WICG / digital-credentials

Digital Credentials, like driver's licenses
https://wicg.github.io/digital-credentials/
Other
82 stars 9 forks source link

Threat Modeling for Decentralized Identities #115

Open simoneonofri opened 6 months ago

simoneonofri commented 6 months ago

301 Moved Permanently: The updated version of the Threat Model is in the Threat Model Community Group Repository

Introduction

Status of this document

An outline of the many concerns related to these areas of work, for discussion starting, and initial principles for addressing user considerations.

Editor: Simone Onofri, simone@w3.org

Scope

This document is the living Threat Model related to Decentralized Identities.

The topic is vast and intricate. Our primary focus is on Decentralized Identities, particularly the cases associated with the proposed Digital Credentials API for the FedID WG.

Considering the four-layered SSI Technology Stack from ToITP, we are starting from Layer 3: "Credentials" and precisely the Credential-Presentation phase, using the architecture related to Verifiable Credentials, which is an open standard and, therefore, can be analyzed by everybody as a reference architecture.

As the Threat Model is a living document, it can be expanded on the other parts of the architecture and at a different level of detail, e.g., going deep into cryptographic aspects of a specific profile.

In any case, particularly when analyzing broader contexts such as Security, Privacy and Harm, the various mitigations and the scope of the analysis also span the other elements of the stack.

It is intended to be a choral analysis. It stems from the need to understand a Threat Model to guide the development of Decentralized Identities in a secure/privacy-preserving way and avoid harm. It will start from the Digital Credentials API from a high-level perspective.

Terminology

For Identity, we can refer to the definition in ISO/IEC 24760-1:2019 "IT Security and Privacy - A framework for identity management".

Identity is “a set of attributes related to an entity”. Where the entity is something "that has recognizably distinct existence" and that can be "logical or physical" such as "a person, an organization, a device, a group of such items, a human subscriber to a telecom service, a SIM card, a passport, a network interface card, a software application, a service or a website" and the attributes are “characteristics or properties” such as “an entity type, address information, telephone number, a privilege, a MAC address, a domain name”.

We present credentials to claim that we have a certain identity, whether in the physical or digital world. Just as we do not have a one-size-fits-all definition of identity, we also do not have a one-size-fits-all definition of credential in IT, as it changes according to context.

If we use the credential definition from the W3C Verifiable Credentials Data Model (VCDM), it states: “a set of one or more claims made by an issuer.” Its framing is in the Decentralized Identity Model and we can map the ISO’s attributes to VCDM claims.

Taking the example of a person, these characteristics can be physical appearance, voice, a set of beliefs, habits, and so on. It is important to distinguish identity from the identifier (e.g., a user name).

It is usual to think of Digital Credentials as those related to humans and particularly those issued by a government, also known as "Real-world Identities".

This leads to a broader consideration of the Threat Model as it also brings in Privacy as a right and also Harm components.

Related Work

Methodology

Since security is a separation function between the asset and the threat, the threat can have different impacts, such as on security, privacy, or harm.

There are many approaches to Threat Modeling. The first approach we will use is based on Adam Shostack 4 questions frame:

For the central phases, it is possible to can use (as in Risk Management) prompt lists or checklists of either threats, attacks, or controls, for example:

It is useful to frame the analysis with OSSTMM. OSSTMM controls allow both analyses of what can go wrong (e.g., control not present or problem with a control).

Even if it is control-oriented and seems security-oriented, Privacy is an Operational Controls and can glue the different pieces together.

Channel and Vector

OSSTMM is very precise when used to analyze, so it defines a channel and a vector.

For an accurate analysis, We are considering the COMSEC Data Networks Channel in the specific Internet/Web vector for this issue.

Although different digital credentials may have a different channel/vector (e.g., Wireless), they can still be analyzed similarly.

Analysis

What are we building?

To begin to create a good Threat Model, we can first consider the components of the Decentralized Identity architecture (which in this context is synonymous with Self-Sovereign Identity) as defined in W3C's Verifiable Credentials Data Model and how they interact.

