12/2/2003chow1 Network and System Support for Multi-Level Security C. Edward Chow Department of Computer Science University of Colorado At Colorado Springs

12/2/2003chow2 Outline of the Talk Motivation. Related Literature –“A Model for Secure Multimedia Database System in a Distributed Environment”, by Joshi et al, Distributed Multimedia System Lab Purdue –XrML: eXtensible right Markup Language, –“A Cryptographic Solution to Implement Access Control in a Hierarchy and More, by Ray et al. Proposed Approach Discussion

12/2/2003chow3 SGFR Features Security Enhanced Groupware Instant messenger (JabberX) Group Communication Server Instant Messaging Server (Jabber) Psychology Evaluation Stress Level Tracking Effectiveness of Tool Usage (Keyboard/Mouse Event Tracking, History of Commands, Mistakes, Popup Quiz?) Group Key Managment Secure Group Rekeying system (Keystone)

12/2/2003chow4 SGFR System Architecture SGFR Client SGFR Group Key Server SGFR Instant Messenger Server Group key distribution Sign-in create/join chat groups Registration/authentication Encrypt/Decrypt msgs using group key

12/2/2003chow5 Interaction between various components

12/2/2003chow6 Associate JabberX client with Keyserver and Jabber server Users login to the Jabber server If login successful, the client registers with the Keyserver. When a user creates/joins a group, the Keyserver gives a key to the client. When a user leaves the group, the Keyserver generates a new key for the remaining members of the group.

12/2/2003chow7 Output of the Keystone Server User ganesh joining group g1 User ayen joining group g1 First group key assigned to… Same for the description of the 2 nd key below Point out certificate

12/2/2003chow8 Fig shows the encryption of the message from client to server. Fig shows the output of the Jabber server running on a machine

12/2/2003chow9 Secure Keystone Client Request Show the key piece of calls that send request to Keystone server. If it checks the server certificate ( show the code). Show the code that handle the response Show how Daemon process receive the group key and its format. Port # used.

12/2/2003chow10 Secure Keystone Client Verification Show the code that –Accept the SSL request, –Verify the certificate of the client,

12/2/2003chow11 Keystone Access Control Show the code that Compare the subject info with access list (show the file format of access List)

12/2/2003chow12 Keystone Server Show how group key are generated and distributed, the related specification file. Show how the group key are multicast.

12/2/2003chow13 Jabber-KeyStone Interface Show how the modified Jabber code uses group key for encryption.

12/2/2003chow14 Group File Download & Display Show how the client and server side code that implement remote image file download.

12/2/2003chow15 Testing Results RunsClient Registration Time (ms) Group Join Time (ms) Group Leave Time (ms) Avg/Run  Table 1 time taken for client registration group join, group leave File sizeTime Taken (ms) 8.5K K K K  Table 2 time taken for file transfer

12/2/2003chow16 Future work Improve the file transfer capability using Reliable Multicast Transport Protocol. Improve keystone’s error handling mechanism between keyserver/registrar and client manager. Improve keystone client manager by moving it into socket layer and providing socket layer API between a client manager and data processor. Integrate with multilevel secure document distribution system.