Post on 15-Oct-2019
1
Kari Kostiainen, N. Asokan Nokia Research Center
Alexandra Afanasyeva SUAI
ACNS 2011
Towards User-Friendly Credential Transfer on Open Credential Platforms
© 2011 Nokia Research Center
© 2011 Nokia Research Center 2
3
Trusted execution environment (TrEE)
© 2011 Nokia Research Center 3
4
Credential transfer
© 2011 Nokia Research Center
Outline
1. Credential transfer problem
2. Credential transfer protocol
3. Analysis
5 © 2011 Nokia Research Center
6
Credential transfer problem
© 2011 Nokia Research Center
7
Closed provisioning
© 2011 Nokia Research Center
Control point
Service provider Service provider Service provider
8
Open provisioning
© 2011 Nokia Research Center
User authentication
User authentication
User authentication
Copyable Non-transferable Non-transferable
9
Late user binding
© 2011 Nokia Research Center
Device certificate
Enc(credentials)
User binding User binding
10
Temporal disconnection
© 2011 Nokia Research Center
Requirements
• Usability −No additional user interaction
• Security −Credential secrecy
−“Credential fidelity”
11 © 2011 Nokia Research Center
12
Credential transfer protocol
© 2011 Nokia Research Center
13
Protocol overview
© 2011 Nokia Research Center
HSM Provisioner (P)
Source device (S)
OS
TrEE
Target device (T)
OS
TrEE
PKTS/SKTS, CertTS
PKT/SKT, CertT
PKS/SKS, CertS
Trusted Server (TS)
OS
1. User identity installation
2. Provisioning and user binding
3. Credential backup and “identity verification delegation”
4. User identity installation
5. Identity verification, credential recovery and “provisioning delegation”
6. Automatic re-provisioning
14
1. User identity installation
© 2011 Nokia Research Center
PwdS
SealedPwdS
SealedPwdS Seal(PwdS)
PwdS
Store SealedPwdS
User Source OS Source TrEE
1. Trust on first use 2. Typical device login
ProvCred, SealedPwdS
15
2. Credential provisioning
© 2011 Nokia Research Center
ProvCred
CertS + user auth.
SealedCred
Verify CertS and extract PKS
Map Cred to PKS
ProvCred Enc(PKS, Cred || policy)
Cred || policy Dec(SK, ProvCred) PwdS Unseal(SealedPwdS) SealedCred Seal(Cred || policy || PwdS)
Store SealedCred
Provisioner Source OS Source TrEE
16
3. Credential backup to server
© 2011 Nokia Research Center
Source OS Source TrEE Trusted Server (TS)
CertS, EncCred / SDT
EncCred / SDT
CertTS, SealedCred
Verify CertTS and extract PKTS Cred || policy || PwdS Unseal(SealedCred)
Copyable: EncCred Enc(PKTS, Cred || PwdS) Non-transferable: SDT Sign(SKS, PKTS) || Enc(PKTS, PwdS)
CertTS
Store CertS and EncCred / SDT
CertS, EncCred / DT EncCred
SealedPwdT
17
5. Credential recovery
© 2011 Nokia Research Center
Trusted Server (TS) Target TrEE Target OS
PwdToken PwdToken, CertT
Verify CertT and extract PKT
PwdT Dec(SKTS, PwdToken) Copyable: Cred || PwdS Dec(SKTS, EncCred) Verify PwdT = PwdS
EncCred End(PKT, Cred || PwdT) Non-transferable: Extract PwdS from SDT Verify PwdT = PwdS
DT Sign(SKTS, PKT) || Sign(SKS, PKTS)
PwdT Unseal(SealedPwdT) PwdToken Enc(PKTS, PwdT)
Install EncCred
User identity installation
18
6. Credential re-provisioning
© 2011 Nokia Research Center
Target TrEE Target OS Provisioner
CertT, CertS, CertTS, DT
Verify Certs Verify signatures on DT
Find Cred for PKS
ProvCred Enc(PKT, Cred || policy)
ProvCred
ProvCred
Install ProvCred
19
Analysis
© 2011 Nokia Research Center
Analysis
• Usability −Reusing typical device login
• Credential secrecy −Common public key mechanism
−Trusted server (HSM)
• Credential fidelity −User identity password
−Brute force (throttling)
−Phishing (separate password)
−Password change (“trusted UI” or secure connection to server)
• Protocol validated with AVISPA tool 20 © 2011 Nokia Research Center
Summary
• Credential transfer challenging −Open provisioning
−Late user identity binding
−Temporal disconnection
• Server-assisted credential transfer protocol −Can be implemented using existing devices
21 © 2011 Nokia Research Center