annual workshop february 5th, 2014
DESCRIPTION
Annual Workshop February 5th, 2014. The PriMan framework. SecAnon-DistriNet. Outline. Introduction PriMan PriMan app development Abstractions Next steps. Security problem? Here is the solution:. Public Key Cryptography. Mix Networks. Anonymous Credentials. Onion Routing. - PowerPoint PPT PresentationTRANSCRIPT
Annual WorkshopFebruary 5th, 2014
[name – KU Leuven]
The PriMan framework
SecAnon-DistriNet
Outline
• Introduction• PriMan• PriMan app development• Abstractions• Next steps
Security problem? Here is the solution:
Mix Networks
One Time Password
Public Key Cryptography
Anonymous Credentials
Blind Signatures
Secure Channels
Tamper Proof Modules
Searchable Encryption
Group Signatures
Zero-Knowledge Proofs
Onion Routing
The Problems
• Processor intensive
• Complex to use (user)
• Complex to use (Developer)
The Problems
• Processor intensive
• Complex to use (user)
• Complex to use (Developer)
Outline
• Introduction• PriMan• PriMan app development• Abstractions• Next steps
PriMan
• Policy driven development framework• Flexible and secure access control• Security of data in storage and transit
• Goal: facilitating the development of secure and privacy friendly applications
PriMan
• High level technology agnostic API
• Thin SW Layer
• Modular design
• Rapid prototyping
Technology agnostic abstractions
• Technology agnostic– Dev does not need to be aware of techn.
specific configuration details • Techn. specific configuration
policies
• High level, easy to understand operations
PriMan
• Thin software layer– Connects API with technologies
underneath– Very low overhead (<1ms)
• Modular design– Extensible
PriMan
• Non-Functional requirements– Usability–Modularity– Privacy/Security– Performance
• Functional requirements– Secure communication channels– Secure data storage– Secure authentication
Outline
• Introduction• PriMan• PriMan app development• Abstractions• Next steps
App development
PriMan app development
PriMan app development
Security experts create and configure reusable (secure) FW components
Outline
• Introduction• PriMan• PriMan app development• Abstractions• Next steps
Abstractions - Connection
• Create connection– ConnectionParameters
• Listen for connection (server)• Send data (Object)• Receive data (Object)• Close connection
Configuration Parameters - Connections
• Address• Port• Protocol• Keystore (+password)• Truststore (+password)• …
Connection - Example• Code
• Configuration
Abstractions - Credential• Credential
– Represents identity– Attributes + secret
• Issuer• Authentication
– Prove a Claim – Claim can be determined by auth. policy– Example:
Policy: “Prove ownership of valid ePoll cred”Claim: “I own this ePoll cred”Proof: Cryptographic proof using secret and nonce
Credential - Example
– Create a Claim using a Policy
– Create a Credential using Claim, secret and nonce
Abstractions - Storage
• Store• Load• Remove
• Using Identifiers• Optional: Storage secret
Outline
• Introduction• PriMan• PriMan app development• Abstractions• Next steps
Next steps
• Move control to Service provider–Which technology is selected– Under which circumstances
(context aware)
• Give some control to the user
Policies• Security policy
– Context aware– Determines which action needs to be performed– Determines which technology will be selected
• Sticky policy– Attached to an object
(e.g., a credential, a data object)– Defines how the app can use that object
• Context aware• User policy
– ~ Security policy, but defined by the user– Service provider limits user policy capabilities
PriMan app development
PriMan app development
Questions?