U-Prove Technology Overview

Transcription

1 U-Prove Technology Overview November 2010

2 TOC Introduction Community Technology Preview Additional Capabilities RSA Demo Conclusion 2

3 Introduction

4 History U-Prove well established in academia Patent portfolio (granted 93 00) 30+ scientific papers (from 93 onward) E-cash PoC and pilots with Siemens, Gemplus, KPN, DigiCash, Zero-Knowledge, Nokia Credentica acquisition (Feb 2008) Patents, software, people Microsoft incubation Incubated U-Prove-enabled ID platform Public CTP (March 10) 4

5 U-Prove Technology Strong multi-party security technology for user-centric identity, data sharing, strong authentication, and digital signature Allows you to build e-tokens Has unique security, privacy, and efficiency benefits over conventional 5

6 Minimal disclosure Gov Coho Winery 6

7 Minimal disclosure Gov Name: Alice Smith Address: 1234 Pine, Seattle, WA D.O.B.: Coho Winery 6

8 Minimal disclosure Gov Name: Alice Smith Address: 1234 Pine, Seattle, WA D.O.B: Coho Winery 6

9 Minimal disclosure Gov Coho Winery 6

10 Minimal disclosure Gov The user can prove unanticipated properties about the encoded claims in a U-Prove token issued to her in advance Even in collusion, the issuing and relying parties cannot learn more about the user than what was disclosed Coho Winery 6

11 Minimal disclosure Gov Coho Winery 6

12 Minimal disclosure Gov Coho Winery 7

13 Minimal disclosure Gov Prove that you are over 21 and from WA Coho Winery 7

14 Minimal disclosure Gov Prove that you are over 21 and from WA Coho Winery Name: Alice Smith Address: 1234 Pine, Seattle, WA D.O.B:

15 Minimal disclosure Gov Prove that you are over 21 and from WA Coho Winery Name: Alice Smith Address: 1234 Pine, Seattle, WA D.O.B: Over-21 proof 7

16 Minimal disclosure Gov Prove that you are over 21 and from WA Coho Winery 7

17 Minimal disclosure Gov Which adult from WA is this? Coho Winery 7

18 Minimal disclosure Gov? Which adult from WA is this? Coho Winery 7

19 Minimal disclosure Gov The user can prove unanticipated? properties about the encoded claims in a U-Prove token issued to her in advance Even in collusion, the issuing and relying parties cannot learn more about the user than what was disclosed Which adult from WA is this? Coho Winery 7

20 Minimal disclosure Gov? Which adult from WA is this? Coho Winery 7

21 What s new? Similar to conventional security tokens (X.509, SAML, Kerberos), but U-Prove tokens contain no inescapable correlation handles E.g., coins (unlinkable) vs. bills (w/ serial#) Users can prove properties of the claims Disclose a subset of the claims Derived claim: birth date to over-21 proof Negation: name not on the control list 8

22 U-Prove CTP Released March 2010

23 U-Prove CTP Specifications (released under Open Specification Promise) U-Prove crypto specification (addressing feature subset) Integration into the ID metasystem specification Open-source crypto SDKs (implementing crypto spec) Posted on Code Gallery, under the BSD license C# and Java versions Identity platform integration (implementing integration spec) Modified version of Windows CardSpace 2.0 Extension to the Windows Identity Foundation Modified version of Active Directory Federation Services

24 Federation + U-Prove Identity Provider Relying Party STS Client 11

25 Federation + U-Prove Identity Provider Relying Party IP STS Client 11

26 Federation + U-Prove Identity Provider Relying Party IP STS trust IP Client 11

27 Federation + U-Prove Identity Provider Relying Party IP STS trust IP A. Token request Client 11

28 Federation + U-Prove Identity Provider Relying Party IP STS trust IP B. Token response A. Token request Client 11

29 Federation + U-Prove Identity Provider Relying Party IP STS trust IP B. Token response A. Token request 1. Request access Client 11

30 Federation + U-Prove Identity Provider Relying Party IP STS trust IP B. Token response A. Token request 1. Request access 2. Policy Client 11

31 Federation + U-Prove Identity Provider Relying Party IP trust IP STS B. Token response A. Token request 1. Request access 2. Policy 3. Token Client 11

32 CTP features The CTP implements the foundational U-Prove features: Selective disclosure (i.e., no derived claims) Unlinkability of token issuance and presentation Long-lived token support User-signed presentation tokens Data signature (in crypto SDKs only) 12