Architecture and Actors

Interactions between actors occur normatively through software or other technological mediums. We will generically call Agents such components. One agent might be embedded in a Wallet (the component that contains the Holder's credentials), and another might be a Browser (which, by definition, is a user agent).

Flows

We can consider three general flows, with four "ceremonies" where the various actors interact.

It is important to note that the flow stops here and can be safely continued in several ways. For example, the Holder receives credentials from an Issuer and uses them to identify themself on a Verifier to buy a physical object or ticket to an event. So the Verifier could become an Issuer to issue a certificate of authenticity for good or issue the ticket directly into the Holder's Wallet.

Credential Issuing (CI)

  1. The Issuer requests a certain authentication mechanism from the Holder. Typically, the higher the level of assurance, the stronger the authentication requires.
  2. After authentication, the Holder asks the Issuer for the credential, or the Issuer submits it.
  3. If both parties agree, the Issuer sends the credential to the Holder in a specific format.
  4. The holder enters his credential into the Wallet.

Credential-Presentation (CP)

  1. The Holder requests access to a specific resource or service from the Verifier.
  2. The Verifier then presents a request for proof to the Holder. This can either be done actively (e.g., the Verifier presents a QR code that the Holder has to scan) or passively (e.g., they accessed a web page and were asked to access a credential).
  3. Through the Wallet, the holder's Agent determines if there are credentials to generate the required Proof.
  4. The Holder may use the proof explicitly if they possess it.
  5. The Agent of the Holder then prepares the Presentation - which can contain the full credential or part of it- and sends it to the Verifier.

Credential-Verification (CV)

  1. The Agent of the Verifier verifies the Presentation (e.g., if the Presentation and the contained Credentials are signed correctly, issued by an Issuer they trust, compliant with their policy, the Holder is entitled to hold it, and that it has not been revoked or expired). The revocation check can be done using the methods defined by the specific credential.
  2. If the verification is successful, the Verifier gives the Holder the access.

Credential-Revocation (CR)

  1. The Issuer can revoke a credential in various ways.

Trust and Trust Boundaries

Trust is a key element in threat modeling. In fact, in OSSTMM, it is an element of privileged access to the asset, which, by trusting, lowers the various operational controls.

At the Process level, trust relationships are:

At the Software level, Trust boundaries are documented in the Data Model in section 8.2:

However, from a threat modeling perspective, the issuer, verifier, and holder are external entities, so we have trust boundaries between the parties. This makes sense, and also why we have the concept of (crypto) verification.

Data Model, Formats, Protocols

To modeling Decentralized Identities and Credentials, it is possible to use as a high-level and meta-model using Verifiable Credentials documentation (the list of technology is partial, feel free to extend):

Assets

Assuming that the main asset is the credentials and information derived during its life cycle, we can consider the protection of its three Privacy Properties, as they were defined by Ben Laurie, as the basis:

These properties were defined in a very specific case of Decentralized Identities. Those related to people, and even more specifically, those issued by governments, are based on the concept of Privacy, specifically for the protection of the Holder.

While we can, therefore, consider the Minimal and Unlinkable properties as elements of the Holder, the Verifiable property is of interest to all. Verifiable means that the Verifier can confirm who issued the credential, that it has not been tampered with, expired, or revoked, contains the required data, and is possibly associated with the holder.

Therefore, The Threat Model wants to start from this specific use case, that of government-issued credentials for people, considering that it is one of the most complex.

Minimization and Unlinkability are generally interrelated (e.g., the less data I provide, the less they can be related). They must coexist with Verifiability (e.g., if I need to know that the credential has been revoked, I usually need to contact the Issuer, who has a list of revoked credentials, but in this way, it is possible to link the credential).

Minimization Scale

To try to qualify Minimization, we can use a scale defined by the various cryptographic techniques developed for Digital Credentials:

Unlinkability Scale

To try to qualify Unlinkability, we can use the Nymity Slider, which classifies credentials by:

Therefore, it might be possible to consider "moving" the slider toward Unlinkable Anonymity, as per the properties.

What can go wrong?

