Pomcor’s Comments on the Cybersecurity Green Paper

We have written a response to the Call for Comments on the report entitled Cybersecurity, Innovations and the Internet Economy, written by the Internet Policy Task Force of the US Department of Commerce.

In the response we call for research and development efforts aimed at improving and broadening the scope of the TLS protocol (formerly known as SSL). This would benefit NSTIC and the many IETF protocols that rely on TLS for their security.

If you have any comments on our response, please leave then below.

Pomcor’s Response to the NSTIC Notice of Inquiry

We’ve just sent to NIST Pomcor’s response to the NSTIC Notice of Inquiry with answers to questions 2.2 and 2.3.

NOI responses will eventually be posted at the NSTIC Web site. In the meantime, you can find ours here. Comments are very welcome. Please leave them below.

BrowserID and NSTIC

This post is in response to a tweet by @francesIDexpert who asked: “For those of you following #NSTIC, what do you think about this http://t.co/zUErAzZ”, where the shortened link refers to an article on BrowserID.

Here is my take on BrowserID and the Verified Email Protocol that it is based on. The functionality provided by an “IDBrowser Primary Authority” is equivalent to the functionality that would be provided by a certificate authority (CA) that would issue to a user a PKI certificate binding a public key to an email address, the CA being the email service providing the address.

I see two positives and one negative in BrowserID. The positives are:

  1. Having an email service provider issue email-address certificates, and
  2. Having the certificates issued automatically.

The negative is that BrowserID reinvents the wheel. There is no need for a new type of certificate, a new certificate store in the browser and a Javascript API for submitting certificates to a relying party, when an email address can be carried in an ordinarly PKI certificate, which a browser can store and present to a relying party as a TLS client certificate.

Now to NSTIC.

An explicit privacy goal of NSTIC is that colluding relying parties should not be able to use the user’s credentials to track the user. That is, two different relying parties should not be able to tell that the same user has logged in to both of them by comparing their login logs. Using an email address as an identifier is incompatible with this goal.

One could argue that relying parties need the user’s email address anyway. That’s true today, because email is often used to recover from forgotten passwords. But another goal of NSTIC is to provide alternatives to passwords. Without passwords, many relying parties will have no valid reason to ask for an email address. (And there will consequently be less spam.)

So an email-address certificate is a good way of demonstrating ownership of an email address to a relying party with a legitimate need to know the address. Actually, I will incorporate that idea into our proposed NSTIC architecture (with proper credit, of course) at the very next revision of the white paper. But an email address is not a good idea as a universal identifier for the Web.

Browsing Real Time Search Results

We have just released a cool new feature of Noflail Search. You can now watch how results change in real time as you use the page menu to browse a result set.

When you leave a page, the results in that page become “old”. Old results are shown with a dimmer grey background, and a page that only has old results has a dimmer grey button in the page menu. Noflail Search checks for new results when you click any button in the page menu. If a page that you’ve already visited has new results, its button is black rather than grey, and the new results are highlighted within that page by a brighter background.

You can control how the result set changes. You can make the results in the current page old without going away by clicking on a button for the current page in the page menu. You can go away without making the results old by holding down the shift key while clicking. And you can stop new results from coming in by freezing the result set. A short YouTube video tutorial goes over all this.

Noflail Search is a multisearch engine, that lets you run a query on many different search engines. It can run a query on an engine’s site and display results in pop-up window as rendered by the engine’s front-end. But for some engines that have a Web API, Noflail Search gets results by default through the API and displays them using the Noflail Search front-end. The new real time feature works for all those engines. I suggest that you try it out on the results provided by the real time search engine Topsy, which change fast for trending topics. But even results from a more traditional search engine such as Bing can be seen changing as you browse them.

This new feature solves an open problem in real time search: how to browse results that change frequently.

Some real time search engines, such as Twitter search (at twitter.com or search.twitter.com) and Google/Realtime (at google.com/realtime) show results ranked by recency in a constantly scrolling display. This shows how results change, but it is not very practical, since the user has to watch many irrelevant results go by before catching a relevant one.

Other real time search engines, such as Topsy (at topsy.com), rank results by both recency and relevance, with a traditional paginated user interface. This makes it easier to find relevant results, but it may be difficult to keep track of what results you have seen. If a result moves from page 2 to page 1 as you go from page 1 to page 2, the user may miss it.

Twitter and Google/Realtime address this open problem by also showing, besides the fast scrolling display, three older more relevant results. This concedes that they do not know how to blend recency and relevance.