33 U-Prove technology additional capabilities

34 U-Prove technology additional capabilities The following slides provide a U- Prove technology overview (If you miss a step in the animation, press the left arrow to rewind)

35 U-Prove technology additional capabilities

36 Censorable audit logs Gov Coho Winery 14

37 Censorable audit logs Gov Adatum Auditor Coho Winery 14

38 Censorable audit logs Gov Adatum Auditor Coho Winery Provide name and address and get $20 14

39 Censorable audit logs Gov Adatum Auditor Coho Winery Name: Alice Smith Address: 1234 Pine, Seattle, WA D.O.B: Provide name and address and get $20 14

40 Censorable audit logs Gov Adatum Auditor Coho Winery Name: Alice Smith Address: 1234 Pine, Seattle, WA D.O.B: Over-21 proof Provide name and address and get $20 14

41 Censorable audit logs Gov Adatum Auditor Coho Winery 14

42 Censorable audit logs Gov Adatum Auditor Coho Winery Name: Alice Smith Address: 1234 Pine, Seattle, WA DOB: Over-21 proof 14

43 Censorable audit logs Gov Adatum Auditor Coho Winery Name: Alice Smith Address: 1234 Pine, Seattle, WA DOB: Over-21 proof 14

44 Censorable audit logs Gov Adatum Auditor Coho Winery My customer was an adult from WA 14

45 Censorable audit logs Gov Adatum Auditor Relying parties can remove disclosed information from presentation transcripts (without invalidating the issuer s and the user s signatures), keeping only what is necessary for audit compliance Coho Winery My customer was an adult from WA 14

46 Censorable audit logs Gov Adatum Auditor Coho Winery My customer was an adult from WA 14

47 Broker-mediated disclosure Hospital Hospital Contoso Research Broker 15

48 Broker-mediated disclosure Hospital Hospital Name: Alice Smith Address: 1234 Pine, Seattle, WA Disorder: Anxiety Contoso Research Broker 15

49 Broker-mediated disclosure Hospital Hospital Contoso Research Broker 15

50 Broker-mediated disclosure Hospital Hospital Name: Address: Disorder: John Doe 9 16 th N, Seattle, WA Delusional Contoso Research Broker 15

51 Broker-mediated disclosure Hospital Hospital Contoso Research Broker 15

52 Broker-mediated disclosure Hospital Hospital A broker can disclose anonymous data it collected to 3 rd parties, while preserving the authenticity of the issuer s signature on the data Contoso Research Broker 15

53 Broker-mediated disclosure Hospital Hospital Contoso Research Broker 15

54 Broker-mediated disclosure Hospital Hospital Contoso Research Broker

55 Broker-mediated disclosure Hospital Hospital Clients from Seattle with mental disorder? Contoso Research Broker

56 Broker-mediated disclosure Hospital Hospital Clients from Seattle with mental disorder? Contoso Research Name: Alice smith Address: 1234 Pine, Seattle, WA Disorder: Broker Anxiety

57 Broker-mediated disclosure Hospital Hospital Name: Address: Disorder: John Doe 9 16 th N, Seattle, WA Delusional Clients from Seattle with mental disorder? Contoso Research Name: Alice smith Address: 1234 Pine, Seattle, WA Disorder: Broker Anxiety

58 Broker-mediated disclosure Hospital Hospital Name: Address: Disorder: John Doe 9 16 th N, Seattle, WA Delusional Clients from Seattle with mental disorder? Contoso Research Names are different Name: Alice smith Address: 1234 Pine, Seattle, WA Disorder: Broker Anxiety Both from Seattle Both are mental disorders

59 Broker-mediated disclosure Hospital Hospital Name: Address: Disorder: John Doe 9 16 th N, Seattle, WA Delusional Clients from Seattle with mental disorder? Contoso Research Names are different Name: Alice smith Address: 1234 Pine, Seattle, WA Disorder: Broker Anxiety Both from Seattle Both are mental disorders

60 Broker-mediated disclosure Hospital Hospital Clients from Seattle with mental disorder? Contoso Research Names are different Both from Seattle Both are mental disorders Broker

61 Broker-mediated disclosure Hospital Hospital Clients from Seattle A broker can disclose with anonymous mental data it collected to 3 rd parties, disorder? while preserving the authenticity of the issuer s signature on the data Contoso Research Names are different Both from Seattle Both are mental disorders Broker

62 Broker-mediated disclosure Hospital Hospital Clients from Seattle with mental disorder? Contoso Research Names are different Both from Seattle Both are mental disorders Broker

