This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Architecture and Operation of Commercial Application Systems FU Berlin
– Provides data origin authentication, data integrity, and replay protection– Uses hashed message authentication codes (HMAC) based on shared
secrets– Does not encrypt datagram content– IANA assigned IP protocol number 51
• Encapsulating Security Payload (ESP)– Provides data confidentiality (except for transform NULL)– Encrypts payload of IP packet by using cryptographic keys– Optionally provides data origin authentication, data integrity, and replay
protection– IANA assigned IP protocol number 50
• Internet Key Exchange (IKE) protocol– Dynamically generates and refreshes cryptographic keys– Rekeying occurs while VPN connection is running– Two phase approach protects keys and data
Architecture and Operation of Commercial Application Systems FU Berlin
Authentication Header (AH)Overview• Provides origin authentication for entire IP
datagram• Provides data integrity and replay protection• IANA assigned IP protocol number 51• IETF standard (RFC 2402)• Uses hashed message authentication codes
(HMAC) based on cryptographic keys• Does not encrypt datagram content• Two modes: Tunnel and Transport
Internet Key Exchange (IKE)Overview• Key generation and identity authentication• Automatic key refresh• Solves the "first key" problem• Based on ISAKMP framework and Oakley key distribution protocol• IETF standard (RFCs 2408-09, 2411-12)• Built-in protection
– Prevents Denial of Service attacks– Prevents Man-in-the-Middle attacks– Provides Perfect Forward Secrecy
• Must support IKE over UDP, port 500 (4500 typically used with UDP encapsulation)
• Must use strong authentication– Pre-shared keys– Digital signatures (DDS and RSA)– Public key encryption (RSA and revised RSA)
Security Associations (SA)• Contains important information about how to use IPSec
– Algorithms (encryption, authentication)– Key lengths and lifetimes– Lifetimes (how long until an SA expires)– Participating parties– Nesting dependencies (inner or outer SA)– Encapsulation modes (transport or tunnel)– This information is cleartext and stored locally
• IKE SA– Protects Phase 1 and Phase 2 IKE
exchanges– Bi-directional– Either side can be Initiator or Responder
• Protocol SA– Protects user traffic– Negotiated during IKE Phase 2– Unidirectional– Requires separate SPI and key for
Initiator and Responder
SA establishment messagesKey exchanges messages
User data
User data
NO ENTRY
NO ENTRYONE WAY
ONE WAY
ISAKMP SA
Protocol SA
Protocol SA
Architecture and Operation of Commercial Application Systems FU Berlin
IKE RSA signature: Main modeISAKMPheader SA Proposal Transform(2)Transform(1) ...
ISAKMPheader
ID(responder)
Initiatorto responder
Responderto initiator
Protected
Legend
Proposal and Transform payloads are considered part of SA payload
Certificate Signature(responder)
1
ISAKMPheader SA Proposal Transform2
ISAKMPheader
Keyexchange
Nonce(initiator)
Certificaterequest (1)
Certificaterequest (2) ...3
ISAKMPheader
Keyexchange
Nonce(responder)
Certificaterequest (1) ...4
ISAKMPheader
ID(initiator) Certificate
Signature(initiator)5
6
Both the initiator and responder send one or more Certificate Request (CERT-REQ) payloads for the CAs that they trust• Used by receiving system to help in certificate selection• The iSeries server sends one CERT-REQ for each trusted CA trusted by VPN Key Manager
VPN with UDP Encapsulation• Addresses header authentication problems when
NAT is used• UDP encapsulation, a.k.a. "NAT-friendly IPSec"
– For iSeries-initiated access through a NAT system (for example, firewall)
– Encapsulates an entire IPSec datagram into a UDP datagram, thereby allowing NAT to change the IP header in the UDP datagram rather than the hashed IP header in the original IPSec datagram
– Currently, the iSeries can only be the initiator– Example of a datagram using ESP in tunnel
mode
Branch Office
Intranet
Internet
VPN Tunnel
NAT
Architecture and Operation of Commercial Application Systems FU Berlin
SSL facts• Implemented on top of the OSI Reference Model layer 4
(transport layer) – Applications must support SSL– Needs additional programming– Special sockets APIs
• SSL is not a single protocol. Instead, it consists of:– SSL record protocol
• Sits on top of the transport layer and is used for encapsulation of various higher level protocols
– SSL handshake protocol• Operates on top of the SSL record layer• Allows the client and server to authenticate each other• Negotiates an encryption algorithm and cryptographic keys
before the application protocol receives or transmits data
Architecture and Operation of Commercial Application Systems FU Berlin
– SSL-enabled server and client applications required– Application to application– Simple to implement– Typically used for a few applications
or when dealing with users in the Internet
• VPN– Host or Gateway must support VPN– Transparent to application– Requires networking skills– Useful for protecting entire IP traffic between locations and
Digital CertificatesWhat is a digital certificate?• An electronic form of identification, such as a passport or drivers license• Contains a name
– SubjectDN (such as CN=MyName, OU=FTSS, O=IBM, C=DE)– SubjectAltName (such as IP address, e-mail
address, host name, ...)• Issuer information• Public key• Validity period• Optional usage• Optional CRL locationIssued by a Certificate Authority (CA)Format defined in "Internet X.509 Public Key
Infrastructure and CRL Profile", RFC2459
VersionSerial number
Signature (algorithm)Issuer (X.500 DN)
ValiditySubject (X.500 DN)
Subject Public Key InfoIssuer Unique Identifier (v2)
Subject Unique Identifier (v2)Extensions (v3):
Subject Alternative NameAuthority Key IdentifierSubject Key Identifier
CRL Distribution Points...
