Beyond Passwords

good morning you have an opportunity to listen this speech and to discuss this interesting question instead of military-style security networks but I guess the people who are very interested in military secret security will find something interesting here so this is the agenda and we will start with the discussion of the problem that we all know it is the problem of using passwords using weak passwords and using the same passwords for multiple sites and applications and then we will try to see how this problem can be solved and what is the solutions for this and at the end of my speech I will present some new ideas that we have about how this problem can be solved and to see how

this can be implemented and how we implemented this and surely we all know this problem and we see it everywhere and I can ask this audience who really use multiple strong passwords for different applications Oh several guys very good audience yet and surely this cannot be implemented without any technical tool like for example password safe or Mozilla web browser built-in functionality for saying such passwords but in fact commonly users not hackers they do not think about this they just write down their passwords on the monitor and they use the simple word like the name of a dog or something like that and this is terrible because even organizations underestimate the risks for this and even if organizations

use some policy internally for example you should use only the strong password blah blah blah blah users chance just throw this out and use what they want because we think that this cannot be solved with our technical solution because people like to be lazy and this is all the security questions a not for common public and let's see what the technical solutions can be implemented in this field and first of all it is a very big amount of several solutions like biometrical tokens and certificates an OTP talk and so it is for first of all it is hardware solutions this it is Harlow's solutions that is that is used for storing some secrets some secret

information for generating OTP passwords for accessing certificates that is stored on the devices but we can see that all these solutions are not very popular for different reasons for the reasons of costs for reasons of unconvenient of such solutions and you cannot just go to a simple to plain user who just usually use uses his passwords and say take this cart and push this button every time you want to login to your site and he probably will think what the hell doing with this guy I just will use my plain simple password and that's okay that's okay so the second problem is that we have a lot of already installed systems with already installed schemas that use login and password and

the service providers should think why we should change this login and password schema to some do schema so they need some input they need some very big input because it is about changing the software infrastructure changing the policies and etc and we guess that there are at least three requirements for such systems that will replace that will replace password systems there are multi-factor authentication and Hardware implementation of such such authentication the other thing that is very very interesting and useful for service providers is that you should not have limitation on your number of applications you are using because usually such hardware devices they limit the number of applications you can use it with and of course you should it's

difficult to find some applications that can be used for any website for example and the third point is that this schema should be implemented in the way of anonymity and it helps very much for the security of the system and I will talk about this point a bit later so what about hardware devices and smart cards we have the ability to implement such device using Java cards because they have inside it strong cryptography cryptography they have both public key chippers equipment and is cheaper so that's good for my many ways of using this cards and but but such devices have usually have strong application limits so when you buy some smart card from some producer and this motorcars surely

used in Metro in public transport etcetera usually such cards have been locked before they are being given to users so if this card is locked you can not play such applications there so you cannot use this cut for different applications the good example is a pic ECS 11 tokens because it is a very good interface this is this interface is used by many applications like Thunderbird mail client or Firefox web browser etc so this is a very good example how this can be solved but the task is quite narrow because this is only about signing some messages or files and this is about accessing probably through SSL or something or some other protocols that allow us to use the certificates from

this token OTP tokens they have very big problem of the requirement for ID database because if authentication provider have has its own ID database this ID database can be stoned and we all know the examples how it was and about smartphones that are very popular now they have the ability to they in fact they are used for accessing some applications but it is quite insecure because phone phone application and phone operating systems are being correct and are being hacked so this is a quite simple way of implemented security and probably in future when phone producers will allow programmers to access the security devices that we have in all GSM for example mobile phones this situation

might be better but for now we just connect from for example on iPhone iOS platform you can access almost nothing from your program so this secure applications can be implemented at all and several words about anonymity and what is this about this is not only the amount of some moral or some other unpractical things that programmers of security systems do but this is about real practice when you have no knowledge about the user the information about the user cannot be stolen and when we talk about service provider and what he can get from the unanimity this is about this storing only the data that is specified and the data that corresponds to serve provider and the user

