middleware for secure environments presented by kemal altıntaş hümeyra topcu-altıntaş osman...
TRANSCRIPT
Middleware for Secure Middleware for Secure EnvironmentsEnvironments
Presented byPresented byKemal Kemal AltıntaşAltıntaş
Hümeyra Topcu-AltıntaşHümeyra Topcu-AltıntaşOsman ŞenOsman Şen
Cherubim Security SystemCherubim Security System
Java based security system for secure Java based security system for secure communication over networkscommunication over networks
Developed at the UIUCDeveloped at the UIUC
Core Security ServicesCore Security Services
EncryptionEncryption: process to encode data to protect : process to encode data to protect it from attacks in the networkit from attacks in the network
Can be done with a variety of algorithms (such Can be done with a variety of algorithms (such as IDEA or DES), modes (such as ECB- as IDEA or DES), modes (such as ECB- Electgronic Code Book, CFB-Cipher Electgronic Code Book, CFB-Cipher Feedback, or CBC-Cipher Block Chaining) Feedback, or CBC-Cipher Block Chaining) and padding schemes (such as PKCS#5 or and padding schemes (such as PKCS#5 or PKCS#7).PKCS#7).
DecryptionDecryption: The opposite of encryption. Can : The opposite of encryption. Can be done with any of the above algorithms.be done with any of the above algorithms.
Core Security ServicesCore Security Services
Digital SignatureDigital Signature Electronic equivalent of a person’s signatureElectronic equivalent of a person’s signature Used to verify that a document or a message really Used to verify that a document or a message really
comes from a specific personcomes from a specific person Can be done with algorithms such as RSA, DSA or Can be done with algorithms such as RSA, DSA or
El GamalEl Gamal
Core Security ServicesCore Security Services
Digital Signature VerificationDigital Signature Verification Equivalent to comparing one’s signature to a Equivalent to comparing one’s signature to a
reference copyreference copy If the signature verifies, the document or the If the signature verifies, the document or the
message is assumed to be coming from the message is assumed to be coming from the specified personspecified person
Any of the above algorithms can be usedAny of the above algorithms can be used
Core Security ServicesCore Security Services
Secret HashingSecret Hashing Process of transforming a document into a unique Process of transforming a document into a unique
code that is relatively small, typically 128-256 bitscode that is relatively small, typically 128-256 bits It is desirable to have unique codes for each It is desirable to have unique codes for each
documentdocument Cherubim supports several hashing algorithms Cherubim supports several hashing algorithms
such as SHA-1 and MD5such as SHA-1 and MD5
Core Security ServicesCore Security Services
Secret Key Generation from a PassPhraseSecret Key Generation from a PassPhrase A secret key from a phrase that the user enters is A secret key from a phrase that the user enters is
generated using a hash algorithmgenerated using a hash algorithm Used to store private keys and such private Used to store private keys and such private
information on diskinformation on disk If the hashed secret is short, it is repeated to If the hashed secret is short, it is repeated to
increase the sizeincrease the size If it is long, the last blocks are xored with the first If it is long, the last blocks are xored with the first
blocksblocks
Authentication and Key NegotiationAuthentication and Key Negotiation Key negotiation is accomplished using Diffie-Hellman protocol.Key negotiation is accomplished using Diffie-Hellman protocol. Client sends a SignedDHMessage to the server. Client sends a SignedDHMessage to the server.
The message contains: client’s part of the key exchange, destination of the The message contains: client’s part of the key exchange, destination of the message, a timestamp, the algorithm to generate the key and the length of the message, a timestamp, the algorithm to generate the key and the length of the keykey
The message is signed by the user’s private keyThe message is signed by the user’s private key Server verifies the signature, timestamp and destination. The Server verifies the signature, timestamp and destination. The
timestamp gives a duration of 5 minutes of validity for each timestamp gives a duration of 5 minutes of validity for each messagemessage
Server sends a SignedDHMessage with the similar informationServer sends a SignedDHMessage with the similar information Client verifies the signature, timestamp and destinationClient verifies the signature, timestamp and destination Client and server generate a shared secret as described in the Client and server generate a shared secret as described in the
protocolprotocol Client and Server hash the secret into a secret session keyClient and Server hash the secret into a secret session key Session key expires after 1 hour and the whole process repeatedSession key expires after 1 hour and the whole process repeated
Diffie-Hellman Authentication Diffie-Hellman Authentication ProtocolProtocol
Client a
Session Key
HASHHASH
gab
<ga, destination, timestamp, algorithm> signature
Server b
Session Key
gab
<gb, destination, timestamp, algorithm> signature
Diffie Hellman Exchange ParametersDiffie Hellman Exchange Parameters
Parameters g and p are hard coded into the Parameters g and p are hard coded into the system in order to prevent an attack using system in order to prevent an attack using weak keysweak keys
p is a 2048 bit prime numberp is a 2048 bit prime number g is another smaller prime numberg is another smaller prime number
Classloader HierarchyClassloader Hierarchy
Primordial ClassesPrimordial Classes: Java core classes and : Java core classes and necessary cryptographic codenecessary cryptographic code
Jurassic ClassesJurassic Classes: The classes present on the : The classes present on the user’s home machine. user’s home machine.
