Identity Authentication and Security in the Decentralized Business Environment

1
Identity Authentication and Security in the
Decentralized Business Environment

• Todd Ray
• Director of Applied Technology

2
Topics

• Decentralized Business Drivers
• Grooves Decentralized Architecture
• Grooves Decentralized Security Architecture
• Groove Security Deep Dive
• Groove Security Certifications
• Groove and External PKI Federated Security with
  Groove

3
OUR CORE BELIEF Significant mission-critical
organizational processes and practices have
become highly decentralized, and centralized
technology paradigms and security meet only PART
of the challenge
4
Mandate of Next Generation Adaptive Business
Cultures Efficient Collaboration, Innovation and
Rapid Response
Stressing a cross-enterprise, process-oriented
methodology
5
Need Tools for Efficient, Decentralized
Collaboration
We require interaction with a tremendous number
of experts who are in industry, government, and
universities all over the world, and there are
lots of interactions where the task needs to be
done and then the need disappears. Were talking
not just one, two, or three groups, but
thousands

• Different people
• Different organizations
• Different locations
• Different interactions
• Different times

Ford Calhoun CIO, GSK
6
Need Tools for Decentralized Innovation
Id really like to see a third to half of
discovery come from the outside. I really want
the doors open.
A.J. Lafley CEO, Procter Gamble
7
Need Tools for Decentralized Rapid Response
In fact, as the president clearly outlined in
the executive order that created the Office of
Homeland Security, the basis of all such efforts
is information sharing, getting the right
information to the right people at the right
time. "At the heart of it is, how do we act as a
team? We need collaboration tools. In that
spirit, most of the big procurement opportunities
will come in the form of systems integration, and
knowledge management solutions will probably
account for well over 1 billion in spending."
Mark Forman, associate director for information
technology and e-government at the Office of
Management and Budget
Chairman, Joint Chiefs of Staff
Director of CIA
Office of the President
Secretary of the Navy
Various Navy Admirals
8
Reality Existing Collaboration, Innovation, and
Rapid Response Tools Come up Short
Reality center-based systems fail when it comes
to attacking decentralized problems
Reality tools people use to collaborate have
limited security, limited context, limited
persistence, limited power to address user or
enterprise need.
9
Architecture Matters!

• Efficient collaboration requires adaptive process
  and technology frameworks that enable people in
• different organizations
• different networks
• different connection states
• in different security domains.
• ..to collaborate efficiently, innovate, and
  respond instantaneously to market and situational
  requirements

10
The Groove Approach

• Top-line Benefits
• Easy-to-use, user-defined
• Inter-enterprise
• Online/Offline
• Secure
• Enterprise-managed
• Extensible
• Minimal infrastructure
• Integrated w/common desktop apps
• Automatic contact detection/awareness (aka
  presence)
• Automatic sync
• Reliable/Transactional
• Bandwidth-efficient

11
Shared Space Concepts
Enterprise Network Services
Groove Relay
Other Spaces
Mobile Product Visioning Space
Enterprise B, User 1

• Project
• Meeting
• Files/CoView/Edit
• Doc Review
• Database/Forms
• Discussion
• Whiteboard
• WebBrowser
• etc
• .CUSTOM

A1
Groove Relay
Enterprise Integration Services
A2
B1
Chat, IM, VoIP
Enterprise A, User 1
Enterprise A, User 2
12
Grooves Decentralized Security Model Top Line
Benefits

• Enables secure, cross-firewall collaboration
• Security implemented locally but managed
  centrally
• Digital identities managed centrally by the GEMS
  with optional external PKI integration
• Data confidentiality and integrity enforced on
  disk and over the network
• Built-in authentication mechanisms 1) X.509
  cert-based w/in and between security domains
  (federated model) 2) digital fingerprints.
• Strong Encryption protects all instant messages,
  on disk and on the wire
• User-driven shared space access control

13
Groove Security Basics

• Confidentiality (cant view)
• On-disk storage encryption
• Public identity keys (client and server)
• Sym server comm keys
• Per-space sym keys
• Integrity (cant tamper)
• Message digests
• On-disk integrity protection
• Authenticity (cant impersonate)
• Built-in auth mechanisms
• Public identity keys (client and server)
• Manual (dig fingerprint) or automatic (Groove
  PKI/CA -based) authentication
• UI lets users know when there is a conflict
• Access Control (cant access)
• Control at shared space and tool level

14
Groove Security Applied

in PKI scenario, Public/Private keys will be
issued/verified via the Groove Management Server
as CA
15
Key Summary
(partial list)

• Pub/priv client signature keys RSA (2048 bit)
• Pub/priv client encryption keys El Gamal (2048
  bit)
• Sym client-to-server MARC4 (192 bit)
• (Relay MS) enc MAC keys HMAC-SHA1
  (192bit)
• On-disk storage keys AES (192 bit)
• On-disk integrity HMAC-SHA1 (192 bit)
• Pub/priv MS signature keys RSA (2048 bit)
• Pub/priv MS encryption keys El Gamal (2048 bit)
• Pub/priv CA signature key RSA (2048 bit)
• Pub/priv Relay encryption keys El Gamal (2048
  bit)
• Symmetric encryption of AES (192 bit)
  space data on wire
• Pub/priv per-user/space ESIGN (1536 bit)
  client signature keys
• Sym, one-time enc of non MARC4 (192 bit)
  shared-space messages
• Message integrity HMAC-SHA-1 (192 bit)

Per-account keys
Storage Keys
Server keys
Space keys
Misc
16
Other Security

• Can revoke user access at client (cant get into
  Groove) or shared space (cant get into shared
  space) level
• Can manage users ability to
• download/install components into Groove
  environment
• copy account to any other machine (e.g., home)
• Admin can
• Run and view reports on usage
• Recover/reset client installations
• Provide CRLs (within CA environment)
• Access control provided at shared space/tool
  level
• assign roles, permissions
• build roles-/permission-based behavior into tool
  (e.g., control access to folders in files tool).

