Comb-e-Chem PKIComb-e-Chem PKI
Mike Surridge, Steve TaylorMike Surridge, Steve Taylor
IT InnovationIT Innovation
Public Key InfrastructurePublic Key Infrastructure(PKI)(PKI)
• Requirements:Requirements:– be able to authenticate remote usersbe able to authenticate remote users– be easy to operate by Chemists (e.g. NCS)be easy to operate by Chemists (e.g. NCS)– be secure enough for academic usersbe secure enough for academic users
• Analysis of existing NCS authentication:Analysis of existing NCS authentication:– uses personal knowledge of user communityuses personal knowledge of user community– uses contextual information (e.g. EPSRC project codes)uses contextual information (e.g. EPSRC project codes)– lightweight for both NCS and their customerslightweight for both NCS and their customers
• Public key infrastructure developments:Public key infrastructure developments:– Comb-e-Chem certification policy agreedComb-e-Chem certification policy agreed– procedures developed for NCS to certify remote usersprocedures developed for NCS to certify remote users– operational responsibility transferred to Chemistryoperational responsibility transferred to Chemistry
PKI RolesPKI Roles
• Grid communityGrid community– defines security policy and certificate policy (CP)defines security policy and certificate policy (CP)– approves certification authoritiesapproves certification authorities
• Certification Authority (CA)Certification Authority (CA)– defines certification practise statement (CPS)defines certification practise statement (CPS)– engages registration authoritiesengages registration authorities– issues certificates in accordance with policyissues certificates in accordance with policy
• Registration Authority (RA)Registration Authority (RA)– checks credentials of certificate applicantschecks credentials of certificate applicants– enforces security and certificate policyenforces security and certificate policy
PKI Trust NetworkPKI Trust NetworkRegistration
Authority(RA)
User
Identity(attributes)
User'sCertificate
User'sPrivate Key
CertificateAuthority
(CA)
Message
Supplier
CA PrivateKey
CA Self -Signed
CertificateKnows & Trusts to
operate GRIA responsibly
Has
Verifies
Holds Secret
Asserts
Trusts to register Users correctly
Checks Registration with
Holds SecretIssues
Signs
IssuesTrusts to implement
Certificate Policy
Acquires reilably &Installs in Trust Store
Signs
Receives, decrypts,verifies & reads
Signs
Acquires & Installs in Trust Store
Includes Public Keycounterpart of
Included in
Comb-e-Chem CPComb-e-Chem CP
• CP is CP is Certification PolicyCertification Policy– a set of rules by which a PKI must operatea set of rules by which a PKI must operate– follows a format described in RFC2527follows a format described in RFC2527– areas such as user registration, physical security, areas such as user registration, physical security,
certificate life cycle, etc…certificate life cycle, etc…
• Comb-e-Chem CP pays particular attention toComb-e-Chem CP pays particular attention to– user registrationuser registration– certificate life cyclecertificate life cycle
NCS CPSNCS CPS
• CPS is CPS is Certificate Practice StatementCertificate Practice Statement• A description of how the NCS CA (Sam) A description of how the NCS CA (Sam)
abides by and implements the rules in the CPabides by and implements the rules in the CP– describes operational procedures for implementing describes operational procedures for implementing
the CP’s requirementsthe CP’s requirements– contains a number of agreement forms to be contains a number of agreement forms to be
signed by the parties involved signed by the parties involved
PKI - Lessons LearnedPKI - Lessons Learned
• The PKI must have well-defined procedures The PKI must have well-defined procedures and strict adherence to themand strict adherence to them– CP & CPSCP & CPS
• The CA must exercise rigour in operational The CA must exercise rigour in operational proceduresprocedures– checking of credentialschecking of credentials– following procedures to the letterfollowing procedures to the letter– physical securityphysical security– audit trailsaudit trails– backupsbackups– revocationrevocation
PKI - Lessons Learned 2PKI - Lessons Learned 2
• User education must be addressedUser education must be addressed– the concepts of PKI are complexthe concepts of PKI are complex– the overhead of education can be a barrier to take-the overhead of education can be a barrier to take-
upup– ill-informed users can worsen securityill-informed users can worsen security– do users understand what is meant by (for do users understand what is meant by (for
example) a private key and a certificate?example) a private key and a certificate?– do they understand their security obligations?do they understand their security obligations?– in the NCS case, users are guided by the RAin the NCS case, users are guided by the RA
Comb-e-Chem SecurityComb-e-Chem Security
Mike Surridge, Steve TaylorMike Surridge, Steve Taylor
IT InnovationIT Innovation
Overview of ActivitiesOverview of Activities
• Security risk managementSecurity risk management– applied to the NCS serviceapplied to the NCS service
• Security implementationSecurity implementation– operating policies and public key infrastructureoperating policies and public key infrastructure– deployment of security features at NCSdeployment of security features at NCS
Risk ManagementRisk ManagementRisk AnalysisRisk Analysis
Asset-Based SecurityAsset-Based Security