particular user not no more so if you just have a for example bank and you have some sensitive information about user it's better to store just numbers instead of names for example account numbers and things like that and one will think about on the indication is that our authentication provider should not have ability to abuse information about the users because it should be implemented technically because every company could have some bad people who can access databases internal database or internal list of certificates and cetera one more thing that I should mention is that in modern world there is a lack of anonymity and every everyday we can see that some points some advantages of our privacy is

being taken by government or other corporations as a place this way you should live your credentials you should live your personal data and this terrible because you are losing control on your information you'll all know about this what we can what we imagine how it can be implemented in a smart way imagine that you have save a data container and you have two keys for such container first key is the user scheme and it can be stored on some hardware device or wherever only user can access this secret the other key is belong to a service provider and to access this data container you should combine these keys and get the address of the data and get

the decryption key of the data how it can be done it can be done for example with one-way permutation function with two arguments 1st argument is user IDs the second argument is service provider ID and you get some long number this long number is address of the authentication container of course if you change service provider ID for example you are going to the different website or using some other service provider you will get the different number and thanks to math one way permutation function will we give us a quite different number and we and even if we will know all the list of data containers for example we will get access to the storage where all this

stuff is located we can't guess we can't guess what was the user ID what was the server provider ID we just can try which just can try for example 16 bytes for user IDs 16 bytes for service provider ID it will be quite long and the idea is that user can get such container and service provider can access this container and can write all the application specific data there for example if we go to bank the bank can write some number of your account small amount of data if you go to website for example with well designed WordPress or all different web applications you just a service provider will just save in such container the name of your user or

the ID of your user in that system so you will use your passkey you will use your secret key as a user to an service provider will get only in this moment service provider will get access to your authentication information and can give you all the other things that this service provider should do this schema is anonymous because different service providers know nothing about where this user is going and service provider and even if you have some key you can use the schema without any presenting key or other credentials so there may be some service providers that will require your credential but you will stay you can give it or no say I will use different

service Pro and how we implemented this we created a set of services we created a set of services for a user and for service provider and we created redundant data storage that splits all these containers to the big number of parts and store all these containers in different points throughout the world so if even some government will close our servers the users will give access to the data in any way and for in fact we created the hardware device that is based on Java cart and XP device smart card token and this device stores your user identifiers is a secret number and you can create server provider that will be used in the previous schema so user can access to

the data for this server provider and we created several examples of how it can be implemented for example we created secure journal application where you can just save the portion of your application specific data and pkcs 11 library that all the certificates you store is being stored not on the card but in the redundant storage and access to this data can be granted only when the passkey is present as well as we created some SDKs so users can just try it and I want to before you can ask your questions I want to mention that here you can try these applications you can just get key set to check what is it and how it's doing and we will discuss this

Visio and we can do all the demonstrations here or in international hotel that is in yep so I guess the so you can ask your question so I will return to the slide you are asking about and we'll try to explain this different way aha that's a good point in this idea is about do not get a chance the service provider to share the information but we have some ideas how it can be implemented in fact we have some applications that demonstrate this this application is about storing files secretly and sharing files like Dropbox but with this level of security so you can using the specified interface so both service providers agree to do to

work in this way you can share the information yep yes please

well this is in fact why I can as I understand the question why service providers should use this because they can access this in a different way such information differently yes or no what are you asking about

yes but in this schema you as a service provider can authenticate your user proof line securely and you as a service provider can say okay I will authenticate users not with my old login and password schema but with this schema and he gets some benefits for it you as a user have to trust surely yes because this is about a relationship between service provider is it's not about it's not about this schema you surely won't should trust the service provider but we as a authentication provider can check is this real is this real service provider or is it just a fake so there is a secret between authentication providers and service providers so service probably can prove himself to

user and through the intent ocation schema

yep that's true so if a service provider gives some access to a service that you will not be billed or something like that free service you a service provider can know nothing about you so this is just a new user in the system so if you're a new user in a system service provider we'll save some something for you for example you can for example is it implemented in our journal application you can save a portion of text on the side and this portion of text will be stored in such a secret container and we do not ask who are you and who is that guy who storing this text we do not want to know this and

