Security and the Open Geospatial Consortium (OGC) CEOS/WGISS-27 Workshop 11 Mai 2009 Toulouse Andreas Matheus, Secure Dimensions GmbH [email protected]

Security Security and the and the

Open Geospatial Consortium (OGC)Open Geospatial Consortium (OGC)

CEOS/WGISS-27 Workshop

11 Mai 2009

Toulouse

Andreas Matheus, Secure Dimensions [email protected]

Helping the World to CommunicateGeographically

AgendaAgenda

• What do I mean by “Security”?• Typical Requirements and Standards• OGC’ Security and GeoRM Working Groups• OGC’ Interoperability Initiatives• Conclusion and upcoming activities


Context For This TalkContext For This Talk

• Target to be “secured” is a Distributed System – for exchanging / processing of geospatial information– implemented by (but not limited to) OGC Web Services

• One mandatory and one optional Threat Model– Internet Threat Model– Browser (Client) Threat Model

• In this context, “Security” refers to– communication between entities– trust between entities / parties– protection of assets

Security and the Open Geospatial Consortium


Security Security –– What Do I Mean By That? What Do I Mean By That?

• For “the system” itself:

“secure systems will control, through use of specific security features, access to information such that only properly authorized individuals, or processes operating on their behalf, will have access to read, write, create, or delete information.” [TCSEC]*

• For a “distributed system”:

the „distributed“ property is a characteristic of the system that shall not have any influence on the definition above.



Security Relies On RequirementsSecurity Relies On Requirements

• Trusted Computer System Evaluation Criteria– Policy, Marking, Identification, Accountability, Assurance, Continuous

Protection– Evaluation Classes: D (lowest), C, B, A (highest)

• C: Discretionary Access Rights Management, Identity based AC

• B: Mandatory Access Rights Management, Context based AC

• ISO 10181


– 1: Overview– 2: Authentication FW– 3: Access Control FW– 4: Non-Repudiation FW

– 5: Confidentiality FW– 6: Integrity FW– 7: Security Audits and

Alarms FW


OGC Sensor Web OGC Sensor Web –– A Trusted System? A Trusted System?


CAT

SOS

SAS

Sensors

WNS

SPS

Register

Register

Search

SOSSASGetResults

SensorML

Task

Task

Notify

notification

Publish

Alert

Notify

Bind


The Interoperability IssueThe Interoperability Issue

• Exchanging and processing of geospatial Information in a federation requires interoperability on different levels:– Data Level Interoperability ensures the ability to “consume” the

information– Service Level Interoperability ensures the ability to exchange /

obtain the information to be “consumed”– Security Level Interoperability ensures the ability to the above in a

reliable and trustworthy fashion

• Implementation of all levels can be done by using standards from the OGC and other bodies

• Establishing secure communication– Network level– Application level



Security StandardsSecurity Standards

Authentication

REL ODRL XrML

XACML GeoXACML

WS-Policy WS-TrustWS-

Authorization

WS-Security

WSDL WS-Referral WS-Routing

XML SignatureXML

EncryptionSAML

ebXMLXKMS

HTTP / HTTPS

SSL TLS IPSec

PKI

Kerberos

LDAP

XCBF

Licensing

Web Services Standards

Authorization

Policy Layer

Message Security

XML Security Standards

Binding Layer

Network Layer

WS-FederationWS-

SecureConversationFederation


This is an OGC Standard!


Security And The OGC Security And The OGC – – Working Groups Working Groups

• GeoRM (Geo Rights Management) DWG – 2004 – http://www.opengeospatial.org/projects/groups/geormwg

– Geospatial Digital Rights Management Reference Model (Abstract Specification Topic 18)

• Security DWG – 2006– http://www.opengeospatial.org/projects/groups/securitywg– Forum for discussing related topics to authentication, access control

and secure communication



Security And The OGC Security And The OGC –– Standardization Standardization

• GeoRM Common SWG – 2007 – http://www.opengeospatial.org/projects/groups/georm1.0swg – „define the GeoRM Common Standard for the implementation of

common aspects GeoDRM Reference Model“ [Charter]

• GeoXACML SWG (persistent)– Potential to be established 2009 (next TC meeting 06/09)– “purpose … is to develop an OGC Web Services Profile of

GeoXACML” [Draft Charter]– “another purpose … is to coordinate OGC’s work on GeoXACML

with the work of the OASIS XACML WG“ [Draft Charter]



Security And The OGC – OWS-3 InitiativeSecurity And The OGC – OWS-3 Initiative

• Timeline 04 – 10/2005• Dedicated Thread for GeoDRM• “Click-through" licensed use of a

– Web Map Service (WMS)– Web Feature Service (WFS)– Web Portrayal Service (cascade of a WMS and WFS)

• GeoDRM license model for different types of users– anonymous / registered user




• “Click-Through” Licensing


Error: Please read/accept the disclaimer!

