Web Services Reliable Messaging and Security Paul Fremantle VP of Technology WSO2.

Slides:



Advertisements
Similar presentations
Internet Protocol Security (IP Sec)
Advertisements

ARP Cache Poisoning How the outdated Address Resolution Protocol can be easily abused to carry out a Man In The Middle attack across an entire network.
© IBM Corporation OASIS Symposium: Reliable Infrastructures for XML Critical Comparison of WS-RM and WS-R April 27, 2004 Christopher Ferris Senior.
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.
0 Web Service Security JongSu Bae. 1  Introduction 2. Web Service Security 3. Web Service Security Mechanism 4. Tool Support 5. Q&A  Contents.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
SOA and Web Services. SOA Architecture Explaination Transport protocols - communicate between a service and a requester. Messaging layer - enables the.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
T Network Application Frameworks and XML Service Federation Sasu Tarkoma.
Reliable Messaging in the Real World Paul Fremantle Co-chair, OASIS WS-RX TC VP and Founder, WSO2 Inc OASIS Adoption Forum Ditton Manor, October 29 th.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
WXES2106 Network Technology Semester /2005 Chapter 8 Intermediate TCP CCNA2: Module 10.
Secure Web Services Akylbek Zhumabayev Rochester Institute of Technologies.
Module 13: WCF Receive Adapters. Overview Lesson 1: Introduction to WCF Receive Adapters Lesson 2: Configuring a WCF Receive Adapter Lesson 3: Using the.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
The Early Life of WS-ReliableMessaging Where we are, and how we got here Jorgen Thelin Program Manager – WS-* Workshops Microsoft Corporation.
Windows Communications Foundation ("Indigo"): Web Services Interoperability With Java/J2EE Kirill Gavrylyuk Simon Guest COM423 Microsoft Corporation.
1 © NOKIA Web Service Reliability NOKIA. 2 © NOKIA Content What is reliability ? Guaranteed Delivery Duplicate Elimination Ordering Crash tolerance State.
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
Chapter 13 – Network Security
Web Services Reliability Specification (WS-Reliability) Sunil Kunisetty Oracle Corp. Jacques Durand Fujitsu Software.
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
Web Services Security Standards Overview for the Non-Specialist Hal Lockhart Office of the CTO BEA Systems.
Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.
Transmission Control Protocol TCP. Transport layer function.
(Business) Process Centric Exchanges
XML Web Services Architecture Siddharth Ruchandani CS 6362 – SW Architecture & Design Summer /11/05.
17 March 2008 © 2008 The University of Edinburgh, European Microsoft Innovation Center and University of Southampton IT Innovation Centre 1 NextGRID Security.
Secure Systems Research Group - FAU 1 WS-Reliability Pattern Ingrid Buckley Dept. of Computer Science and Engineering Florida Atlantic University Boca.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
Random Logic l Forum.NET l Web Services Enhancements for Microsoft.NET (WSE) Forum.NET ● October 4th, 2006.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
ACM 511 Introduction to Computer Networks. Computer Networks.
Slide 1 © 2004 Reactivity The Gap Between Reliability and Security Eric Gravengaard Reactivity.
SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.
 A Web service is a method of communication between two electronic devices over World Wide Web.
WS-Reliability Inter-op Now that we are done.. November 18, 2004.
Web Services Reliability Options A Comparison of Web Services Reliable Messaging Specifications OASIS WSRM TC.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
JS (Java Servlets). Internet evolution [1] The internet Internet started of as a static content dispersal and delivery mechanism, where files residing.
Gridshell Security Master Project Akylbek Zhumabayev Rochester Institute of Technology.
Secure Systems Research Group - FAU 1 WS-Reliability Pattern Ingrid Buckley Dept. of Computer Science and Engineering Florida Atlantic University Boca.
Web Security Introduction (Some of the slides were adapted from Oppliger’s online slides at
BEA position on W3C ‘Web Services’ Standards Jags Ramnarayan 11th April 2001.
INFSO-RI Enabling Grids for E-sciencE Web Services Mike Mineter National e-Science Centre, Edinburgh.
Wednesday, 3:30 PM – 5:00 PM Telecom SOA Profile  WS Addressing  WS reliable messaging  WS security  SOAP over JMS  General improvement of specs with.
Andrew J. Hewatt, Gayatri Swamynathan and Michael T. Wen Department of Computer Science, UC-Santa Barbara A Case Study of the WS-Security Framework.
Secure Web Services Akylbek Zhumabayev Rochester Institute of Technologies.
Vijay V Vijayakumar.  Implementations  Server Side Security  Transmission Security  Client Side Security  ATM’s.
Securing Access to Data Using IPsec Josh Jones Cosc352.
IP Security (IPSec) Matt Hermanson. What is IPSec? It is an extension to the Internet Protocol (IP) suite that creates an encrypted and secure conversation.
Receipt Token Profile for Web Services Eric Gravengaard Reactivity.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
August 3, 2004WSRP Technical Committee WSRP v2 leveraging WS-Security Discussion 1. WS-* Standards 2. WS-Securtiy Interop&Implementations 3. Customer demands.
Open Source for Interoperability Paul Fremantle VP, Apache Synapse Member, ASF CTO and Co-Founder, WSO2.
Ch23 Ameera Almasoud 1 Based on Data Communications and Networking, 4th Edition. by Behrouz A. Forouzan, McGraw-Hill Companies, Inc., 2007.
Access Policy - Federation March 23, 2016
Chapter 9: Transport Layer
Data Transport Standard (DTS)
Presentation transcript:

