Multi-party Authentication in Web Services
7/17/2016 2:56 PM Madhumita Chatterjee Dt :28 th October 2004 1

Overview        Web Services Architecture Typical Scenario Security Threats Challenges and issues Need for Session Authentication Two Approaches—an analysis Proposal 7/17/2016 2:56 PM 2

Web Service Components   Internet based modular applications Program to program communication  XML    WSDL SOAP UDDI 7/17/2016 2:56 PM 3

Web Service Architecture Implementation of Services (components) UDDI Interface Description with WSDL 1. Request 4. Request Service requester Service Broker Web Server For SOAP S E R V I C e 7/17/2016 2:56 PM 4

Web Service Workflows     Dynamic composition Multiple instances Workflow involves service instances belonging to different Web services Multiple parties belong to a flow.
7/17/2016 2:56 PM 5

Typical Web Service Scenario Financer F.1
Provider P.1
P.2
F.2
I.1
Insurance Buyer B.1
G.1
Govt service S.1
Shipper Service Instance 7/17/2016 2:56 PM 6

Threats….
    Unauthorized access Parameter manipulation Network eavesdropping Message replay 7/17/2016 2:56 PM 7

Challenges     Dealing with un-trusted clients.
Application internals are exposed.
SOAP messages are not point to point Challenge is to preserve security of SOAP message from initial SOAP sender to ultimate SOAP receiver.
7/17/2016 2:56 PM 8

SSL is inadequate    SSL provides point-to-point security Web Services need end-to-end security SSL does not support    End-to-end confidentiality Element wise signing and encryption Non-repudiation 7/17/2016 2:56 PM 9

Need for session Authentication Flight TA-1 TA-2 Car#2 7/17/2016 2:56 PM Car#1 Hotel 10

Maruyama’s protocol   Session Authenticator component responsible for distributing keys and authenticating messages Each instance belonging to a session gets the shared key 7/17/2016 2:56 PM 11

Maruyama’s protocol….cont
  Message authentication protocol  transports authentication information between session participants Session management protocol  responsible for starting, running and ending a particular session. 7/17/2016 2:56 PM 12

Message Authentication   Session Authenticator  Allows service instances to mutually verify transient membership Service Authenticator  Protocol for sending Web service to send MACed SOAP envelope to receiving Web Service 7/17/2016 2:56 PM 13

Session Authenticator     Sending instance prepares SOAP envelope Optionally uses XML encryption Adds authentication to SOAP header Using SOAP-DSIG applies MAC to envelope under session key.
7/17/2016 2:56 PM 14

Session Auth….cont…      Receiver checks for session key.
Else obtains key from session manager.
Validates MAC and accepts SOAP envelope.
Decrypts encrypted message.
Receiver now has authenticated mesg and session handle.
7/17/2016 2:56 PM 15

Service Authenticator      Sending service prepares SOAP envelope.
Adds authentication header.
Uses SOAP-DSIG to digitally sign mesg.
Optionally uses XML encryption.
Receiver decrypts, validates signature, verifies its own sign and accepts.
7/17/2016 2:56 PM 16

Session Management  Initiator of session could be SA      Assigning session Ids.
Creating session secrets.
Maintaining status information for each session.
Keeping participants informed of the status.
Shutting down sessions.
7/17/2016 2:56 PM 17

Online session Management 7/17/2016 2:56 PM 18

Drawbacks ..
    SA cannot measure the validity of service instance Anyone who has session ID can contact SA.
An attacker who has compromised an instance can request to join session No unique identifier for each instance 7/17/2016 2:56 PM 19

Multi-Party Auth Protocol     Each instance has unique identifier Based on Diffie Hellman Key exchange to compute shared secret key.
Session Manager manages a given Web Service session Manager instance’s identifier is unique for one session.
7/17/2016 2:56 PM 20

Notations…..
       p: g: R: a large prime number a primitive root of p random no. chosen by a service instance of the session g R mod p is the unique identifier used by the g R : instance.
K x,y : security key shared by service instance x and y.
MAC x,y (M): MAC code for msg M under key K x,y.
U(R, g R ): g R .
Service Instance U with pvt msg R and identifier 7/17/2016 2:56 PM 21

Example Scenario     User instance (UI (x, g x ).
UI contacts session manager Manager invokes service instance (MI(y, g y )). MI and UI exchange identifiers and a session is initialized.
7/17/2016 2:56 PM 22

Multi-Party Auth Protocol 7/17/2016 2:56 PM 23

Cont….
    UI wants to contact service # 1 New instance (NI(z, g z )) invoked UI and NI exchange identifiers g x and g z UI sends message to MI 7/17/2016 2:56 PM 24

Cont….
7/17/2016 2:56 PM 25

Cont…..
   NI needs to contact another service #2.
NI2(n, g n ) is invoked by NI and recommended to MI NI2 sends MI an message to check UI’s identity 7/17/2016 2:56 PM 26

Cont….
7/17/2016 2:56 PM 27

Strengths of Protocol    Each service instance has a unique identifier Attackers cannot get key shared in an instance from plain text and MAC code Any new instance wanting to join session must be recommended by session participant.
 Malicious instance will be detected by SA 7/17/2016 2:56 PM 28

