Wireless PKI Security and Mobile Voting Jaak Tepandi and Stanislav Vassiljev, Tallinn University of Technology Ilja Tšahhirov, InVision Software AG Source : IEEE Computer Society / August 2010 Date : March 2, 2012 Presenter :黃家柔 Outline • • • • • • • • • Introduction Mobile phones: a “ handy” solution WPKI authentication and digital signing WPKI security study Manageable WPKI-specific risk WPKI-specific risk requiring attention Implications for m-voting WPKI requirements Conclusion Introduction • Wireless public-key infrastructure technology is used in many security-critical applications including banking and digital signing. • An analysis of WPKI security using ID-card-based PKI (ID-PKI) as a benchmark highlights various risks and their implications for mobile voting. Mobile phones: a “ handy” solution(1/2) • Security-critical applications can utilize a computer and a mobile phone with a Universal Subscriber Identity Module (USIM) card for authentication and electronic signatures. • In Estonia, Mobiil-ID technology enables personal identification and authentication with a mobile phone. • a Mobiil-ID USIM card provides the usual SIM card functionality and also incorporates the private keys for authentication and digital signatures, obviating the need for a physical ID card reader. Mobile phones: a “ handy” solution(2/2) • Mobiil-ID is based on emerging wireless PKI specifications. WPKI can be used to obtain client authentication and nonrepudiation . WPKI authentication and digital signing registration 5. Registration Authority(RA) Mobile operator V+ H + request PIN user 6. User input PIN & Cards bound to user’s identities 8. 5. V+H 6. 4. authentication or reject Identifier 1. Verification code (V) 7. TSP verifies the user’s signature and send result to the AP 3.validates ID’s certificate Certificate Authority(CA) Trust service provider 4. Verification code (V) 2. Request identity service for ID Application provider WPKI security study(1/2) • Main types of threats focused on -General Threats related to Legal issues -Cryptography -Software Development, technical threats -M-Voting Threats WPKI security study(2/2) • Risks with WPKI -Risks associated with WPKI are of Information security. ‧Integrity ‧Confidentiality ‧Authenticity ‧Non repudiation ‧Availability Manageable WPKI-specific risk(1/3) • The risk within the Mobile Operator’s Subsystem ──the Over the Air (OTA) Server and SMS Center can be subject to Man in the Middle Attack. • Mobile Operator must impose security measures including the encryption communication over VPN and securing LAN with firewall. Detailed analysis demonstrates that the risk of MITM attacks is low. Manageable WPKI-specific risk(2/3) Sent to wrong mobile phone ! 5. Mobile operator The risk of MITM attack is low. 5. H(V) H(V) + request PIN user 6. User input PIN & 4. Verification code (V) 6. modify 1. Identifier X 3. validates ID’s certificate Certificate Authority(CA) Trust service provider 4. Verification code (V) 2. Request identity service for ID ▲ Example 1 Application provider Manageable WPKI-specific risk(3/3) 因為V ≠ V ,則user不 U1 ▪Note: I1=I2 , VA1=VA2 ▪ 被認證,反而是攻擊者被 認證了!(VA1=VA2) user : 合法 : 不合法 Mobile operator 3. validates ID’s certificate 11. 8. VA2 + H(VA2) 10. User input PIN & sign 9. VA2 + H(VA2) + request PIN ‧Solution: 中止同時有兩個驗證要 求從一個user傳來的情 況。 ──WPKI的安全應用也 必須是以這樣的情況為 前提才行。 2. Trust service provider Attacker 13. 4. I2 14. VU1 1. 7. I1 VA1 authenticated 不是MITM attack, 只是攻擊者取代 user 驗 證 , 非 攻 擊 者 在 user 連 結 server 時 介 入 中 間,就像是一個 騙人的網站而已。 Certificate Authority(CA) A2 I1 5. VA1 Application provider 6. I2 12. VU1 ▲ Example 2 - An attacker grasping a user’s session WPKI-specific risk requiring attention • Man in the middle attack between APs and users are easier in WPKI than in ID-PKI.(attacker may fake server between client and server connecting) • Compared with other authentication methods.(ex.one time passwords). WPKI enabled measures help prevent many kind of attacks. • ID-PKI authenticates the user based on both user’s certificate and the server public key certificate during the SSL session handshake. This makes an MITM attack unrealistic. Implications for m-voting • Electronic voting asks for additional demanding security. -votes must remain anonymous. -the system must record every action. • The I-Voting(over the internet) used in Estonia and several other settings utilizes the ”digital envelope”. -Inner envelope has the encrypted vote. -outer envelope has digital signature. WPKI requirements(1/2) • RA : maintain , document,and periodically audit strict procedures for person’s identity and citizenship verification. • CA : Informing people about m-voting security problem.(ex. User can’t lend somebody mobile phone capable of signature service.) • M-voting infrastructure, operational procedures, and application development should match traditional e-voting systems’ strict security requirements. WPKI requirements(2/2) • It is vital to ensure quality handling of USIM card private keys ,secret keys, and PIN codes. (ex. MOs should keep logs.) • MO procedures should also ensure voter anonymity by preventing administrators from observing the m-voting process in any way. Conclusion • WPKI的流程雖然趨近於完整,但TSP必須要等到 user輸入PIN和簽章後才能查覺被攻擊,會造成驗 證時間變長,若能在AP與user之間或者是AP與 TSP之間於傳輸前再追加一道驗證手續,或許就 能夠提早發現問題。 THE END