service provider can be implemented in this way every service provider has its own ID well-known name and you can see the name of the service provider when you are trying to authenticate in current implementation we need a program on a computer that will show you the dialog box and ask you do we want to authenticate Bob Loblaw service provider but in future implementations we want to see simple is this message to be shown on a token so even if your computer is compromised it's better to show you this information you're talking so you can see it and say yes ok I will authenticate the service provider sorry aha this is a good question in fact we can we can see all the

authentications that was being done in the system and the relationship between source provider and authentication provider or us is well known and established so probably there can be schemas when user from internet come here and ask for a service provider idea i will be surprised but this relationship is established and this relationship cannot be anonymous as in case of users and therefore we can check all the all numbers of transactions that service provider is doing with his users or anybody and this number of transactions will be the basis for the bills that will be created

yep yep if you don't get this this service allows service provider to authenticate users in better way and in a nice way and etcetera therefore the service provider if it's not just one transaction in a year but if it's big service provider with lot of authentication transactions therefore the service provider should pay to this authentication provider to have access to such large amount of authentications

sorry couldn't get the point

thank you the difficult concept to grasp here is that we actually don't return credentials to the service provider as Alexi explained the service provider has an ID which we know and we know the name of the service provider that's associated with that ID so Bank of America online banking has a service provider ID the user has a user ID and when there is an authentication we know the service provider ID so we send a dialogue to the user that says Bank of America online banking would like to authenticate you and the user doesn't have to enter a username or password or anything they can they can just give one-click it's actually easier than user name password at which point this

one-way transformation occurs and that points to a data container in our infrastructure the data container does not contain user credentials there's no name address there is none of that in this data container instead what's in the state of container is only the data that's relevant to that service provider it's in fact what the service provider chooses to put in this container so if it is Bank of America then it might be an account number just a number that is not associated with a user just a number and in in any case this number we don't have access to it we don't know where it's stored and we don't know whose it is the entire system is anonymous now

when the user goes to access a different service provider for example they're using an application on their PC and it's a licensed application so in that case the user uses the same credentials but the service provider ID is different so the one way mathematical transformation yields a different address so there's a different data container that's returned that have completely different information for example since it's a license application it may just be the expiration date of that license it's only data that's relevant to that specific application that's returned it's not a credential so this is how so there was a question about what should the what if the service the service provider no longer has to store

usernames and passwords and associate them with an account number that can go away we don't store any usernames and passwords in fact there's no database of users whatsoever in fact we have no idea who's using our system and we don't want to know no the question was about payments we don't pay a service provider

okay okay right so thank you I understand we bill the service provider as Alexi described and that is an aggregate of the authentications done by that service provider and storage and by the way it's it's really reasonably priced it's meant to be it's meant to be easy to implement both from a billing perspective and from a technical perspective now the service provider can decide what they want to do at this point the the Bank of America example they probably just want to eat that cost I don't I don't see Bank of America billing users well it'll be let's say it'll be bundled into their prices the service provider can can either absorb those costs as

they do today with RSA SecurID or they can if they wish bill back to the users

my answer if sir provider want to build user we do not care it's about them so we are talking about how server providers can be built for such authentication so service provider and user usually have some relationship between them some signed contracts something like that and if service provider will deal with anonymous users that means that the service is free because if it's nani most probably it will include some anonymous payment or something like that but it's not about this authentication scammer this certification schema helps a service provider stores authentication information and the user easily access to multiple service providers is the same passkey but this is not about how service provider can build user for his

own tasks so something like that huh please it contains as a secret number that is being generated first time when you are personalized your token and from that time you can use this passkey or different devices associated with the same secret number the only thing this pass key stores only these secret numbers it allows you to get access to the data containers that was associated with you

yep let's tow no no I don't get the point okay let me just a little little language issue okay the only thing stored in the past key in terms of credential is a long number that's easier that's the first part of your question the second part is you can associate a password user selected password with a passkey this is this is comparable to a pin being associated with a bank card now if your passkey gets lost or stolen it's actually easier than if your bank card gets lost or stolen if your bank card gets lost your stolen you have to call the bank then they have to verify your identity that's where it stops working for us because we

