A User-oriented Multi-service Access Control System - Semantic Scholar

A User-oriented Multi-service Access Control System J. Cândido B. Santos1, José Luís Oliveira2, Carlos Costa3 Instituto Superior de Engenharia de Coimbra, DEE, Coimbra ([email protected]) 2 Universidade de Aveiro, DET, 3810 Aveiro ([email protected]) 3 Universidade de Aveiro, IEETA, 3810 Aveiro ([email protected])

1

Keywords: Access Control, Digital Certificates, Security, Smart Cards Abstract Web-based services have become a major commodity. As an increasing number of ISPs make available an even more increasing number of remote services, security becomes a major concern in order to accomplish a fair exchange of commodities in insecure environments. An exchange of services, in order to be fair and secure, usually involves the service provider, the service requestor and a trusted third party on whose impartiality both rely. In order to provide and receive secure web-based services, trust can be accomplished by means of thorough identification and strong authentication of all the participants. The use of electronic credentials is one way of formal identification and authentication and the adoption of a unique worldwideaccepted digital credential stored in a smart card will provide a higher level of security while allowing total mobility with secure transactions over the web. While this adoption does not take place, the widespread use of digital credentials will inevitably lead to each service requestor having to be in possession of many smart cards just for storing the different electronic credentials needed for all the services he uses. We present a new approach for the use of smart cards as a basis for secure management of web-based services leading to the use of only one smart card per user in a perfectly transparent manner, thus contributing for a more generalized use of the technology. I. Introduction The enormous amount of services available through remote access is not yet used to its full extent mainly because issues such as fairness, overall security and trust are perceived by the potential users as not being completely solved. Any exchange of services is considered to be fair if the risk of any party suffering a disadvantage is absent or reduced to a minimum [1]. In order to achieve that degree of fairness, two major requisites have to be fulfilled: overall security and trust. Overall security is an issue that is defined differently depending on the perspective of who is evaluating it. In the context of this paper, we shall assume that the security issue is solved to everyone’s content if there is little or no risk of the information exchanged by all parties involved in the service being misused by any other party. The 1

best way to ensure this is by effectively denying any eavesdropping on the communications, since the information exchanged can be of a private nature. In insecure environments such as the internet where all the participants in an exchange of services frequently do not know each other in advance [2], trust is established by means of thorough identification and strong authentication of all the parties involved which, inevitably, leads to the presentation of electronic credentials of some sort to each other in order to ensure each participant that the other is who, in fact, he claims to be and that the transaction will be carried out in a proper manner. In order to achieve this, the service provider must identify and authenticate the client who is requesting access to the services in order to apply the access control policies preestablished by the organization. In most cases, the ISP does not authenticate itself to the client but the process can be perfectly symmetrical. Digital certificates are an excellent tool for performing such identification and authentication in the computer world while being also a good mean of exchanging other kinds of information such as cryptographic keys that can be used to establish a secure channel of communication. Technologies such as cryptography, that are thoroughly tested and easily deployed without the need to deeply understand their mathematical or technological basis, allow the establishment of secure communications, namely public key cryptography (PKC) [3]. A digital certificate, which also relies heavily on PKC, establishes a trust relationship between its designated subject (the user) and the holder of a secret cryptographic key by means of the issuing organization, a reliable certification authority (CA). A higher level of security can be granted to the whole certification system through the use of smart cards as possession tokens that have the means for storage of the user’s secret key and the digital certificate, providing unrestricted user mobility. The problem of trustable remote personal authentication will only be solved with the advent of a world wide accepted credential [4] but the adoption of a unique worldwide accepted digital certificate faces a major obstacle which is the, up to the present, lack of governments’ will to establish certification authorities with a politically granted degree of trust enough to be recognized as reliable both in the real world for conventional activities and also by the distributed computer systems such as intranets and the internet. As a direct result of this absence there is a proliferation of certification authorities, each issuing a different digital certificate and recognizing as valid only those certificates that they issued themselves, which implies that a user will have to store many certificates. When considering the use of smart cards, at the present state of technology, namely storage capacity, each user would have to possess many smart cards just for storing the different digital certificates issued by a multitude of CA’s for all the systems that he wishes to access. The solution to the political obstacle and the commercial interests contrary to the adoption of a unique certificate is clearly outside the scope of this paper, as a step towards that more than foreseeable future, we present a new service approach to allow the user transparent storing and utilization of digital certificates in smart cards that will, eventually lead to the use of only one smart card to store a great number of 2

