Upload
ashlee-hicks
View
215
Download
0
Embed Size (px)
Citation preview
The problems with proving identity
Ross Dargan, Ben Lee
Introductions
Ross Dargan – Executive Bespoke Consultant
Waterstons
Ben Lee – UC Consultant
Modality Systems
Three ways of proving identity
See it
Prove it
Outsource it
Proving identity in history
Proving your identity
Why is it important to know who you are talking to?
It depends what you are doing!
Some wisdom from @IDS_MP…
GOVERNMENT ADVICE: If your home is in the path of the storm, head to your second or third home for safety. #ukstorm
COBRA Meeting to discuss if we stick with Trident or just let the NHS do the mass killing. No biscuits.
I’m getting a silk handkerchief embroidered with gold braid saying ‘in it together’ with my pay rise. And a new car. Get in.
We think it’s vital young working class children learn fractions. It will help them tremendously when they grow up and become drug dealers.
Twitter – See it
Out of band
High cost
Doesn’t scale
99.9*% accurate
Twitter – Prove it
Context gives confidence
Ask in-band question
Susceptible to MITM attacks
Twitter – Outsource it
Ask a mutual friend
Delegated Trust
Prove It DemoAuthentication
Socialist millionaire protocol
Ross
Picks random exponents a2 and a3
Sends Bob g2a = g1a2 and g3a = g1
a3
Ben
Picks random exponents b2 and b3
Computes g2b = g1b2 and g3b = g1
b3
Computes g2 = g2ab2 and g3 = g3a
b3
Picks random exponent r
Computes Pb = g3r and Qb = g1
r g2y
Sends Alice g2b, g3b, Pb and Qb
Ross
Computes g2 = g2ba2 and g3 = g3b
a3
Picks random exponent s
Computes Pa = g3s and Qa = g1
s g2x
Computes Ra = (Qa / Qb) a3
Sends Bob Pa, Qa and Ra
Ben
Computes Rb = (Qa / Qb) b3
Computes Rab = Rab3
Checks whether Rab == (Pa / Pb)
Sends Alice Rb
Ross
Computes Rab = Rba3
Checks whether Rab == (Pa / Pb)
Proof
Rab = Rab3 = (Qa / Qb) a
3·b
3 = (g1s - r · g2
x - y) a3·b
3 = g1
a3
·b3
·(s - r) · g2(x - y)·a
3·b
3
Pa / Pb = g3s / g3
r = g3s - r = g3a
b3
·(s - r) = g1a3
·b3
·(s - r)
This means that
g2a3·b
3·(x - y) = 1
Since g2a3·b
3 is a random number different from 1, the only solution is that x - y = 0, meaning that x = y.
£20
£30
£50
£40
Socialist millionaire protocol (ELI 5)
Ross
Ben
£20
£30
£50
£40
nn y n
£20
£30
£50
£40
n
Threema
iMessage
Proving your identityAuthentication with server
Username/password
Proving who you are to a server
2 Factor
SQRL
Outsource it
OAuth
Delegate authentication to a trusted source (Identity Provider)
I know “Ben”, You know me, I’m telling you this is Ben.
Supports claims – Ben’s email is …
OAuth
Pros
Single Sign on
No need to store shared secrets
User doesn’t need to trust you
Less passwords \0/
Supported by Active Directory (ADFS)
Cons
Trust (Rouge IP, or 1 account hacked)
Availability
Gov.uk
PKI / Certificate trust
Public Key Infrastructure
An arrangement of CA (Certificate Authorities) used to validate something or someone's identity
??ü
ü ü
Certificate Trust
What happens if we lose control of the certificate?
Revocation List
Heartbleed
500,000+ certificates renewed
Not many revoked…
20 bytes per certificate (thumbprint) … this would be 10Mb
Might not sound much, but on 2g? Also each cert needs to be checked against it.
Browser implementations
Not always as it seems
Hard fail vs soft fail
What if you haven’t verified
Hard fail – revoked
Soft fail – couldn’t check
Trusting your browser…
Workarounds
OCSP Stapling
Server supplies short-lived proof that still okay
“Must Staple”
EEF Lets Encrypt
Short lived certificates themselves
API needed to re-generate etc…
Conclusion…?
This stuff is hard
But only has hard as you want it to be!
Will always be an issue
Tonight was hopefully just a bit of food for thought