The problems with proving identity

Ross Dargan, Ben Lee

Introductions

Ross Dargan – Executive Bespoke Consultant

Waterstons

Ben Lee – UC Consultant

Modality Systems

Three ways of proving identity

See it

Prove it

Outsource it

Proving identity in history

Proving your identity

Why is it important to know who you are talking to?

It depends what you are doing!

Some wisdom from @IDS_MP…

GOVERNMENT ADVICE: If your home is in the path of the storm, head to your second or third home for safety. #ukstorm

COBRA Meeting to discuss if we stick with Trident or just let the NHS do the mass killing. No biscuits.

I’m getting a silk handkerchief embroidered with gold braid saying ‘in it together’ with my pay rise. And a new car. Get in.

We think it’s vital young working class children learn fractions. It will help them tremendously when they grow up and become drug dealers.

Twitter – See it

Out of band

High cost

Doesn’t scale

99.9*% accurate

Twitter – Prove it

Context gives confidence

Ask in-band question

Susceptible to MITM attacks

Twitter – Outsource it

Ask a mutual friend

Delegated Trust

Prove It DemoAuthentication

Socialist millionaire protocol

Ross

Picks random exponents a2 and a3

Sends Bob g2a = g1a2 and g3a = g1

a3

Ben

Picks random exponents b2 and b3

Computes g2b = g1b2 and g3b = g1

b3

Computes g2 = g2ab2 and g3 = g3a

b3

Picks random exponent r

Computes Pb = g3r and Qb = g1

r g2y

Sends Alice g2b, g3b, Pb and Qb

Ross

Computes g2 = g2ba2 and g3 = g3b

a3

Picks random exponent s

Computes Pa = g3s and Qa = g1

s g2x

Computes Ra = (Qa / Qb) a3

Sends Bob Pa, Qa and Ra

Ben

Computes Rb = (Qa / Qb) b3

Computes Rab = Rab3

Checks whether Rab == (Pa / Pb)

Sends Alice Rb

Ross

Computes Rab = Rba3

Checks whether Rab == (Pa / Pb)

Proof

Rab = Rab3 = (Qa / Qb) a

3·b

3 = (g1s - r · g2

x - y) a3·b

3 = g1

a3

·b3

·(s - r) · g2(x - y)·a

3·b

3

Pa / Pb = g3s / g3

r = g3s - r = g3a

b3

·(s - r) = g1a3

·b3

·(s - r)

This means that

g2a3·b

3·(x - y) = 1

Since g2a3·b

3 is a random number different from 1, the only solution is that x - y = 0, meaning that x = y.

£20

£30

£50

£40

Socialist millionaire protocol (ELI 5)

Ross

Ben

£20

£30

£50

£40

nn y n

£20

£30

£50

£40

n

Threema

iMessage

Proving your identityAuthentication with server

Username/password

Proving who you are to a server

2 Factor

SQRL

Outsource it

OAuth

Delegate authentication to a trusted source (Identity Provider)

I know “Ben”, You know me, I’m telling you this is Ben.

Supports claims – Ben’s email is …

OAuth

Pros

Single Sign on

No need to store shared secrets

User doesn’t need to trust you

Less passwords \0/

Supported by Active Directory (ADFS)

Cons

Trust (Rouge IP, or 1 account hacked)

Availability

Gov.uk

PKI / Certificate trust

Public Key Infrastructure

An arrangement of CA (Certificate Authorities) used to validate something or someone's identity

??ü

ü ü

Certificate Trust

What happens if we lose control of the certificate?

Revocation List

Heartbleed

500,000+ certificates renewed

Not many revoked…

20 bytes per certificate (thumbprint) … this would be 10Mb

Might not sound much, but on 2g? Also each cert needs to be checked against it.

Browser implementations

Not always as it seems

Hard fail vs soft fail

What if you haven’t verified

Hard fail – revoked

Soft fail – couldn’t check

Trusting your browser…

Workarounds

OCSP Stapling

Server supplies short-lived proof that still okay

“Must Staple”

EEF Lets Encrypt

Short lived certificates themselves

API needed to re-generate etc…

Conclusion…?

This stuff is hard

But only has hard as you want it to be!

Will always be an issue

Tonight was hopefully just a bit of food for thought