digital certificates, creating this way a virtually unique digital identification and contributing to an even more generalized use of the technology. II. Related Technology A. Identification and Authentication Identification and authentication are sometimes perceived as the same concept. In the context of this paper, a clear distinction was made between the two. Both in real world and in the computer world, systems rely heavily on identification and authentication [5]. In the real world people identify themselves when they tell each other who they are, for example giving their name without making any proof of it. This method of establishing identities is used mainly in informal circumstances where the second individual will rely solely on that piece of information to establish whatever relationship he wishes with the first party. Still in a “real world” environment, a first party performs an authentication by presenting some proof to assert the identification. This process is usually accomplished by showing some form of document that establishes a relationship between the name of the user and some physical characteristic (a photograph for instance). At other times the authentication can be performed through a signed document that has been validated by a trusted third party such as a public notary. In the “digital world”, specifically in a distributed environment, there are also two levels of identification and authentication. For instance, the access to most computer systems depends on the login/password mechanism. By filling the login field in this dialog screen the user is identifying him, and by filling the password field he is giving some proof of identification by the fact that he knows a secret (the password) that only that specific user must know. The process of accessing a remote computer/service whether it is over the Internet, or over an intranet is basically the same. It’s clear that the most used form of personal authentication is by proof of knowledge. With all the services that a single individual uses today it is necessary to use many passwords and secrets, since the great majority of those services end up requiring such a requisite in order to function properly. It is obvious that as more services are used more secrets will have to be remembered, more of those knowledge tokens will have to be handles, making things virtually impossible to manage in a near future. B. Digital Certificates A digital certificate is a block of data containing a set of fields with information relative to the user (the party that wishes to be authenticated with that certificate) and also with information relative to the issuer entity (a CA that issues the certificate and signs it electronically). The most widely used format for digital certificates are the usually designated X.509v3, specified in detail by ITU [6,7], and PGP [8]. The system we propose is fully compliant with both formats so in this paper we shall refer only to the X.509v3 format for simplification. 3

The way digital certification and authentication works can be resumed as follows. The user who wishes to use a certificate contacts a CA with a certificate request sending a signed data package that contains a person's information such as name, email address, company name, and his/her public key. The certificate request is signed by the person's private key to prevent tampering with during transmission. When the CA receives a certificate request it extracts a person's name and public key information and performs certain procedures aimed at verifying that the public key really belongs to the person whose name is included in the certificate request. If the verification process is successful, the CA issues the certificate and sends it to the requestor. The user then distributes (by means of e-mail, for example) its certificate containing a public key and keeps the corresponding secret key in a safe place. Next, when the user wishes to authenticate himself in another remote computer/service he will make use of his private key to sign some piece of data and supply it together with the his/her digital certificate to the remote host. If this provider trusts the CA issuer then performs some check operation like inquiring the validity and/or status of that certificate and decides whether to grant access to the user or not [9]. Currently it is very common one service provider issuing digital certificates that can only be used for users’ authentication on this provider. In this scheme of things, the provider operates as a CA and can be affiliated to a higher-level CA thus establishing a root of certification that can be depicted in the digital certificate itself and that is usually called the root certificate. The problem is that with relative facility we could have several and distinct certificates issued by distinct CA’s, providing credentials to distinct activities (professional, bank, healthcare, shopping, leisure and services). C. Smart Cards One way to store sensitive information, such as personal details or cryptographic keys, is through the use of smart cards [10]. There are various ways to use this technology [11], but when correctly combined with the use of other emerging technologies like biometrics, it strongly enforces effective access control through personal identification and/or authentication [12]. There are various types of smart cards but the most reliable in terms of security are those that have an embedded microprocessor capable of executing strong cryptographic algorithms on the card itself, that is, without the need for the information to be moved from the card. The use of those credit card size storage and processing devices with native cryptographic capabilities and protected by user-password provides a higher level of security to the whole system. Smart cards appear as the ideal solution for PKC authentication, where the private key lies in secure tamper resistance storage, a “second factor” authentication is introduced to unlock it (PIN) and a crypto accelerator provides hardware operations, like key pair generation and digital signature generation/verification. One aspect that has to be seriously taken into consideration is the number of possible attacks that can be attempted against a smart card. In the whole process of fabrication and use of a smart card there are various parties involved. These parties can vary depending on the intended use of the card, but usually are: card manufacturer (produces the smart card), software manufacturer (produces the software that resides 4