Signature AlgorithmSignature Value
Architecture and Operation of Commercial Application Systems FU Berlin
Usage for digital certificates• Secure transmitted data
– Certificates can be used when establishing secured connections using the Secure Sockets Layer (SSL) protocol
– Data traffic is encrypted (typically, traffic is not encrypted using asymmetric keys)
• Authentication– Better than a user ID and password because
possession of a private key is required– A private key will never be transmitted– One certificate can be used to identify an
entity to many other entities• Signing objects
– Certificates can be used for signing objects, which ensures thatdata transmitted over an untrusted media comes from a trusted source and was not modified.
Improving SSL Performance with Hardware Cryptography
• Secure connections on high volume Web sites or business application servers with many users put additional load on servers– Handshake and data encryption increase load– Symmetric data encryption is less expensive than asymmetric
encryption (RSA with public/private keys) for authentication
• Hardware cryptography can be used to improve performance for SSL handshake (asymmetric key operations)– offloads work from main CPU
• iSeries provides different hardware options
Architecture and Operation of Commercial Application Systems FU Berlin
– Improves SSL handshake performance– Simple configuration– Up to four adapters per system
• vary on device to activate• each adapter contains five IBM UltraCipher Cryptographic engines• one adapter supports 1000 RSA operations/second
• 4764 PCI-X Cryptographic Coprocessor (IOP-less)– Designed to meet Federal Information Processing Standard FIPS 140 level 4
certification– Supports EMV 2000 (Europay/MasterCard/Visa) standard– Contains tamper-responding module– Secure key generation and store– Random number generator– Clone a master key securely – Support financial PIN-processing – Generate and validate digital signatures – Encrypt and decrypt data – Improves SSL handshake performance
Security System ValuesLocking down security settings
• Security-related system values reflect the implementation of security policies
• Due to the lack of knowledge, many programmers have permissions to change system security settings
• The concept of split responsibilities can prevent high-authority users from changing security system settings
• Security system values can be locked down in System Service Tools (SST)
Work with System Security System: I5OSP3
Type choices, press Enter.
Allow system value security changes . . . . . 2 1=Yes, 2=NoAllow new digital certificates . . . . . . . 1 1=Yes, 2=NoAllow a service tools user ID with a default and expired password to change
its own password . . . . . . . . . . . . . . 2 1=Yes, 2=No
Architecture and Operation of Commercial Application Systems FU Berlin
i5/OS Object Signing Support• All IBM operating system, license program, and
PTF objects are shipped digitally signed– Shipped i5/OS has the CA and Signature
Verification certificates internally stored– Therefore even if DCM is not setup and there is no object
signing or verification store, IBM supplied objects can be verified on restore
• i5/OS object signing capabilities can prevent objects from beingrestored when signatures are missing or invalid
• DCM can be used to create and manage certificates for digitally signing objects that will ensure:– The object's integrity– Provide proof of origination
• Signature operations as well as verification errors are logged in theaudit journal
Check Object Integrity (CHKOBJITG)• The CHKOBJITG command can be used to check the integrity of a single
object, several objects, or all objects on the system• It not only verifies object signatures, but also verifies the integrity based on
checksums• The command flags the verified files with the following flags
– ALTERED The object has been tampered with– BADSIG The object has a digital signature that is not valid– DMN The domain is not correct for the object type– PGMMOD The runnable object has been tampered with
• The database file also logs the following non integrity violations as:– NOSIG Objects that do not have a digital signature but can
be signed or objects that have a signature that cannot be verified due to an untrusted status. Anuntrusted status is when the signature verificationstore does not contain the object signer’s signatureverification certificate.
