c. edward chow (pi) chip benight (pi) ganesh godavari department of computer science

1

SGFR:Secure Groupware for First Responders

http://cs.uccs.edu/~sgfr/Contact: chow@cs.uccs.eduA NISSC Sponsored Project

C. Edward Chow (PI)Chip Benight (PI)Ganesh Godavari

Department of Computer Science

Part of this work is based on research sponsored by the Air Force Research Laboratory, under agreement number F49620-03-1-0207. it was sponsored by a NISSC summer 2003

grant.

2

Goal of SGFR• SGFR: Secure Groupware for First Responder:• The goal is to design a framework for enhancing

groupware packages such as instant messenger and video conferencing tool,– with security through

• scalable group key management (Keystone from UT Austin), and• secure model secure group policy management (Antigone from U.

Michigan)– With stress level and tool usage effectiveness evaluation

• This is a joint project with Dr. Chip Benight of psychology department.

• The enhanced secured groupware will be tested in a field trial with City’s Emergency Response team.

3

SGFR Features

Security Enhanced GroupwareInstant messenger

(JabberX)

Group Communication ServerInstant Messaging Server

(Jabber)

Psychology EvaluationStress Level Tracking

Effectiveness of Tool Usage(Keyboard/Mouse Event Tracking,History of Commands, Mistakes,

Popup Quiz?)

Group Key ManagmentSecure Group

Rekeying system(Keystone)

4

SGFR System Architecture

SGFR Client

SGFR Client

SGFR Client

SGFR Group Key Server

SGFR Instant Messenger

Server

Group key distribution

Sign-in create/join chat groups

Registration/authentication

Encrypt/Decrypt msgs using group key

5

SGFR System Operation

Registrar

JabberXclient

ControlManager

KeyServer

Jabber Server

DataBroadcast

JabberXClient

JabberXClient

Multicast/Unicast

Rekey messages

Rekey messages

Registration

Requests

ApplicationData

6

Associate JabberX client with Keyserver and Jabber server

• Users login to the Jabber server• If login successful, the client registers with

the Keyserver.• When a user creates/joins a group, the

Keyserver gives a key to the client.• When a user leaves the group, the

Keyserver generates a new key for the remaining members of the group.

7

Output of the Keystone Server

User ganesh joining group g1

User ayen joining group g1

First group key assigned to group

Second group key assigned to groupWhen a member

joined

8

Packet captured by Ethereal Packet Sniffer

Output of the Jabber server running on a machine

Encrypted “Hello”

Surrounded by <body>tag

9

Keystone Registrar Setup

• Registrar Setup– R <=> S : using SSL – S => R : registrar key KR, client list

Secret key KR is called registrar key.

Client list contains the identities and ID numbers of clients that does not contain access control information

10

Secure Keystone Client Request

• Client Registration– C <=> R : using SSL– R => C : IDc, kc

– R => S : { IDc, kc} KR

Where Kc is client individual key

IDc is clients identity number

11

Request and Reply

• A request may contain operations to more than one group– Operations

• Join• Leave• Re-synchronize

– C => S : {request} kc

– S => C : {ack} kc, {ind.rekey}kc

12

Key Updates• Keyserver distributes new keys using the

rekey messages. • Reliable key updates can be done using

– TCP– Reliable multicast Transport protocol

• Key stone uses UDP over IP multicast for efficient rekey message delivery and Forward Error Correction technique

13

Re-synchronization

• FEC does not provide 100% reliability• Solution 1

– Client request for retransmission of the lost rekey message

• Disadvantages– Inefficient when the number of lost rekey is large

• Solution 2– Keystone provides resynchronization mechanism for

clients to update their keys incase of message loss.