on the smart card), terminal reader, card issuer (issues the card), data owner (has control of the data within the card) and the cardholder (has physical possession of the card). At least in theory, one can conceive possible attacks from each of these parties against every other [13]. From a general perspective, one way of reducing the number of possible attacks is reducing the total number of the parties involved in the process. One of the advantages of the proposed system is the reduction of the number of parties to a minimum of three: card manufacturer, terminal and cardholder, the last accumulating with the roles of card issuer and data owner thus reducing the number of possible attacks. III. Proposed System With an increasing number of remote services available, and as individuals become familiar with the use of digital certificates in combination with smart cards, general expectations point towards a growth both in number of users and in the number of services subscribed by each of those users. In order to cope with this expected increase in volume and especially with multiple services per user, the manner in which the security technology is deployed must change. At the present state of technology, the widespread use of digital certificates stored on smart cards will mean the possession and careful management of many certificates on many cards. If an individual is to have one digital certificate per subscribed service, the management of a great number of certificates, CA’s relations, and their corresponding services will have to be dealt with some attention and detail in order to avoid confusion and misuse. This fact alone is enough to make potential users drift away from a technology that, at best, provides secure services at the cost of cumbersome personal management strategies. The obvious solution to this problem can be envisioned in the form of a unique digital certificate generally accepted and relied upon as trustworthy. However, this advent seems to be ignored or, at least, obscured by commercial companies that, to the present date, have favored the development of products and acceptance of digital credentials on an individual basis. Another obstacle to the general acceptance of this technology has been the lack of will on the part of the political forces to produce the legislation on this subject and implement trusted CAs. The paradigm surrounding this last issue is that, on one hand, only with legislation can this technology consolidate a decent presence, but on the other hand, only the massive use of it can make the political actors aware of the urgent need to legislate. Summarizing, the natural evolution of the technology is depending on a solution that will only be implemented if that same natural evolution takes place. We propose a system that can provide a platform for evolution to take place while the political and commercial solutions are in study. From the user’s perspective there is only one digital identification, almost virtually unique for all services, but at a technical level, fully compliant with all the current standards and technologies. The user is relieved of the burden of certificate management and is able to manage services instead. 5

Our proposal attempts to bridge the technological gap between two opposite scenarios (the multiplication of digital certificates on one hand, and a unique digital identification on the other) by establishing a flexible platform capable of dealing with both extreme scenarios and with intermediate situations. A. Developed Model Currently it is a common procedure that certificate issuance be handled by the service provider and not by the end entity. At the moment of issuance, the number of certificates already in possession of the requestor is completely ignored and discarded as irrelevant to the whole procedure. The issuing entity just focuses on providing the user with yet another certificate valid just for that specific service even if issued by the same CA that issued some or all of the previously existing certificates. This modus operandi is a direct consequence of the, until now, impracticable resort to user-friendly and transparent tools allowing the user-side creation of the certificate request (generation of a key pair, composition of the request and signing of the package with the respective private key). The use of several certificates based on distinct key pairs seems inevitable. Considering a typical smart card storage capacity of 8 – 32 Kbytes and typical certificate sizes (up to 2 Kbytes for each key alone) it’s perfectly conceivable to expect the multiplication of cards in a user’s wallet, making certificate management very difficult. A typical digital certificate compliant with the X.509v3 specification is an electronic file containing fields like user credentials, serial number, validity, signature algorithm, issuer name, issuer unique ID, CA signature and the user public key. Looking at the picture (Figure 1) two main aspects should be pointed out: the largest fields are the “public key” and “signature”, and just a few certificate fields are from CA’s responsibility: signature algorithm ID, issuer name, issuer unique ID, and signature. Associated to the certificate public key, one complementary private key is generated, to be stored by the user whose responsibilities in the process include safekeeping of this key.