their I their anonymous to us so we couldn't do that anyway they verify your identity so they know who you are they know your address they can send you a replacement we make it actually easier than that along with this passkey we provide you when you buy a passkey or receive one from the service provider you also get a service key the service key is not a normal key you can't use it for day-to-day it's purely administrative now you someone steals or you lose your passkey using your service key plus your password you can disable a lost or stolen passkey and then you can insert a blank passkey into your computer and create yourself a brand new

one immediately the lost one remains disabled forever the other important point is that the service provider specifies how many factors they want to see so a service provider can say I mean the service provider could be Starbucks and it's your frequent coffee buyer program and your passkey is just saying yes I'm part of this program choc me up one more latte so that's a one factor thing all you have to do is click but if you're going to online banking or something like that then the service provider is likely going to specify that they want to see two authentication factors so when you get that dialog the authentication dialog from WW pass it will ask you to present your key and

then it will ask you for your password you only have to remember one password for all these different applications which is what everybody wants a sensation sensitive implications yep that's what everybody wants to do anyway they only want to deal with one password the thing is here that is safe behavior whereas today that is demonstrably unsafe behavior okay other questions yep

no no no this is not oh it's all still there all you need to do is have a blank just we will provide you with a blank key you can recreate your key and you will have exactly identical access as you did using your servicer s key you will go to the cursor Assessor and we'll create a new revoke the old one and create a new one key and all the information is not stored on the key so that's nothing is stored on the key that's why it that's why you can create one with identical powers yes sir

yeah yes yes so it gets even more interesting because your your service key or you called it a master key can be stored someplace safe or can be stored with what we call a recovery agent which could be a friend or an attorney or whatnot and they have the ability to like you're traveling you don't have your service key with you but it's with your recovery agent whoever that may be they can create a replacement key for you but it's safe it's sent in an enact and they can send it to you let's say you're in London they can send it to you but it's in an inactive State the first time you use it and provide your

password it becomes activated sidechain

this is the same secret to the user ID there will be the same as the lost one but but there are two numbers in the key a an ID that's specific to the physical key an and the user ID so what you're doing when you disable a key is you're blocking out the the physical key ID but the user ID is the same so you'll block the particular pass key and this key cannot be used more in the authentication system did that make sense

if somebody would have to have your service key which you don't carry around with you I'm sorry I can't hear if you just if you just created from scratch a new key and put for some how I am I'm don't know put the secret user key in this new Bond key without our okay management system you will be denied because the ID of your new blank token is not in the list of the tokens of that users that K system knows about well I'm sorry what's the question if the service key is stolen well you can't do anything with it unless you also know the password you you always have to know two things to be able to do anything

administrative similarly if you forget your password a lot of people forget their passwords yeah there's a way to recover from that again you have to have two things and what the in that case the two things are your passkey and your service key you can also have multiple service keys and use it in many the coverage and store them in separate places

and who do you think you'd be giving that up to

electronically but physically

right

I don't know but I think you know as well as me that that's not the most common scenario I mean with it with a gun to someone's head you can always you can always get what you need but in the the system is designed so that there's no way to to grab mass databases of identities yep which this is a very good point and we should discuss it after our speech you if you like we have we can also show some demos okay other questions connection yep

this password is used by K management system inside our authentication system so it is stored in encrypted form so it can be accessed by authentication system administrator and use a ceramic particle to get the password from the device to the server sense etc so but in a port you can discuss the technical things right we can discuss just an important point though the passwords encrypted when it's stored but we don't have the key the all the encryption in our system is controlled by user keys not by us so when we store any data whether it's access data or or data that the service provider wants to store any kind of data lawfirm storing files that are sensitive

when we store data we use the reed-solomon algorithm to fragment the data disperse it all around the world and it's encrypted but we don't have the key we so so if you hack one of our servers it's it's not terrible information because it's a fragment of information that's encrypted with a key that we don't have and there's no user identity associated with that information so whose is it

other questions so during lunch you can go there and discuss some weird questions with me and also we have ciskei sets you to try with our system it includes some papers that will tell you how you can go to our care services and get access to our system what's the applications etc so if you are interesting with this be there we could stick around here yeah there's a little time left before they serve lunch come and see demos we'll do it at the front of the room thank you very much thanks a lot