Wireless PKI Security and Mobile Voting

1
Wireless PKI Security and Mobile Voting

• Jaak Tepandi and Stanislav Vassiljev, Tallinn
  University of Technology
• Ilja Tšahhirov, InVision Software AG

Source IEEE Computer Society / August 2010 Date
March 2, 2012 Presenter ???
2
Outline

• Introduction
• Mobile phones a handy solution
• WPKI authentication and digital signing
• WPKI security study
• Manageable WPKI-specific risk
• WPKI-specific risk requiring attention
• Implications for m-voting
• WPKI requirements
• Conclusion

3
Introduction

• Wireless public-key infrastructure technology is
  used in many security-critical applications
  including banking and digital signing.
• An analysis of WPKI security using ID-card-based
  PKI (ID-PKI) as a benchmark highlights various
  risks and their implications for mobile voting.

4
Mobile phones a handy solution(1/2)

• Security-critical applications can utilize a
  computer and a mobile phone with a Universal
  Subscriber Identity Module (USIM) card for
  authentication and electronic signatures.
• In Estonia, Mobiil-ID technology enables personal
  identification and authentication with a mobile
  phone.
• a Mobiil-ID USIM card provides the usual SIM
  card functionality and also incorporates the
  private keys for authentication and digital
  signatures, obviating the need for a physical ID
  card reader.

5
Mobile phones a handy solution(2/2)

• Mobiil-ID is based on emerging wireless PKI
  specifications. WPKI can be used to obtain client
  authentication and nonrepudiation .

6
WPKI authentication and digital signing
registration
5.
V H request PIN
user
Registration Authority(RA)
Mobile operator
6.
Cards bound to users identities
8.
5.
6.
4.
authentication or reject
1.
V H
 
Verification code (V)
Identifier
7.
TSP verifies the users signature and send
result to the AP
3.
validates IDs certificate
Trust service provider
Application provider
4.
Verification code (V)
Certificate Authority(CA)
2.
Request identity service for ID
7
WPKI security study(1/2)

• Main types of threats focused on
• -General Threats related to Legal issues
• -Cryptography
• -Software Development, technical threats
• -M-Voting Threats

8
WPKI security study(2/2)

• Risks with WPKI
• -Risks associated with WPKI are of 
  Information security.
• ?Integrity
• ?Confidentiality
• ?Authenticity
• ?Non repudiation
• ?Availability

9
Manageable WPKI-specific risk(1/3)

• The risk within the Mobile Operators Subsystem
• --the Over the Air (OTA) Server and SMS
  Center can be subject to Man in the
  Middle Attack.
• Mobile Operator must impose security measures
  including the encryption communication over VPN
  and securing LAN with firewall. Detailed
  analysis demonstrates that the risk of MITM
  attacks is low.

10
Manageable WPKI-specific risk(2/3)
Sent to wrong mobile phone !
5.
H(V) request PIN
user
Mobile operator
6.
5.
The risk of MITM attack is low.
4.
6.
H(V)
Verification code (V)
 
1.
Identifier
3.
validates IDs certificate
Trust service provider
Application provider
4.
Verification code (V)
attack
Certificate Authority(CA)
2.
Request identity service for ID
? Example 1
11
Manageable WPKI-specific risk(3/3)
??VU1? VA2,?user????,??????????!(VA1VA2)
?Note I1I2 , VA1VA2 ? ??
???
user
Attacker
Mobile operator
??MITM attack,???????user??,?????user??server?????
,?????????????
Trust service provider
Application provider
Certificate Authority(CA)
? Example 2 - An attacker grasping a users
session
12
WPKI-specific risk requiring attention

• Man in the middle attack between APs and users
  are easier in WPKI than in ID-PKI.(attacker may
  fake server between client and server connecting)
• Compared with other authentication
  methods.(ex.one time passwords). WPKI enabled
  measures help prevent many kind of attacks.
• ID-PKI authenticates the user based on both
  users certificate and the server public key
  certificate during the SSL session handshake.
  This makes an MITM attack unrealistic.

13
Implications for m-voting

• Electronic voting asks for additional demanding
  security.
• -votes must remain anonymous.
• -the system must record every action.
• The I-Voting(over the internet) used in Estonia
  and several other settings utilizes
  the digital envelope.
• -Inner envelope has the encrypted vote.
• -outer envelope has digital signature.

14
WPKI requirements(1/2)

• RA maintain , document,and periodically audit
  strict procedures for persons identity and
  citizenship verification.
• CA Informing people about m-voting security
  problem.(ex. User cant lend somebody mobile
  phone capable of signature service.)
• M-voting infrastructure, operational procedures,
  and application development should match
  traditional e-voting systems strict security
  requirements.

15
WPKI requirements(2/2)

• It is vital to ensure quality handling of USIM
  card private keys ,secret keys, and PIN codes.
• (ex. MOs should keep logs.)
• MO procedures should also ensure voter anonymity
  by preventing administrators from observing the
  m-voting process in any way.

16
Conclusion

• WPKI??????????,?TSP?????user??PIN???????????,?????
  ????,???AP?user?????AP?TSP???????????????,????????
  ????

17
THE END