63 Revocation Adatum Auditor Woodgrove Bank 17

64 Revocation Name: Role: Alice Smith Auditor Adatum Auditor Woodgrove Bank 17

65 Revocation Name: Role: Alice Smith Auditor REVOKED Adatum Auditor Woodgrove Bank 17

66 Revocation Name: Role: Alice Smith Auditor REVOKED Adatum Auditor Prove that you are a valid auditor Woodgrove Bank asmith@adatum.com 17

67 Revocation Name: Role: Alice Smith Auditor REVOKED Adatum Auditor Prove that you are a valid auditor Name: Role: Alice Smith asmith@adatum.com Auditor Woodgrove Bank asmith@adatum.com 17

68 Revocation Name: Role: Alice Smith Auditor REVOKED Adatum Auditor Prove that you are a valid auditor Name: Role: Alice not Smith revoked proof asmith@adatum.com Auditor Woodgrove Bank asmith@adatum.com 17

69 Revocation Name: Role: Alice Smith Auditor REVOKED Adatum Auditor Prove that you are a valid auditor Woodgrove Bank asmith@adatum.com 17

70 Revocation Name: Role: Alice Smith Auditor REVOKED Adatum Auditor Prove that you are a valid Issued U-Prove tokens can be revoked auditor by the issuer, even if no connection to the issuer is made when the user presents the tokens Woodgrove Bank asmith@adatum.com 17

71 Revocation Name: Role: Alice Smith Auditor REVOKED Adatum Auditor Prove that you are a valid auditor Woodgrove Bank asmith@adatum.com 17

72 Trusted device Gov University Bookstore

73 Trusted device Gov University Bookstore

74 Trusted device Gov University Bookstore

75 Trusted device Gov University Bookstore

76 Trusted device Gov University Bookstore

77 Trusted device Gov University A trusted device (smartcard, TPM chip, remote service) can hold part of the tokens private key (even those issued by other issuers) and efficiently help presenting them Bookstore

78 Trusted device Gov University Bookstore

79 Data signing Gov Revenue Agency 19

80 Data signing Gov Revenue Agency Tax form 19

81 Data signing Gov Revenue Agency Tax form Alice Smith 19

82 Data signing Gov Revenue Agency Tax form Alice Smith 19

83 Data signing Gov The user can non-interactively sign arbitrary data using a U-Prove token, attaching any encoded claim property to the signature Revenue Agency Tax form Alice Smith 19

84 Data signing Gov Revenue Agency Tax form Alice Smith 19

85 RSA 2010 Demo twc/endtoendtrust/vision/uprove.aspx 20

86 RSA 2010 demo OKS Registration E-Book 1. Register online, get student infocard 2. Prove registered student, view e-book online 3. Leave anonymous feedback OKS Feedback German npa card CardSpace 21

87 RSA 2010 demo details User presents German npa card to prove identity to university when registering online University issues a student (U-Prove) information card supporting claims from the npa card and registration data Student visits online book store, proves that she is a registered computer science student, and can view a book for free Student visits a university feedback portal, discloses her registered classes 22 (and optionally her gender), and submits

88 Conclusion

89 Summary of benefits Support for full spectrum of assurance From anonymity, to pseudonymity, to full identification Maintains strong accountability (revocation, audit trail, misuse tracing) Minimal disclosure and user control Strong multi-party security Phishing-resistant strong authentication Eliminates some insider attacks at IdP / CA Lending / pooling / reuse protections Efficient hardware protection On-demand or disconnected 24

90 Resources Videos: Scott Charney s RSA 2010 announcement: Intro: Microsofts-U-Prove-Community-Technical-Preview-CTP Technology overview: Learn-what-Microsofts-U-Prove-release-is-all-about U-Prove CTP (March 2010): Download location: Developer video: Identity/U-Prove-CTP-a-developers-perspective/ 25

91 The U-Prove mixing enabling a larger use-case spectrum Availability Offline Synchronized Online Security Software Shared Hardware Privacy Anonymity Pseudonymity Full identification 26

92 The U-Prove mixing enabling a larger use-case spectrum Availability Offline Synchronized Online Security Software Shared Hardware Privacy Anonymity Pseudonymity Full identification 26

93 Demo (using March 2010 CTP)

94 Scenario Alice is issued an eid information card The information card is protected by a X.509 certificate, e.g., stored on the eid smartcard. (Here, the certificate is installed on the machine) She then Obtains lab results from a hospital after proving who she is Leaves anonymous comments at her government citizen forum Buys wine online, proving she is over-21 and from Washington, leaving behind an auditable presentation transcript of these facts 28

