Embed Size (px)
Citation preview
X-Road (X-tee)
A platform-independent secure standard interface between databases and information systems
to connect databases and information systems of the public sector
InternetInternet
?InternetX-Road
InternetX-Road
There are various databases and information systems in different platforms with need to co-operate...
Population Register(Progress)
Business Register(Oracle)
Land Register
(MSSQL)
Motor Vehicle Register(Oracle)
Citizen Portal
Information System of Company A
Citizen
Officers
more than 100 Databases...
Information System of Company B Officers
more than 1000 Information Systems...
Security Server
Security Server
Security Server
Security Server
Security Server
Security Server
Security Server SOAP
client
SOAPclient
SOAPclient
SOAPserver
SOAPserver
SOAPserver
SOAPserver
Extra interface from every database to every information system would have been expensive...
X-Road is a platform-independent secure standard interface between databases and information systems
Database is adapted to X-Road by setting up Adapter Server, which contains:
SOAP or XMLRPC server + X-Road rules
Information systems need: SOAP or XMLRPC client + understanding of X-Road rules
To secure the system, each party accesses X-Road via it’s Security Server
X-Road Security Server is a standard software solution that encrypts/decrypts outgoing/ingoing messages, filters ingoing messages
as a firewall, and logs messages it receives
CA
Traffic between Security Servers is encrypted with PKI. Security Servers have to be certified by X-Road Certification AuthorityCertificates are available for verification from X-Road Central Servers.
Central Servers are duplicated
Central Servers
No redundant centralization:Security Servers create connections directly to each other
Data from Central Servers is cached in Security Servers by use of DNSSEC
InternetX-Road
InternetX-Road
Database
InformationSystem
User (citizen
or officer)
Security Server of DB
Security Server of IS
SOAPclient
SOAPserver
CA Central Servers
X-Road: Message on the road
User authenticates himself/herself
Information System must be able to get to
know the proper Personal Code of user
Information System gives user access to
methods user is authorized to use
This is first level of authorization
As user chooses to call a method (usage of
which is authorized by the Information System), a message with method
call goes towards the Security Server
The Security Server signs the message with it’s private key
The Security Server of IS asks over DNSSEC the Central Server
for IP address of the Security Server(s) of DB
Security Server of IS opens TCP connection to the Security Server of DB
and sends its certificate to start TLS
security protocol
Security Server of DB verifies over DNSSEC the certificate received
from the Security Server of IS
If certificate was valid, the Security Server of DB
sends its certificate back to finish creation of secure connection
Security Server of IS verifies over DNSSEC the certificate received
from the Security Server of DB
As secure channel has been created and other
party verified, Security Server of IS
sends signed message to Security Server of DB
Security Server of DB verifies signature
of the message and logs the message
Security Server of DB checks whether the
Information System is authorized for this
method
This is the second level of authorization
Security Server of DB sends the decrypted
message to the Adapter Server
Adapter Server commits the method call in the database
Security Server of DB signs the response
message
Security Server of DB sends signed response
message to the Security Server of IS
Security Server of IS checks the signature of response message
and logs the response message
Security Server of IS sends decrypted
response message to the Information System
Finally, user receives response he/she
requested! Whether user is identified by ID-card,
password, face or something else is up to
the Information System, provided that the way of identification is reliable
In addition to the message body with data
for method call, the message contains also a message header with user’s Personal Code,
the name of Information System, unique ID of the
message etc.
InternetX-Road
InternetX-Road
Database
InformationSystem
User (citizen
or officer)
Security Server of DB
Security Server of IS
SOAPclient
SOAPserver
CA Central Servers
X-Road: Levels of authorization
Permission matrix on the granularity
of Information Systems is held by
the Security Server of the
Database
Permission matrix on the granularity of individual users is held by the Information System
If Database does not trust Information
System to grant individual
permissions, it has possibility to hold
additional permission matrix
on the granularity of individual users
But this would be awful in case of
hundreds of Information
Systems with thousands of users!
Information System is capable to grant permissions to its users
only on those methods that Information System itself is
authorized to use by permission matrix held by the Security
Server of DB
InternetX-Road
InternetX-Road
Database
InformationSystem
User (citizen
or officer)
Security Server of DB
Security Server of IS
XMLRPCclient
XMLRPCserver
CA Central Servers
X-Road: Trusted logs
Security Server of IS logs response
messages coming from the Databases
Security Server of DB logs messages
coming from the Information
Systems
Both Security Servers hash their logs and send
their hash chain periodically to the Central Servers
If evil administrator of any Security Server would even try to change the local log, the hash in Security Server does not match the hash in Central Servers any more!
Therefore, the logs cannot be broken
With message given, it is always possible to check later the
authenticity of the message – whether such a message really
existed or not.
As X-Road trusted logs cannot be broken, the result of the check is
trustworthy
X-Road: A protocol with standard implementation provided
• Any custom information system having specified security level may join X-Road
• Those institutions (companies) which do not have a secure information system of their own, are welcome to install standard Mini-InfoSystem-Portal (MISP) to gain access to X-Road
