Slide 1 © 2004 Reactivity The Gap Between Reliability and Security Eric Gravengaard Reactivity.
-
Upload
cory-simpson -
Category
Documents
-
view
213 -
download
0
Transcript of Slide 1 © 2004 Reactivity The Gap Between Reliability and Security Eric Gravengaard Reactivity.
slide 1© 2004 Reactivity
The Gap Between Reliability and Security
Eric GravengaardReactivity
slide 2 © 2004 Reactivity
A Fully Secure and Reliable Message Exchange
• Request – Response Message Exchange Pattern
• Both parties must require of the other:• Strong Authentication- Is this message from the right system?
• Cryptographic Proof of Message Integrity- Has this message been tampered with?
• Acknowledgement of Message Delivery- Did they get my message?
• And the requesting party Must require:• Strong Correlation between Request and Response
slide 3 © 2004 Reactivity
Why is Correlation Important?
• Example:• Alice wants to ask Bob to add two numbers using his
calculator• Alice creates a SOAP message and signs it: Add(1,3)• Alice sends the message to Bob• Alice receives a response signed by Bob: 5
• Questions:• Is there a simple and secure way to know that Add(1, 3) = 5?• Did Bob receive Add(1,3) or did Charlie intercept the message
and send Add(1,4)?• Did Charlie intercept the response and substitute an old copy
of a signed response from Bob?• Can Alice trust that Bob really checked her signature?• Can she prove it?
slide 4 © 2004 Reactivity
The Gap
• OASIS Web Services Security: SOAP Message Security• Defines Use of Digital Signatures to prove Integrity of Message- Signature Proves Message was not Altered
• OASIS WS-Reliability• Guaranteed Delivery with Acknowledgement
• Combining the Two• Responder Proves to Requester That A Message was Delivered• Not what was in the message
• The Gap – No Receipts• No standardized mechanism for requesting delivery
acknowledgements that include information about the message
slide 5 © 2004 Reactivity
How can receipts be used?
In a simple client/server request/response system:• The Client• Composes a request• Signs the request with its private key
• The Server• Composes a response and attaches a receipt• Signs the response and receipt with its private key
• Both Parties• Validate signatures• Write logs at each step
John:
Please review my
draft copy of a
declaration of
independence.
Benjamin Frankli
n
BF
Ben:
I received your
draft. Here are
some of my
comments.
John Hancock
JH
slide 6 © 2004 Reactivity
What can we prove?
• The secure logs prove:• That a transaction occurred• That our record of the transaction has not been altered
• The signatures prove:• Server can prove that someone with the client’s private
key sent the request• Client can prove that someone with the server’s private
key returned the response and the receipt together
• The receipt proves:• Client can prove that someone with the sender’s private
key received their request and that the response message is in response to the original request
slide 7 © 2004 Reactivity
How is this Done Outside of Web Services?
