Hardware Based XML Security Components

1
Hardware Based XML Security Components

• Forum Systems, Inc.
• 95 Sawyer Road
• Waltham, MA 02453
• 781-788-4200
• http//www.forumsys.com

• DataPower Technology, Inc.
• One Alewife Center
• Cambridge, MA 02140
• 617-864-0455
• http//www.datapower.com

2
Topics

• XML webServices Security
• Enterprise Deployments for XML Security
• Hardware-Based XML Security
• Interoperability
• XML Security and FEA

3
Need for XML Security
Securing channels vs. Securing content

• Direct connection between client and server must
  be established
• Multiple intermediaries require multiple HTTPS
  connections piped together
• Opens potential security holes at connecting
  nodes, but also creates a public key certificate
  management nightmare
• Can not provide granular content security
• Scenarios such as multi-level approval require
  parts of information to be open
• Connection-based security are insufficient
• Verify the authenticity of approval signatures
• Unnecessarily encrypting all content also
  introduces more processing overhead

Field Agent Sign and send an order. The order
contains an encrypted account number
Manager Verify the order Signature attach an
approval signature
Payment Center Verify the approval Signature
decrypt account number Attach a payment status
signature remove the account number
Factory Verify the payment status
signature Verify agent address, send product
4
Technology and Specifications Landscape
TRM Service Interface and Integration
Interoperability Data Format/Classification

• Most already familiar to the XML WG FEA
• Foundation
• XML
• DTD / XML Schema
• XPath/XSLT
• SOAP

TRM Service Interface and Integration
 Interoperability Data Types / Validation
TRM Service Interface and Integration
Interoperability Data Transformation

• Security Building Blocks
• XML Digital Signature
• XML Encryption

TRM Component Framework  Data Interchange
 Data Exchange
TRM Component Framework   Security Supporting
Security Services

• Upper-Layer Protocols/Standards
• WS-Security
• SAML
• XKMS
• XACML
• UDDI

TRM Component Framework  Security
 Certificates / Digital Signature
TRM Service Interface and Integration
  Interface Service Discovery
5
Sampling of XML Security Threats

• Snooping
• old problem made worse by human-readable formats
• Tampering
• alter invoice or PO
• examples in semi-trusted environment
• Unauthorized action via valid interface
• Breach of memory space
• buffer overwrite, HTTP overrun
• Unintentionally exposed interface
• methods not in public spec
• automatic object marshalling to/from XML
• XML Denial-of-Service (XDoS)
• attack at XML level
• asymmetry of XML processing

6
XML Security Deployment Ecosystem

• External PKI infrastructure CA servers, services
• Application Infrastructure web servers,
  application servers, integration servers
• Management Infrastructure systems, network,
  security and logging
• Network Infrastructure next slide

Certificate Authority
Access Control Policy Server
Managed PKI
Service Registry
LDAP SAML, XACML
LDAP, OCSP XKMS
HTTP UDDI
WSS App Server
XKMS
WSC App Server
WSS App Server
WSC App Server
syslog
SNMP XML
Validated Data Elements
WSS Integration Server
Network / System / Security Management Server
Log Server
Non-Repudiation Audit Server
Mgmt. Console
7
Deployment Modes
Proxy-Mode
XS40 Sentry
Firewall
Gateway-Mode
Sentry XS40
Load Balancer
Firewall
Web Service
Web Service
Service-Mode
Firewall
XS40 Sentry
Web Service
8
XML Security Gateway Deployment
9
Digital Signatures
Public DMZ
Private Network
Partner
External Firewall
Internet
Intermediary Firewall
Application Sever
User
WSC
Integration/ Internet-Pass Thru
SSL/TLS
WSC
WSC

• Digital signing service for
• SOAP formatted XML documents
• Digital verification service for
• SOAP formatted XML documents

Signature/ Verification Server
Signature/ Verification Server
10
Sign all outgoing messages

• Protect against
• Undetected message tempering
• Liability of fake requests
• Recipient doesnt have to be XML DSIG enabled
• Audit/verify transactions as originating from
  within own network
• Recipients can (but dont have to) verify
  signatures for authentication
• Easy way to improve security no reason not to
  start doing it today (except for maybe
  performance)

11
XML Filtering
Public DMZ
Private DMZ
Partner
External Firewall
Internet
Intermediary Firewall
User
WSC
XML/SOAP Proxy
Single-Sign On
SSL/TLS
WSP
WSP

