Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen
Cherubim Security System Java based security system for secure communication over networks Java based security system for secure communication over networks Developed at the UIUC Developed at the UIUC
Core Security Services Encryption: process to encode data to protect it from attacks in the network Encryption: process to encode data to protect it from attacks in the network Can be done with a variety of algorithms (such as IDEA or DES), modes (such as ECB- Electgronic Code Book, CFB-Cipher Feedback, or CBC-Cipher Block Chaining) and padding schemes (such as PKCS#5 or PKCS#7). Can be done with a variety of algorithms (such as IDEA or DES), modes (such as ECB- Electgronic Code Book, CFB-Cipher Feedback, or CBC-Cipher Block Chaining) and padding schemes (such as PKCS#5 or PKCS#7). Decryption: The opposite of encryption. Can be done with any of the above algorithms. Decryption: The opposite of encryption. Can be done with any of the above algorithms.
Core Security Services Digital Signature Digital Signature Electronic equivalent of a person’s signature Electronic equivalent of a person’s signature Used to verify that a document or a message really comes from a specific person Used to verify that a document or a message really comes from a specific person Can be done with algorithms such as RSA, DSA or El Gamal Can be done with algorithms such as RSA, DSA or El Gamal
Core Security Services Digital Signature Verification Digital Signature Verification Equivalent to comparing one’s signature to a reference copy Equivalent to comparing one’s signature to a reference copy If the signature verifies, the document or the message is assumed to be coming from the specified person If the signature verifies, the document or the message is assumed to be coming from the specified person Any of the above algorithms can be used Any of the above algorithms can be used
Core Security Services Secret Hashing Secret Hashing Process of transforming a document into a unique code that is relatively small, typically bits Process of transforming a document into a unique code that is relatively small, typically bits It is desirable to have unique codes for each document It is desirable to have unique codes for each document Cherubim supports several hashing algorithms such as SHA-1 and MD5 Cherubim supports several hashing algorithms such as SHA-1 and MD5
Core Security Services Secret Key Generation from a PassPhrase Secret Key Generation from a PassPhrase A secret key from a phrase that the user enters is generated using a hash algorithm A secret key from a phrase that the user enters is generated using a hash algorithm Used to store private keys and such private information on disk Used to store private keys and such private information on disk If the hashed secret is short, it is repeated to increase the size If the hashed secret is short, it is repeated to increase the size If it is long, the last blocks are xored with the first blocks If it is long, the last blocks are xored with the first blocks
Authentication and Key Negotiation Key negotiation is accomplished using Diffie-Hellman protocol. Key negotiation is accomplished using Diffie-Hellman protocol. Client sends a SignedDHMessage to the server. Client sends a SignedDHMessage to the server. The message contains: client’s part of the key exchange, destination of the message, a timestamp, the algorithm to generate the key and the length of the key The message contains: client’s part of the key exchange, destination of the message, a timestamp, the algorithm to generate the key and the length of the key The message is signed by the user’s private key The message is signed by the user’s private key Server verifies the signature, timestamp and destination. The timestamp gives a duration of 5 minutes of validity for each message Server verifies the signature, timestamp and destination. The timestamp gives a duration of 5 minutes of validity for each message Server sends a SignedDHMessage with the similar information Server sends a SignedDHMessage with the similar information Client verifies the signature, timestamp and destination Client verifies the signature, timestamp and destination Client and server generate a shared secret as described in the protocol Client and server generate a shared secret as described in the protocol Client and Server hash the secret into a secret session key Client and Server hash the secret into a secret session key Session key expires after 1 hour and the whole process repeated Session key expires after 1 hour and the whole process repeated
Diffie-Hellman Authentication Protocol Client a Session Key HASH g ab signature Server b Session Key g ab signature
Diffie Hellman Exchange Parameters Parameters g and p are hard coded into the system in order to prevent an attack using weak keys Parameters g and p are hard coded into the system in order to prevent an attack using weak keys p is a 2048 bit prime number p is a 2048 bit prime number g is another smaller prime number g is another smaller prime number
Classloader Hierarchy Primordial Classes: Java core classes and necessary cryptographic code Primordial Classes: Java core classes and necessary cryptographic code Jurassic Classes: The classes present on the user’s home machine. Jurassic Classes: The classes present on the user’s home machine. Active Capability Classes: Classes loaded by active capability loader. No more info in paper Active Capability Classes: Classes loaded by active capability loader. No more info in paper
