Security Services

V.1

Security Services

V.2

Security aspects of RPC

• Mechanisms:– Private-Key-Method (symmetric)

• „Data Encryption Standard“ (DES)• Use of a „Key Distribution Center“ with session keys on

the base of private keys• Setup of conversation contexts during Binding

– Public-Key-Method (asymmetric): RSA

• Identification and authentication– Identification during Binding– Authentication: Verification of identity of a called object

instance and also of server during distribution of session keys

V.3

Encryption

Example: System „Kerberos“ with DES

used in OSF DCE

KeyRequest (C,S)

Response ( {{CS}K2, {CS}}K1 )

Message( {<RPC>}CS, {CS} K2 )

Response ( {<RPC-result>}CS )

Response ( {<RPC-result>}CS )

Message( {<RPC>}CS)

Client C(with key K1)

Server S(with key K2)

Key distribution

centergenerates CS(S1,S2)

CS

{CS} K2

CS

V.4

Identification and authentication

• Identification:– Presentation of a explicit identifier

– Assignment and name construction important during Binding (compare with name server)

• Authentication:– Verification of identity via presentation of a secret identifier

– Using of private keys (for instance, from password)

– Authentication of the client and of the server via decryption of the (session) key

– Key distribution point: authentication service

– Additionally: timestamp for prevention of message repeats

V.5

Security aspects of RPC

• Possible guaranties:– Bugging, modification, call repeat and call initiation prevented

– Identity of communication partners guaranteed

– tolerable performance losses

– Traffic density analysis possible

• Security classes of DCE RPC– Authentication during Binding

– Authentication for each call

– Authentication for each packet

– Defense against message modification (encrypted control sum)

– Full-state encryption

V.6

Asymmetric crypto-method with public keys

• KD - secret key for decryption

• KE - public key for encryption

• nonreversible function F(KD) = KE

Client C

secret: KD_Cpublic: KE_S

KE_S(M)

M=KD_C(KE_C(M))

Server S

secret: KD_Spublic: KE_C

M=KD_S(KE_S(M))

KE_C(M)

Message Mtransmission

Calculation and delivery of private keys

V.7

Authorization

Awarding and control of access rights:– Capabilities for Client or

– Access control lists for Server

RPCServer

File ServerName Server

Meier Müller Huberreadwrite

-

read

read read

-

readreadwrite

readwrite

„Subject“

„Object“

Access control lists (ACL)

Capabilities

V.8

Access control list example

usr_obj /.:/sec/principal/Meier : rwid

foreign_user /.../firm_z.de/sec/principal/Müller : r---

group_obj /.:/sec/group/Dept_1 : rwi-

DocumentServer

Call: dynamic rights control

V.9Implementation example

- Control of identity of communication partners- Defense against bugging, manipulation, illegal access- Conformant to standards (for instance, DES and IDEA-algorithms)

SecurityServer

Client(Cashdesk)

Account Server

Authori-zation

Meier: rxMüller:rwx

Encryptedtransmission

Authentication

V.10Security Service: architecture

ACL Manager

Applicationserver

Authenticationprotocol

Client Security Service ServerACL Editor

CORBA-runtime-system

SecurityServer

AuthenticationprotocolCORBA-runtime-system

Applicationclient

Authenticationprotocol

Login-Facility

CORBA-runtime-system

Login-Facility:Password control and generating of a private key

Authentication protocol:Processing of distributed authentication

ACL Manager:Control of access rights of a client on the server site

ACL EditorDefinition and manipulation of access rights

V.11Security Service: Authentication

Authenticate

“ticket granting ticket” (TGT) with encrypted Client Key

• Client sends authentication query to the Security Service

• Security Service generates TGT and encrypts that with Client Key (from password)

• If client identity is correct, then client can encrypt the TGT (inclusive add-on information)

• Client sends TGT (newly encrypted) to the Privilege Server (Security Service)

• This is a proof for correct identity; client receives PAC and is authenticated

“ticket granting ticket” (TGT)

“privilege attribute certificate” (PAC)

Client Security Server

(Login- Components)

(Privilege Server)

1. Phase: Login

V.12Security Service: Authentication

Requests a Ticket

Ticket

• Authenticated Client requests a Ticket for the application server from the Security Service

• Security Service controls identity and awards the Ticket

• Client carries out a call (internal further steps to mutual authentication)

• ACL Manager of the server controls the authorization (<Client,Operation> in ACL contained?)

• Server carries out the call and delivers the results

• Communication generally encrypted (however compromise: security vs. performance)

Call (Ticket)

Answer

ClientSecurity Server

(Privilege Server)

2. Phase: Call of a server

Application server

(ACL Manager)

Security Services

Documents

Transcript of Security Services