7th WSEAS Int. Conf. on APPLIED COMPUTER & APPLIED COMPUTATIONAL SCIENCE (ACACOS '08), Hangzhou, China, April 6-8, 2008
Services in Untrusted Environment SYLVIA ENCHEVA Stord/Haugesund University College Department Haugesund Bjørnsonsg. 45, 5528 Haugesund NORWAY
[email protected]
SHARIL TUMIN University of Bergen IT-Dept. P. O. Box 7800, 5020 Bergen NORWAY
[email protected]
Abstract: One of the major problems of security framework is related to key distribution and management. Suppose an organization maintains a domain wide user administration system. Domain users are then provided with a Web application from which they can create and revoke public-private key pairs. A Web application is also provided by the domain server for signing and verifying users’ messages. Domain users public keys are published in an Lightweight Directory Access Protocol directory server. Key–Words: Insecure public network, system credentials
1 Introduction
into consideration due to lack of experience and/or work knowledge. We believe that by using simple and open-ended software tools, developers, and implementers can achieve both workability and a higher level of security due to the fact that a system being developed is under a full control of the developers. Security concerns must be a big part of the implementation model and must not be taken as an afterthought once the system is put in production. The paper is organized as follows. Open-source software tools used in this framework are presented in Section 3. Trust relations are discussed in Section 4. A method of using password card for Web sign-on that does not disclose users’ system credentials is presented in Section 5. The paper ends with a conclusion in Section 6.
Web services and Web-based applications promise mobile users assessable services from anywhere at any time. In the last decade one can see many evolving technologies and standards supporting secure framework for Web services/applications. The Web is based on a model of request/response connectionless mode of communication relaying on the stateless HyperText Tranfer Protocol (HTTP) communication protocol. Its simplicity is the major factor for its wide-spread success. Lately Web technologies have evolved to a high degree of sophistication employing complicated protocols supported by heavy-weight software Java based systems. Among these are XML, SOAP, WDSL, UDDI and SAML endorsed by multinational software giants like Microsoft, IBM, Oracle and Sun. In this paper we propose a secure framework based on open-source softwares for Web applications/services for small teams of developers and implementers on low budget development projects, common to educational organizations. Small means not more then four in a team and low budget means no software and license costs. Web applications/services have been developed and deployed due to necessity and not based on commercial goals. Developers and engineers, members of such development teams, normally have different levels of technical knowledge, experience and know-how. Usually, such a project concentrates on workability of a system in a complex environment rather than producing a commercial grade software for an assumed environment. To meet the workability goal, security concerns are not taken ISBN: 978-960-6766-49-7
2 Literature Review Network security problems are discussed in [2]. A set of hints for designing a secure client authentication scheme is described in [16]. A taxonomy of single sign-on systems is presented in [19]. Pubcookie [13] provides an open-source software for intra-institutional single sign-on (SSO) end-user Web authentication. PGPi [14] is the international variant of Pretty Good Privacy (PGP), that provides an email encryption system. PGP is normally used to apply digital signatures to emails and it can also encrypts emails, and thus provides privacy. PGP does not depend on the traditional hierarchical trust architecture but rather adopts the ’web of 201
ISSN: 1790-5117
7th WSEAS Int. Conf. on APPLIED COMPUTER & APPLIED COMPUTATIONAL SCIENCE (ACACOS '08), Hangzhou, China, April 6-8, 2008
trust’ approach [22]. Trust issues related to network are discussed in [18]. Limitations to existing e-commerce technologies: data resides in traditional databases, and security is difficult to guarantee across network [6]. Practical sides of Public Key Infrastructure (PKI) are presented in [7]. Interesting security management issues are discussed in [1], [11] and [12]. Economic evaluation of security investments is made in [4]. The authors present a mixed qualitative and quantitative approach for evaluation of information technology security investments. Return of security investments is discussed in [21]. LDAP is presented by many authors like for example [5], [10], [8], [9] and [20]. An object-oriented API to access LDAP directory servers from Python programs can be found in [3].
well understood authentication module that involves password and client certificates. In this paper we investigate the possibility of securing Web application/services without using HTTPS and certificates.
3.4 PostgreSQL PostgreSQL, with more than fifteen years of development history, is chosen for its scalability, Structured Query Language (SQL) compliant and objectrelational database. PostgreSQL supports Procedural Language (PL) in different programming languages like PL/pgSQL, PL/Perl, PL/Tcl, and PL/Python. Thus PostgreSQL functions can be written in Python. PostgreSQL supports several methods of authentication and authorization to a database by controlling clients (client-IP address) and users (credentialuser ID and password) access. Clients can be ’local’, ’hosts’, and ’hostssl’. A user can be completely trusted by ’trust’ or completely blocked by ’reject’. A user can transfer his/her credentials by ’password’ (clear text), ’crypt’ (encrypted password), krb4, krb5 (Kerberos) and ’ident’ (identification protocolRC1413). All these are done in a pg hba.conf file which is read every time a {client-user} pair needs to be authenticated. The database server needs not be restarted to make a new security policy in pg hba.conf effective.
3 Tools 3.1 Lightweight Directory Access Protocol Lightweight Directory Access Protocol (LDAP) is applied to look up encryption certificates, pointers to printers and other services on a network, and provide single sign on where one password for a user is shared between many services.
4 Relations
3.2 Python
Trust relations that require serious considerations are
Python is chosen primarily for its simplicity and expressiveness and secondarily for the many opensource modules developed by the Internet communities that support Web application/services and security tools. We choose the XML-RPC, remote procedure call encapsulated in Extensible Markup Language (XML) for P2P communication for its simplicity in implementation and usage, rather then more complicated technologies like Simple Object Access Protocol (SOAP). By employing secure library from OpenSSL and Python crypto modules such as CryptoTools and M2Crypto we manage to do P2P securely.
