Document

advertisement
Wireless PKI Security
and Mobile Voting
Jaak Tepandi and Stanislav Vassiljev, Tallinn University of Technology
Ilja Tšahhirov, InVision Software AG
Source : IEEE Computer Society / August 2010
Date : March 2, 2012
Presenter :黃家柔
Outline
•
•
•
•
•
•
•
•
•
Introduction
Mobile phones: a “ handy” solution
WPKI authentication and digital signing
WPKI security study
Manageable WPKI-specific risk
WPKI-specific risk requiring attention
Implications for m-voting
WPKI requirements
Conclusion
Introduction
• Wireless public-key infrastructure technology is used in
many security-critical applications including banking
and digital signing.
• An analysis of WPKI security using ID-card-based PKI
(ID-PKI) as a benchmark highlights various risks and
their implications for mobile voting.
Mobile phones: a “ handy” solution(1/2)
• Security-critical applications can utilize a computer
and a mobile phone with a Universal Subscriber
Identity Module (USIM) card for authentication and
electronic signatures.
• In Estonia, Mobiil-ID technology enables personal
identification and authentication with a mobile phone.
• a Mobiil-ID USIM card provides the usual SIM card
functionality and also incorporates the private keys
for authentication and digital signatures, obviating the
need for a physical ID card reader.
Mobile phones: a “ handy” solution(2/2)
• Mobiil-ID is based on emerging wireless PKI
specifications. WPKI can be used to obtain client
authentication and nonrepudiation .
WPKI authentication and digital signing
registration
5.
Registration
Authority(RA)
Mobile
operator
V+ H + request PIN
user
6. User input PIN &
Cards bound
to user’s identities
8.
5.
V+H
6.
4.
authentication
or
reject
Identifier
1.
Verification code (V)
7.
TSP verifies the user’s signature
and send result to the AP
3.validates ID’s
certificate
Certificate
Authority(CA)
Trust service
provider
4.
Verification code (V)
2. Request identity service for ID
Application
provider
WPKI security study(1/2)
• Main types of threats focused on
-General Threats related to Legal issues
-Cryptography
-Software Development, technical threats
-M-Voting Threats
WPKI security study(2/2)
• Risks with WPKI
-Risks associated with WPKI are of Information
security.
‧Integrity
‧Confidentiality
‧Authenticity
‧Non repudiation
‧Availability
Manageable WPKI-specific risk(1/3)
• The risk within the Mobile Operator’s Subsystem
──the Over the Air (OTA) Server and SMS Center
can be subject to Man in the Middle Attack.
• Mobile Operator must impose security measures
including the encryption communication over VPN
and securing LAN with firewall. Detailed analysis
demonstrates that the risk of MITM attacks is low.
Manageable WPKI-specific risk(2/3)
Sent to wrong
mobile phone !
5.
Mobile
operator
The risk of
MITM attack is low.
5.
H(V)
H(V) + request PIN
user
6. User input PIN &
4.
Verification code (V)
6.
modify
1.
Identifier
X
3.
validates ID’s
certificate
Certificate
Authority(CA)
Trust service
provider
4.
Verification code (V)
2. Request identity service for ID
▲ Example 1
Application
provider
Manageable WPKI-specific
risk(3/3)
因為V ≠ V ,則user不
U1
▪Note:
I1=I2 , VA1=VA2
▪
被認證,反而是攻擊者被
認證了!(VA1=VA2)
user
: 合法
: 不合法
Mobile
operator
3.
validates ID’s
certificate
11.
8.
VA2
+
H(VA2)
10. User input PIN & sign
9.
VA2 + H(VA2) + request PIN
‧Solution:
中止同時有兩個驗證要
求從一個user傳來的情
況。
──WPKI的安全應用也
必須是以這樣的情況為
前提才行。
2.
Trust service
provider
Attacker
13.
4.
I2
14.
VU1
1.
7.
I1 VA1
authenticated
不是MITM attack,
只是攻擊者取代
user 驗 證 , 非 攻
擊 者 在 user 連 結
server 時 介 入 中
間,就像是一個
騙人的網站而已。
Certificate
Authority(CA)
A2
I1
5. VA1
Application provider
6. I2
12. VU1
▲ Example 2 - An attacker grasping a user’s session
WPKI-specific risk requiring attention
• Man in the middle attack between APs and users are
easier in WPKI than in ID-PKI.(attacker may fake
server between client and server connecting)
• Compared with other authentication methods.(ex.one
time passwords). WPKI enabled measures help prevent
many kind of attacks.
• ID-PKI authenticates the user based on both user’s
certificate and the server public key certificate during
the SSL session handshake. This makes an MITM
attack unrealistic.
Implications for m-voting
• Electronic voting asks for additional demanding security.
-votes must remain anonymous.
-the system must record every action.
• The I-Voting(over the internet) used in Estonia and several
other settings utilizes the ”digital envelope”.
-Inner envelope has the encrypted vote.
-outer envelope has digital signature.
WPKI requirements(1/2)
• RA : maintain , document,and periodically audit strict
procedures for person’s identity and citizenship
verification.
• CA : Informing people about m-voting security
problem.(ex. User can’t lend somebody mobile phone
capable of signature service.)
• M-voting infrastructure, operational procedures, and
application development should match traditional e-voting
systems’ strict security requirements.
WPKI requirements(2/2)
• It is vital to ensure quality handling of USIM card private
keys ,secret keys, and PIN codes.
(ex. MOs should keep logs.)
• MO procedures should also ensure voter anonymity by
preventing administrators from observing the m-voting
process in any way.
Conclusion
• WPKI的流程雖然趨近於完整,但TSP必須要等到
user輸入PIN和簽章後才能查覺被攻擊,會造成驗
證時間變長,若能在AP與user之間或者是AP與
TSP之間於傳輸前再追加一道驗證手續,或許就
能夠提早發現問題。
THE END
Download