1 / 12
Télécharger la présentation

Making VLAB Secure

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Making VLAB Secure Javier I. Roman

  2. What is VLAB? • An interdisciplinary consortium dedicated to the development and promotion of the theory of planetary materials. • Interpreted seismic data in the context of likely geophysical processes. • Be used as input for more sophisticated and reliable modeling of planets.

  3. The Three Main Goals In Security! • Authentication verifying the identity of a user • Confidentiality protecting the privacy of the message contents • Integrity ensures that a message has not been altered since its departure from the original sender

  4. Common ways to Solve Web Services Security • Sent over HTTPS/SSL secure channel gives confidentiality during transport. • Doing your own signatures/encryption using XML signatures & encryption standards • Service ‘authentication’ using public key certificates • Client ‘authentication’ using user/password sent over secure channel • SOAP formatted messages

  5. Is HTTPS/SSL enough Security? • Transport Security a Point to Point Security • Server authentication by client using public key certificate • Encrypted whole messages to block eavesdroppers • Limitations that come from Transport Security • Does not support intermediaries so router sees entire clear text message User > SSL > Router > SSL > Server • Does not support signing a message to verified that the message was not change on transit

  6. OASIS Web Services Security • End to End Security Data can be hidden from intermediaries • Transport Independent Run over HTTP, TCP, UDP, email or whatever • Framework for building security protocols Integrity, Confidentiality and Authentication • Support for different types of Security algorithms Encryption, Digest, Signature, Canonicalization, Transforms

  7. How to achieve Authentication • Using UsernameToken with password Digest • Digest = SHA1 ( nonce + created + password ) • SHA1 is Secure hash algorithm • Nonce is a unique sequence of random character

  8. UsernameToken Digest <S:Envelope xmlns:S="http://www.w3.org/2001/12/soap-envelope" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/xx/secext"> xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"> <S:Header> ... <wsse:UsernameToken <wsse:Username>Javier</wsse:Username> <wsse:Password Type="wsse:PasswordDigest>OEdR...</wsse:Password> <wsse:Nonce>FKJh...</wsse:Nonce> <wsu:Created>2007-07-14T09:00:00Z </wsu:Created> </wsse:UsernameToken> ... </S:Header> ... </S:Envelope>

  9. Adding Encryption too • Setting the Encrypt parameter • The encryption algorithm select AES • A Special-purpose quantum computer in the year 2015 will take 108 million years to break a key of 128 bits • You can select the parts you want to encrypt in the message

  10. Encrypting Body and UsernameToken

  11. Adding Integrity • Using UsernameTokenSignature can determine whether a message was altered in transit • Verify that message was sent by possessor of particular security token • Generate a key using the username and password to Signature a element of a message or the Body

  12. Putting everything together

More Related
SlideServe
Audio
Live Player
Audio Wave
Play slide audio to activate visualizer
Slide 1

Sea Ice

Slide Player

AI NARRATOR Slide 1 of 12

Sea Ice

0:00 0:15