95 Scenario summary eid IdP Hospital RP Forum RP 1. Obtain eid card eid 2. Access lab results (name, address, DoB) 3. Leave comments (PPID, country) Wine store RP CardSpace 4. Buy wine (state/ province, over-21) 29

96 eid Card Provisioning User downloads eid information card (after appropriate identity proofing) E.g., visits point of service in person and receives an activation code CardSpace efficiently retrieves multiple U- Prove tokens encoding the card claim values The user authenticates to the STS using her X.509 cert Tokens are stored securely encrypted on the machine Benefits: Reduces load on IdP s STS, which won t get hit every time the user presents the card IdP will not be aware of the user s card usage 30

97 Hospital lab results User presents full address, name, and D.o.B., and hospital locates her lab results Same security/privacy as if the user presented her ID in person 31

98 Government forum User leaves comments on a forum using an authenticated pseudonym Users are anonymous, but only members of the community (e.g., US resident) can leave comments No one (including the IdP itself) can hijack the pseudonym and post forged comments PPID claim value is derived from the presented U- Prove token 32

99 Wine store User buys some wine online, proving she is over-21 and in which province/ state she resides CardSpace applies the U-Prove token s private key when presenting the token; resulting presentation token is an auditable proof In contrast, proof keys are not applied by identity selectors in web scenarios 33

100 Crypto Details

101 Blind Signature protocol Issuer Illustrates a simple blind signature U-Prove token issuance uses a restrictive blinding technique More complex process to certify attributes 35

102 Blind Signature protocol Issuer Illustrates a simple blind signature U-Prove token issuance uses a restrictive blinding technique More complex process to certify attributes 35

103 Blind Signature protocol Issuer Illustrates a simple blind signature U-Prove token issuance uses a restrictive blinding technique More complex process to certify attributes 35

104 Blind Signature protocol Issuer Illustrates a simple blind signature U-Prove token issuance uses a restrictive blinding technique More complex process to certify attributes 35

105 Blind Signature protocol Issuer Illustrates a simple blind signature U-Prove token issuance uses a restrictive blinding technique More complex process to certify attributes 35

106 Blind Signature protocol Issuer Illustrates a simple blind signature U-Prove token issuance uses a restrictive blinding technique More complex process to certify attributes 35

107 Blind Signature protocol Name Acct. Number Expiration Issuer Issuer Illustrates a simple blind signature U-Prove token issuance uses a restrictive blinding technique More complex process to certify attributes 35

108 Blind Signature protocol Name Acct. Number Expiration Issuer Issuer Illustrates a simple blind signature U-Prove token issuance uses a restrictive blinding technique More complex process to certify attributes 35

109 Blind Signature protocol Name Acct. Number Expiration Issuer Name Acct. Number Expiration Issuer Issuer Illustrates a simple blind signature U-Prove token issuance uses a restrictive blinding technique More complex process to certify attributes 35

110 Proof of Knowledge Protocol Name Acct. Number Expiration Issuer Verifier Notes: Verifier only learns disclosed information, and is convinced that Alice knows the private key 36

111 Proof of Knowledge Protocol Challenge Name Acct. Number Expiration Issuer Verifier Notes: Verifier only learns disclosed information, and is convinced that Alice knows the private key 36

112 Proof of Knowledge Protocol Challenge Name Not revoked Acct. Number Expiration Issuer Verifier Notes: Verifier only learns disclosed information, and is convinced that Alice knows the private key 36

113 Proof of Knowledge Protocol Challenge Name Not revoked Acct. Number Expiration Issuer Proof Verifier Notes: Verifier only learns disclosed information, and is convinced that Alice knows the private key 36

114 Proof of Knowledge Protocol Name Not revoked Acct. Number Expiration Issuer Proof Verifier Notes: Verifier only learns disclosed information, and is convinced that Alice knows the private key 36

115 Schnorr protocol Goal: prove knowledge of α w.r.t. g on the public element h = g α Prover Verifier Pick w at random a := g w a c Pick c at random r := cα + w r Verify g r = ah c 37

116 U-Prove protocols U-Prove public key is a bit more complex: h := (g 0 g x 1 1 g x k k) α The x i values encode the attributes Uses Schnorr protocol as a primitive to prove properties of the attributes, e.g., x 1 = 1 x 2!= alice x 3 >= 21 (x 1 x 3 ) / x 2 > x 4 38