Web Services Reliable Messaging and Security Paul Fremantle VP of Technology WSO2

© WSO2, Inc, 2006 About me Co-founder and VP of Technology and Partnerships at WSO2 The leading Open Source Web services company Co-Chair of the OASIS WSRX Technical Committee Committer on Apache Synapse Member of the Apache Software Foundation Co-author of Building Web Services in Java 2 nd EditionBuilding Web Services in Java 2 nd Edition Ex IBM Senior Technical Staff Member developed the IBM Web Services Gateway Apache WSIF Apache Axis C/C++ JWSDL/WSDL4J – now Apache Woden

© WSO2, Inc, 2006 Contents Introduction to WS-Reliable Messaging Composing WSRM and Security Potential attacks on a reliable exchange Securing the Sequence Summary

© WSO2, Inc, 2006 WSRM Aims To help ensure that messages are delivered to their destination Exactly Once In Order is the most common requirement “Composable” with other specifications and existing systems Doesn’t re-implement those aspects Has the ability to work with other standards (security, transactions, addressing)

© WSO2, Inc, 2006 History A specification designed by IBM, Microsoft, BEA and Tibco Designed to compose with WS- Addressing, WS-Policy Originally published in March 2003 Refreshed March 2004, Feb 2005 Submitted to OASIS June 2005

© WSO2, Inc, 2006 This presentation Mainly based on the public review (CD4) of WSRM 1.1 (OASIS) With appropriate comments on the Submission spec (WSRM 1.0)

© WSO2, Inc, 2006 WS-Reliability An alternative specification proposed by Fujitsu, Hitachi, NEC, Oracle, Sun Submitted to OASIS and standardized, currently at v1.1 One available implementation: RM4GS Reliable Messaging for Grid Service A sample/reference implementation

© WSO2, Inc, 2006 Confusion WS-R WSRM OASIS WSRM committee WS-RX committee

© WSO2, Inc, 2006 WS-RX TC members include representatives of: Actional Corporation Adobe Systems BEA Systems, Inc. BTplc Choreology Ltd. Ericsson Fujitsu Limited Hitachi, Ltd. IBM IONA Technologies JBoss Inc. Microsoft Corporation NEC Corporation Nortel Networks Limited Novell Oracle Corporation SAP AG Sonic Software Corp. Sonoa Systems, Inc. Sun Microsystems Tibco Software Inc. webMethods, Inc. WSO2 While the TC is working from the submitted spec, it aims to meet the requirements of all the TC members within the scope of the charter

Introduction to WSRM

© WSO2, Inc, 2006 The core model CreateSequence and CreateSequenceResponse Messages allocated to the sequence Acknowledgement Resend of unacknowledged messages TerminateSequence and TerminateSequenceResponse

© WSO2, Inc, 2006 Simple example

© WSO2, Inc, 2006 WS-RM core model

© WSO2, Inc, 2006 Delivery Assurances Previous spec (1.0) explicitly called out the delivery assurances: At least once At most once Exactly once (at least+at most) InOrder 1.1 allows the RMD to specify IncompleteSequenceBehaviour DiscardEntireSequence DiscardFollowingFirstGap NoDiscard

© WSO2, Inc, 2006 Verbs SOAP Body: CreateSequence/CreateSequenceResponse CloseSequence*/CloseSequenceResponse* TerminateSequence/TerminateSequenceResponse* SOAP Header: Sequence AckRequested SequenceAcknowledgement * Indicates added since submitted to OASIS

© WSO2, Inc, 2006 CreateSequence wsa:EndpointReferenceType xs:duration ? xs:anyURI xs:duration ?... ?...

