Incident Response Hannah Short Sirtfi and Beyond

Slides:



Advertisements
Similar presentations
Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.
Advertisements

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
FIM-ig Federated Identity Management Interest Group.
SWITCHaai Team Federated Identity Management.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
Authentication and Authorization in a federated environment Jules Wolfrat (SARA)
AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
David Groep Nikhef Amsterdam PDP & Grid Traceability in the face of Clouds EGI-GEANT Symposium – cloud security track With grateful thanks for the input.
Federated Identity Management for HEP David Kelsey WLCG GDB 9 May 2012.
Identity Federation Policy Marina Vermezović, AMRES Federated Identity Technology Workshop Sofia, Bulgaria, 20. Jun 2014.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.
INTRODUCTION: THE FIRST TRY InCommon eduGAIN Policy and Community Working Group.
Authentication and Authorisation for Research and Collaboration David Kelsey AARC AHM Milan And mechanisms NA3 Task 4 – Scalable.
HIT Policy Committee NHIN Workgroup HIE Trust Framework: HIE Trust Framework: Essential Components for Trust April 21, 2010 David Lansky, Chair Farzad.
JRA1.4 Models for implementing Attribute Providers and Token Translation Services Andrea Biancini.
Federated Identity Management for HEP David Kelsey HEPiX, IHEP Beijing 18 Oct 2012.
Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.
Authentication and Authorisation for Research and Collaboration David Groep AARC All Hands meeting Milano Policy and Best Practice.
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
Evolving Security in WLCG Ian Collier, STFC Rutherford Appleton Laboratory Group info (if required) 1 st February 2016, WLCG Workshop Lisbon.
Introduction & use-cases FedAuth IETF78 Maastricht, July 27, 2010
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
Networks ∙ Services ∙ People Thomas Bärecke Journée Fédération, Paris Collaboration européenne GÉANT SA5 03/07/2015 SA5 T5 team
Federated Identity Fundamentals Ann Harding, SWITCH Cambridge July 2014.
Designing Identity Federation Policy, the right way Marina Vermezović, Academic Network of Serbia TNC2013 conference 4 May 2013.
Networks ∙ Services ∙ People Ann Harding Networkshop 44, Manchester Thinking globally, acting locally Trust and Identity in the GÉANT project.
Authentication and Authorisation for Research and Collaboration Taipei - Taiwan Mechanisms of Interfederation 13th March 2016 Alessandra.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI D4.4 and the EGI review Dr Linda Cornwall 19 th Sept 2011 D4.41.
SCI & Sirtfi David Kelsey (STFC-RAL) EGI Conference, Lisbon 19 May 2015.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014.
Cyber Security Phillip Davies Head of Content, Cyber and Investigations.
Building Trust for Research and Collaboration
Welcome to 11th FIM4R 11th Meeting, Montréal September 2017
Introduction to AAI Services
WLCG Update Hannah Short, CERN Computer Security.
Boosting AAI for research and collaboration
RCauth.eu CILogon-like service in EGI and the EOSC
Cross-sector and user-centric AAI
The Policy Puzzle Many groups and (proposed) policies, but leaving many open issues AARC “NA3” is tackling a sub-set of these “Levels of Assurance” –
Mechanisms of Interfederation
AARC Update What’s been happening in AARC which matters for GÉANT
Ian Bird GDB Meeting CERN 9 September 2003
InCommon Steward Program: Community Review
Federated Identity Management for Researchers (FIM4R)
Are you ready for a federated security incident?
Boosting AAI for research and collaboration
Incident Response for Federated Identities
The AARC Project Licia Florio AARC Coordinator GÉANT
Minimal Level of Assurance (LoA)
Policy in harmony: our best practice
Policy and Best Practice … in practice
Meeting summary Licia Florio
Updated (VO) Community Security Policies
Update - Security Policies
AARC Blueprint Architecture and Pilots
Supporting communities with harmonized policy
OIDC Federation for Infrastructures
RCauth.eu CILogon-like service in EGI and the EOSC
David Kelsey (STFC-RAL)
FIM4R Requirements 5 minutes per slide!.
Community AAI with Check-In
Example Use Case for Attribute Authorities and Token Translation Services - the case for eduGAIN Andrea Biancini.
Federated Incident Response
Project leader: Richard Morton Lead Editor: Jalal Benhayoun
WISE, SCI & policy templates David Kelsey (STFC-RAL, UK Research and Innovation) FIM4R & TIIME, Vienna, 11 February 2019.
Check-in Identity and Access Management solution that makes it easy to secure access to services and resources.
Future GridPP Security
Draft Charter Community of Practice for Direct Access Entities
Presentation transcript:

