Privacy and Practicality of Identity Management Systems
Total Page:16
File Type:pdf, Size:1020Kb
Privacy and Practicality of Identity Management Systems Waleed A Alrodhan Technical Report RHUL{MA{2010{14 17 November 2010 Department of Mathematics Royal Holloway, University of London Egham, Surrey TW20 0EX, England http://www.rhul.ac.uk/mathematics/techreports Privacy and Practicality of Identity Management Systems Waleed A. Alrodhan Thesis submitted to the University of London for the degree of Doctor of Philosophy Information Security Group Department of Mathematics Royal Holloway, University of London 2010 To my wife, Enas, and my daughter, Jude. Declaration These doctoral studies were conducted under the supervision of Professor Chris Mitchell. The work presented in this thesis is the result of original research carried out by myself, in collaboration with others, whilst enrolled in the Department of Mathe- matics as a candidate for the degree of Doctor of Philosophy. This work has not been submitted for any other degree or award in any other university or educational establishment. Waleed A. Alrodhan November 2010 3 Acknowledgements I would like to express my deepest gratitude to my academic supervisor, and my role model, Professor Chris J. Mitchell, for his invaluable support, interest, patience and guidance throughout my studies at Royal Holloway. Without his insightful ideas, superb comments and helpful feedback on my work, this thesis would never come into existence. Special thanks to Professor David W. Chadwick and Professor Keith Martin for their most valuable comments and support. By finishing this thesis, I am approaching the end of a very important part of my life, my wife's and my daughter's. I am deeply grateful to my beloved wife Enas, for her help, sacrifices, continuing support and encouragement; I would not have finished this thesis without her by my side. I am also grateful to my parents, Dr. Ahmed and Mrs. Shikah, and to all of my family members and friends, for their endless support and endorsement. I would like to thank my father-in-law, Professor Abduallah Althenayan, and my mother-in- law, Mrs. Safiyah Alshieha, for their generous support and enlightening advice over the last few years. Finally, I am thankful to all the lecturers, secretaries and students in the Mathemat- ics Department; they provided me with an excellent research environment during my studies. 4 Abstract The last few years have witnessed a significant growth in the number of identity management solutions. Because of the nature of the information that is handled by such systems, and because of their potential ubiquity, privacy and practicality issues are of great importance for such schemes. This thesis aims to enhance the privacy and practicality of web-based identity management systems by presenting a number of novel enhancements to such schemes. We focus on two categories of identity management systems, namely Information Card-based and Federated identity management systems. Two novel schemes to enhance the privacy of identity management systems are given. The first is based on the concept of Secured from Identity Theft (SIT) attributes, and can be employed to improve the privacy of Information Card-based identity management systems. It addresses two security limitations in Microsoft CardSpace (as an Information Card-based identity management system) namely its reliance on user judgements of the trustworthiness of service providers, and its reliance on a single layer of authentication. The second scheme aims to enhance user authenti- cation within Information Card-based identity management systems by adding an additional authentication layer. We propose two possible implementations of this layer. The first approach requires a user machine to present to the service provider certain information sent to it by the service provider during the most recent success- ful use of the scheme. A proof-of-concept implementation of this scheme has been 5 produced. The second approach involves a challenge-response exchange between the user and the service provider. This requires a minor modification to the service provider XML-based security policy declaration message. With regard to practicality, the thesis presents two novel schemes designed to en- hance the practicality of identity management systems. The first enables the