Digital Identity Management

Digital Identity ManagementTechniques and PoliciesE. BertinoCS Department and ECE SchoolCERIASPurdue Universitybertino@cs.purdue.edu

Digital Identity ManagementWhat is DI?Digital identity (DI) can be defined as the digitalrepresentation of the information known about a specificindividual or organizationSuch information is set of claims made by one subjectabout itself or another subjectOur definition includes both the notion of nyms – identifiersused by users to carry on interactions with systems – andidentity attributes – properties characterizing the usersClaim: An assertion of the truth of something, typically one which is disputed orin doubtz An identifierz Knowledge of a secretz Personally identifying informationz Membership in a given group (e.g. people under 16)2

Drivers for Dependable andFlexible DI TechnologyzThe private sectorzThe public sectorzThe citizens3

The goals of the VeryId projectzzzTo develop flexible, multiple and dependabledigital identity (FMDDI) technologyTo study the implication of its useTo develop appropriate educational vehicles toteach people its use----------------------------------The project is funded by the USA National Science Foundation under the CyberTrust programme4

Some initial resultszzzzzzProtocols for the strong verification of identityattributes in federationsIntegration of biometricsPolicies for the management of identityfederationsAuthentication policies and servicesIdentity provenance and qualityOutreach activities5

Identity TheftIDENTITY THEFT is the use of personallyidentifying information belonging to oneindividual by another individual for financial orpersonal gain.6

Threat of Identity Theft:Attack VectorsTechnicalPharming, Network Sniffing,Database Attacks, PasswordCrackingPhysicalDumpster Diving, TrustedInsiders, Theft and LossSocial Engineering Phishing, Legal IdentitySources7

Main idea behind verification of identityattributes: multi-factor verificationTo require additional identity information (like mothermaiden name or SSN) as proof to qualify to be theowner of the identity attribute being used (like creditcard number)Example Real Life Scenario: Requirement for additional proofs of identityI will usemy creditcard to payTo use your creditcard please showyour driverslicense and anadditional photoid for verificationof your identity8

Multi-Factor without Privacy LosszZero knowledge proof (ZKP) is an interactivemethod to prove the possession of a secretwithout actually revealing it.zOur aggregated ZKP scheme is used to provethe knowledge of multiple strong identifiersefficiently and reliably without the need toprovide them in clear9

Attribute typesUncertifiedAttributesSingleSignOn IDAttributesSecured fromIdentity Theft(SIT)CertifiedAttributes10

Two main phases of oursolutionzEnrollment or RegistrationzzHere the user commits his strong identifiers to beused later as proofs of identity. These are the SITattributes.UsagezBefore revealing the actual value of a SIT attributeone has to verify the commitments of other SITattributes as proofs of identity.11

Functional View of the cyUsageUsageUsageAudit LogAudit Log12

Identity Management SystemEntitiesIdentity ProvidersIssue identitiesRelying PartiesRequire identitiesSubjectsIndividuals and other entitiesabout whom claims are made13

ExampleRegistrar or IdentityProviderRequest to register CCN,SSNEstablish proofs of identity forCCN,SSNRequest for ServiceRequire CCN with proof ofknowledge of SSNVerify commitmentsfor the istrationProcedureIn PersonOnlineRegistration PhaseUsage PhaseService ProviderCCNService14

ExampleAliceRegistrar: Reg1Service Provider : SP-Shop15

Proving aggregated signature oncommitted valuesTo prove the knowledge of multiple identifiers.16

Integrating the zero-knowledge proofinto the verificationTo prove the knowledge of secret commitments.17

Zero-knowledge proof the aggregatedsignatureTo prove the possession of signature.18

Efficiency Analysis Our signatures on commitments are short and the storage complexity is smallerthan the ones computed with existing techniques [Camenisch et. Al.’04] Our approach is more flexible in that whenever n messages are committed for auser, the user is able to prove 2n-1 many combinations of them which does notappear possible in the existing schemesComparison of the number of exponentiations for proving t factors19