ServiceWMS / WFS

Read & Accept Disclaimer

Request

Result: Image / 27GML



• WS-Security based implementation of secure communication and exchange of security context information– Confidentiality– Integrity

• WS-Security supports different Security Tokens– Username Tokens (authentication by user/password)– X.509 Tokens (authentication by certificate)– SAML Tokens (exchange of user assertions)– REL Tokens (exchange of license assertions)– Kerberos Tokens (Microsoft authentication)




• Interoperability Program Report (IPR)– OGC 05-111 (Fraunhofer): “Terms of Use (ToU) Service and Model”

• Implementation– “Click-Through” License for WMS and WFS (University of the

Bundeswehr München)




• Timeline 06 – 12/2006• Dedicated Thread for GeoDRM• Use of brokered / negotiated licenses for a

– Web Feature Service (WFS)

• Two phase approach– I: Negotiation of a license (and the comprised rights)– II: Managing access to protected services based on the rights and

conditions in the license




• Scenario 1– Unrestricted User-License

• Scenario 2– Brokered-License

• Scenario 3– Negotiation of a User-License

• Scenario 4– Managing access to a

WFS-T for featureupdates





<License>

Rights as XACML Policy

Authenticity by XML Signature

Structure of an OWS-4 License



• Interoperability Program Reports– Engineering Viewpoint (con terra)– Trusted Geo Services (University of the Bundeswehr München)– Change Request OWS Common (Fraunhofer)

• Implementation (con terra) – Phase I: Negotiation of licenses

• Implementation (University of the Bundeswehr München)– Phase II: Licensed feature update using a WFS-T

• Online Demo– http://www.opengeospatial.org/pub/www/ows4/index.html




• Timeline 10/2008 – 04/2009• Security inside threads

– Geo Processing Workflow (GPW)• Managed access to OWS and trusted communication between different

security domains

• XACML/GeoXACML based protection of a WMTS and WFS

– Sensor Web Enablement (SWE)• How to secure a sensor network based on OGC Sensor Web Services?








Access Control in the Airport Emergency Response Scenario (source: 09-036)



• Secure Sensor Web Engineering Report– Evaluate vulnerabilities, attacks and affects on assets for the Sensor

Web Services specifications• Sensor Alert Service (SAS)

• Sensor Observation Service (SOS)

• Sensor Planning Service (SPS)

– Assets are• Sensors, Production Data, Observations, Alerts

– Provide recommendations how to prevent or mitigate the attacks




• Interoperability Program Reports– OWS-6Security ER (con terra)– OWS-6 GeoXACML ER (University of the Bundeswehr München)– OWS-6 Secure Sensor Web ER (AM Consult*)

• Implementation (con terra) – STS, PDP, PEP

• Implementation (AM Consult*)– GeoPDP

• Implementation (Geomatys)– WMS / WFS PEP


*: Secure Dimensions GmbH is the successor of AM Consult


Security Standards Security Standards –– OGC experience OGC experience

Authentication

REL ODRL XrML

XACML GeoXACML

WS-Policy WS-TrustWS-

Authorization

WS-Security

WSDL WS-Referral WS-Routing

XML SignatureXML

EncryptionSAML

ebXMLXKMS

HTTP / HTTPS

SSL TLS IPSec

PKI

Kerberos

LDAP

XCBF

Licensing

Web Services Standards

Authorization

Policy Layer

Message Security

XML Security Standards

Binding Layer

Network Layer

WS-FederationWS-

SecureConversationFederation



Consensus On Security In The OGCConsensus On Security In The OGC

• Results from the OWS-3, OWS-4, OWS-6 Initiatives– Use SOAP based communication for service interface– Secure communication by leveraging WS-Security from OASIS

• Includes use of XML DSig and XML Encryption by W3C

– Access Control based on XACML / GeoXACML

• Items that require standardization/recommendation– Authentication– Bootstrapping for secured OGC Web Services– GeoXACML Profile for OGC Web Services



Potentially Future Work ItemsPotentially Future Work Items

• GeoXACML SWG– How to ensure 100% interoperability using GeoXACML to protect

Geo Web Services (includes OGC Services)– Communicate with OASIS XACML WG to ensure that geo-specific

use cases are included

• GeoRM Common SWG– How to transport a security context for licensed protection of OGC

Web Services

• OWS-7: Proposal for a Security Thread– Implementation of Secure Sensor Web ER results for SPS– Evaluation / comparison of Authentication Mechanisms


CEOS members – get involved in Security for OWS-7


Thank You For Your AttentionThank You For Your Attention


It is important, never to stop asking questions... [Albert Einstein]

Secure Dimensions GmbH – Holistic GeosecurityDr. Andreas Matheus

Kederbacherstraße 44 D-81377 München, Germany

Phone +49 (0)89 71000667Mobile +49 (0)160 1066366Telefax +49 (0)89 71000668Email [email protected] Web www.secure-dimensions.de

Documents

Security and the Open Geospatial Consortium (OGC) CEOS/WGISS-27 Workshop 11 Mai 2009 Toulouse Andreas Matheus, Secure Dimensions GmbH [email protected]