Annual Workshop
February 5th, 2014
The PriMan framework
SecAnon-DistriNet
[name – KU Leuven]
Outline
•
•
•
•
•
Introduction
PriMan
PriMan app development
Abstractions
Next steps
Security problem? Here is the solution:
Public Key Cryptography
Mix Networks
Anonymous Credentials
Onion Routing
One Time Password
Secure Channels
Tamper Proof Modules
Group Signatures
Blind Signatures
Zero-Knowledge Proofs
Searchable Encryption
The Problems
• Processor intensive
• Complex to use (user)
• Complex to use (Developer)
The Problems
• Processor intensive
• Complex to use (user)
• Complex to use (Developer)
Outline
•
•
•
•
•
Introduction
PriMan
PriMan app development
Abstractions
Next steps
PriMan
• Policy driven development framework
• Flexible and secure access control
• Security of data in storage and
transit
• Goal: facilitating the development of
secure and privacy friendly
applications
PriMan
• High level technology agnostic API
• Thin SW Layer
• Modular design
• Rapid prototyping
Technology agnostic abstractions
• Technology agnostic
– Dev does not need to be aware of
techn. specific configuration details
• Techn. specific  configuration
policies
• High level, easy to understand
operations
PriMan
• Thin software layer
– Connects API with technologies
underneath
– Very low overhead (<1ms)
• Modular design
– Extensible
PriMan
• Non-Functional requirements
– Usability
– Modularity
– Privacy/Security
– Performance
• Functional requirements
– Secure communication channels
– Secure data storage
– Secure authentication
Outline
•
•
•
•
•
Introduction
PriMan
PriMan app development
Abstractions
Next steps
App development
PriMan app development
PriMan app development
Security experts create and configure
reusable (secure) FW components
Outline
•
•
•
•
•
Introduction
PriMan
PriMan app development
Abstractions
Next steps
Abstractions - Connection
• Create connection
– ConnectionParameters
•
•
•
•
Listen for connection (server)
Send data (Object)
Receive data (Object)
Close connection
Configuration Parameters Connections
•
•
•
•
•
•
Address
Port
Protocol
Keystore (+password)
Truststore (+password)
…
Connection - Example
• Code
• Configuration
Abstractions - Credential
• Credential
– Represents identity
– Attributes + secret
• Issuer
• Authentication
– Prove a Claim
– Claim can be determined by auth. policy
– Example:
Policy: “Prove ownership of valid ePoll cred”
Claim: “I own this ePoll cred”
Proof: Cryptographic proof using secret and
nonce
Credential - Example
– Create a Claim using a Policy
– Create a Credential using Claim, secret
and nonce
Abstractions - Storage
• Store
• Load
• Remove
• Using Identifiers
• Optional: Storage secret
Outline
•
•
•
•
•
Introduction
PriMan
PriMan app development
Abstractions
Next steps
Next steps
• Move control to Service provider
– Which technology is selected
– Under which circumstances
(context aware)
• Give some control to the user
Policies
• Security policy
– Context aware
– Determines which action needs to be performed
– Determines which technology will be selected
• Sticky policy
– Attached to an object
(e.g., a credential, a data object)
– Defines how the app can use that object
• Context aware
• User policy
– ~ Security policy, but defined by the user
– Service provider limits user policy capabilities
PriMan app development
PriMan app development
Questions?