After reasoning about assets, what we can protect and "who" becomes obvious.

Threat Actors

We have mentioned before that one of the key points is the protection of the Holder. Still, by simplifying and referring to the well-known practice of "trust-no-one", we can easily get the list of actors involved:

Holder, Issuer, Verifier, and their agents/software components (e.g., Browser, Wallet, Web Sites). Which of these can be a Threat Actor? To simplify the question, each actor is potentially a Threat Actor for the others. So, all against all. Indeed, one is often also a Threat Actor to oneself (e.g., Alert fatigue).

In addition, although there are trust relationships between the various actors and their software (valid in the various steps), such software can also be malicious. Specifically, it can track the Holders, the type of credential they have, and how and where they use it through telemetry and statistical collection, and it can push the user to certain attitudes.

One must also consider a possible external threat actor, who could also be an observer or use active techniques, and who wants to track the three main actors or their agents, such as Marketers, Data brokers, Stalkers, Identity thieves, intelligence and law enforcement agencies (laws often constrain them), and OSINT investigators.

A further case is the combination of such actors, such as multiple Verifiers in cahoots or a potential collaboration between Issuer and Verifier to track the Holder.

Evil user stories

Using the information we now have, we can create some generic Evil User Stories:

One effective though inefficient approach to threat modeling is to cycle the various lists of threats and attacks, controls, and objectives in a brainstorming session to assess how they may affect architecture components, actors, assets, and the flow in general. Using multiple frameworks may repeat some elements.

Ben's Privacy Properties (Objectives)

LINDDUN (Threats)

RFC 6973 (Threats)

RFC 3552 (Attacks)

STRIDE (Threats)

OSSTMM (Controls)

Other Threats and Harms

Considering the specific case of government credentials issued to people, it is useful to think about some use cases:

Another scenario is the use of a credential for authentication:

What should you do about those things that can go wrong?

Countermeasures/Features:

OR13 commented 6 months ago

The strategy link issue is 404.

There are solutions for dynamic state, that rely on getting a fresh status from the issuer at some interval, but where the holder requests the status, not the verifier.

This kind of approach is especially useful for enumerations status values, that are not boolean, since you don't need to do bit logic on the status list, and storing enumerations in cryptographic accumulators can be complicated.

simoneonofri commented 6 months ago

@OR13 Thank you for the 404 check; it was fixed. And also for the status attestations

simoneonofri commented 6 months ago

reasoning about the issue, I began to structure a Threat Model, to which I would then apply privacy (or other) techniques

OR13 commented 6 months ago

Nick also mentioned threat model here: https://github.com/w3c/strategy/issues/458

I'm generally supportive of revising the threat model, as the API aligns to support protocols and credential formats.

Especially because some threats will be out of scope for the API, but maybe in scope for a protocol or format.

It can be helpful to identify what the API can change, and where the API's security or privacy considerations are subject to constraints from the choice of supporting a protocol or format.

simoneonofri commented 6 months ago

thanks @OR13 I've just update it (and maybe I need to move from an issue to something different).

Clarified a bit the scope that I agree it is broader to the API, but for the model I think we need to analyze also the full flow/architeture and then part of the model can be applied to the API.

simoneonofri commented 6 months ago

@weizman have you some insight as you have experience in the Wallets-in-the-Browsers (even if probably more on high-level than your article and also on user experience?

simoneonofri commented 6 months ago

by @peppelinux on linkedin

  1. Foundational digital identity systems streamline and secure identification across platforms, enhancing security, reducing fraud, and improving service access, which cuts costs beyond just money.

  2. Driven by urgent modernization and security needs, these programs use strict data protection, encryption, and audits, adhering to international standards. Despite their robustness, challenges may arise. Open, inclusive processes are vital for evolving these technologies, allowing wide, representative contributions and enhancing global understanding.

  3. Mandatory enrollment ensures universal coverage and effectiveness, facilitating comprehensive integration across services and platforms for equal access to essential services.

