<html>
Hi --<br>
<br>
I'm not sure if this is online anywhere, but it's a blurb we put together
for something.<br>
<br>
-----<br>
<br>
Can I have secure meetings on the Access Grid?<br>
<br>
<font face="Courier New, Courier">Yes. There are several levels of
security available to users of the Access Grid<br>
<br>
The first is simple obscurity and social conventions for the meetings: if
no one else shows up in a virtual venue room and if I don’t tell any one,
we can assume nobody is listening. This level of security is quite low.
It is very easy for someone on the network to lurk invisibly on the
published multicast addresses allocated to the media channels used in the
Access Grid Virtual Venues, and hear and see all that goes on.<br>
<br>
The next level of security is through the implementation of encryption on
the media streams in the Access Grid. The audio and video tools are
capable of securing their media streams using DES or AES stream
encryption. We have implemented a secure venue room that includes
access control to the room (based on Virtual Venue user id), encryption
of the traffic between client and Venue server using an Apache/SSL
server, and distribution of stream encryption keys via the SSL-secured
http connection.<br>
<br>
While the level of security provided by this implementation is quite high
and is suitable for general private meetings, improvements are possible
in the following areas:<br>
</font><font face="Symbol">
<dl>
<dd>·<x-tab> </x-tab></font>The
encryption keys are stored in a database on the Venues server. While we
have made all attempts to secure this machine within the Argonne network,
a security breach on the server could compromise the keys.<br>
<br>
<font face="Symbol" size=5>
<dd>·<x-tab> </x-tab></font>There
is not a mechanism for automated changing of session keys, though
different keys are generally used for each session.. It may be possible
to break the encryption if one recorded and analyzed the encrypted data
stream.<br>
<br>
<font face="Symbol" size=5>
<dd>·<x-tab> </x-tab></font> It
does not address the problem of encryption of other documents: PowerPoint
slides, documents, other shared applications, etc.<br>
<br>
</dl>We plan to address these issues in future research and development
efforts.<br>
<br>
<br>
<br>
At 03:38 PM 8/15/2001 -0700, Wesley Lau (DSD student -DAA) wrote:<br>
<br>
<blockquote type=cite cite>Could someone point me to some docs regarding
the AG security model? I'm<br>
wondering how the Secure Room works and what kind of<br>
encryption/authentication is used.<br>
<br>
thanks<br>
wes</blockquote></html>