An Introduction to Groove Security Services

1
An Introduction toGroove Security Services
2
Introduction
This presentation introduces how Groove provides
broad and deep security services for small group
interaction. It is intended for a business
audience with an interest in security.
For a more in-depth analysis and explanation of
the full Groove security architecture, please see
the complete set of documents on
http//www.groove.net/feature/security/
3
What customers ask about Groove security

• Is the content and activity of a Groove shared
  space confidential?
• How do I know that only authorized
  (authenticated) users have access to a shared
  space? How do I know they really are who they
  say they are?
• How do I guard against the inadvertent or
  malicious spread of viruses or rogue components?

4
ConfidentialityIs the content and activity of a
shared space confidential?

• All content (deltas) is encrypted and stored in
  Grooves local XML object store

• Encrypted deltas are queued for routing and sent
  across the network.

• Encrypted deltas are stored locally in the XML
  object store of the other member(s) of the shared
  space.

• Unencrypted content is never in the clear on
  the network

5
ConfidentialityIs the content and activity of a
shared space confidential?

• Strong encryption 192 bit
• Data is encrypted on the disk AND on the wire
• Passphrase
• Account information is encrypted in your
  passphrase
• strongly recommend a well defined passphrase
  alphanumeric

6
What customers ask about Groove security

• Is the content and activity of a Groove shared
  space confidential?
• How do I know that only authorized
  (authenticated) users have access to a shared
  space? How do I know they really are who they
  say they are?
• How do I guard against the inadvertent or
  malicious spread of viruses or rogue components?

7
AuthenticationHow do I know only authorized
users have access to a shared space?

• By accepting, Kathleen receives Andrews public
  key
• By accepting, Kathleen sends to Andrew her public
  key
• All future instant messages and invitations are
  authenticated

8
Authentication Voice AnnotationHow do I know
they really are who they say they are?
9
Authentication Digital FingerprintsHow do I
know they really are who they say they are?
10
What customers ask about Groove security

• Is the content and activity of a Groove shared
  space confidential?
• How do I know that only authorized
  (authenticated) users have access to a shared
  space? How do I know they really are who they
  say they are?
• How do I guard against the inadvertent or
  malicious spread of viruses or rogue components?

11
Component Management User ControlHow do I
guard against viruses or rogue components?

• Any member can add new tools and functionality to
  a Groove shared space.

• When Andrew adds a CAD Viewer Tool to the shared
  space, Groove automatically tells the other
  members shared spaces to add the CAD Viewer Tool
  as well.

12
Component Management IT ControlsHow do I guard
against viruses or rogue components?

• Members do not send tools to each other they
  send commands to add a tool.
• If a member already has the tool installed
  locally, Groove simply adds the tool to the
  shared space.

IT Controls
components.groove.net
add tool
Other component servers
Andrew

• If a member does not already have the tool
  installed, Groove automatically locates the tool
  on a component server, downloads and installs the
  tool, and adds it to the space.
• All components are digitally signed.
• IT managers can limit which components users are
  able to download, balancing end user control and
  flexibility with corporate security guidelines.

13
Summary

• All content and activity in a Groove shared space
  is confidential, regardless of user indifference
• Only authorized (authenticated) users have access
  to a shared space. Groove includes additional
  techniques to ensure authentication.
• Groove component management services guard
  against downloading of unauthorized tools.