© WSO2, Inc, 2006 CreateSequenceResponse xs:anyURI xs:duration ? ? wsa:EndpointReferenceType ?...

© WSO2, Inc, 2006 CreateSequence/Response Sent in the body AcksTo specifies the place where acknowledgements are sent Expires is optional Offer is an optional way of initiating a Sequence in the reverse direction Can respond with CreateSequenceRefused fault

© WSO2, Inc, 2006 CloseSequence xs:anyURI... Sent from the RMS to the RMD Added to help close down incomplete sequences After a sequence is closed, no new messages are received But still responds to AckRequested Allowing the final state of the sequence to be ascertained

© WSO2, Inc, 2006 TerminateSequence xs:anyURI... Sent from the RMS to the RMD - indicates that the sequence will no longer be used Normally sent when the sequence is complete – all sent messages have been acknowledged Can be sent at any time

© WSO2, Inc, 2006 TerminateSequenceResponse This was added by the TC to allow the RMS to know that the RMD successfully terminated the sequence xs:anyURI...

© WSO2, Inc, 2006 Sequence Header The primary header – added to every message that is in a Sequence Adds the sequence identifier and the message number xs:anyURI wsrm:MessageNumberType...

© WSO2, Inc, 2006 AckRequested xs:anyURI... Allows a RMS to request an acknowledgement from the RMD RMD must reply at once Must be a full acknowledgement (no Partial Answer Mode)

© WSO2, Inc, 2006 SequenceAcknowledgement xs:anyURI [ [ [ <wsrm:AcknowledgementRange... Upper="wsrm:MessageNumberType" Lower="wsrm:MessageNumberType"/> + | ] ? ] | wsrm:MessageNumberType + ]... A complete set of ranges May be Final – indicating no more messages will be accepted Or None (may be Final) Or Nacks of individual messages

© WSO2, Inc, 2006 “Optimistic” model Because the whole Sequence is acknowledged, it is possible to use WSRM with very little overhead over a sequence of messages CreateSequence Messages flow with Sequence headers, plus occasional acknowledgements TerminateSequence

© WSO2, Inc, 2006 Offer and Accept Offered sequence is a way of cutting down the “back-and-forth” There is no specific requirement that the Offered sequence is used for responses But usual behaviour

© WSO2, Inc, 2006 WSRM Policy The submitted spec had a number of parameters available in policy. AcknowledgementInterval was moved to CS Dynamic optimization of protocol timing is more effective than static parameters.

© WSO2, Inc, 2006 A two-way reliable interaction ClientServer CreateSequence + Offer CreateSequenceResponse(A) + Accept(B) Request 1 Response 1 + ackA1 Request 2 + ackB1 Request 3 + AckB1 Response 3 + ackA123 Response 2 ackB123 TerminateSequence(A) TerminateSequenceResponse + AckA123_Final TerminateSequence(B) TerminateSequenceResponse + AckB123_Final

© WSO2, Inc, 2006 Anonymous clients The protocol supports one-way reliability with anonymous clients May be reliable-in/unreliable-out acksTo will be anonymous Uses piggybacked acks

© WSO2, Inc, 2006 Anonymous clients and two-way The WSRM1.1 specification has added a new verb to support this: MakeConnection client CS+Offer(seq2) server CSR(seq1)+Accept msg1(seq1) response1(seq2) +ack(seq1) msg2(seq1) + ack(seq2) msg3(seq1) + ack(seq2) response3(seq2) + ack(seq1) MakeConnection(seq2) response2(seq2)

© WSO2, Inc, 2006 Uptake Still gated by lack of a “standard” Industry has definitely moved to WSRM spec Examples: Canadian government project built a solution on WSRM spec A major Wall Street bank is looking at widespread adoption of WSRM Ford and Daimler Chrysler are planning major implementations Other groups such as RAMP, FIXprotocol, will profile RM

© WSO2, Inc, 2006 Composability with Security WSRM is inherently designed to compose with security systems SSL/TLS WS-Security WS-SecureConversation

© WSO2, Inc, 2006 Basic Composability WS-Security WS-ReliableMessaging WS-AtomicTransactions Transactional Secure Transactional Secure Reliable Transactional Secure Reliable

