Deployment and Usability of Cryptographic Credentials

nervousripSecurity

Nov 5, 2013 (4 years and 4 days ago)

87 views

10/20/2011

Pomcor

1

Deployment and Usability of
Cryptographic Credentials

Francisco Corella

Karen Lewison

Pomcor

10/20/2011

Pomcor

2

Outline


Privacy requires cryptographic credentials


The deployment problem


User experience


Open question: how to explain unlinkability
to the user


10/20/2011

Pomcor

3

Privacy without Passwords
Requires Cryptographic Credentials


Levels of Privacy


LOP 0: Online identity provider


LOP 1: Offline issuer, linkable certificates


LOP 2: Issuance
-
show unlinkability


LOP 3: Issuance
-
show + multi
-
show unlinkability


LOPs 1, 2 and 3 require cryptographic
credentials

10/20/2011

Pomcor

4

The Deployment Problem


PKI certificates are a mature technology,
but they have not been widely deployed
on the Web for user authentication


Why?


Because they are not well supported by
current Web technology


By contrast server certificates have been very
successful because they are well supported


10/20/2011

Pomcor

5

What

s Missing in Current Web
Technology


Consistent support in browsers


Full support in the core Web protocols
(HTTP, TLS)


Mechanism for issuing credentials
automatically to the browser

10/20/2011

Pomcor

6

Browser Should Manage and
Present Credentials



because user should not have to install any
software


Browser could associate credentials with
different personas (e.g. work email vs. personal
email)


Syncing credentials between browsers on
different devices is easy by equipping each
browser with key pairs for encryption and
signature

10/20/2011

Pomcor

7

Cryptographic Credentials Should
be Supported by HTTP and TLS


The relying party should ask for specific
credentials or attributes in an HTTP
response message


The browser would then present
credentials within TLS, after the
handshake, in a separate TLS layer to be
specified

10/20/2011

Pomcor

8

Credentials Should be Issued
Automatically to the Browser


Interactive issuance protocols would be run
within TLS, in a separate TLS layer to be
specified, eliminating HTTP and application
overhead


TLS would then interleave protocol interactions
with transmission of application layer data


Cryptographic protocols could use the PRF
facility provided by TLS


10/20/2011

Pomcor

9

User Experience


Browser takes care of all the details


User clicks on login button or requests
functionality that requires authentication


Relying party asks for credentials, which
browser locates in its credential store or in smart
card, possibly based on currently active persona


Browser may or may not ask for permission to
present the credentials



Don

t ask again


10/20/2011

Pomcor

10

Open Question


User is entitled to know the privacy
provided by each credential


How can that be explained to a casual
user?


Unlinkability is not a trivial concept


Unlinkability does not matter if disclosed
attributes uniquely identify the user


Are LOPs the answer?