17
Groove Security Deep Dive

• Authentication framework
• Shared Space and IM Authentication and Other
  Security
• End-user access control
• Managed security

18
Authentication Framework

• Grooves core security model is based on Grooves
  auth mech that binds a users real-world identity
  to their electronic identity and provides two
  authentication mechanisms for binding other
  users digital identities to the users themselves
• This process works as follows
• A) Bind an identity to a device
• 1. User creates account on a device
• 2. Groove domain admin provisions identity for a
  specific user via the Groove Management Server.
  Activation keys distributed to users. (LDAP
  integration optional)
• 3. User activates account
• B) Associate identity w/specific users
• To build contact lists or engage in IM or
  shared space communications with other users,
  Groove provides a) automatic authentication for
  users w/in security domain (via certs) or w/in
  cross-certified domain and b) digital
  fingerprinting mechanism for out-of-band
  authentication.

19
Authentication Framework Account Creation
20
Device Identity Binding Centralized Identity
Provisioning and Activation
21
Authentication Framework Out-of-band
Authentication
22
Shared Space and IM Authentication and Other
Security

• Authentication within the shared space context is
  enforced
• 1) during the invitation process (the inviting
  party can first authenticate invitees via
  aforementioned mechanisms as well as require
  confirmation of an acceptance (see below).
• 2) during exchange of information in a shared
  space, all deltas are signed by the originator
  using their private Esign signature key
• The invitation process as well as IM and shared
  space security, including authentication, are
  shown on the following slides.

23
Invitation Process
24
IM Security
On Senders Device
Daves 2048-bit ElGamal key protects one-time
192-bit MARC4 key.
2048-bit RSA key
Digitally Sign
Daves
Alices
Encrypt
Encryption Public Key P'DIdentity
Signature Private Key QAIdentity
Daves private key is used to decrypt the
one-time message key, which is used to decrypt
the message.
25
Shared Space Security
On Senders Device
192-bit AES (symmetric) key
1536-bit ESIGN (asymmetric) key
Digitally Sign
Space
Alices Space
Encrypt
SecretKey KS
Private Key QASpace
On Each Recipients Device
Authenticate Signature
Space
Alices Space
Decrypt
SecretKey KS
Public Key PASpace
26
Access Control Framework
27
User Responsibilities

• Strong passphrase to access Groove Account
• Out-of-band auth (dig fingerprint verification)
  for new contacts outside of security domain (not
  necessary if cross-domain certs used)
• Respond to security alerts generated by client
  (if security compromised, Groove alerts user)
• Set appropriate access control (roles and
  permissions) in shared spaces.
• Otherwise, security is transparent to end-user
  and cannot be tampered with.
• ( Admin can set policies that control
• Passwords length, capitals/numbers, expiration
• Identity dissemination
• Ability to load identity on non-managed devices
• Invitations to parties outside trusted security
  domains

28
Groove Management Server Security Role

• Multi-domain administration
• Standalone PKI functionality
• Centralized policy administration (identity and
  device)
• Data recovery and password reset
• Auditing management capability
• Ability to revoke user access
• Prevent comms w/users outside trusted domain(s)

29
Groove Management Process

• Install/config manage server
• Set up domains

Setup/Configure/Manage Domain
User Provisioning
Monitoring

• Install/ Config EMS/ERS
• Define admin roles access control policies
• Assign relays
• Define domain(s)
• Define LDAP directories
• Monitor server via audit log

• Add members (manual, import CSV, or connect to
  LDAP)
• Import product licenses issued by Groove
• Specify devices to be managed
• Specify identity policies (use on managed dev
  only, vcard pub rules).
• Specify device policies (passphrase, account,
  data recovery, component install/ upgrade)
• Misc settings affiliation pub with vcard?
  import data recovery cert exchange cross-domain
  certs (X.509).

• User receives email with download instructions
  activation key reg key (if mngd device).
• User downloads/ installs Groove
• User executes reg key (if mngd device)
• User creates account
• User activates product
• Managed identity pulled from management server

• Admin uses web interface to run reports on
  Groove usage
• - Shared Spaces
• - Tools
• - Users

Does not apply to service offering
30
Removing Users From a Domain

• When a user is removed from a management domain
  several things happen immediately to protect
  shared spaces
• That user s managed identity is immediately
  disabled on devices where the identity resides.
• The managed identity is automatically uninvited
  from all spaces of which it was a member.
• When a managed identity is the only identity in
  an account,the account is also disabled. No
  further login is possible.
• An active user is immediately logged out of
  shared spaces when the managed identity is
  removed from the domain.

31
ReferenceStatus of Certifications Acceptance
32
Integration with Existing PKI Systems

• With future versions of Groove, organizations
  that have an existing PKI will be able to
  integrate Groove s PKI functionality within
  their larger infrastructure.
• In the case of where the Groove CA is integrated
  with an existing PKI system, Groove becomes a
  PKI-enabled application (instead of standalone
  PKI).
• In this federated PKI model, a Certification
  Authority from the organizations PKI signs
  Groove s domain certificates.
• A federated PKI ensures that trusted
  certification and authentication in the Groove
  environment stems from the organizations Root
  Certification Authority and that Groove falls
  within the organization s enterprise security
  policy.

33
Groove integrated with external PKI (diagram)