© WSO2, Inc, 2006 Composability works! Numerous demonstrations of WSRM + WSSecurity WSRM and WSSecureConversation WSO2’s Web Service App Server fully supports these combinations

© WSO2, Inc, 2006 Composability isn’t enough Unfortunately, there is a problem Composability ensures that the application can be secured But doesn’t secure the sequence

© WSO2, Inc, 2006 Why isn’t SSL or WSSec enough? Party 1 Authorized RM enabled system RM Sequence Party 2 Authorized Attack on Sequence

© WSO2, Inc, 2006 Sequence attacks are real Probably the most famous hack ever was a sequence attack TCP Sequence Prediction Based on predicting the correct sequence number for a packet and getting your packets in first First identified by Robert Morris in 1985 but thought impractical and unlikely Actually implemented by Kevin Mitnick against Tsutomu Shimomura on Christmas Day 1994

© WSO2, Inc, 2006 So what can we learn from this? 1. Don’t login on Christmas Day 2. Protect your sequence

© WSO2, Inc, 2006 Integrity Threats Any modification to any of the RM protocol messages Countermeasures Signing the headers To prevent headers being swapped, Sequence headers should be signed with the body

© WSO2, Inc, 2006 Denial of Service Threat Many unused CreateSequences Target an in-order sequence with missing messages Countermeasures Restrict sequence creation to authorized parties Monitor sequences for DoS attacks Similar to secure TCP stacks

© WSO2, Inc, 2006 Sequence Spoofing Threats Hijacking Injecting fake or wrong messages into a sequence Incorrectly acknowledging messages Countermeasures Tie the Sequence to a security context Each side associates the sequence with security credentials used during creation Only accepts Sequence Traffic from the same entity

© WSO2, Inc, 2006 SSL/TLS example RMSRMD Create SSL/TLS session(s) Send CreateSequence over TLS session Sequence Traffic / TLS Sequence Traffic / different TLS  Sequence Ack / TLS Sequence Ack / different TLS  CreateSequenceResponse over TLS

© WSO2, Inc, 2006 Ensuring that the Sequence is secure Add this header block The mustUnderstand ensures that the RMD “agrees” to the contract Otherwise it should fault

© WSO2, Inc, 2006 Restrictions SSL / TLS is only point-to-point Any intermediaries must be trusted to maintain integrity The sequence must last no longer than the SSL/TLS session

© WSO2, Inc, 2006 WS-Security Provides SOAP message security Authentication Encryption Message and header digital signatures Message level security

© WSO2, Inc, 2006 SecureConversation An extension to WS-Security that allows a secure context to be established between two parties Potentially used together with WS- Trust

© WSO2, Inc, 2006 Secure Conversation

© WSO2, Inc, 2006 Benefits over just WS-Security In WS-Security, a public key is used for every message Highly inefficient

© WSO2, Inc, 2006 WS-SecureConversation in RM …...

© WSO2, Inc, 2006 SecureConversation example RMSRMD Create WSSC secure context Send CreateSequence including STReference Sequence Traffic, signed headers and body Sequence Traffic / different SecurityContext  Sequence Ack including STReference Sequence Ack / different context  CreateSequenceResponse

© WSO2, Inc, 2006 Ensuring that this model is in place This forces the RMD to ensure that the sequence is secured using the supplied STR

© WSO2, Inc, 2006 WS-I RSP Reliable Secure Profile Proposed by IBM, Ford, DaimlerChrysler Aiming at creating a supplier network based on secure reliable SOAP WSRM 1.1 WS-SecureConversation 1.3

© WSO2, Inc, 2006 RX TC Status and Roadmap 60-day Public Review completed Aiming to have dealt with all comments by the end of year Aiming for a standard Q1 2007

© WSO2, Inc, 2006 Implementations Microsoft Windows Comm Framework WCF aka Indigo Supports the submitted spec IBM WebSphere 6.1 “IBM intends to make a fully supported Web Services Reliable Messaging solution available for WebSphere Application Server V6.1 early in 2007” Apache Sandesha 1.0 Supports the submitted spec and CD3 of WSRM 1.1 WSO2 Tungsten Supported package of Apache Axis2, WSS4J, Sandesha2 Plus implementations from: Systinet, Oracle, SAP, Sun, BEA

© WSO2, Inc, 2006 OASIS March Interop results IBM, MSFT, WSO2, SAP, Oracle RMS\ RMD P1P2P3P4P5 P P P P P

© WSO2, Inc, 2006 Resources WSRX TC Homepage Submitted specification Cover pages Reliable Messaging Apache Sandesha