[AG-TECH] AG documentation on security

Robert Olson olson at mcs.anl.gov
Thu Aug 16 14:57:09 CDT 2001


Hi --

I'm not sure if this is online anywhere, but it's a blurb we put together 
for something.

-----

Can I have secure meetings on the Access Grid?

Yes. There are several levels of security available to users of the Access Grid

The first is simple obscurity and social conventions for the meetings: if 
no one else shows up in a virtual venue room and if I don’t tell any one, 
we can assume nobody is listening. This level of security is quite low. It 
is very easy for someone on the network to lurk invisibly on the published 
multicast addresses allocated to the media channels used in the Access Grid 
Virtual Venues, and hear and see all that goes on.

The next level of security is through the implementation of encryption on 
the media streams in the Access Grid. The audio and video tools are capable 
of securing their media streams using DES or AES stream encryption.  We 
have implemented a secure venue room that includes access control to the 
room (based on Virtual Venue user id), encryption of the traffic between 
client and Venue server using an Apache/SSL server, and distribution of 
stream encryption keys via the SSL-secured http connection.

While the level of security provided by this implementation is quite high 
and is suitable for general private meetings, improvements are possible in 
the following areas:
·       The encryption keys are stored in a database on the Venues server. 
While we have made all attempts to secure this machine within the Argonne 
network, a security breach on the server could compromise the keys.

·       There is not a mechanism for automated changing of session keys, 
though different keys are generally used for each session.. It may be 
possible to break the encryption if one recorded and analyzed the encrypted 
data stream.

·        It does not address the problem of encryption of other documents: 
PowerPoint slides, documents, other shared applications, etc.

We plan to address these issues in future research and development efforts.



At 03:38 PM 8/15/2001 -0700, Wesley Lau (DSD student -DAA) wrote:

>Could someone point me to some docs regarding the AG security model?  I'm
>wondering how the Secure Room works and what kind of
>encryption/authentication is used.
>
>thanks
>wes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mcs.anl.gov/pipermail/ag-tech/attachments/20010816/8dbb057a/attachment.htm>


More information about the ag-tech mailing list