– NOTCHECKED Objects that could not be checked • Only if violations are found by the CHKOBJITG command, results are
written to a result file1041101183438AS4B *PGM QDFTOWN BADSIG /qsys.lib/payslip.lib/PAYMREPORT.PGM1041101183438AS4B *PGM QDFTOWN PGMMOD /qsys.lib/payslip.lib/PAYRMAIN.PGM1041101183438AS4B *FILE BARLEN NOSIG /qsys.lib/payslip.lib/PAYIFSAPP.FILE
The Problems many companies face• Every server platform has unique mechanisms for managing users
(User Registries), making it complex for administrators• Difficult to keep track of users in all systems• Users have to remember user IDs and passwords to each system
they use• Application developers create their own user registries and use
unsafe techniques for access to back-end systems• Single point of management tools solve the problem for
administrators, but not necessarily for users or ISVs20% to 40% of all calls to a help desk involve forgotten passwords costing a company $14 to $26 per reset.Source: Gartner Group
• Existing single sign-on solutions (distributed authentication, authentication proxy, etc.) store user and password information
• Storing passwords, even encrypted, lowers security – passwords should be hashed
Architecture and Operation of Commercial Application Systems FU Berlin
EIM defined: Identity associations across user registries associated with OS platforms, applications, and middleware.
• Enterprise Identity Mapping (EIM) is a mechanism for mapping (associating) a person or entity to the appropriate user identities in various registries throughout the enterprise
• EIM provides an infrastructure that lowers the expense for application developers to provide single signonsolutions
Windows 2000 Server
kdc1.itso.myco.com
EIM Domain ControllerJsmith
Sjonesrealm = itso.myco.com
iSeriesB.itso.myco.com
iSeriesA.itso.myco.com
zSeriesC.itso.myco.com
EIM IdentifiersJohn Smith Sharon Jones
SjonesSharonjJonesshJoness2
JsmithJohnsSmithjoSmithj
Kerberos principaliSeries A user nameiSeries B user namezSeries C user name
The IBM autonomic computing initiative
Architecture and Operation of Commercial Application Systems FU Berlin
Kerberos Tickets• Ticket: A record that helps a client authenticate itself to a server
or service and establish a session.
• Ticket-granting ticket (TGT): A ticket used for requesting tickets subsequently used for sessions. A TGT is received once the proper credentials are given to the Authentication Server.
• Some other tickets:– Proxiable/Proxy Ticket: Ticket that can be used by servers to
represent the client against a back-end server– Forwardable/Forwarded Ticket: Ticket that delegates the task
of obtaining service tickets on behalf of the client
Architecture and Operation of Commercial Application Systems FU Berlin
– Min. OS/400 V5R2 (5722-SS1) or i5/OS V5R3– Including Qshell interpreter (Option 30) and Host Servers (opt.12)– Cryptographic Access Provider 128-bit (5722-AC3)– iSeries Access for Windows (5722-XE1)
• Client– Windows 2000/XP– iSeries Access (Version 5 Release 2 or higher)– iSeries Navigator including the "Network" and "Security" components
(for administration)– Other clients that support Kerberos authentication
• KDC– Supporting Kerberos Version 5 – iSeries KDC support added with i5/OS V5R3– Windows 2000 or Windows 2003 server with Active Directory– Linux KDC (MIT or Heimdal)
Antivirus scanning• i5/OS keeps track of all changes and only calls the
scanning software when files or virus definition files change.– When independent auxiliary storage pools (IASPs) are used and
virus definitions are kept in sync between systems, moving an IASP does not cause a rescan.
– Scanning behavior can be controlled via IFS object attributes and system values.
• Only objects in /root, QOpenSys and UDFS file systems are scanned.• When several open instances exist on an object, scanning is only
performed when a close request is received for the last descriptor.• By default, no scanning occurs when objects open for write.• Virus scanning products can register to the following exit points:
– QIBM_QP0L_SCAN_OPEN: Integrated File System Scan on Open Exit Program – QIBM_QP0L_SCAN_CLOSE: Integrated File System Scan on Close Exit Program
Architecture and Operation of Commercial Application Systems FU Berlin
Open Exit - Preconditions• Exit program NOT called if any of the following is true
– No exit program exist for this exit point– QSCANFS has *NONE specified– Object is marked to not to be scanned and a scan is
not required because the object was restored– Object opened for Write access only– Object truncated as part of Open request– Object is the storage for IXS– Object no being accessed from a file server and
QSCANFSCTL has *FSVRONLY specified– Object is in *TYPE1 directory
Open Exit – additional conditions• If previous conditions met, call exit program if one of the
following conditions is met– Object has never been scanned– Object data has been modified since last scan– CCSID of object has been modified since last scan– To CCSID specified on open request different from
last two To CCSID that were specified and scanned– Object being open in binary and not previously scan
in binary– Updates to scanning software and object was not
marked to be scanned only if object changed
Architecture and Operation of Commercial Application Systems FU Berlin
Close Exit – Additional Conditions• If previous conditions met, call exit program if one of the
following conditions is met– Object has never been scanned– Object data has been modified since last scan– CCSID of object has been modified since last scan– To CCSID specified on open request associated with
this close is different from last two To CCSID that were specified and scanned
– Object associated in the close request was being open in binary and not previously scanned in binary
– Updates to scanning software and object was not marked to be scanned only if object changed
Architecture and Operation of Commercial Application Systems FU Berlin