slide 1© 2004 Reactivity

The Gap Between Reliability and Security

Eric GravengaardReactivity

slide 2 © 2004 Reactivity

A Fully Secure and Reliable Message Exchange

• Request – Response Message Exchange Pattern

• Both parties must require of the other:• Strong Authentication- Is this message from the right system?

• Cryptographic Proof of Message Integrity- Has this message been tampered with?

• Acknowledgement of Message Delivery- Did they get my message?

• And the requesting party Must require:• Strong Correlation between Request and Response

slide 3 © 2004 Reactivity

Why is Correlation Important?

• Example:• Alice wants to ask Bob to add two numbers using his

calculator• Alice creates a SOAP message and signs it: Add(1,3)• Alice sends the message to Bob• Alice receives a response signed by Bob: 5

• Questions:• Is there a simple and secure way to know that Add(1, 3) = 5?• Did Bob receive Add(1,3) or did Charlie intercept the message

and send Add(1,4)?• Did Charlie intercept the response and substitute an old copy

of a signed response from Bob?• Can Alice trust that Bob really checked her signature?• Can she prove it?

slide 4 © 2004 Reactivity

The Gap

• OASIS Web Services Security: SOAP Message Security• Defines Use of Digital Signatures to prove Integrity of Message- Signature Proves Message was not Altered

• OASIS WS-Reliability• Guaranteed Delivery with Acknowledgement

• Combining the Two• Responder Proves to Requester That A Message was Delivered• Not what was in the message

• The Gap – No Receipts• No standardized mechanism for requesting delivery

acknowledgements that include information about the message

slide 5 © 2004 Reactivity

How can receipts be used?

In a simple client/server request/response system:• The Client• Composes a request• Signs the request with its private key

• The Server• Composes a response and attaches a receipt• Signs the response and receipt with its private key

• Both Parties• Validate signatures• Write logs at each step

John:

Please review my

draft copy of a

declaration of

independence.

Benjamin Frankli

n

BF

Ben:

I received your

draft. Here are

some of my

comments.

John Hancock

JH

slide 6 © 2004 Reactivity

What can we prove?

• The secure logs prove:• That a transaction occurred• That our record of the transaction has not been altered

• The signatures prove:• Server can prove that someone with the client’s private

key sent the request• Client can prove that someone with the server’s private

key returned the response and the receipt together

• The receipt proves:• Client can prove that someone with the sender’s private

key received their request and that the response message is in response to the original request

slide 7 © 2004 Reactivity

How is this Done Outside of Web Services?

• Enhanced Security Services for S/MIME• RFC 2634• Defines Signed Receipts• Allows Originator to demonstrate to a Third Party that the

Recipient was able to verify the signature of the original message

• The Receipt itself is Signed by the Recipient

• Secure Data Network System: Message Security Protocol• SDN.701• Also defines signed receipts as a mechanism for verifying

that the receiver has validated a signature

slide 8 © 2004 Reactivity

Web Services Security: Receipt Token Profile

• WSS: SOAP Message Security does not provide a mechanism for receipts

WSS:RTP is Reactivity’s proposed extension to WSS that:• Creates a new security token for requesting receipts• Creates a new security token for receipts• Defines both signed and unsigned receipts• Works alongside Guaranteed Delivery: WS-Reliability

slide 9 © 2004 Reactivity

RTP receipt mechanism

• Provide a general purpose receipt request mechanism• <wsnr:ReceiptRequest> provides:• /ReceiptRequest/@ReceiptFormat : signed or unsigned request• /ReceiptRequest/@CorrelationId : UUID for tracking receipts• /ReceiptRequest/ReceiptTo : how to send receipt• /ReceiptRequest/SignatureRequest : what elements to be signed• /ReceiptRequest/wsu:TimeStamp : when this request was made

