Alpaca: extensible authorization for distributed services

Traditional Public Key Infrastructures (PKI) have not lived up to their promise because there are too many ways to define PKIs, too many cryptographic primitives to build them with, and too many administrative domains with incompatible roots of trust. Alpaca is an authentication and authorization framework that embraces PKI diversity by enabling one PKI to "plug in" another PKI's credentials and cryptographic algorithms, allowing users of the latter to authenticate themselves to services using the former using their existing, unmodified certificates. Alpaca builds on Proof-Carrying Authorization (PCA), expressing a credential as an explicit proof of a logical claim. Alpaca generalizes PCA to express not only delegation policies but also the cryptographic primitives, credential formats, and namespace structures needed to use foreign credentials directly. To achieve this goal, Alpaca introduces a method of creating and naming new principals which behave according to arbitrary rules, a modular approach to logical axioms, and a domain-specific language specialized for reasoning about authentication. We have implemented Alpaca as a Python module that assists applications in generating proofs (e.g., in a client requesting access to a resource), and in verifying those proofs via a compact 800-line TCB (e.g., in a server providing that resource). We present examples demonstrating Alpaca's extensibility in scenarios involving inter-organization PKI interoperability and secure remote PKI upgrade.

[1]  F. MacWilliams,et al.  Codes which detect deception , 1974 .

[2]  Jerome H. Saltzer,et al.  The protection of information in computer systems , 1975, Proc. IEEE.

[3]  Larry Carter,et al.  New Hash Functions and Their Use in Authentication and Set Equality , 1981, J. Comput. Syst. Sci..

[4]  Adi Shamir,et al.  Identity-Based Cryptosystems and Signature Schemes , 1984, CRYPTO.

[5]  T. Coquand Une théorie des constructions , 1985 .

[6]  Jeffrey I. Schiller,et al.  An Authentication Service for Open Network Systems. In , 1998 .

[7]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[8]  David Chaum,et al.  Group Signatures , 1991, EUROCRYPT.

[9]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[10]  F. Pfenning Logic programming in the LF logical framework , 1991 .

[11]  Tobias Nipkow,et al.  Isabelle-91 , 1992, CADE.

[12]  Furio Honsell,et al.  A framework for defining logics , 1993, JACM.

[13]  Martín Abadi,et al.  Authentication in the Taos operating system , 1993, SOSP '93.

[14]  AbadiMartín,et al.  Authentication in the Taos operating system , 1993 .

[15]  Douglas R. Stinson,et al.  Universal hashing and authentication codes , 1991, Des. Codes Cryptogr..

[16]  Martín Abadi,et al.  Authentication in the Taos operating system , 1994, TOCS.

[17]  Ronald L. Rivest,et al.  SDSI - A Simple Distributed Security Infrastructure , 1996 .

[18]  Donald E. Eastlake,et al.  Domain Name System Security Extensions , 1997, RFC.

[19]  George C. Necula,et al.  Efficient representation and validation of proofs , 1998, Proceedings. Thirteenth Annual IEEE Symposium on Logic in Computer Science (Cat. No.98CB36226).

[20]  Jon Callas,et al.  OpenPGP Message Format , 1998, RFC.

[21]  Christopher Allen,et al.  The TLS Protocol Version 1.0 , 1999, RFC.

[22]  Butler W. Lampson,et al.  SPKI Certificate Theory , 1999, RFC.

[23]  Andrew W. Appel,et al.  Proof-carrying authentication , 1999, CCS '99.

[24]  David Mazières,et al.  Separating key management from file system security , 1999, SOSP.

[25]  Ueli Maurer,et al.  Information-Theoretic Cryptography , 1999, CRYPTO.

[26]  Eric Rescorla,et al.  HTTP Over TLS , 2000, RFC.

[27]  Jon Howell,et al.  End-to-end authorization , 2000, OSDI.

[28]  William M. Daley,et al.  Digital Signature Standard (DSS) , 2000 .

[29]  Lujo Bauer,et al.  A Proof-Carrying Authorization System , 2001 .

[30]  John DeTreville,et al.  Binder, a logic-based security language , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[31]  Nikita Borisov,et al.  Active Certificates: A Framework for Delegation , 2002, NDSS.

[32]  Lujo Bauer,et al.  A General and Flexible Access-Control System for the Web , 2002, USENIX Security Symposium.

[33]  Martín Abadi,et al.  Logic in access control , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[34]  Butler W. Lampson,et al.  A Trusted Open Platform , 2003, Computer.

[35]  Jakob Jonsson,et al.  Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1 , 2003, RFC.

[36]  Lujo Bauer,et al.  Distributed proving in access-control systems , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[37]  Bryan Ford VXA: a virtual architecture for durable compressed archives , 2005, FAST'05.

[38]  Martin Boesgaard,et al.  Badger - A Fast and Provably Secure MAC , 2005, ACNS.

[39]  Steve Vandebogart,et al.  Labels and event processes in the Asbestos operating system , 2005, TOCS.

[40]  Xiaoyun Wang,et al.  Finding Collisions in the Full SHA-1 , 2005, CRYPTO.

[41]  Robert Tappan Morris,et al.  Persistent personal names for globally connected mobile devices , 2006, OSDI '06.

[42]  Lujo Bauer,et al.  A Linear Logic of Authorization and Knowledge , 2006, ESORICS.

[43]  Access control in a core calculus of dependency , 2006, ICFP '06.

[44]  Lujo Bauer,et al.  Consumable Credentials in Linear-Logic-Based Access-Control Systems , 2007, NDSS.

[45]  Pekka Nikander,et al.  An IPv6 Prefix for Overlay Routable Cryptographic Hash Identifiers (ORCHID) , 2007, RFC.

[46]  Radha Jagadeesan,et al.  Do As I SaY! Programmatic Access Control with Explicit Identities , 2007, 20th IEEE Computer Security Foundations Symposium (CSF'07).

[47]  Tibor Juhas The use of elliptic curves in cryptography , 2007 .