Mathematical Model 7/17/2016 2:56 PM 29

Model…cont… T total,i 
4x i +1 x i
 ( T
m(j,i)
) + T key-pair(j,i)
j=1 j =1
+
2(x i + 1)

( T sec(j,i) j=1 ) + T inst,I
…………….(1) 7/17/2016 2:56 PM 30

Cont…… T n-total = T total,i  n 4x i +1 x j  (  ( T
m(j,i)
) + T key-pair(j,i)
i=1 j=1 j =1
) +
n 4x i +1
 (  ( T
m(j,i) x j
)+ T key-pair(j,i)
i= 1 j=1 j=1
7/17/2016 2:56 PM 31

Cont…………..
+
2(x i

+1) ( T sec(j,i) j=1 ) + T inst,I ==
[4(x 1 + x 2 + x 3 +….. x n ) + n](T message ) + (x 1 + x 2 + x 3 +….. x n ) + n](T key-pair ) + 2[(x 1 + x 2 + x 3 +….. x n ) + n](T secret ) + n T instant … ……………………………….(2) 7/17/2016 2:56 PM 32

Cont…… where T message = n 4x j + 1  (  ( T
m(j,i) i= 1 j=1 )) ______________ n
 ( 4x i + 1 ) i=1 T key-pair =
n x i
 (  ( T
key-pair(j,i) i= 1 j=1 )) ______________ n
 x i
i=1
7/17/2016 2:56 PM 33

Cont…… T secret =
n 2x i + 1
 (  ( T
sec(j,i) i= 1 j=1 )) ______________ n
 (2x i
i=1
+ 1) T instance =
n
 ( T
inst,i i= 1 ) ______________ n
7/17/2016 2:56 PM 34

Analysis     Assume that key space is large.
Prob that two partners within same session chose same private key is small For every i in {1,2,3….n} x i  1.
(x 1 + x 2 + x 3 + …….x
n )  n.
7/17/2016 2:56 PM 35

Cont….
T n-total = 5n (T message ) + n(T key-pair ) + 4n (T secret ) + n T instance = n [5(T message ) +(T key-pair ) + 4 (T secret ) + T instance ] 7/17/2016 2:56 PM 36

Result of Analysis  In worst case time consumption of introducing service instances into session increases linearly with amount of session partners.
7/17/2016 2:56 PM 37

Drawbacks    Message overheads due to Diffie Hellman exchange Time consumption to compute so many key pairs Diffie Hellman also prone to attacks 7/17/2016 2:56 PM 38

Issues not considered  What if Session Manager is malicious??
7/17/2016 2:56 PM 39

A Proposal….Adaptive approach    Requirements of users may vary.
Is there need for stringent measures uniformly to every node and transaction Can we apply as much security as a particular transaction requires?
7/17/2016 2:56 PM 40

Sophisticated Web Services   E.g order for aircraft engine     Spawns multiple supporting transactions Orders to individual parts Orders for shipping containers Etc Involves handling huge volumes of traffic 7/17/2016 2:56 PM 41

Adaptive approach ….cont
   For Simple Web services existing security measures may suffice.
For sophisticated Web Services involving long transactions trusted third party model desirable.
Can an adaptive/hybrid approach be implemented???
7/17/2016 2:56 PM 42

References 1. S. Hada and H. Maruyama, “Session Authentication Protocol for Web Services,” Proc. 2002 IEEE Symposium on Application and the Internet, pp. 158-165, Jan. 2002. 2. Dacheng Zhang and Jie Xu, “Multi-Party Authentication for Web Services: Protocols, Implementation and Evaluation,” Proc. 2004 IEEE Symposium on Object Oriented Real-time Distributed Computing.
3. M.Hondo, N. Nagaratnam, A.Nadalin, “Securing Web Services,” IBM Systems Journal, Vol 41, No. 2, 2002.
4. David Geer, “Taking Steps to Secure Web Services,” IEEE Computer, Vol 36, Oct 2003.
5. V Vasudevan, “A Web Services Primer”, http://www.xml.com/pub/a/2001/04/04/Webservices/, April 2001.
6. Y. Nakamur, S. Hada and R. Neyama, “Towards the Integration of Web Services Security on Enterprise Environments,” Proc. 2002 Symposium on Applications and the Internet, pp. 166-177, Jan 2002.
7. W3C NOTE, Simple Object Access Protocol (SOAP) 1.1, http://www.w3.org/TR/SOAP/ 7/17/2016 2:56 PM 43

References 8. W3C NOTE, SOAP Security Extensions: Digital Signature, http://www.w3.org/TR/SOAP-dsig .
9. Web `Services Security(WS-Security), http://www.ibm/developerworks/library/ws-secure . 10. Web Services Security Threats and Countermeasures, Microsoft Corporation, Jan 2004.
7/17/2016 2:56 PM 44

Acknowledgements  Prof Bernard M  Prof G.Sivakumar
7/17/2016 2:56 PM 45