14

keyserverKeyserver.c:main() sslInfoInit(&sslInfo, keyFile, certFile, caFile,

caPath); sslCTX = sslInit(&sslInfo, 1); if (getSpec(servRec, f) != 0) {…in spec.c..} /* the specification file is processed */ setupKGraph(servRec); setupReqAddr(&(servRec->reqAddr)); // listen

for requests for clients setupReqAddr(&(servRec->regReqAddr));

//listen for requests from registrar

15

Keystone Specification File// 1 group, group-oriented TCP, period 1.0, DES3, RSA

global-parametersbegin rekey-period: 1.0 encryption: DES3-CBC message-digest: MD5 signature-scheme: RSA key-file: serverkey.rsa request-port: 20002 register-port: 30002 key-tree-degree: 4 access-control: noneend

group g1begin rekeying: GROUP-ORIENTED rekey-delivery: TCP-unicastend

16

Key Trees

k1-9

k123 k456

k1

k789

k2 k3 k4 k5 k6 k7 k8

u2 u3 u4 u5 u6 u7 u8 u9u1

k9

(changed to k78)

(changed to k1-8)

[Wong et al. SIGCOMM ’98, Wallner et al. Internet Draft]

{k78}k7 {k78}k8

{k1-8}k123 {k1-8}k456 {k1-8}k78

17

Registrar setup Registrar.c:main()

/* connect to keyserver */sslInfoInit(&sslInfo, keyFile, certFile, caFile, caPath);sslCTX = sslInit(&sslInfo, 1);ssl = sslConnect(sslCTX, ksAddr.sk);

/* receive register initialization from keyserver */ msg.size = sslRecv(ssl, msg.msg, msg.max); curr = msg.msg; curr += getMsgHdr(curr, &ver, &type, &size, &seq, &msgSPI, &msgVer); if (type != INIT_REGISTER) { /* error */ } if (sslRecvFile(ssl, cListFilename) != 0) { /* error */ } while (1) {

: if (childProcess(sk, ksAddr.sk, regSA, indSA, sslCTX, seqToKS, lockFile, clientAuthInfo)!= 0)

:}

18

Registrar Client RegistrationRegistrar.c:childProcess()

ssl = sslAccept(sslCTX, sk); if (cliAuthInfo != NULL) { if ((i = checkClientCert(ssl, cliAuthInfo)) < 0) { /* ERROR */}

if (consRegToKS(indSA, seqToKS, &reg) != 0) { fprintf(stderr, "ERROR: registration to key server\n"); return -1; }

/* sign and encrypt registration info with regSA */ putMsgSize(reg.msg, 0); if (signEncMsgSA(&reg, regSA) != 0) { return -1; }

19

Client SetupProtocol.c:initializeclient()sslInfoInit(&sslInfo, keyFile, certFile, caFile, caPath);registerSSL(ksCtx, &sslInfo, &regAddr);

registerSSL.c:registerSSL()sslCTX = sslInit(sslInfo, 1);ssl = sslConnect(sslCTX, regAddr->sk);

Gchat.c:cmd_join()reqGroups(ksCtx, numGrps, grpName, request);

– Where request can be “join”/”leave”/”resyn”

getGroupKey(ksCtx, grpName, version)

20

SSL Initializationvoid * sslInit(SSLInfo *sslInfo, int verifyPeer){ /* SSL initialization */ SSLeay_add_ssl_algorithms(); SSL_load_error_strings(); if ((sslCTX = SSL_CTX_new(SSLv3_method())) == NULL) { ERR_print_errors_fp(stderr); return NULL; }

::

if (verifyPeer) { SSL_CTX_set_verify(sslCTX, SSL_VERIFY_PEER, NULL); } else { SSL_CTX_set_verify(sslCTX, SSL_VERIFY_NONE, NULL); } return ((void *) sslCTX);} /

21

SSL Server connectionvoid * sslAccept(void *sslCTX_v, int sock){ /* begin of sslAccept() */ SSL_CTX *sslCTX = (SSL_CTX *) sslCTX_v; SSL *ssl; X509 *peerCert; if ((ssl = SSL_new(sslCTX)) == NULL) { fprintf(stderr, "ERROR: no ssl\n"); return NULL; } SSL_set_fd (ssl, sock); if (SSL_accept(ssl) == -1) { ERR_print_errors_fp(stderr); SSL_free(ssl); return NULL; }

if (SSL_CTX_get_verify_mode(sslCTX) == SSL_VERIFY_PEER) { if ((peerCert = SSL_get_peer_certificate (ssl)) == NULL) { fprintf(stderr, "ERROR: no peer cert\n"); SSL_free(ssl); return NULL; } } else { fprintf(stderr, "ERROR: ask for account and password\n"); return NULL; } return ((void *) ssl);}