Figure 1 – Certificate Fields.

6

Our approach relies on the obvious observation that by storing one certificate per service, the information concerning the user is repeated in each and every certificate stored in the card. Since storage space is an important issue with smart cards and the management of a great number of certificates is an important issue for the user, we propose that instead of every service provider is responsible for the whole process of certificate issuance, that responsibility should be handled by the user who will create the certificate request, thus allowing the use of the same key pair in every user certificate. This objective can be accomplished through the use of smart cards with cryptographic functionalities (Figure 2), allowing the creation of certificate requests and the secure storage of user certificates and private key.

Figure 2 – Card Management System.

Since the user’s information is personal, there is no valid reason for not being the user to generate it in conformance, for instance, with the X.509 specification. Alternatively, the user can delegate or contract that service with a commercial CA and still remain in complete control of the contents of the digital credentials. There is no loss of security, trust or fairness by doing things in either manner. The CA will accept and check the fields supplied by the user as valid after the usual information verification process and will fill the fields required by the user. In order to have an effective service management system on a card, some other information about the CA and the service provider, such as web addresses, can also be stored according to a simple structure. All the information suitable for viewing would then be accessed through a simple smart card browser (Figure 3). In the service management system we now propose, the user is provided with a user-friendly environment that allows him to add, delete or modify not only the services themselves and specific CA’s information, but also specific and relevant information pertaining to those services. The user has also a higher degree of control on his personal and private information that is included in each certificate.

7

Figure 3 - Smart Card API Browser. a) Services Management; b) Certificates/Issuers Management

With the proposed model just one and unique key pair is used for all the certificates, the private key is generated by the smart card cryptographic capabilities and, under no circumstances, leaves the card. The public key is the same on all certificates and it is stored just once on the card. This is feasible because every certificate is separated in its individual fields and stored as separated parts on the card and generated/integrated dynamically every time it’s supplied to the exterior (Figure 4). Upon attempt to access a remote service, all the fields of information will be filled at runtime by an application running locally to the user, thus allowing for a more efficient storage of information and a service management on a smart card. The implementation of this smart card service management system is perfectly carried out according to the major standards and industry initiatives. The physical level and lower layer protocols of smart cards are defined by the formal standard ISO 7816 [14] in a manner that can accommodate components manufactured by different suppliers, frequently not compatible with each other but still conforming to the standard itself. OpenCard [15] and PC/SC [16] are two industry initiatives fully compliant with ISO 7816. Our first prototype, developed in the context of medical information systems management [17], was based upon the Microsoft Smart Card SDK and PC/SC, but the distinct cards and readers from different manufacturers (Gemplus, Schlumberger) deployed on our project, impose the migration to a card-independent platform such as the Java-based OpenCard Framework providing for absolute compliance with different terminal/issuer/operating system providers.

8

Figure 4 – Generating Certificates from Separated Components.

At present, the process of obtaining a digital certificate from a commercial CA website is simple, straightforward and fast. This certificate can be used, for instance, to sign electronic mail, but its use cannot be extended to the point of subscribing web services for example, simply because web service providers do not allow the user to supply some already existing credentials or user credential requests (certificate requests) and they will be extremely reluctant in changing this state of things. The presented model provides some good arguments to oppose this service provider mentality. Besides the user-friendly environment, and perhaps more important than it, is the dynamic manageability of the complete digital certification issue, allowing for future changes of modus operandi on the part of both the user and the service provider. With the deployment of this system, all the information pertaining to a particular CA is easily integrated at runtime with the common parts in distinct certificates, depending on every party’s approval. There is more flexibility since many of the system variables can be changed over time but remaining compliant with the security requirements and data formats. Should society be moving towards a unique digital credential or, on the contrary, should we continue to see an increasing proliferation of standalone CA’s, one thing we can be sure to expect: change. It is this change that any system developed for the specific issue of digital certification has to deal with. IV. Conclusion There are a great number of remote services available and this number is expected to continue to grow in the next few years. In order to access these services, a user must be authenticated; digital credentials are the ideal means to do it while simultaneously 9

