[AG-TECH] AG documentation on security
Robert Olson
olson at mcs.anl.gov
Thu Aug 16 14:57:09 CDT 2001
Hi --
I'm not sure if this is online anywhere, but it's a blurb we put together
for something.
-----
Can I have secure meetings on the Access Grid?
Yes. There are several levels of security available to users of the Access Grid
The first is simple obscurity and social conventions for the meetings: if
no one else shows up in a virtual venue room and if I dont tell any one,
we can assume nobody is listening. This level of security is quite low. It
is very easy for someone on the network to lurk invisibly on the published
multicast addresses allocated to the media channels used in the Access Grid
Virtual Venues, and hear and see all that goes on.
The next level of security is through the implementation of encryption on
the media streams in the Access Grid. The audio and video tools are capable
of securing their media streams using DES or AES stream encryption. We
have implemented a secure venue room that includes access control to the
room (based on Virtual Venue user id), encryption of the traffic between
client and Venue server using an Apache/SSL server, and distribution of
stream encryption keys via the SSL-secured http connection.
While the level of security provided by this implementation is quite high
and is suitable for general private meetings, improvements are possible in
the following areas:
· The encryption keys are stored in a database on the Venues server.
While we have made all attempts to secure this machine within the Argonne
network, a security breach on the server could compromise the keys.
· There is not a mechanism for automated changing of session keys,
though different keys are generally used for each session.. It may be
possible to break the encryption if one recorded and analyzed the encrypted
data stream.
· It does not address the problem of encryption of other documents:
PowerPoint slides, documents, other shared applications, etc.
We plan to address these issues in future research and development efforts.
At 03:38 PM 8/15/2001 -0700, Wesley Lau (DSD student -DAA) wrote:
>Could someone point me to some docs regarding the AG security model? I'm
>wondering how the Secure Room works and what kind of
>encryption/authentication is used.
>
>thanks
>wes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mcs.anl.gov/pipermail/ag-tech/attachments/20010816/8dbb057a/attachment.htm>
More information about the ag-tech
mailing list