in- tegration of Information Card-based and Federated identity management systems. The integration scheme relies on the resemblance between the Microsoft CardSpace framework and the Liberty Alliance ID-WSF LEC SSO profile framework. The scheme introduces the concept of an identity adaptor, which is located on the user machine and converts messages exchanged between an identity provider and a rely- ing party during the authentication process. The second scheme aims to enhance the practicality of Federated identity management systems by introducing a framework for delegation services. This framework takes advantage of the trust relationships that exist by definition within the Liberty Alliance circles of trust, and extends the use of attribute statements in SAML 2.0 assertions. The framework supports both direct and indirect delegation. 6 Contents 1 Introduction 21 1.1 Motivation . 21 1.2 Summary of Contributions . 23 1.3 Structure of Thesis . 24 1.4 Publications . 26 I Background 28 2 Security Services and Mechanisms 29 2.1 Introduction . 30 2.2 Security Services . 30 2.2.1 Data Confidentiality . 31 2.2.2 Data Integrity . 31 2.2.3 Access Control . 31 2.2.4 Authentication . 35 2.2.5 Non-Repudiation . 35 2.2.6 Anonymity . 36 2.2.7 Privacy . 36 2.3 Security Mechanisms . 41 2.3.1 Symmetric Cryptography . 41 2.3.2 Asymmetric Cryptography . 43 2.3.3 Cryptographic Hash Functions . 44 7 CONTENTS 2.3.4 Authentication Mechanisms . 45 2.3.5 Time-Stamps . 45 2.3.6 Nonces . 46 2.3.7 Zero-Knowledge Mechanisms . 46 2.4 Security Protocols . 48 2.4.1 Secure Sockets Layer and Transport Layer Security . 48 2.4.2 Security Assertion Markup Language . 48 2.4.3 Web Services Protocols . 50 2.4.4 Diffie-Hellman Key Exchange . 51 2.5 Public Key Infrastructures . 52 3 Identity Management 54 3.1 Identities . 55 3.2 Identity Management . 58 3.3 Identity Management Models . 59 3.3.1 Conceptual Model . 59 3.3.2 Single Sign-on . 63 3.3.3 Level of Assurance . 64 3.3.4 Practical Models . 68 3.4 Conclusions . 81 4 Identity Management Systems 83 4.1 Introduction . 84 4.2 Microsoft CardSpace . 86 4.2.1 The CardSpace Framework . 87 4.2.2 Limitations of CardSpace . 95 4.3 Higgins Project . 96 4.3.1 The Higgins Framework . 97 4.3.2 Limitations of Higgins . 101 4.4 Liberty Alliance Project . 101 8 CONTENTS 4.4.1 The Liberty Framework . 103 4.4.2 Limitations of Liberty . 116 4.5 Shibboleth Project . 117 4.5.1 The Shibboleth Framework . 117 4.5.2 Limitations of Shibboleth . 125 4.6 OpenID . 126 4.6.1 The OpenID Framework . 127 4.6.2 Limitations of OpenID . 131 4.7 Shared Security Limitations . 131 4.7.1 Reliance on DNS Names . 132 4.7.2 Judgements of SP Authenticity . 132 4.7.3 Reliance on a Single Layer of Authentication . 135 4.8 Practicality of Identity Management Systems . 136 4.8.1 Integration . 136 4.8.2 Delegation . 140 II Enhancing Privacy and Practicality 147 5 Enhancing user privacy in ICIM systems 148 5.1 Introduction . 149 5.2 Improving the Security of CardSpace . 150 5.2.1 The Security Problems . 150 5.2.2 The Novel Scheme . 152 5.3 Analysis . 156 5.3.1 Security . 156 5.3.2 Performance . 162 5.3.3 Limitations . 163 5.4 Other possible solutions . 164 5.4.1 Using Symmetric Proof-keys . 164 9 CONTENTS 5.4.2 Using Asymmetric Proof-keys . 166 5.4.3 Modifying Claim Requests . 167 5.4.4 Combining Solutions . 168 5.5 Conclusions . 168 6 Enhancing user authentication in ICIM systems 170 6.1 Introduction . 171 6.2 User Authentication in ICIM Systems . 172 6.3 Enhancing User Authentication in ICIM Systems . 173 6.3.1 A Proof-of-Authenticity Method . 173 6.3.2 A Challenge-Response Method . 174 6.4 Implementing the Proof-of-Authenticity Method . 179 6.5 Discussion . 181 6.6 Limitations . 182 6.7 Conclusions . 183 7 Integrating Information Card-based and Federated identity man- agement systems 184 7.1 Introduction . 185 7.2 The Integration Model . 186 7.2.1 Motivation . 186 7.2.2 Discussion . 187 7.3 Integrating the Two Schemes . 190 7.3.1 Restrictions and assumptions . 191 7.3.2 Message flows . 192 7.4 An Analysis of the Integration Model . 197 7.5 Prototype Implementation . 199 7.5.1 The Prototype Framework . 201 7.5.2 Technical Details . 203 7.5.3 Operational Details . 203 10 CONTENTS 7.6 Related Work . 207 7.7 Conclusions . 208 8 A delegation framework for Federated identity management sys- tems 210 8.1 Introduction . 211 8.2 Delegation and Liberty . ..