Improving the security of CardSpace

CardSpace (formerly known as InfoCard) is a digital identity management system that has recently been adopted by Microsoft. In this paper we identify two security shortcomings in CardSpace that could lead to a serious privacy violation. The first is its reliance on user judgements of the trustworthiness of service providers, and the second is its reliance on a single layer of authentication. We also propose a modification designed to address both flaws. The proposed approach is compatible with the currently deployed CardSpace identity metasystem, and should enhance the privacy of the system whilst involving only minor changes to the current CardSpace framework. We also provide a security and performance analysis of the proposal.

Information cards and a design to extend the claims model to incorporate geolocation

The rapid adoption of the internet has occurred despite the lack of a ubiquitous identity meta-system. The status quo is a patchwork of proprietary security systems. A number of security issues have arisen as a result which threaten to lead to a loss of trust in the internet, and may limit the scope of applications built on it; effectively constraining the potential of the internet as a platform for business and services. Current initiatives by a broad consortium of industry leaders promise a vastly improved landscape with a set of interoperable protocols and systems, built on open specifications, and guided by a set of core identity principles, enabling a more secure online experience. Simultaneously there have arisen a large number of location aware web application and services which detect and use a user’s location to enhance their application experience. These advances, although useful, present new security and privacy issues. This paper investigates the operation of one of the new identity technologies, information cards, and proposes extensions to the existing supported schemas to incorporate recent advances in geo-location technology. The proposal is supported by reference to existing o pen source implementations

Modelling escalation of attacks in federated identity management

PhD ThesisFederated Identity Management (FIM) is an increasingly prevalent method for authenticating users online. FIM offloads the authentication burden from a Service Provider (SP) to an Identity Provider (IdP) that the SP trusts. The different entities involved in the FIM process are referred to as stakeholders. The benefits of FIM to stakeholders are clear, such as the ability for users to use Single Sign-On. However, the security of FIM also has to be evaluated. Attacks on one point in a FIM system can lead to other attacks being possible, and detecting those attacks can be hard just from modelling the functionality of the FIM system. Attacks in which the effect of one attack can become the cause for another attack are referred to in this thesis as escalating attacks. The overall research question this thesis revolves around: how can we model escalating attacks to detect attacks which are possible through an adversary first launching another attack, and present causality of attacks to the FIM stakeholders involved? This thesis performs a survey of existing attacks in FIM. We categorise attacks on FIM using a taxonomy of our own design. This survey is the first attempt at categorising attacks that target FIM using a taxonomy. Some attacks can have an effect that causes another attack to be possible in ways that are difficult to predict. We consider a case study involving OAuth 2.0 (provided by existing literature), as a basis for modelling attack escalation. We then seek to present a language for modelling FIM systems and attacker manipulations on those systems. We find that FIM systems can be generalised for the purpose of a programmatic logical analysis. In addition, attacker manipulations on a system can be broken down using an existing conceptual framework called Malicious and Accidental Fault Tolerance (MAFTIA). Using a generalised FIM system model and MAFTIA, we can express a complex interlinking of attacks informed by case studies in FIM security analysis. This is the first attempt to model FIM systems generally and apply logical analysis to that model. Finally, we show how causality of attacks can be analysed using attack trees. We find that any solutions to an escalating attack can be expressed using a tree model which conforms to existing research on attack trees. Our approach is the first attempt of modelling attacks on FIM systems through the use of attack trees. We consider stakeholder attribution and cost analysis as concrete methods for analysing attack trees

Elaboration d'un modèle d'identité numérique adapté à la convergence

L évolution des réseaux informatiques, et notamment d Internet, s ancre dans l émergence de paradigmes prépondérants tels que la mobilité et les réseaux sociaux. Cette évolution amène à considérer une réorganisation de la gestion des données circulant au cœur des réseaux. L accès à des services offrant de la vidéo ou de la voix à la demande depuis des appareils aussi bien fixes que mobiles, tels que les Smartphones, ou encore la perméabilité des informations fournies à des réseaux sociaux conduisent à s interroger sur la notion d identité numérique et, de manière sous-jacente, à reconsidérer les concepts de sécurité et de confiance. La contribution réalisée dans ce travail de thèse consiste, dans une première partie, à analyser les différents modèles d identité numérique existants ainsi que les architectures de fédération d identité, mais également les protocoles déployés pour l authentification et les problèmes de confiance engendrés par l absence d élément sécurisé tel qu une carte à puce. Dans une deuxième partie, nous proposons, en réponse aux éléments dégagés dans la partie précédente, un modèle d identité fortement attaché au protocole d authentification TLS embarqué dans un composant sécurisé, permettant ainsi de fournir les avantages sécuritaires exigibles au cœur des réseaux actuels tout en s insérant naturellement dans les différents terminaux, qu ils soient fixes ou mobiles. Enfin, dans une dernière partie, nous expliciterons plusieurs applications concrètes, testées et validées, de ce modèle d identité, afin d en souligner la pertinence dans des cadres d utilisation pratique extrêmement variés.IT networks evolution, chiefly Internet, roots within the emergence of preeminent paradigms such as mobility and social networks. This development naturally triggers the impulse to reorganize the control of data spreading throughout the whole network. Taking into account access to services such as video or voice on demand coming from terminals which can be fixed or mobile such as smartphones, or also permeability of sensitive information provided to social networks, these factors compel a necessary interrogation about digital identity as a concept. It also intrinsically raises a full-fledged reconsideration of security and trust concepts. The contribution of this thesis project is in line, in a first part, with the analysis of the existing manifold digital identity frameworks as well as the study of current authentication protocols and trust issues raised by the lack of trusted environment such as smartcards. In a second part, as an answer to the concerns suggested in the first part, we will advocate an identity framework strongly bounded to the TLS authentication protocol which needs to be embedded in a secure component, thus providing the mandatory security assets for today s networks while naturally fitting with a varied scope of terminals, be it fixed or mobile. In a last part, we will finally exhibit a few practical applications of this identity framework, which have been thoroughly tested and validated, this, in order to emphasize its relevance throughout multifarious use cases.PARIS-Télécom ParisTech (751132302) / SudocSudocFranceF