Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR...
Transcript of Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR...
![Page 1: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/1.jpg)
13. Oktober 2010 | Dr.Marc Fischlin | Kryptosicherheit | 1
Attribute-basedAccess Control Architectureswith the eIDAS Protocols
21. SSR 2016
Frank Morgner (Bundesdruckerei)Paul Bastian (Bundesdruckerei)
Marc Fischlin (TU Darmstadt)
![Page 2: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/2.jpg)
Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2
German electronic identity card
since November 2010
Cryptographic protocols of German identity card:
also used for machine readable travel documents (ICAO Doc 9303)
candidate for European eIDAS protocol
electronic identification, authentication, and trust services for electronic transactions
![Page 3: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/3.jpg)
Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 3
Basic Setting of German eID card
key k key k
Terminal Authentication (TA)
Chip Authentication (CA)
ID card eID server
{Secure Messaging}
Secure extension toattribute-based access control
in different scenarios?
Extended Access Control (EAC)
![Page 4: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/4.jpg)
Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 4
Architectures
![Page 5: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/5.jpg)
Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 5
Integrated Architecture
TA
CA
ID card Reader Management
{„Read Att“}secure msging
securechannel
{ Attributes }secure msgingAttributes
Decision
![Page 6: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/6.jpg)
Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 6
Distributed Architecture
TA
CA
ID card Reader Management
{„Read Att“}secure msging
securechannel
{ Attributes }secure msgingAttributes
Decision
securechannel
Controller
Decision
![Page 7: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/7.jpg)
Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 7
eID-Service ArchitectureID card Reader eID server ManagementController
securechannel
securechannel
securechannel
TA
CA
{„Read Att“}secure msging
{ Attributes }secure msging
Attributes
DecisionDecision
Attributes
![Page 8: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/8.jpg)
Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 8
Authentication-Service ArchitectureID card Reader Auth server ManagementController
securechannel
securechannel
securechannel
TA
CA
{„Read Att“}secure msging
{ Attributes }secure msging
Attributes
DecisionDecision
S
Sig Request
Signature
![Page 9: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/9.jpg)
Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 9
Security
![Page 10: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/10.jpg)
Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 10
Goals for Integrated Architecture
TA
CA
ID card Reader Management
{„Read Att“}secure msging
securechannel
{ Attributes }secure msgingAttributes
Decision
Impersonation Resistance
Attribute Privacy
![Page 11: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/11.jpg)
Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 11
Dolev-Yao adversary (for both properties)
adversary can:
− eavesdrop− inject/modify messages− determine schedule− corrupt parties− determines data T
requires some notion ofsessions and session identifiers
![Page 12: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/12.jpg)
Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 12
ID card
certified key pair skC, pkC certified key pair skS, pkS
Compr(epk) pick ephemeral esk, epk
nonceC
s←Sig(skS, nonceC||Compr(epk))s
pkS, certificateS
pick nonceC
pkC, certificateC
epk
tag, nonce*C
pick nonce*CK = KDF(DH(skC,epk) nonce*C)tag=MAC(K,epk)
K = KDF(DH(epk,pkC) nonce*C)verify tag
EAC Protocol
terminal authentication
chip authentication
session identifierSID=(nonceC,Compr(epk))
partner through certificate
![Page 13: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/13.jpg)
Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 13
Defining security: impersonation resistance
(a) If party accepts in session SID for partner and attributes A, then partner also accepts SID and A in some session
(b) at most two SIDs collide, one at a card, one at a reader
Example: „passive security“
pretends to be card accepts with SID and A
(a) → can only happen if card has also accepted with SID and A→ adversary has only relayed data
formalized in common game-
based style
![Page 14: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/14.jpg)
Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 14
Defining security: impersonation resistance
(b) at most two SIDs collide, one at a card, one at a reader
Example: replay attacks
pretends to be cardaccepts with SID
(a) → can only happen if card has also accepted with SID* and A→ adversary has only relayed data
accepts with SID and A
(b) →SID*≠SID
(a) If party accepts in session SID for partner and attributes A, then partner also accepts SID and A in some session
![Page 15: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/15.jpg)
Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 15
Proving security: impersonation resistance
Theorem:
EAC with secure messaging protocol provides impersonation resistance(assuming random oracles and security of GapDH, MAC, Enc, Sig, Cert).
Proof idea:
EAC is secure key key exchange protocol+channel protocol is secure
⇒
integrity of attribute transmissions
[Dagdelen, Fischlin, 2010]
ISO/IEC 10116, ISO/IEC 9797-1[Rogaway, 2011]
[Brzuska, 2014]
![Page 16: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/16.jpg)
Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 16
Defining security: attribute privacy
Adversary cannot distinguish betweendifferent attributes A0 and A1 used in executions between honest parties
formalized againin game-based
styleFollows again from security of channel:
EAC is secure key key exchange protocol+channel protocol is secure
⇒
confidentiality of attribute transmissions
[Dagdelen, Fischlin, 2010]
ISO/IEC 10116, ISO/IEC 9797-1[Rogaway, 2011]
[Brzuska, 2014]
![Page 17: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/17.jpg)
Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 17
Restoring Sessions
![Page 18: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/18.jpg)
Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 18
Restoring sessions
TA
CA
ID card Reader
{„Read Att“}
{ Attributes }
Management
securechannel
store key andsequence counter
store key andsequence counter
„Restore Session“
{„Read Att“}
{ Attributes }only symmetric-
key crypto
![Page 19: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/19.jpg)
Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 19
Restoring sessions
TA
CA
ID card Reader
{„Read Att“}
{ Attributes }
Management
securechannel
store key andsequence counter
store key andsequence counter
„Restore Session“
{„Read Att“}
{ Attributes }
impersonation resistance+ attribute privacy
still guaranteed
easy to integrate viaEAC‘s
persistent session contexts
![Page 20: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/20.jpg)
Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 20
Conclusion
![Page 21: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/21.jpg)
Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 21
Conclusion
EAC protocol easy to adapt forattribute-based access control
provides strong impersonationresistance and attribute privacy
easy to restore sessions
ID card Reader eID server ManagementController
securechannel
securechannel
securechannel
„Restore Session“
{„Read Att“}
{ Attributes }
![Page 22: Attribute-based Access Control Architectures with the ... · Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 2 German electronic identity card](https://reader036.fdocuments.us/reader036/viewer/2022081406/5f142cf4b0ce5206dd53dd35/html5/thumbnails/22.jpg)
Dec 6th, 2016 | Marc Fischlin | SSR 2016 | 22
Thank you!