Inclusivity and transparency are crucial; time should not be an enemy, nor haste an ally. Empiricism and field experience are essential for making informed decisions.

simoneonofri commented 6 months ago

by Stephan Engberg on linkedin

It depends on how you define Digital Identity.

If it is vulnurable to loss, theft, renting, man-in-the-middle, tracking, lock-in etc. or simply weak, we are very likely talking about identity as an attack on citizens and society rather than security.

If is it empowering, i.e. mainly non-linkable, digital identity can be the critical enabler. The key question is if citizens can share data WITHOUT LOOSING CONTROL.

If not, we are talking various form of means that always feed surveillance, e.g. payment cards or smartphones that by design are invasive.

In this, it should be noted that Verified Credentials is not an enabler in itself even though it can be an element. You need to determine linkability on the entire transaction, not just the single attribute credential.

And politely, World Bank has for a long time appeared to be working on behalf of some shady commercial agenda where human rights are reduced to the right to be commoditized, i.e. the opposite - e.g. biometric identity is the opposite of freedom, it is designing for oppression.

I made this roadmap in 2007 - getting close to being state-of-the-art. But notice how e.g. EU 2.0 ARF is far down to the right.

Image: https://media.licdn.com/dms/image/D4D2CAQElLaerjehW7w/comment-image-shrink_8192_480/0/1716361039335?e=1717052400&v=beta&t=01c6j5dk0i2CcNuNz2F034nc9bLdjOT3IFkZ4V0O9d0

simoneonofri commented 6 months ago

I updated the model by improving the scope, architectural, and flow analysis parts, then wrote the various prompt lists to brainstorm on.

TomCJones commented 5 months ago

this is more of a threat meta-model as the details about the vulnerabilities, costs, mitigations, and justifications are missing. That is ok as a start, although mixing models makes it harder to come up with a single lists of vulnerabilities for the analysis. Or is the point to create the model and then every implementer would build the analysis?

One item missing is the verifier proof of identity and purpose. As one example, you don't say that the holder must trust the verifier.

There is an implicit assumption here, that the holder is the subject with a slight nod to delegation in "One particularly useful and interesting aspect is that of delegation of a credential (I use the term delegation loosely, as questionies such as Guardianship have a precise legal meaning), which prevents much abuse and identity theft and should be modeled properly as Issuer rules." If you mean this you need much more detail and the separation of the holder from the subject.

simoneonofri commented 5 months ago

Hi @TomCJones

this is more of a threat meta-model as the details about the vulnerabilities, costs, mitigations, and justifications are missing. That is ok as a start, although mixing models makes it harder to come up with a single lists of vulnerabilities for the analysis. Or is the point to create the model and then every implementer would build the analysis?

Yes, it is still a meta-model to be codified in the clear structure "threat>mitigation>residual threat, as in a common final form.

There are several "profiles" and elements that change the setup a lot (e.g., I can choose to have formats that do not support selective disclosure, while an output that doesn't come out and has to be used/predilected those). Also, because I didn't find that reasoning, it seemed like a good place to start.

The mix between Security and Privacy in this case is given by the fact that I started doing the analysis with the OSSTMM. Still, yes in a later round (the fateful fourth step) the various analyses have to be harmonized.

One item missing is the verifier proof of identity and purpose. As one example, you don't say that the holder must trust the verifier.

Great finding, I will update it thank you

There is an implicit assumption here, that the holder is the subject with a slight nod to delegation in "One particularly useful and interesting aspect is that of delegation of a credential (I use the term delegation loosely, as questionies such as Guardianship have a precise legal meaning), which prevents much abuse and identity theft and should be modeled properly as Issuer rules." If you mean this you need much more detail and the separation of the holder from the subject.

Yes, you are right. I added that sentence as my memento since I thought the concept was interesting. Lately, at least in Europe, we talk a lot about government-issued credentials for people, but there are many use cases where the subject is not the holder (animals, supply chain, etc.).