Incident Response Hannah Short Sirtfi and Beyond CERN Computer Security AARC NA3 WISE March 27th 2017

Incident Response in Distributed Infrastructures Agenda Incident Response in Distributed Infrastructures Impact of Identity Federations Filing the gaps

Incident Response in Distributed Infrastructures

Security Incident Response in Distributed Infrastructures Shared Policies Trust Operational Support

Shared Policies Written rules, and obligations Clear basis for exclusion from infrastructure if not followed Reasonable likelihood that sites follow best practices in security

Operational Support Incident preparation and prevention - cascade advisories, IOCs, patches etc Coordinate incident response across multiple Sites Power to block problematic Sites & users

Trust Fundamentally, incident response is more successful when the individuals know and trust each other Online trust Consistent, trustworthy behaviour Voluntary collaboration Offline trust Key exchange Verification that you are a real person 

Security Incident Response Models AARC Project Deliverable DNA3.2 provided opportunity to: Analyse existing models Consider Security Incident Response Procedures in the context of eduGAIN (stay tuned for the second part of this talk!) https://aarc-project.eu/wp-content/uploads/2017/02/DNA3.2-Security-Incident-Response-Procedure-v1.0.pdf

Fully Distributed Model 1 2 3 4 5 1 2 3 4 5 During Incident Response Post-Incident-Report Sharing Information shared between all participants Information shared between all participants

Hub 1 2 3 4 5 Hub 1 2 3 4 5 Hub and Spoke During Incident Response Post-Incident-Report Sharing Information shared between affected participants Information shared between all participants

Impact of Identity Federations

Federated Identity Management Worldwide What is a Federation? Federated Identity Mangement (FIM) is the concept of groups of Service Providers (SPs) and Identity Providers (IdPs) agreeing to interoperate under a set of policies. Federations are typically established nationally and use the SAML2 protocol for information exchange Each entity within the federation is described by metadata https://www.switch.ch/aai/about/federation/ Credit to Alessandra Scicchitano – GEANT for this slide

Federated Identity Management Worldwide eduGAIN eduGAIN is a form of interfederation Participating federations share information (metadata) about entities from their own federation with eduGAIN eduGAIN bundles this metadata and publishes it in a central location. eduGAIN aggregates metadata from participating federations (metadata service). This aggregate is consumed by all participating federations, such that Identity Providers and Service Providers can find each other. Technically, this aggregate works as follows: 'export metadata aggregate’, eduGAIN aggregate, Each participating federation produces a so called 'export metadata aggregate'; a file that contains the metadata of local Identity Providers and Service Providers that participate in eduGAIN. Note that this is often a subset of all Identity Providers and Service Providers from that federation. eduGAIN combines all export metadata aggregates and generates an "eduGAIN aggregate"; a file that combines all metadata from all participating federations. This eduGAIN aggregate is signed by eduGAIN and published on the internet, thereby making it available to all participating federations. Each participating federation must consume this eduGAIN aggregate and supply it to their local Identity Providers and Service Providers. Credit to Alessandra Scicchitano – GEANT for this slide

Our Interaction with Identity Federations Research Communities typically join through an SP-IdP proxy From the outside (eduGAIN) it looks like an SP From the inside it looks like an IdP We depend on the stability of eduGAIN as an authentication infrastructure! The SP-IdP Proxy Model. Source: GEANT, GN3PLUS13-642-23

Security Incident Response in Distributed Infrastructures Shared Policies Trust Operational Support

The challenge of Federated Identity Management Shared Policies Trust Operational Support EduGAIN membership includes 4 policies… Security Incident Response is not one We have no insight into security practices of each participant Collaboration between IdPs and SPs is essential to build full incident timeline – they have no obligation to collaborate