Initial Booting of the System Client boots its OS and Java Virtual Machine Client boots its OS and Java Virtual Machine Cherubim does not consider security at this level Cherubim does not consider security at this level Focuses on network security Focuses on network security Local system should be careful about trojan horse OS or JVM and the authenticity of the java core classes Local system should be careful about trojan horse OS or JVM and the authenticity of the java core classes User runs the boot program form the smart card User runs the boot program form the smart card Boot program prompts for passphrase Boot program prompts for passphrase The channel between keyboard and JVM must be secure The channel between keyboard and JVM must be secure Passphrase is hashed into key Passphrase is hashed into key Key is used to decrypt the data on smart card Key is used to decrypt the data on smart card The memory access must be secure on local machine The memory access must be secure on local machine Client machine connects to user’s home machine Client machine connects to user’s home machine Client begins key negotiations with the home machine Client begins key negotiations with the home machine
Requesting Classes JurassicClassloader receives request for a class JurassicClassloader receives request for a class JurassicClassloader checks to see if the class is in cache JurassicClassloader checks to see if the class is in cache If so, return it If so, return it Else check if primordialClassloader can load it (i.e. is it in classpath?). If so, return it Else check if primordialClassloader can load it (i.e. is it in classpath?). If so, return it Else check if the session key expired. If so, negotiate and get new key Else check if the session key expired. If so, negotiate and get new key JurassicClassloader sends a SEClassRequest (signed, encrypted request) to the home server over existing socket JurassicClassloader sends a SEClassRequest (signed, encrypted request) to the home server over existing socket Server verifies the signature, timestamp, description and sequence number on the request message Server verifies the signature, timestamp, description and sequence number on the request message
Class Response Server loads the class from the disk to memory Server loads the class from the disk to memory Server sends the class to client (in encrypted form) Server sends the class to client (in encrypted form) JurassicClassloader verifies the signature, timestamp, destination and sequence number JurassicClassloader verifies the signature, timestamp, destination and sequence number JurassicClassloader adds the class to the cache JurassicClassloader adds the class to the cache Returns the class to the process Returns the class to the process
System Specific Message Digesting Message Digesting Default: SHA-1 Default: SHA-1 Alternatives: MD4, MD5, RIPE-MD 160 Alternatives: MD4, MD5, RIPE-MD 160 Digital Signatures Digital Signatures Default: SHA-1/RSA Default: SHA-1/RSA Alternatives: DSA, El Gamal Alternatives: DSA, El Gamal Session Keys Session Keys Default: IDEA Default: IDEA Alternatives: DES, Triple DES (3DES), Blowfish or SPEED Alternatives: DES, Triple DES (3DES), Blowfish or SPEED Passphrase Hashing Passphrase Hashing Default: SHA-1 Default: SHA-1
System Specific Character Encoding Character Encoding Default: UTF8 Default: UTF8 Symmetric Key for Writing to Storage Symmetric Key for Writing to Storage Default: IDEA Default: IDEA Diffie-Hellman Key Exchange Params Diffie-Hellman Key Exchange Params Hardcoded into system Hardcoded into system
Antigone: A Flexible Framework for Secure Group Communication by P.McDaniel, A.Prakash, P.Honeyman
What is Antigone? Middleware layer Middleware layer Provides flexible interfaces for defining policy in group applications Provides flexible interfaces for defining policy in group applications Applications can define and implement a wide range of policies Applications can define and implement a wide range of policies
Group Security Policies Session rekeying policy Session rekeying policy Application Message policy Application Message policy Membership policy Membership policy Process failure policy Process failure policy
Session rekeying policy Changes in group membership require the session to be rekeyed Changes in group membership require the session to be rekeyed Time-sensitive rekeying Time-sensitive rekeying Leave-sensitive rekeying Leave-sensitive rekeying Join-sensitive rekeying Join-sensitive rekeying Membership-sensitive rekeying Membership-sensitive rekeying
Application message (Data security) policy States the types of security guarantees required for application messages States the types of security guarantees required for application messages Types: integrity, confidentiality, group authenticity, sender authenticity Types: integrity, confidentiality, group authenticity, sender authenticity Vary from message to message Vary from message to message
Membership Policy What information about the membership is delivered to the group members What information about the membership is delivered to the group members Antigone does not support confidentiality of group membership because of the difficulties about hiding group membership from members and non-members Antigone does not support confidentiality of group membership because of the difficulties about hiding group membership from members and non-members
Process Failure Policy States a set of failures to be detected and the security to be applied to the failure detection mechanism States a set of failures to be detected and the security to be applied to the failure detection mechanism Need for secure failure detection to protect the group from the masking of process failures by an adversary Need for secure failure detection to protect the group from the masking of process failures by an adversary
Antigone Architecture