Our new feature makes it possible to rank results by a balanced combination of recency and relevance and to use a paginated user interface, while at the same time showing how results change in real time and helping the user keep track of what results have been seen.

This new feature derives from research funded in part by grant 1013594 from the National Science Foundation.

We have patents pending on this and other aspects of Noflail Search.

Thoughts about NSTIC after NIST IDtrust Workshop

I’m back from participating in the NIST IDtrust workshop with Karen Lewison. This was the 10th in a series, but the first I’ve attended. I learned a lot. Presentations and panels can be found online at http://middleware.internet2.edu/idtrust/2011/program.html.

Jeremy Grant made a presentation on the National Strategy for Trusted Identities in Cyberspace (NSTIC). He said the President will make an announcement on April 15, and there will soon be workshops to solicit ideas from the private sector; we are looking forward to that. There was interesting follow up during the workshop. A participant from a financial institution told us in a private discussion that he doubted his institution would be able to delegate authentication to an external identity provider, due to security and liability concerns. Paul Donfried gave a talk about Verizon’s Universal Identity Services. Asked about the business model for providing identity services he said that the identity provider could charge the relying party for a high level of assurance. Elaine Newton, in one of her presentations, talked about NSTIC, and about the Multi-Factor Authentication Initiative.

In the long flight back to San Diego, Karen and I did some brainstorming about all this and we came up with three thoughts.

The first thought is that double redirection would help solve many of the technical challenges of NSTIC. By double redirection I mean the following: instead of the Relying Party (RP) relying on a certificate signed by an Identity or Attribute Provider (IAP) and submitted by the browser, the RP redirects the browser (via a 302 redirect or a form submission) to the IAP, which authenticates the user and redirects the browser back to the RP, passing a token or handle that the RP can use to obtain identity and attribute information from the IAP. Thus the RP relies on the IAP not only to provide credentials to the user, but also to verify credentials presented by the user.

This provides a lot of flexibility. Any RP can gain the high level of assurance provided by complex credentials (e.g. multi-factor authentication including one-time passwords or revocable biometrics) without having to implement verification procedures for those credentials. The user can control what attributes the IAP will disclose to the RP without having to juggle many attribute certificates. The RP can use multiple IAPs, providing different attributes, in the same transaction. And last but not least, Paul Donfried’s business model becomes possible, since the IAP is aware of the transaction.

There have been quite a few double redirection protocols: MS Passport (now Windows Live ID), SAML Browser SSP Profile, Shibboleth, OpenID, OAuth, etc. Some of them have serious security issues, but the PKAuth protocol that we presented in our poster provides strong security, without requiring the IAP and the RP to have prior knowledge of each other. PKAuth is designed for social login, so it has the potential to unify the goals of NSTIC with the requirements of social networks.

The second thought is to use what we could call “vacuous certificates”. By a vacuous certificate I mean a certificate that contains no information about the subject of the certificate. It contains only a public key and CA information, including revocation information. The CA that issues the certificate is not an identity provider, it is just, so-to-speak, a revocation provider. The user acquires a vacuous certificate, and registers it with any number of identity providers, which associate identity data or attributes with the certificate. In other words, the identity data and attributes are metadata external to the certificate, rather than data internal to the certificate.

This provides the obvious benefit that the user only needs to keep track of one private key and certificate. Also, no certificates need to be revoked and reissued when identity data or attributes change. And this also seems to solve the liability problem: the user can register the vacuous certificate with his or her bank, so that the bank can be the identity provider for its own transactions. In a transfer of funds between two banks, both banks would be identity providers for the same transaction.

The third thought goes back to double redirection. NSTIC emphasizes both security and privacy. For some transactions, the IAP must authenticate the RP, for security reasons. For other transactions, the IAP must not know the identity of the RP, for privacy reasons. Direct presentation of credentials by the browser to the RP ensures the latter; but it might be possible to enjoy the benefits of double redirection while keeping the RP anonymous. That would require an extension of the HTTP protocol to support a form of double redirection where the browser hides the identity of the initiator of the transaction (the RP).

Welcome to the Pomcor Blog

Welcome to the Pomcor blog! This will be a continuation of the Noflail Search blog previously hosted on wordpress.com, extended to also cover our research on other areas of Web technology, including security and social login.

We have recently concluded Phase I of an ambitious NSF SBIR project and we will soon be reporting on several exciting results from that work. Stay tuned!