• <wsnr:Receipt> provides:• /Receipt/@ReceiptFormat : signed or unsigned receipt• /Receipt/@CorrelationId : same UUID as request• /Receipt/SignatureResponse : signature of receipt generator• /Receipt/wsu:TimeStamp : when this receipt was generated

slide 10 © 2004 Reactivity

Receipt example

<wsse:Security>

<ReceiptRequest ReceiptFormat="generalReceipt" CorrelationId="33485">

<ReceiptTo Required="true" Target="response"/>

<wsu:Timestamp>

<wsu:Created>2003-03-11T16:30:17Z</wsu:Created>

</wsu:Timestamp>

</ReceiptRequest>

</wsse:Security>

<wsse:Security>

<Receipt ReceiptFormat="generalReceipt" CorrelationId="33485">

<wsu:Timestamp>

<wsu:Received>2003-03-11T16:33:43Z</wsu:Received>

</wsu:Timestamp>

</Receipt>

</wsse:Security>

Response

Request

slide 11 © 2004 Reactivity

Signed receipts

• Main concept: Split the <ds:Signature> into two pieces

• Requestor specifies a <wsnr:SignatureRequest> element:• /SignatureRequest/ds:SignedInfo : specifies algorithms and

data to be signed by receipt generator• /SignatureRequest/ds:Object : allows other data to be

included in the signature

• Responder returns a <wsnr:SignatureResponse> element:• /SignatureResponse/ds:SignatureValue : cryptographic

signature that covers the <ds:SignedInfo> of the request• /SignatureResponse/ds:KeyInfo : specifies information about

the key used to generate the signature

slide 12 © 2004 Reactivity

Bringing it all together: an example

<S:Envelope xmlns:S="...">

<S:Header>

<wsse:Security>

<wsnr:ReceiptRequest ReceiptFormat="signedReceipt" Role="ultimateReceiver" CorrelationID="theID“S:mustUnderstand="1">

<wsnr:ReceiptTo Target="response">

<wsnr:SignatureRequest>

<ds:SignedInfo>

<ds:CanonicalizationMethod Algorithm="#c14n"/>

<ds:SignatureMethod Algorithm="#hmac-sha1"/>

<ds:Reference URI="#body">

<ds:DigestMethod Algorithm="#sha1"/>

</ds:Reference>

<ds:Reference URI="#timestamp">

<ds:DigestMethod Algorithm="#sha1"/>

</ds:Reference>

</ds:SignedInfo>

</wsnr:SignatureRequest>

</wsnr:ReceiptTo>

<wsu:Timestamp wsu:Id="timestamp">

<wsu:Created>2003-03-11T08:42:00Z</wsu:Created>

</wsu:Timestamp>

</wsnr:ReceiptRequest>

</wsse:Security>

</S:Header>

<S:Body>

<MyRequest wsu:Id="body"/>

</S:Body>

</S:Envelope>

<S:Envelope xmlns:S="...">

<S:Header>

<wsse:Security S:Role="ultimateReceiver">

<wsse:BinarySecurityToken wsu:Id="#theCert“

EncodingType="Base64Binary">

MIIEZzCCA9CgAWIQEmtJZco...

</wsse:BinarySecurityToken>

<wsnr:Receipt ReceiptFormat="signedReceipt“CorrelationID="theID">

<wsnr:SignatureResponse>

<ds:SignatureValue>

ABCDEFG1234567890...

</ds:SignatureValue>

<ds:KeyInfo>

<wsse:SecurityTokenReference>

<wsse:Reference URI="#theCert"/>

</wsse:SecurityTokenReference>

</ds:KeyInfo>

</wsnr:SignatureResponse>

<wsu:Timestamp>

<wsu:Received>2003-03-11T08:42:12Z</wsu:Received>

</wsu:Timestamp>

</wsnr:Receipt>

</wsse:Security>

</S:Header>

<S:Body>

<MyResponse/>

</S:Body>

</S:Envelope>

slide 13 © 2004 Reactivity

Questions

• If you have further questions or would like to read the proposed profile document:

• Email: eric@reactivity.com• Web: www.reactivity.com