securing a communication channel. Smart cards grant a higher level of security and can be combined with emerging technologies such as biometrics in order to store personal information and digital credentials. At present, for every service an individual subscribes, there always seems to be one more password to remember or one more access token to keep in a safe place. With the growth of subscribed services, so will grow the corresponding authentication tokens to a point where security will be threatened by accessing many services with a single and simple password or by the cumbersome management of many long and difficult passwords and access tokens. We propose a user-oriented multi-service access management system that is flexible enough to be compliant with the foreseeable evolution of the digital credential technology enforcing strong remote personal authentication through the use of a single smart card that eliminates the need to remember many pins and passwords or to be in possession of a great number of access tokens. From the user’s perspective, the system is perfectly transparent since he can remain shielded from all the technical details concerning access to services. V. References [1]

[2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] [13]

Gartner, F., Pagnia, H. et al., “Approaching a formal definition of fairness in electronic commerce”, Proceedings of the International Workshop on Electronic Commerce (WELCOM99), Lausanne, Switzerland, 1999. Blaze, M. et al., “Decentralized Trust Management”, Proceedings of IEEE Conference on Security and Privacy, Oakland, C.A., 1996. Diffie, W., Hellman, M., “New Directions in Cryptography”, IEEE Transactions on Information Theory, 22, pp 644-654, 1976. Fritscher, M., “Towards A Unique World-wide Digital Certificate”, Americas Conference On Information Systems. Milwakee, U.S.A, 1999 Li, X., Teng, S., “Practical Human-Machine Identification Over Insecure Channels”, Kluwer Publications, Vol. 3, Issue 4, 1999 ITU-T Recommendation X.509. 1993. Information Technology – Open Systems Interconnection – The Directory: Authentication Framework. ISO/IEC 9594-8:1993. Housley, R., Ford, W., Solo, D., “Internet Public Key Infrastructure Part I: X.509 Certificate and CRL Profile”, IETF X.509 PKI (PKIX) Working Group, 1999. Internet Draft Open PGP. 1998. RFC 2440. Homepage: http://www.ietf.org/rfc/rfc2440.txt Rivest, R., On Digital Signatures and Public Key Cryptosystems. MIT Laboratory for Computer Science Technical Memorandum 82, 1977. Marvie, R., Pellegrini, M. et al, “Value-added Services: How to Benefit from Smart Cards”, GDC2000, Montpellier, France, 2000. Gobioff, H. et al., “Smart Cards In Hostile Environments”, Proceedings of The Second USENIX Workshop on Electronic Commerce, Oakland, U.S.A., 1996. Hachez, G. et al., “Biometrics, Access Control, Smart Cards: A Not So Simple Combination”, Security Focus Magazine, October 2001. Schneier, B., Shostack, A., “Breaking Up Is Hard to Do: Modeling Security Threats for Smart Cards”, USENIX Workshop on Smart Card Technology, USENIX Press, pp. 175-185, 1999.

10

[14] ISO 7816 Identification Cards – Integrated circuit(s) cards and terminals. Homepage: http://www.scia.org/aboutSmartCards/iso7816_wimages.htm [15] OpenCard Framework – General Information Web Document. Homepage: http://www.opencard.org/docs/gim/ocfgim.pdf [16] PC/SC Specifications 1.0. “Interoperability Specification for ICCs and Personal Computer Systems”. Homepage: http://www.pcscworkgroup.com/ [17] Costa, C., Silva, A., Oliveira, J.L., Pereira, A. S., “A New Access Mechanism to Clinic Data”, Technology and Health Care, pg.459-460, nº 6, vol. 9, 2001.

11