Transcript Sicherheit in Rechnernetzen

1
Anonymity, unobservability, pseudonymity
and identity management requirements
for an AmI world
Andreas Pfitzmann
Dresden University of Technology, Department of Computer Science, D-01062 Dresden
Phone: 0351/ 463-38277, e-mail: [email protected], http://dud.inf.tu-dresden.de/
2
Excerpts from: Treaty Establishing a Constitution for Europe
Article I-2 The Union's values
The Union is founded on the values of respect for human
dignity, freedom, democracy, equality, the rule of law
and respect for human rights, including the rights of
persons belonging to minorities. ...
Article I-3 The Union's objectives
2. The Union shall offer its citizens an area of freedom,
security and justice without internal frontiers, and an
internal market where competition is free and undistorted.
3
Excerpts from: Treaty Establishing a Constitution for Europe
Article II-68 Protection of personal data
1. Everyone has the right to the protection of personal
data concerning him or her.
2. Such data must be processed fairly for specified
purposes and on the basis of the consent of the
person concerned or some other legitimate basis laid
down by law. Everyone has the right of access to data
which has been collected concerning him or her, and
the right to have it rectified.
4
Distrust is the basis
Cooperation on the basis of mutual distrust
(e.g. separation of powers, checks and balances)
is the basis of organizing modern societies, not trust.
5
Threats and corresponding protection goals
threats:
protection goals:
1) unauthorized access to information
confidentiality
2) unauthorized modification of information
integrity
3) unauthorized withholding of
information or resources
≥ total
correctness
 partial correctness
availability
for authorized
users
no classification, but pragmatically useful
example: unauthorized modification of a program
1)
2)+3)
cannot be detected, but can be prevented;
cannot be prevented, but can be detected;
cannot be reversed
can be reversed
6
Distrust is the basis, revisited
Cooperation on the basis of mutual distrust
(e.g. separation of powers, checks and balances)
is the basis of organizing modern societies, not trust.
Cf. confidentiality vs. integrity / availability :
You can’t check whether your trust has been justified
even after the fact vs. you can check whether your
trust has been justified.
7
Transitive propagation of errors and attacks
symbol explanation
computer
transitive
propagation of “errors”
program
A used B to
design C
A
C
B
machine X executes program Y
Y
X
8
universal Trojan horse
commands
unauthorized
disclosure of
information
universal
write access
unauthorized
modification
of information
Trojan horse
unauthorized
withholding of
information or
resources
9
Protection against whom ?
Laws and forces of nature
- components are growing old
- excess voltage (lightning, EMP)
- voltage loss
- flooding (storm tide, break of water pipe)
- change of temperature ...
fault
tolerance
Human beings
- outsider
- user of the system
- operator of the system
- service and maintenance
- producer of the system
Trojan horse
- designer of the system
• universal
- producer of the tools to design and produce
• transitive
- designer of the tools to design and produce
- producer of the tools to design and produce
the tools to design and produce
- designer ... includes
user,
operator,
service and maintenance ... of the system used
10
Which protection measures against which attacker ?
protection concerning
protection against
to achieve
the intended
to prevent
the unintended
designer and producer
of the tools to design
and produce
intermediate languages and intermediate results,
which are analyzed independently
designer of the system
producer of the system
see above + several independent designers
independent analysis of the product
control as if a new product, see above
restrict physical
access,
restrict and log
logical access
physical and logical restriction of access
service and maintenance
operator of the system
user of the system
outsiders
protect the system physically and protect data
cryptographically from outsiders
physical distribution and redundance
unobservability, anonymity, unlinkability:
avoid the ability to gather “unnecessary data”
11
Multilateral security
• Each party has its particular protection goals.
• Each party can formulate its protection goals.
• Security conflicts are recognized and
compromises negotiated.
• Each party can enforce its protection goals
within the agreed compromise.
Security with minimal assumptions about others
12
Protection Goals: Sorting
Content
Circumstances
Prevent the
unintended
Confidentiality
Hiding
Anonymity
Unobservability
Achieve the
intended
Integrity
Accountability
Availability
Reachability
Legal Enforceability
13
Protection Goals: Definitions
Confidentiality ensures the confidentiality of user data when they are transferred. This assures
that nobody apart from the communicants can discover the content of the communication.
Hiding ensures the confidentiality of the transfer of confidential user data. This means that nobody
apart from the communicants can discover the existence of confidential communication.
Anonymity ensures that a user can use a resource or service without disclosing his/her identity.
Not even the communicants can discover the identity of each other.
Unobservability ensures that a user can use a resource or service without others being able to
observe that the resource or service is being used. Parties not involved in the communication can
observe neither the sending nor the receiving of messages.
