Security Services
description
Transcript of Security Services
V.1
Security Services
V.2
Security aspects of RPC
• Mechanisms:– Private-Key-Method (symmetric)
• „Data Encryption Standard“ (DES)• Use of a „Key Distribution Center“ with session keys on
the base of private keys• Setup of conversation contexts during Binding
– Public-Key-Method (asymmetric): RSA
• Identification and authentication– Identification during Binding– Authentication: Verification of identity of a called object
instance and also of server during distribution of session keys
V.3
Encryption
Example: System „Kerberos“ with DES
used in OSF DCE
KeyRequest (C,S)
Response ( {{CS}K2, {CS}}K1 )
Message( {<RPC>}CS, {CS} K2 )
Response ( {<RPC-result>}CS )
Response ( {<RPC-result>}CS )
Message( {<RPC>}CS)
Client C(with key K1)
Server S(with key K2)
Key distribution
centergenerates CS(S1,S2)
CS
{CS} K2
CS
V.4
Identification and authentication
• Identification:– Presentation of a explicit identifier
– Assignment and name construction important during Binding (compare with name server)
• Authentication:– Verification of identity via presentation of a secret identifier
– Using of private keys (for instance, from password)
– Authentication of the client and of the server via decryption of the (session) key
– Key distribution point: authentication service
– Additionally: timestamp for prevention of message repeats
V.5
Security aspects of RPC
• Possible guaranties:– Bugging, modification, call repeat and call initiation prevented
– Identity of communication partners guaranteed
– tolerable performance losses
– Traffic density analysis possible
• Security classes of DCE RPC– Authentication during Binding
– Authentication for each call
– Authentication for each packet
– Defense against message modification (encrypted control sum)
– Full-state encryption
V.6
Asymmetric crypto-method with public keys
• KD - secret key for decryption
• KE - public key for encryption
• nonreversible function F(KD) = KE
Client C
secret: KD_Cpublic: KE_S
KE_S(M)
M=KD_C(KE_C(M))
Server S
secret: KD_Spublic: KE_C
M=KD_S(KE_S(M))
KE_C(M)
Message Mtransmission
Calculation and delivery of private keys
V.7
Authorization
Awarding and control of access rights:– Capabilities for Client or
– Access control lists for Server
RPCServer
File ServerName Server
Meier Müller Huberreadwrite
-
read
read read
-
readreadwrite
readwrite
„Subject“
„Object“
Access control lists (ACL)
Capabilities
V.8
Access control list example
usr_obj /.:/sec/principal/Meier : rwid
foreign_user /.../firm_z.de/sec/principal/Müller : r---
group_obj /.:/sec/group/Dept_1 : rwi-
DocumentServer
Call: dynamic rights control
V.9Implementation example
- Control of identity of communication partners- Defense against bugging, manipulation, illegal access- Conformant to standards (for instance, DES and IDEA-algorithms)
SecurityServer
Client(Cashdesk)
Account Server
Authori-zation
Meier: rxMüller:rwx
Encryptedtransmission
Authentication
V.10Security Service: architecture
ACL Manager
Applicationserver
Authenticationprotocol
Client Security Service ServerACL Editor
CORBA-runtime-system
SecurityServer
AuthenticationprotocolCORBA-runtime-system
Applicationclient
Authenticationprotocol
Login-Facility
CORBA-runtime-system
Login-Facility:Password control and generating of a private key
Authentication protocol:Processing of distributed authentication
ACL Manager:Control of access rights of a client on the server site
ACL EditorDefinition and manipulation of access rights
V.11Security Service: Authentication
Authenticate
“ticket granting ticket” (TGT) with encrypted Client Key
• Client sends authentication query to the Security Service
• Security Service generates TGT and encrypts that with Client Key (from password)
• If client identity is correct, then client can encrypt the TGT (inclusive add-on information)
• Client sends TGT (newly encrypted) to the Privilege Server (Security Service)
• This is a proof for correct identity; client receives PAC and is authenticated
“ticket granting ticket” (TGT)
“privilege attribute certificate” (PAC)
Client Security Server
(Login- Components)
(Privilege Server)
1. Phase: Login
V.12Security Service: Authentication
Requests a Ticket
Ticket
• Authenticated Client requests a Ticket for the application server from the Security Service
• Security Service controls identity and awards the Ticket
• Client carries out a call (internal further steps to mutual authentication)
• ACL Manager of the server controls the authorization (<Client,Operation> in ACL contained?)
• Server carries out the call and delivers the results
• Communication generally encrypted (however compromise: security vs. performance)
Call (Ticket)
Answer
ClientSecurity Server
(Privilege Server)
2. Phase: Call of a server
Application server
(ACL Manager)