Thanks again for your comment!

csuwildcat commented 5 months ago

In the section that pertains to the Status List revocation approach, it claims the approach discloses personal information, but that doesn't seem accurate. Assuming the revocation document only contains flipped bits at positions that can only be tied a given credential if you'd been privy to disclosure of their association, what personal information does the author of that passage think is contained in this revocation document?

simoneonofri commented 5 months ago

hi @csuwildcat , thank you for the feedback.

i was more thinking of a correlation issues as specified here:

https://www.w3.org/TR/vc-bitstring-status-list/#privacy-considerations

for sure, I am going to explain better the concept

simoneonofri commented 5 months ago

Additional points to consider:

simoneonofri commented 5 months ago

We're also started working with Fondazione Bruno Kessler as they have a Threat Model to on the Wallet/Protocol side: https://drive.google.com/drive/folders/1mgwhZ0jTAeGIE8Ewf3kK34dLjPwOTM5L

bvandersloot-mozilla commented 5 months ago

One thing I think is missing from the "threat>mitigation>residual threat" form that this is taking is a discussion of the actors/assets/invariants that are useful to describe the assumptions made in constructing the model. That sort of discussion can help us get on common ground, which could be really nice for defining exactly the security/privacy relationship of the wallet and browser. I'm still thinking about how to approach this, but this may be an additional section worth adding.

simoneonofri commented 4 months ago

@bvandersloot-mozilla I agree with you. it is needed a refinement "numbering" the threats, the mitigation so that we can understand the residial part (and understand what to do)

simoneonofri commented 4 months ago

By @slistrom and @peppelinux

A classification of the Wallet types, considering that each wallet, at a specific level, can have a different Threat Model.

Wallet Instance Types

There are many ways to technically implement Wallet Instances to manage Digital Credentials. There are typically two types of Wallet End-Users: one is a natural person and another is an Organisational Entity such as a legal person. These two types of users may have different usage and functional requirements.

Below a non-exaustive list of the different Wallet Instance types.

Mobile Wallet Native Application:

Also known as Mobile Wallet only, is an application that runs natively on a Personal Device under the sole control of an End-User and provided through a platform vendor specific app-store, on behalf of the Wallet Solution. In some cases the End-User as natural person uses the Mobile Wallet representing a legal person. Web Wallet Native Application:

Also known as Cloud Wallet or Web Wallet only, is a Wallet that uses native web technologies for its components, such as UI components. Cloud Wallets are typically suited for Organisational Entities that requires automated Digital Credential operations (request, issuance, store, presentation, revocations) in unsupervised flows, therefore without any human control. Web Wallets are divided into two additional subtypes: Custodial Web Wallets and Non-Custodial Web Wallets.

Custodial Web Wallet Cloud Wallets that have dependency on a cloud infrastructure, not necessarily hosted by the Wallet Provider, are typically classified as Custodial Web Wallets; in this case, the cryptographic keys used and the Digital Credentials are stored in the cloud infrastructure.

Non-Custodial Web Wallet A Web Wallet where the cryptographic keys are stored and managed on a media in possession by the End-User and the Digital Credentials can only be used by the End-User, e.g. using a FIDO enabled security hardware token, no matter whether the Credentials are stored locally in a Personal Device or in cloud storage. Progressive Web Application Wallet (PWAW)

PWAW is a web application that looks like a native app. It can be installed on a Personal Device and not necessarly using the operative system specific app-store. The advantage with a PWAW is that it gives the End-User the same experience as a Mobile Native Wallet Application while also offering the benefits of a web application. PWAW can be Custodial or Non-Custodial.

simoneonofri commented 4 months ago

301 Moved Permanently: The updated version of the Threat Model is in the Threat Model Community Group Repository

Sakurann commented 3 months ago

I know it says this work has permanently moved. and I will try contribute in a new CG as well, but just wanted to point to two prior work with a very similar scope that should be taken into account:

simoneonofri commented 3 months ago

@Sakurann thank you so much, I moved the Issue text, but here there are still some material needed to moved as issues. For sure these two works needs to be refenreced in the Threat Model!

simoneonofri commented 3 months ago

Threat Model and analysis by @RByers 👍 Chromium: RWI privacy risk mitigation design to include/reflect