1. 1 Securing Internet Sessions with Sorbet Fred Long, Robert Seacord, Scott A. Hissam, John Robert August, 1999 Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by the U.S. Department of Defense © 1999 by Carnegie Mellon University Carnegie Mellon University Software Engineering Institute

2. 2 Carnegie Mellon University Software Engineering Institute Agenda Introduction Public key encryption background A particular problem The Sorbet solution Comparisons with other methods Summary Conclusions

3. 3 Carnegie Mellon University Software Engineering Institute Introduction More and more organizations are using intranets, or even the Internet, as the communications media for important data These media are inherently insecure Mechanisms must be built on top of the underlying facilities to secure these connections

4. 4 Carnegie Mellon University Software Engineering Institute Public Key Encryption Background Public key encryption clearly solves the confidentiality problem Signing a message with a signature encrypted with ones private key solves the identification problem Passing encrypted signatures can be used to grant authorization Attaching an encrypted, signed digest of an object allows one to check its integrity

5. 5 Carnegie Mellon University Software Engineering Institute A Particular Problem An SEI client wanted a non-COTS solution restrictions on existing COTS solutions licensing issues performance issues Hence, we developed Sorbet Secure ORB Enterprise Transactions pure Java lightweight deployable as an orblet, servlet, or application

6. 6 Carnegie Mellon University Software Engineering Institute The Sorbet Solution Sorbet was to provide: secure sessions lightweight transactions for transferring large blobs of information client-side authentication comparable performance to SSL Developed for CORBA uses interceptors to separate security policy from the application code

7. 7 Carnegie Mellon University Software Engineering Institute Elements of Sorbet Solution Credentials (a.k.a. certificates) are co-located with client Seed for randomizer is generated by server One-sided authentication Secure association is not point-to-point, but is rather client to “system”

8. 8 Carnegie Mellon University Software Engineering Institute Sorbet Example Keystore Client Target Service Basically there are four components Keystore (K) Client (C) Security Service (SS) Target Service (T) And three steps need to occur (1) obtain client Credentials from keystore (2) client authentication & set up secure association (3) secure session operation Basically there are four components Keystore (K) Client (C) Security Service (SS) Target Service (T) And three steps need to occur (1) obtain client Credentials from keystore (2) client authentication & set up secure association (3) secure session operation Now the details... Security Service

9. 9 Carnegie Mellon University Software Engineering Institute Client Obtaining Credentials Encrypted Keystore - Java keystore - Netscape Communicator db Client-side Interceptor Alias & password 1 1. Client installs security interceptor on the client side, passing “alias” and “password” 2. Security interceptor using, Java classes, gets credentials associated with alias it was installed with credentials retrieved from Keystore 2 Java classes 4. Security interceptor using, Java classes, gets corresponding private key private key retrieved from Keystore 4 5. Java classes constitute private key materials from underlying Keystore C priv 5 3. Java classes (package Credentials) constitutes credentials from underlying Keystore C cred read & decrypt 3 local storage

10. 10 Carnegie Mellon University Software Engineering Institute Client Authentication Client Client-side interceptor Security Service C cred 1 SS challenge 2 3 C response = SIGN Cpriv (SS challenge ) 4 C response 5 VERIFY(C cred, C response ) 6 Session Object Create Session Object 7 SS IOR 8 Set SS IOR as ORB Principal 9 10 E Cpub (SS randomseed )

11. 11 Carnegie Mellon University Software Engineering Institute Target Service Server-side interceptor Secure Session Operation Client Client-side interceptor Security Service Session Object Session Object Session Object IIOP Header & data (w/ principal) + next random # 1 Extract random number & principal (a.k.a. IOR) 2 Verify correct next random # w/ associated Session Object 3 method call 5 Return method results as normal IIOP Reply 6 4 Incr to next random # & compare

12. 12 Carnegie Mellon University Software Engineering Institute Data Transfer Rate vs. IIOP Packet Size Unsecured data transfer has the best performance

13. 13 Carnegie Mellon University Software Engineering Institute Data Transfer Rate vs. IIOP Packet Size SSL performance degrades significantly as the size of the IIOP message increases

14. 14 Carnegie Mellon University Software Engineering Institute Data Transfer Rate vs. IIOP Packet Size Sorbet has the poorest performance at the 0.5k data packet size

15. 15 Carnegie Mellon University Software Engineering Institute Data Transfer Rate vs. IIOP Packet Size At larger packet sizes, Sorbet competes closely with SSL without encryption

16. 16 Carnegie Mellon University Software Engineering Institute Summary Unsecured data transfer has the best performance SSL performance degrades significantly as the size of the IIOP message increases Sorbet has the poorest performance at the 0.5k data packet size At larger packet sizes, Sorbet competes closely with SSL without encryption

17. 17 Carnegie Mellon University Software Engineering Institute Conclusions “In most cases, SSL is a better choice than a custom security model such as Sorbet because SSL is a standard solution that can be more readily approved for use in large organizations.” Sorbet advantages as compared to commercial SSL solutions does not require native libraries more control over security policy Custom solutions such as Sorbet may be used when COTS solutions prove inadequate due to performance, functionality, or other failures.

18. 18 Carnegie Mellon University Software Engineering Institute Acronyms CORBACommon Object Request Broker Architecture COTSCommercial Off The Shelf DCOMDistributed Component Object Model IIOP Internet Inter-ORB Protocol IOR Interoperable Object Reference ORBObject Request Broker RMIRemote Method Invocation Sorbet Secure ORB Enterprise Transactions SSL Secure Socket Layer

19. 19 Carnegie Mellon University Software Engineering Institute For More Information... Email Fred Longfwl@sei.cmu.edu Robert Seacordrcs@sei.cmu.edu Scott Hissamshissam@sei.cmu.edu John Robertjer@sei.cmu.edu World Wide Webhttp://www.sei.cmu.edu Telephone412 / 268-5800 U.S. mailCustomer Relations Software Engineering Institute Carnegie Mellon Pittsburgh, PA 15213-3890

20. 20 Carnegie Mellon University Software Engineering Institute Encryption Types symmetric, or single key (secret) -secret key encrypts and decrypts messages -DES (Data Encryption Standard) asymmetric, or key-pair (public/private) -public key encrypts, private key decrypts (and vice versa) -RSA (Ron Rivest, Adi Shamir, and Leonard Adleman)

21. 21 Carnegie Mellon University Software Engineering Institute Encryption involves scrambling a message: encrypted message Secret Message In traditional encryption methods, the encryption and decryption keys are the same (symmetric key cryptography)

22. 22 Carnegie Mellon University Software Engineering Institute Public Key Encryption (asymmetric key cryptography) involves two different keys, a public and a private key: Private Key James T. Private’s Public Key Public Domain Private Domain James T. Private Secret Message John Q. Public Only the holder of the private key can read the encrypted message plain text encrypted message Secret Message plain text