• system-system • system-user • user-system However, not all security concerns can be programmed. A secure system must be supported by site’s rules and regulations, controlled by a body of a security committee. Such a committee must be lead by a high-level official. The committee provides security guidelines, responsible for security auditing and has the power to apply sanctions.
3.3 Apache Apache is a robust and extendable HTTP server. It is one of the most stable and secure services that ships with many Linux/Unix distributions. By using options under installation and a flexible configuration file for run-time, the Apache HTTP can be made secure. By an easy and understandable change of configuration, it can be made to support a secure protocol (HTTPS). Web resources can be secured using ISBN: 978-960-6766-49-7
5 Use of a Single Credential The use of a single credential {user-identification, password}-pair for a system wide authentication provides users with the convenience of remembering one password only. The same {user-identification, password}-pair is used to logon into Unix, Windows 202
ISSN: 1790-5117
7th WSEAS Int. Conf. on APPLIED COMPUTER & APPLIED COMPUTATIONAL SCIENCE (ACACOS '08), Hangzhou, China, April 6-8, 2008
and other servers. However, a single credential policy increases the risk of the system wide security breach, should that credential got stolen. It is especially risky when the single credential is used for Web sign-on from a Web browser situated in non-trusted environments like Web Cafe, public libraries and the like. A keyboard grabber program can easily steal users’ credentials without users knowledge. One solution is not to use a {user-identification, password}-pair credentials for Web applications’ sign-on. Some of the technologies supporting such a solution are Smart-cart, biometric devices, and a {client certificate, pin}-pair method. Normally such devices are non-existing under the environments mention above. Users may not be able or may not want to install a client certificate on publicly accessible PCs. We propose a method of using password card for Web sign-on that does not disclose users’ system credentials. A user can produce such a card (a randomly generated image) via a Web application from a PC within a trusted network, like f. ex. organization’s internal network, at anytime. A user can produce a password card (a randomly generated image) via a Web application from a PC within a trusted network, like for example organization’s internal network, at anytime.
[6] Garfinkel, S.: Web Security, Privacy & Commerce, O’Reilly, (2002) [7] Geschwinde E., Sch¨onig H-J.: PostgreSQL, Developer’s Hadbook, Sams Publishing, USA (2001) [8] Howes, T. A., The Lightweight Directory Access Protocol: X.500 Lite, (1995) [9] Howes, T. and Smith, M.: LDAP: Programming Directory-Enabled Applications with Lightweight Directory Access Protocol, Macmillan Technical Publishing, (1997) [10] Kanies, L.A.: An Introduction to LDAP, O Reily, (2001) [11] Krause, M.: Handbook of Information Security Management, CRC Press, Inc., Boca Raton, FL, (1999) [12] Krutz, R. L., Vines, R. D.: The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, Inc., New York, NY, (2001) [13] http://www.pubcookie.org [14] http://www.pgpi.org [15] Ferguson, N., Schneier B.: Practical Cryptography, Wiley, (2003) [16] Fu, K., Sit, E., Smith, K., Feamster, N.: Dos and Don’ts of Client Authentication on the Web. Proceedings of the 10th USENIX Security Symposium, Washington, D.C., August, (2001) [17] Herzberg A., Mass Y., Mihaeli J., Naor, D., Ravid, Y.: Access control meets public key infrastructure, or: Assigning roles to strangers. EIRE Symposium on security and privacy, (2000) [18] Lu, Y., Wang W., Xu, D., Bhargava, B.: Trust-based Privacy Preservation for Peer-topeer Data Sharing. Proceedings of the 1st NSF/NSA/AFRL workshop on Secure Knowledge Management (SKM), (2004) [19] Pashalidis, A., Mitchell, C.J.: A taxonomy of single sign-on systems. Lecture Notes in Computer Science 2727, 249-264, (2003) [20] Puryear, D.: Building an Address Book with Open LDAP, O Reily, (2003) [21] Sonnenreich, W., Albanese, J. and Stout, B.: Return On Security Investment (ROSI)-A Practical Quantitative Model, in: E. Fernndez-Medina, J.C. Hernndez and L.J. Garca, editors, Security in Information Systems, Proceedings of the 3rd International Workshop on Security in Information Systems (WOSIS’05), In conjunction with ICEIS’05, 239-252, (2005) [22] Zimmermann, P.: Pretty Good Privacy User’s Guide, Distributed with the PGP software, (1993)
6 Conclusion The paper addresses some security problems and issues about implementing Web Services. Using simple model and free lightweight technologies, we show that it is possible to implement secure Web applications/services. References: [1] Adamski, A., Kulczewski, M., Kurowski, K., Nabrzyski, J., and A. Hume, A.: Security and Performance Enhancements to OGSA-DAI for Grid Data Virtualization, Second VLDB Workshop on Data Management in Grids, http://liris.cnrs.fr/ jpierson/DMG VLDB06/, Seoul, Korea, 11 September 2006, (2006) [2] Albanese, J, Sonnenreich, W.: Network Security Illustrated, McGraw-Hill Professional, (2003) [3] http://python-ldap.sourceforge.net/ [4] Bistarelli, S., Fioravanti, F., Peretti, P.: Defense trees for economic evaluation of security investments, Proceedings of the First International Conference on Availability, Reliability and Security (ARES’06), p.416-423, April 20-22, 2006 [5] Carter, G: LDAP System Administration, O Reily, (2003) ISBN: 978-960-6766-49-7
203
ISSN: 1790-5117