Multi-factor Authentication usingAggregated Proof of knowledgezKey Contributions:zzzNew cryptographic primitive which providesmethodologies for privacy preserving multifactor authentication.Computational efficiency - Reduces the proofsof several factors, that would require severalZero knowledge proofs of knowledge (ZKPK),to one that uses only one ZKPK.Storage efficiency- Provides a flexible solutionwith minimal storage requirements.20

How to detect duplicates in aFederation?zzzPut the strong identifiers in a hash table andlook for collisionsProblem: How can thousands of hostscooperatively maintain a large hash table in acompletely decentralized fashion?One solution: Distributed Hash Tables.010.1010.0010.1100 .0011.000.011.100.1101.111.101121

What are the main advantagesof our solution?zThe actual values of the registered attributes usedas proofs for multi-factor authentication and privacyis secured using ZKP.zAssurance of valid information in a federation.zWe allow a flexible approach to authentication and anovel lazy validation approach to information in thefederation.22

Combination with BiometricAuthenticationRegistrationw sraClientndomSecureSketchModulewrZKPModule2 FactorAuthenticationBiom etriccom m itm entRegistrar23

Combination with BiometricAuthentication (cont.)Verification at usagew’ iceProvider24

Policies for IdentityManagement in FederationszzzWe have developed a comprehensive set of assertionswhich is specifically relevant in the context of federations.Our assertions provide an intuitive approach to modelfederation activities and make access controldecisions based on a large variety of information,including past access history.We analyze the history of the behavior of entities andevents with the help of an assertion audit log and queryprocessing, and also provide a simple approach to specifypolicies.25

Policy for Managing IdentitiesManaging identities have a lot of aspects. Therefore following is a taxonomy of policies ina federated identity management system.Authorization PoliciesHealthInformationServicesService Provision PoliciesPrivacy PoliciesHealth InformationAuthorizerPharmacyNoraUser ResourcesPreferences PoliciesFederation AgreementPoliciesAlice26

Assertion Based PolicyLanguage for FederationsService Provider SideLanguage & ModelsPolicy TypesResource authorization,Service provision &service provider privacypoliciesUser SidePolicy TypesAssertion based language forFederationsPolicy Formulation GrammarResource authorization,& privacy preferencespoliciesArchitectural ComponentsArchitectural ComponentsPolicy managerPolicyBaseRelational Model for AssertionsPolicyBaseUser ProfileAccess Control MonitorAttribute and CredentialManagerPolicy managerLocal DBMS for SP &Middleware interfaceAssertionsAudit logdatabaseSPASSERTLOGIntegrityChecksbased onattributeinvariantsand queryprocessingIdentityInformation flowControlWSInterfaceUser Interface27

AssertionszzzAll actions taken by SP’s and users for authorization canbe described through assertions.Each assertion is defined in terms of:z The main interacting entitiesz A time-stampz Other related information.The assertions capture the dynamic eventsoccurring in the federation in a step by step,constructive approach.28

Operational approachzzzzWe propose to use a log of the actions executedby the entities in the federation;The log is a relational table, ASSERTLOG defined according to the notion of relation ofthe relational data model.Checks for the log consistency are encoded usingSQL-like queries.The log can be used to reason about the flow ofidentity information of the users.29

ConclusionzIdentity Management and Theft Protection areareas of growing concern and active work.zIdentity Management system has potential to providea secure and collaborative environment.zWe provide a solution to the problem of IdentityTheft with the help of privacy preserving multi-factorauthentication.30

Thank You!zzzQuestions?Elisa Bertinobertino@cerias.purdue.edu31

Identity Theft IDENTITY THEFT is the use of personally identifying information belonging to one individual by another individual for financial or personal gain. 7 Threat of Identity Theft: Attack Vectors Phishing, Legal Identity . Micr