Active Capability ClassesActive Capability Classes: Classes loaded by : Classes loaded by active capability loader. No more info in paperactive capability loader. No more info in paper
Initial Booting of the SystemInitial Booting of the System Client boots its OS and Java Virtual MachineClient boots its OS and Java Virtual Machine
Cherubim does not consider security at this levelCherubim does not consider security at this level Focuses on network securityFocuses on network security Local system should be careful about trojan horse OS or JVM Local system should be careful about trojan horse OS or JVM
and the authenticity of the java core classesand the authenticity of the java core classes User runs the boot program form the smart cardUser runs the boot program form the smart card Boot program prompts for passphraseBoot program prompts for passphrase
The channel between keyboard and JVM must be secureThe channel between keyboard and JVM must be secure Passphrase is hashed into keyPassphrase is hashed into key Key is used to decrypt the data on smart cardKey is used to decrypt the data on smart card
The memory access must be secure on local machineThe memory access must be secure on local machine Client machine connects to user’s home machineClient machine connects to user’s home machine Client begins key negotiations with the home machineClient begins key negotiations with the home machine
Requesting ClassesRequesting Classes
JurassicClassloader receives request for a classJurassicClassloader receives request for a class JurassicClassloader checks to see if the class is in cacheJurassicClassloader checks to see if the class is in cache If so, return itIf so, return it Else check if primordialClassloader can load it (i.e. is it in Else check if primordialClassloader can load it (i.e. is it in
classpath?). If so, return itclasspath?). If so, return it Else check if the session key expired. If so, negotiate and Else check if the session key expired. If so, negotiate and
get new keyget new key JurassicClassloader sends a SEClassRequest (signed, JurassicClassloader sends a SEClassRequest (signed,
encrypted request) to the home server over existing socketencrypted request) to the home server over existing socket Server verifies the signature, timestamp, description and Server verifies the signature, timestamp, description and
sequence number on the request messagesequence number on the request message
Class ResponseClass Response
Server loads the class from the disk to memoryServer loads the class from the disk to memory Server sends the class to client (in encrypted Server sends the class to client (in encrypted
form) form) JurassicClassloader verifies the signature, JurassicClassloader verifies the signature,
timestamp, destination and sequence numbertimestamp, destination and sequence number JurassicClassloader adds the class to the cacheJurassicClassloader adds the class to the cache Returns the class to the processReturns the class to the process
System SpecificSystem Specific Message DigestingMessage Digesting
Default: SHA-1Default: SHA-1 Alternatives: MD4, MD5, RIPE-MD 160Alternatives: MD4, MD5, RIPE-MD 160
Digital SignaturesDigital Signatures Default: SHA-1/RSADefault: SHA-1/RSA Alternatives: DSA, El GamalAlternatives: DSA, El Gamal
Session KeysSession Keys Default: IDEADefault: IDEA Alternatives: DES, Triple DES (3DES), Blowfish or SPEEDAlternatives: DES, Triple DES (3DES), Blowfish or SPEED
Passphrase HashingPassphrase Hashing Default: SHA-1Default: SHA-1
System SpecificSystem Specific Character EncodingCharacter Encoding
Default: UTF8Default: UTF8 Symmetric Key for Writing to StorageSymmetric Key for Writing to Storage
Default: IDEADefault: IDEA Diffie-Hellman Key Exchange ParamsDiffie-Hellman Key Exchange Params
Hardcoded into systemHardcoded into system
Antigone: A Flexible Antigone: A Flexible Framework for Secure Group Framework for Secure Group
CommunicationCommunicationby P.McDaniel, A.Prakash, P.Honeymanby P.McDaniel, A.Prakash, P.Honeyman
What is Antigone?What is Antigone?
Middleware layerMiddleware layer Provides flexible interfaces for defining policy Provides flexible interfaces for defining policy
in group applicationsin group applications Applications can define and implement a wide Applications can define and implement a wide
range of policiesrange of policies
Group Security PoliciesGroup Security Policies
Session rekeying policySession rekeying policy Application Message policyApplication Message policy Membership policyMembership policy Process failure policyProcess failure policy
Session rekeying policySession rekeying policy
Changes in group membership require the Changes in group membership require the session to be rekeyedsession to be rekeyed
Time-sensitive rekeyingTime-sensitive rekeying Leave-sensitive rekeyingLeave-sensitive rekeying Join-sensitive rekeyingJoin-sensitive rekeying Membership-sensitive rekeyingMembership-sensitive rekeying
Application message (Data security) Application message (Data security) policypolicy
States the types of security guarantees required States the types of security guarantees required for application messagesfor application messages
Types: integrity, confidentiality, group Types: integrity, confidentiality, group authenticity, sender authenticityauthenticity, sender authenticity
Vary from message to messageVary from message to message
Membership PolicyMembership Policy
What information about the membership is What information about the membership is delivered to the group membersdelivered to the group members
Antigone does not support confidentiality of Antigone does not support confidentiality of group membership because of the difficulties group membership because of the difficulties about hiding group membership from about hiding group membership from members and non-membersmembers and non-members
Process Failure PolicyProcess Failure Policy
States a set of failures to be detected and the States a set of failures to be detected and the security to be applied to the failure detection security to be applied to the failure detection mechanismmechanism
Need for secure failure detection to protect the Need for secure failure detection to protect the group from the masking of process failures by group from the masking of process failures by an adversaryan adversary
Antigone ArchitectureAntigone Architecture
Multicast/TCP
IP
Application
Predefined Policies
Broadcast Transport
Point-to-point Asymmetric Multicast Symmetric Multicast
Join Failure Detection
ApplicationMessage Policy
MembershipPolicy
Process FailurePolicy
Rekeying Policy
Rekey/GroupMembership
LeaveApplicationMessage
Mechanisms
Authenticate