Security

1
Security

• Vishal Kher
• 10 February 2003

2
Objectives

• Authentication and Access Control
• Using Role Based Access Control (RBAC)
• Key Management
• Of keys used for access control

3
Access Control - General Picture
RM
Client
Certificate/ Capability
Req, Certificate
Data
OBSD

• Minimize interaction between client RM
• RBAC
• A role is a set of transactions (operation) that
  a user can perform within the context of an
  organization
• Access control decision based on the role a user
  plays within an organization

4
General Architecture

• Basic Entities
• Clients
• Role Manager
• Performs userrole association
• Regional Manager can play the part of Role
  Manager
• Devices
• Have Role-based ACL
• Do not need any information about identify of the
  client
• Two Possible schemes
• Shared secret
• Public key-certificates

5
General Architecture

• Basic Entities
• Clients
• Role Manager
• Performs userrole association
• Usually separate from Regional Manager
• Regional Manager can play the part of Role
  Manager
• Devices
• Have Role-based ACL
• Do not need any information about identify of the
  client
• Two Possible schemes
• Shared secret
• Public key-certificates

6
Scheme Using Shared Secret

• Role Manager and Device share KRD

Device
Client
Role Manager
Access
Authenticate and assign roles
T Roles, start time, end time, version, K
MACKRD(T)
M T, Oper, Nonce MACK(M)

• Validates
• MACK(M)
• Access Rights

Reply, Nonce, MACK(M)
7
Scheme Using Shared Secret

• Issues
• Role-based capability bound to the device and
  regional manager
• Compound objects
• KRD is shared between device and role manager
• Every user will need to acquire a role-based
  capability per device
• Need a scheme to support global role-base
  capability
• Mobility of the object and replication will need
  an efficient scheme
• Revocation
• Currently, we are focusing on this scheme

8
Using Public-Key Certificates

• Each Role Manager and Client will have a
  public-key certificate
• Binds public key to an identity
• Role Manager issues a certificate to the client
• Binds roles to the client
• The device authenticates and authorizes client
  using the role certificate

9
Using Public-Key Certificates
VersionSerial NumberIssuerSubjectPublic-key
info
CA Digital Signature
RoleIssuerValid period
Role Managers Digital Signature
Example of a Role Certificate (R-cert)
10
Using Public-Key Certificates
Clients
Role Manager (RM)
Device
Access
Authenticate Assign role Create R-cert
Return R-cert
Operation, R-cert, Client-Signature

• Verify client signature
• Verify RM Signature
• Verify other fields
• Retrieve role
• Get access rights for this role

Response
11
Using Public-Key Certificates

• Advantages
• Flexibility
• Certificate is not dependent on the device and
  the role manager
• Mobility of object or device does not require
  generation of new certificate
• Issues
• Expensive
• Revocation

12
Key Management

• Issues
• Where and how to store the keys?
• Revocation
• Merging of roles
• How to share a secret?
• Goes hand in hand with the access control scheme

13
Conclusion

• Survey systems that use decentralized RBAC
• Currently implemented by few hospitals
• Propose schemes for access control and key
  management