The challenge of Federated Identity Management Shared Policies Trust Operational Support EduGAIN has no central help desk Few national federations offer central security support No way to block an identity, IdP, or federation everywhere and immediately

The challenge of Federated Identity Management Shared Policies Trust Operational Support Security is often not priority (or even in skillset) of engaged FIM participants Simply too big…

2360 IdPs 1493 SPs Potential targets Potential sources of compromised identities 1493 SPs Potential targets

All I need is one identity… What can we do?  All I need is one identity… Federation 3 Federation 1 Federation 2 SP IdP Clearly an inviting attack surface… luckily, this was noticed several years ago!

Beginnings Issues of IdM raised by IT leaders from EIROforum labs (Jan 2011) CERN, EFDA-JET, EMBL, ESA, ESO, ESRF, European XFEL and ILL These laboratories, as well as national and regional research organizations, face similar challenges Prepared a paper that documents common requirements https://cdsweb.cern.ch/record/1442597 “Security procedures and incident response would need to be reviewed. Today, each resource provider is for example responsible for terminating access by known compromised identities. With identity federation, this responsibility will be shifted to the IdP though resource providers will insist on the ability to revoke access.” “Such an identity federation in the High Energy Physics (HEP) community would rely on: • A well-defined framework to ensure sufficient trust and security among the different IdPs and relying parties.“ Credit to David Kelsey (STFC) for this content

Evolution Several years later, 2016 Security Incident Response Trust Framework for Federated Identity Approved by the REFEDS (Research & Education FEDerations) Community Registered Internet Assigned Numbers Authority (IANA) Assurance Profilehttps://www.iana.org/assignments/loa-profiles/loa-profiles.xhtml

Sirtfi Require that a security incident response capability exists with sufficient authority to mitigate, contain the spread of, and remediate the effects of an incident. Operational Security Assure confidentiality of information exchanged Identify trusted contacts Guarantee a response during collaboration Incident Response Improve the usefulness of logs Ensure logs are kept in accordance with policy Traceability Confirm that end users are aware of an appropriate AUP Participant Responsibilities

Current adoption

Find out more https://refeds.org/sirtfi

How does Sirtfi help?

How does Sirtfi help? Operational Support Shared Policies Trust Shared framework fulfills purpose of basic policy Obliged to collaborate Basic operational security best practices Allows us to identify security conscious bodies

How does Sirtfi not help? Shared Policies Trust Operational Support Some Federation Operators unwilling to act as gatekeepers No shared procedures No large-scale blocking mechanism Trust tied to organisation/entity, not individual Difficult to build offline trust

Filling the gaps

How can we build the necessary security capability for eduGAIN? Operational Support Trust eduGAIN itself announced early this year that they will provide a support platform capable of coping with roughly 200 tickets per year Security Incidents will be in scope of this team by Autumn Identified need for Trust Portal Crowd source trust and provide method for identifying confidence in an entity outside metadata

Incident Response Procedure for Interfederation DNA3.2 provides template procedures based on EGI/WLCG and inspired by common practices Leverages existing trusted relationships in Identity Federations Sort of “nested hub”  Research Communities (RCs) need procedures for two purposes: eduGAIN to secure itself eduGAIN to cooperate with us during an incident Hub 1 2 3 4 5 13 21 12 22 11 23

Role of Research Communities Typical SPs do not have a mature security capability Many RCs have expertise and motivation to lead incident response and should be allowed to do so Procedures are flexible to allow the most appropriate entity to be the Incident Response Coordinator Research Community CERT Hub 1 2 3 4 5 13 21 12 22 11 23

Next Steps Document has already had input from many sources Identity Federations (Germany, US, UK, Sweden, Switzerland) SPs (ORCID) Research Community Reps (CERN, EGI, KIT) Review by Scott Koranda (LIGO) and Leif Nixon Next steps Circulate more widely Encourage National Identity Federations to adopt similar policies Ensure that the eduGAIN support platform is able to effectively play the central role we need

hannah.short@cern.ch