Making VLAB Secure - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

Making VLAB Secure

Description:

Digest = SHA1 ( nonce created password ) SHA1 is Secure hash algorithm. Nonce is a unique sequence of random character. UsernameToken Digest ... – PowerPoint PPT presentation

Number of Views:24
Avg rating:3.0/5.0
Slides: 13
Provided by: vlabM
Category:
Tags: vlab | making | nonce | secure

less

Transcript and Presenter's Notes

Title: Making VLAB Secure


1
Making VLAB Secure
  • Javier I. Roman

2
What is VLAB?
  • An interdisciplinary consortium dedicated to the
    development and promotion of the theory of
    planetary materials.
  • Interpreted seismic data in the context of likely
    geophysical processes.
  • Be used as input for more sophisticated and
    reliable modeling of planets.

3
The Three Main Goals In Security!
  • Authentication
  • verifying the identity of a user
  • Confidentiality
  • protecting the privacy of the message contents
  • Integrity
  • ensures that a message has not been altered
    since its departure from the original sender

4
Common ways to Solve Web Services Security
  • Sent over HTTPS/SSL secure channel gives
    confidentiality during transport.
  • Doing your own signatures/encryption using XML
    signatures encryption standards
  • Service authentication using public key
    certificates
  • Client authentication using user/password sent
    over secure channel
  • SOAP formatted messages

5
Is HTTPS/SSL enough Security?
  • Transport Security a Point to Point Security
  • Server authentication by client using public key
    certificate
  • Encrypted whole messages to block eavesdroppers
  • Limitations that come from Transport Security
  • Does not support intermediaries so router sees
    entire clear text message
  • User gt SSL gt Router gt SSL gt Server
  • Does not support signing a message to verified
    that the message was not change on transit

6
OASIS Web Services Security
  • End to End Security
  • Data can be hidden from intermediaries
  • Transport Independent
  • Run over HTTP, TCP, UDP, email or whatever
  • Framework for building security protocols
  • Integrity, Confidentiality and Authentication
  • Support for different types of Security
    algorithms
  • Encryption, Digest, Signature, Canonicalization,
    Transforms

7
How to achieve Authentication
  • Using UsernameToken with password Digest
  • Digest SHA1 ( nonce created password )
  • SHA1 is Secure hash algorithm
  • Nonce is a unique sequence of random character

8
UsernameToken Digest
  • ltSEnvelope xmlnsS"http//www.w3.org/2001/12/soa
    p-envelope" xmlnswsse"http//schema
    s.xmlsoap.org/ws/2002/xx/secext"gt
  • xmlnswsu"http//schemas.xmlsoap.org/ws/2002/07/
    utility"gt
  • ltSHeadergt
  • ...
  • ltwsseUsernameToken
  • ltwsseUsernamegtJavierlt/wsseUsernamegt
  • ltwssePassword Type"wssePasswordDigestgtOEdR...lt
    /wssePasswordgt
  • ltwsseNoncegtFKJh...lt/wsseNoncegt
  • ltwsuCreatedgt2007-07-14T090000Z lt/wsuCreatedgt
    lt/wsseUsernameTokengt ...
  • lt/SHeadergt
  • ...
  • lt/SEnvelopegt

9
Adding Encryption too
  • Setting the Encrypt parameter
  • The encryption algorithm select AES
  • A Special-purpose quantum computer in the year
    2015 will take 108 million years to break a key
    of 128 bits
  • You can select the parts you want to encrypt
  • in the message

10
Encrypting Body and UsernameToken
11
Adding Integrity
  • Using UsernameTokenSignature can determine
    whether a message was altered in transit
  • Verify that message was sent by possessor of
    particular security token
  • Generate a key using the username and password to
    Signature a element of a message or the Body

12
Putting everything together
Write a Comment
User Comments (0)
About PowerShow.com