Identify andIdentify and
value assetsvalue assets
Identify threatsIdentify threats
and risksand risks
Identify andIdentify and
cost defencescost defences
Define riskDefine risk
managementmanagement
approachapproach
ImplementImplement
defencesdefences
Risk AnalysisRisk Analysis
• Value assets based on impact of compromiseValue assets based on impact of compromise– high: likely to cause total business failurehigh: likely to cause total business failure– med: significant but not fatal impactmed: significant but not fatal impact– low: irritating but no significant impactlow: irritating but no significant impact
• Threats based on likelihood of attackThreats based on likelihood of attack– high: attacks will definitely take placehigh: attacks will definitely take place– med: attacks may occur from time to timemed: attacks may occur from time to time– low: attacks are unlikelylow: attacks are unlikely
• Risks based on likelihood of successRisks based on likelihood of success– taking account of existing defencestaking account of existing defences
Risk ManagementRisk Management
• Determine appropriate response to threatsDetermine appropriate response to threats– acceptance: live with the potential consequencesacceptance: live with the potential consequences– reduction: introduce defencesreduction: introduce defences– avoidance: don’t use the systemavoidance: don’t use the system
• Leads to cost-effective securityLeads to cost-effective security– as much security as you needas much security as you need– not more than you can affordnot more than you can afford
Asset System Intrusion
Data Interception
Data Corruption
Social Engineering
Procedural Errors
User Errors
Human X X Systems X X X Services X X X X Credentials X X X X X X Data X X X X X Reputation X X Defence System
Intrusion Data
Interception Data
Corruption Social
Engineering Procedural
Errors User
Errors Firewalls
X X
Message Authentication
X X
Message Encryption
X
Intrusion Detection
X X
Response Planning
X X
User Training
X X X
Risk Analysis FacilitationRisk Analysis FacilitationAsset System
Intrusion Data
Interception Data
Corruption Social
Engineering Procedural
Errors User
Errors Human X X Systems X X X Services X X X X Credentials X X X X X X Data X X X X X Reputation X X Defence System
Intrusion Data
Interception Data
Corruption Social
Engineering Procedural
Errors User
Errors Firewalls
X X
Message Authentication
X X
Message Encryption
X
Intrusion Detection
X X
Response Planning
X X
User Training
X X X
Application to NCS ServiceApplication to NCS Service
• Assets:Assets:– campus system and network integrity (med/high)campus system and network integrity (med/high)– sample tracking data (med)sample tracking data (med)– experimental result data (low/med)experimental result data (low/med)– grid service integrity (low/med)grid service integrity (low/med)
• Risks:Risks:– system attacks from outside campus (high likelihood)system attacks from outside campus (high likelihood)– systems attacks from inside campus (med likelihood)systems attacks from inside campus (med likelihood)– compromise of remote user credentials (high likelihood)compromise of remote user credentials (high likelihood)– internal user error (med likelihood)internal user error (med likelihood)
ConclusionsConclusions
• Progress with core technology developmentsProgress with core technology developments– authorisation and WS-Security authorisation and WS-Security – relevant for service integrationrelevant for service integration
• NCS security risks analysedNCS security risks analysed– appropriate defences identifiedappropriate defences identified
• Security procedures and infrastructure Security procedures and infrastructure implementedimplemented– public key infrastructure (CA, RAs, policies)public key infrastructure (CA, RAs, policies)– firewalls and protocols for NCS deploymentfirewalls and protocols for NCS deployment
Comb-e-Chem SecurityComb-e-Chem Security
Mike Surridge, Steve TaylorMike Surridge, Steve Taylor
IT InnovationIT Innovation
ConclusionsConclusions
• Progress with core technology developmentsProgress with core technology developments– authorisation and WS-Security authorisation and WS-Security – relevant for service integrationrelevant for service integration
• NCS security risks analysedNCS security risks analysed– appropriate defences identifiedappropriate defences identified
• Security procedures and infrastructure Security procedures and infrastructure implementedimplemented– public key infrastructure (CA, RAs, policies)public key infrastructure (CA, RAs, policies)– firewalls and protocols for NCS deploymentfirewalls and protocols for NCS deployment
PKI can have Multiple CAsPKI can have Multiple CAs
UserUser
UserUser
ResourceResource
ResourceResource
CA1CA1 CACAnn
Registration ProcedureRegistration ProcedureCA OrganisationUser's Organisation
RegistrationAuthority
(RA)
User
Identity(attributes)
User'sCertificate
User'sPrivate Key
CertificateAuthority
(CA)
CA PrivateKey
CA Self -Signed
Certificate
Has
Holds Secret
RA'sCertificate
RA PrivateKey
User'sCertificateRequest
User'sPublic Key
Holds
ContainsContains
Key Pair
Knows & Trusts
Verifies
IF verification OK, signs
User'sCertificateRequest
Signed by RA
Used to sign
Result of RA signing
Sends to CA
RA'sCertificate
Represents CA's trust of RA
Checked for validityof RA's signature
User'sCertificateRequest
Generated ifRA's signature OK
Used to sign
Result of CA signing
Are the same certificate
Used to Sign