• Enhanced Security Services for S/MIME• RFC 2634• Defines Signed Receipts• Allows Originator to demonstrate to a Third Party that the
Recipient was able to verify the signature of the original message
• The Receipt itself is Signed by the Recipient
• Secure Data Network System: Message Security Protocol• SDN.701• Also defines signed receipts as a mechanism for verifying
that the receiver has validated a signature
slide 8 © 2004 Reactivity
Web Services Security: Receipt Token Profile
• WSS: SOAP Message Security does not provide a mechanism for receipts
WSS:RTP is Reactivity’s proposed extension to WSS that:• Creates a new security token for requesting receipts• Creates a new security token for receipts• Defines both signed and unsigned receipts• Works alongside Guaranteed Delivery: WS-Reliability
slide 9 © 2004 Reactivity
RTP receipt mechanism
• Provide a general purpose receipt request mechanism• <wsnr:ReceiptRequest> provides:• /ReceiptRequest/@ReceiptFormat : signed or unsigned request• /ReceiptRequest/@CorrelationId : UUID for tracking receipts• /ReceiptRequest/ReceiptTo : how to send receipt• /ReceiptRequest/SignatureRequest : what elements to be signed• /ReceiptRequest/wsu:TimeStamp : when this request was made
• <wsnr:Receipt> provides:• /Receipt/@ReceiptFormat : signed or unsigned receipt• /Receipt/@CorrelationId : same UUID as request• /Receipt/SignatureResponse : signature of receipt generator• /Receipt/wsu:TimeStamp : when this receipt was generated
slide 10 © 2004 Reactivity
Receipt example
<wsse:Security>
<ReceiptRequest ReceiptFormat="generalReceipt" CorrelationId="33485">
<ReceiptTo Required="true" Target="response"/>
<wsu:Timestamp>
<wsu:Created>2003-03-11T16:30:17Z</wsu:Created>
</wsu:Timestamp>
</ReceiptRequest>
</wsse:Security>
<wsse:Security>
<Receipt ReceiptFormat="generalReceipt" CorrelationId="33485">
<wsu:Timestamp>
<wsu:Received>2003-03-11T16:33:43Z</wsu:Received>
</wsu:Timestamp>
</Receipt>
</wsse:Security>
Response
Request
slide 11 © 2004 Reactivity
Signed receipts
• Main concept: Split the <ds:Signature> into two pieces
• Requestor specifies a <wsnr:SignatureRequest> element:• /SignatureRequest/ds:SignedInfo : specifies algorithms and
data to be signed by receipt generator• /SignatureRequest/ds:Object : allows other data to be
included in the signature
• Responder returns a <wsnr:SignatureResponse> element:• /SignatureResponse/ds:SignatureValue : cryptographic
signature that covers the <ds:SignedInfo> of the request• /SignatureResponse/ds:KeyInfo : specifies information about
the key used to generate the signature
slide 12 © 2004 Reactivity
Bringing it all together: an example
<S:Envelope xmlns:S="...">
<S:Header>
<wsse:Security>
<wsnr:ReceiptRequest ReceiptFormat="signedReceipt" Role="ultimateReceiver" CorrelationID="theID“S:mustUnderstand="1">
<wsnr:ReceiptTo Target="response">
<wsnr:SignatureRequest>
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="#c14n"/>
<ds:SignatureMethod Algorithm="#hmac-sha1"/>
<ds:Reference URI="#body">
<ds:DigestMethod Algorithm="#sha1"/>
</ds:Reference>
<ds:Reference URI="#timestamp">
<ds:DigestMethod Algorithm="#sha1"/>
</ds:Reference>
</ds:SignedInfo>
</wsnr:SignatureRequest>
</wsnr:ReceiptTo>
<wsu:Timestamp wsu:Id="timestamp">
<wsu:Created>2003-03-11T08:42:00Z</wsu:Created>
</wsu:Timestamp>
</wsnr:ReceiptRequest>
</wsse:Security>
</S:Header>
<S:Body>
<MyRequest wsu:Id="body"/>
</S:Body>
</S:Envelope>
<S:Envelope xmlns:S="...">
<S:Header>
<wsse:Security S:Role="ultimateReceiver">
<wsse:BinarySecurityToken wsu:Id="#theCert“
EncodingType="Base64Binary">
MIIEZzCCA9CgAWIQEmtJZco...
</wsse:BinarySecurityToken>
<wsnr:Receipt ReceiptFormat="signedReceipt“CorrelationID="theID">
<wsnr:SignatureResponse>
<ds:SignatureValue>
ABCDEFG1234567890...
</ds:SignatureValue>
<ds:KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#theCert"/>
</wsse:SecurityTokenReference>
</ds:KeyInfo>
</wsnr:SignatureResponse>
<wsu:Timestamp>
<wsu:Received>2003-03-11T08:42:12Z</wsu:Received>
</wsu:Timestamp>
</wsnr:Receipt>
</wsse:Security>
</S:Header>
<S:Body>
<MyResponse/>
</S:Body>
</S:Envelope>
slide 13 © 2004 Reactivity
Questions
• If you have further questions or would like to read the proposed profile document:
• Email: [email protected]• Web: www.reactivity.com