• OPERATIONS
• Traffic Filtering
• Message Schema Validation XPATH Filtering
• Of the request
• Of the response
• Authentication of WSC (Transport Level)
• Strong SSL Client Certificate
• Certificate Path Validation
• Certificate Revocation List
• Credentials Mapping of WSC (Message Level)
• Translate Protocol Auth To Document Auth
• Inject SAML within SOAP Request

• Authentication of WSC (Message Level)
• Access Control to Remote Resources

12
The Need for Hardware Based XML Security

• Hardware XML Security Reduces Complexity
• Hardware XML Provides Hardened Security
• Hardware XML Security Delivers superior
  Performance
• Hardware XML Security Encourages Interoperability

13
Hardware XML Security Reduces Complexity
Centralizes Security Functions

• Secure multiple applications without code changes
• Dramatically reduce cost and complexity
• Enable new business with unmatched performance

Update application servers individually
14
Hardware provides Hardened Security

• Accountability
• OS upgrades
• Security software upgrades
• Hardware upgrades
• Hardened OS
• Eliminate generic processes, daemons or
  listeners.
• Hardware-based crypto Algorithms
• Prevent application developers from using weak
  crypto implementations
• Separation of Security Policies from Applications

15
XML Cryptography Security Performance

• Crypto operations are resource-intensive
• Public-key crypto operations are very expensive
• Familiar example SSL
• A couple RSA ops per connection, bulk encryption
• Today, SSL hardware acceleration is well-accepted
  practice
• XML example WS-Security based XML message
• Signed header(s)
• Public-key encrypted symmetric key
• Encrypted payload sections
• Signed payload sections
• 10 public-key ops per message is quite likely
• Multiple messages per connection
• XML processing also significant

16
XML hardware encourages interoperability

• Coupled to the other systems by Ethernet jack,
  not custom code
• Separation of concerns
• Network gear business model based on
  out-of-the-box interop
• Large software vendors focused on creating
  XML-enabled platforms
• Functionality and development tools benefit
• Interop is necessarily secondary, standards wars
  looming
• Network vendors architecturally unable to achieve
  lock-in
• Focused on a concrete set of challenges
• XML security performance
• Interoperability.

17
Overview of Hardware XML Security Market

• A lot of vendors, large and small, claim to
  provide XML security or secure web services
• This is natural, but can make selection confusing
• Web services management vs. web services security
• Most relatively small companies
• Hardware model gaining traction
• Recent inrush of pure-software vendors with
  server appliances
• Standards support key to value

18
Interoperability promoted through Standards
Bodies

• Interoperability is hard work, but much more
  likely
• WSI promotes webServices Interoperability.
• The WS-I testing tools are designed to help
  developers determine whether their Web services
  are conformant with Profile Guidelines.
• SOAP Specifications Assertions and Test
  Collection
• A SOAP 1.2 implementation that passes all of the
  tests specified in this document may claim to
  conform to the SOAP 1.2
• Baseline Standards have matured, for example
• SOAP 1.1 May 2000
• XML DSIG Feb 2002
• SAML 1.0 November 2002
• WS-Security April 2002
• Integration with CAs, policy stores, schema
  repositories, service repository registries
• Interoperability in a heterogeneous environment
  with application servers, in-house software,
  hardware devices from other vendors

19
XML Security Hardware and FEA

• The FEA is being constructed through a
  collection of interrelated "reference models"

Hardware approach provides price/performance
manageability
Hardware security gateway for cross-agency
exchange
Hardware approach fits well within the Component
Framework
20
XML Security Hardware TRM

• TECHNICAL REFERENCE MODEL (TRM)
• "The TRM is a component-driven, technical
  framework used to identify the standards,
  specifications, and technologies that support and
  enable the delivery of service components and
  capabilities."  

21
XML Security Gateway within the FEA TRM framework
22
XML Security Gateway within the FEA TRM Framework
23
XML Security Gateway within the FEA TRM Framework
24
QA

• Mamoon Yunus
• Forum Systems, Inc.
• 95 Sawyer Road
• Waltham, MA 02453
• 781-788-4200
• http//www.forumsys.com

• Eugene Kuznetsov
• DataPower Technology, Inc.
• One Alewife Center
• Cambridge, MA 02140
• (617)864-0455
• http//www.datapower.com