ltd

SACRED REQUIREMENTS DOCUMENT Stephen Farrell, Baltimore Alfred Arsenault, Diversinet.

CSC 2720 Building Web Applications Basic Frameworks for Building Dynamic Web Sites / Web Applications.

Computer Science and Engineering Computer System Security CSE 5339/7339 Session 16 October 14, 2004.

Shibboleth 1.2 Technical Overview “So you thought 1.1 was complicated…” Scott Cantor The Ohio State University and Internet2 Scott Cantor.

Doc.: IEEE /0098r0 Submission July 2010 Alex Reznik, et. al. (InterDigital)Slide Security Procedures Notice: This document has been.

ASP.NET 2.0 Security Alex Mackman CM Group Ltd

Active Directory Domain Services (AD DS). Identity and Access (IDA) – An IDA infrastructure should: Store information about users, groups, computers and.

All images © Mat Wright GOPI Training Technical Overview

PREPARED BY: MS. ANGELA R.ICO & MS. AILEEN E. QUITNO (MSE-COE) COURSE TITLE: OPERATING SYSTEM PROF. GISELA MAY A. ALBANO PREPARED BY: MS. ANGELA R.ICO.

Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.

Doc.: IEEE /0085r1 Submission June 2010 Tuncer Baykas, NICTSlide TG1 and System Design Document Notice: This document has been prepared.

Chapter 29: Program Security Dr. Wayne Summers Department of Computer Science Columbus State University

ArcGIS for Server Security: Advanced

Web Application Vulnerabilities, Detection Mechanisms, and Defenses

Topic: Java Security Models

SharePoint Online Authentication Patterns

Chapter 29: Program Security

TG1 and System Design Document

Security in SDR & cognitive radio

Presentation transcript:

Secure Credential Manager Claes Nilsson - Sony Ericsson

Content of presentation A proposal for a “Secure Credential Manager” for web applications using “Fine Granularity Policy Based Device Access Security”

Secure Credential Manager Motivations: – Many web services, e.g. Social Networking Services, enforce application authentication by requiring an API key (credentials) to be able to access APIs. – To achieve a high secure solution the credentials are not recommended to be deployed in the application itself, instead the credentials must be stored securely outside the application. – A Secure Credential Manager is used to manage the secret credentials and the credentials are retrieved by Web Applications using a JavaScript API.

Typical use case for “Secure Credential Manager” 1.The social web site Happy Social lets Mr Good create Happy Social Web Widget 2.To give access to a number of web APIs the Happy Social Web Widget needs to login to the Happy Social web site using a secret API key (“Credentials”). 3.When Mr Good has created the widget it is submitted to the "authorities" of Happy Social that reviews the widget to check that the widget is not doing anything evil. If ok the widget is signed, which means that all content of the widget is integrity protected. 4.The widget is placed at an appropriate application store to be available for download 5.Ella is downloading the widget into her brand new W3C DAP capable handset 6.The W3C DAP policy framework is used to verify that the widget is allowed to access the “Secure Credential Manager" API. 7.Each data entry in the " Secure Credential Manager " contains: – AppId (Id for the application that is allowed to access this data) – CredId – Credential 8.This data has been pre-provisioned into the device (might be a subject for later standardization) 9.The widget's digital signature is verified. If the signature is valid the identity of the widget is used to give access to the correct entry in the “Secure Credential Database". The identity of the widget could be included in the widget's configuration file but that assumes some kind of centralized widget signing or it could be included in the certificate, which makes distributed signing possible. 10.The secret API-key (“Credential”) is retrieved from the " Secure Credential Database" and used for application login to access APIs at the Happy Social site. All security issues during the transport is out of scope for this discussion but would typically mean TLS/SSL or any other means for secure transport. Notes: It is assumed that Mr Good is responsible and implements the widget so that it does not download code from any unreliable site. If this is not the case the widget shall not be approved and signed. Any attempts for Mr Good, turning out to be evil, to change the widget after it has been approved and signed will fail as the device will find the signature invalid. Any attempts from Mr Evil to copy the widget and change the content will fail as the device will find the signature invalid. It is a basic assumption that the platform on which this API is implemented provides application memory protection so that applications are prevented from accessing other application's entries in the "secure data storage".

Proposal for support of “Secure Credential Manager” for web applications Based on proposal for a “Fine Granularity Policy Based Device Access Security” Assumptions: – The device platform provides sufficient application memory protection for web applications

Web Execution Environment Web Application, e.g. Social App Widget package html CSS JS Dig Signature cert Conf doc Content Engine 2. GetTrustAttributes Returns OriginURl, Certificate, Digital Signature, Conf Doc,etc 6. Credential = Get (AppId_a, CredID_1) Assumptions: The origin and integrity of the web application can be securely verified. The identity of the web application can be securely verified. The device platform provides application memory protection Trust Manager 3. GetTrustDomain(TrustAttributes, TrustPolicy) Secure Credentials API 4. GetSecureCred(CredId_1, TrustDomain_Man, AppId_a) Access Manager 5. Access allowed? (TrustDomain_Man, AccessPolicy) Returns TrustDomain_Man + AppId_a 1. navigator.device.CredAPI.get(CredId_1) Returns Allowed/ NotAllowed Returns “Credential_a1 “, which will be a callback to navigator.device.CredAPI.get AppId_a CredId_1 “Credential_a1” AppId_a CredId_2 “Credential_a2” AppId_b CredId_1 “Credential_b1” Data provisioned by some “out of band method” Secure Credential Database Trust Policy Access Policy

Logical flow for a “Secure Credential Manager JS API” use case 1.The web application, e.g. a signed Social Networking Service web widget, contains a call to the Secure Credential API with the identity of the required credential (CredId_1 in this example) as input. 2.The content engine loads the content and gets any needed content trust attributes, e.g. the origin URL, the digital signature, the certificate, the configuration document etc. 3.The content engine queries the trust manager to get the trust domain of the content and the application id, passing the relevant trust attributes, and the path to the appropriate trust policy to the trust manager. The application id (AppId_a in this example) could for example be included in a widget's (signed) configuration (assumes some kind of centralized widget signing) or it could be included in the certificate (makes distributed signing possible). In this example it is assumed that the trust domain is TrustDomain_Man (“manufacturer”) 4.The content engine makes a call to the Secure Credentials API, passing CredId_1, TrustDomain_Man and AppId_a as input parameters. 5.The Secure Credentials API implementation creates a security session with the access manager, passing the path to the appropriate access policy and the TrustDomain_Man. The Secure Credentials API implementation asks the security manager for an access decision (via the security session) passing the required capabilities. 6.Based on the result of the access control decision, the Secure Credentials API implementation invokes the requested operation towards the Secure Credential Database, passing AppId_a and CredId_1 as parameters, or throws a security exception. The Secure Credential Database will return Credential_a1 that will chain back and give a callback to the original JS call.

Questions / Issues The JavaScript execution environment has a dynamic nature and security limitations. Consider e.g. section 3.1 in – It is proposed to reference existing security mechanisms (Digital signing, TLS/SSL, WARP, etc) for a JS API to a “Secure Credential Manager”. Should the “Secure Credential Manager” be an API of its own or should it be the “File API” accessed with the granularity of AppId?