22

SSL Client connectionvoid * sslConnect(void *sslCTX_v, int sock){ /* begin of sslConnect() */ SSL_CTX *sslCTX = (SSL_CTX *) sslCTX_v; SSL *ssl; X509 *peerCert;

if ((ssl = SSL_new (sslCTX)) == NULL) { fprintf(stderr, "ERROR: no ssl\n"); return NULL; }

SSL_set_fd (ssl, sock); if (SSL_connect(ssl) == -1) { ERR_print_errors_fp(stderr); SSL_free(ssl); return NULL; }

if ((peerCert = SSL_get_peer_certificate (ssl)) == NULL) { fprintf(stderr, "ERROR: no peer cert\n"); SSL_free(ssl); return NULL; } return ((void *) ssl);}

23

Access Control List/* check client certificates *//* return -1 if error or client not found */int checkClientCert(void *ssl_v, ClientAuthInfo *cliAuthInfo){ SSL *ssl = (SSL *) ssl_v; X509 *peerCert; char peerName[256]; int i, peerNameSize;

if ((peerCert = SSL_get_peer_certificate (ssl)) == NULL) { fprintf(stderr, "ERROR: no peer cert\n"); return -1; }

X509_NAME_oneline(X509_get_subject_name(peerCert), peerName, sizeof(peerName)); peerNameSize = strlen(peerName)+1;

/* got the subject line so compare with the list u want to allow.*/ : : return SUCCESS/FAILURE;} /* end of checkClientCert() */

24

Encryption CBFint EncryptString (char *in, char *out, unsigned char *key, int plainlen){ int cipherlen, tmplen; unsigned char iv[8] = {1,2,3,4,5,6,7,8}; EVP_CIPHER_CTX ctx;

EVP_CIPHER_CTX_init(&ctx);EVP_EncryptInit(&ctx,EVP_bf_cbc(),key,iv);

if (!EVP_EncryptUpdate(&ctx,out,&cipherlen,in,plainlen)) { return -1; }

if (!EVP_EncryptFinal(&ctx,out+cipherlen,&tmplen)) { return -1; }

cipherlen += tmplen;EVP_CIPHER_CTX_cleanup(&ctx);return cipherlen;}

25

Decryption CBFint DecryptString(char *in, char *out, unsigned char *key, int cipherlen){ int plainlen, tmplen; unsigned char iv[8] = {1,2,3,4,5,6,7,8}; EVP_CIPHER_CTX ctx;

EVP_CIPHER_CTX_init(&ctx);EVP_DecryptInit(&ctx,EVP_bf_cbc(),key,iv);

if (!EVP_DecryptUpdate(&ctx,out,&plainlen,in,cipherlen)) { return -1; }

if (!EVP_DecryptFinal(&ctx,out+plainlen,&tmplen)) { return -2; }

plainlen += tmplen;

EVP_CIPHER_CTX_cleanup(&ctx);return plainlen;}

26

Testing ResultsRuns Client Registration

Time (ms)Group Join Time

(ms)Group Leave Time

(ms)1 279.62 233.46 135.54

2 249.28 652.74 126.78

3 253.93 706.04 769.08

4 259.46 118.15 434.12

Avg/Run 260.5725 427.5975 366.38

Table 1 time taken for client registration group join, group leave

File size Time Taken (ms)8.5K 35302.47

25K 105986.05

60K 305934.53

195K 1007949.38

Table 2 time taken for file transfer

27

Conclusion• A secure group communication software

package SGFR v.0 was developed. – Use Digital Certificate to authenticate client access.– Group keys are distributed when members join/leave

or based on some time period.– Group key is used to encrypted the messages.– Enhance text-based chat with remote file download

and remote display.• Ported the SGFR v.0 to run on handheld devices

include PDA running Linux and Sony PalmTop.

28

Future work

• Improve the file transfer capability using Reliable Multicast Transport Protocol.

• Improve Keystone’s error handling mechanism between keyserver/registrar and client manager.

• Improve Keystone client manager by moving it into socket layer and providing socket layer API between a client manager and data processor.

• Integrate with Wireless Sensor Networks and improve security of their operations.