Integrity ensures that modifications of communicated content (including the sender’s name, if one
is provided) are detected by the recipient(s).
Accountability ensures that sender and recipients of information cannot successfully deny having
sent or received the information. This means that communication takes place in a provable way.
Availability ensures that communicated messages are available when the user wants to use them.
Reachability ensures that a peer entity (user, machine, etc.) either can or cannot be contacted
depending on user interests.
Legal enforceability ensures that a user can be held liable to fulfill his/her legal responsibilities
within a reasonable period of time.
14
Correlations between protection goals
Confidentiality
+
Anonymity
+
Hiding
Unobservability
–
Integrity
Accountability
Reachability
Availability
Legal Enforceability
implies
+
strengthens
–
weakens
15
Golden rule
Since tamper-resistance of HW is all but good and
organizations are far from perfect keeping secrets:
Correspondence between
organizational and IT structures
Personal data should be gathered, processed and
stored, if at all, by IT in the hands of the individual
concerned.
16
Superposed sending (DC-network)
.....
...
D. Chaum 1985 for finite fields
station 1
M1 3A781
K12 2DE92
A. Pfitzmann 1990 for abelian groups
+
K13 4265B
.....
...
station 2
M2
00000
99B6E
-K12 E327E
4AE41
+
K23 67CD3
.....
...
anonymous
access
67EE2
station 3
M3
00000
-K13 CEAB5
3A781
+
= M1 ++ M2 + M3
+
.....
...
-K23 A943D
User station
Pseudo-random bit-stream generator
+
Modulo- 16-Adder
Anonymity of the sender
If stations are connected by keys the value of which is completely unknown to the
attacker, tapping all lines does not give him any information about the sender.
17
Protection of the communication relation: MIX-network
D.Chaum 1981 for electronic mail
c1 (z4,c2(z1,M1))
c1 (z5,c2(z2,M2))
c1 (z6,c2(z3,M3))
MIX1 batches, discards repeats,
d1(c1(zi,Mi)) = (zi,Mi)
c2 (z3,M3)
c2 (z1,M1)
c2 (z2,M2)
MIX2 batches, discards repeats,
d2(c2(zi,Mi)) = (zi,Mi)
M2
M3
M1
18
Identity management
Privacy-enhancing identity management is only possible
w.r.t. parties which don‘t get GUIDs anyway, by
• the communication network (e.g. network addresses)
• the user device (e.g. serial numbers, radio signatures),
or even
• the user him/herself (e.g. by biometrics).
19
Personal identifier
845 authorizes A: ___
A notifies 845: ___
845 pays B €
B certifies 845: ___
C pays 845 €
20
Role-relationship pseudonyms and transaction pseudonyms
762 authorizes A: __
A notifies 762: ___
451 pays B €
B certifies 451: ___
B certifies 314: ___
C pays 314 €
21
Pseudonyms: Linkability in detail
Distinction between:
1. Initial linking between the
pseudonym and its holder
2. Linkability due to the use of
the pseudonym in different
contexts
22
Pseudonyms: Initial linking to holder
Public pseudonym:
The linking between pseudonym and its holder may be publicly
know from the very beginning.
Phone number with its owner listed in public directories
Initially non-public pseudonym:
The linking between pseudonym and its holder may be know by
certain parties (trustees for identity), but is not public at least
initially.
Bank account with bank as trustee for identity,
Credit card number ...
Initially unlinked pseudonym:
The linking between pseudonym and its holder is – at least
initially – not known to anybody (except the holder).
Biometric characteristics; DNA (as long as no registers)
23
Pseudonyms: Use in different contexts => partial order
number of an identity card,
security number, bank
person pseudonysocial
m
account
role pseudony m
pen name,
employee
linkable
relationship pseudony m
customer number
identity card number
role-relationship pseudony m
contract number
transaction pseudony m
one-time password, TAN
increasing
unlinkability
of transactions

increasing
av ailable
anonymity
A  B stands for “B enables stronger anonymity than A”
unlinkable
24
Summing up
Requirements for a multilaterally secure and privacyenabling AmI world:
• Make sure that others cannot gather „unnecessary data“
(just not gathering it is not enough, as history tells us).
• Since trust in foreign infrastructures w.r.t. confidentiality
properties (e.g. privacy) will be very limited at best, each
human should have his/her trusted device(s) to provide for
his/her security. This device might act in an ambient way in
the interests of its owner.
• Communication of humans with their ICT-environment
should be by means of their trusted device only.
• Develop trusted devices which have no identifying radio
signature.
• Minimize sensor abilities w.r.t. sensing foreign human
beings directly.
25
Terminology and further reading
http://dud.inf.tu-dresden.de/Anon_Terminology.shtml