[AG-TECH] AG Security

Don Morton morton at cs.umt.edu
Thu Jul 18 13:58:30 CDT 2002


Maybe I'm missing something, but RAT has an encryption feature
(which I've never tried).  Isn't it possible to just use this,
to at least minimize chances of audio being "snooped?"  Or
am I being grossly simplistic?? :)

"Ivan R. Judson" wrote:
> 
> There is never any guarantee (nor mechanism to detect, necessarily) if
> someone is eavesdropping via multicast.  However, if the streams are
> encrypted, then you decrease the probability that eavesdroppers can gain
> access to the data, related to the amount of effort and resources they
> have to crack the crypto method you use.
> 
> On another note, the key distribution mechanism we use for the secure
> room is a prototype.  Yes it is cumbersome, no it isn't the way it
> should be done.  SecureID cards, key chain devices, or even biometric
> sensors could be used to do key management or
> identification/authentication.  We haven't had to do that for 1.0, which
> means we can focus on building 2.0 with those features in place (which
> they are).
> 
> If you want to eliminate eavesdropping, the easiest mechanism is to use
> a bridge, which has performance trade-offs.
> 
> --Ivan
> 
> ..........
> Ivan R. Judson .~. http://www.mcs.anl.gov/~judson
> Futures Laboratory .~.  630 252 0920
> Argonne National Laboratory .~. 630 252 6424 Fax
> 
> 
> > -----Original Message-----
> > From: owner-ag-tech at mcs.anl.gov
> > [mailto:owner-ag-tech at mcs.anl.gov] On Behalf Of Allan Spale
> > Sent: Thursday, July 18, 2002 1:24 PM
> > To: ag-tech at mcs.anl.gov
> > Subject: [AG-TECH] AG Security
> >
> >
> > Hello,
> >
> > One of the questions today that I received during my
> > presentation about the Access Grid concerned security.
> > Specifically, how can one guarantee that no one can eavesdrop
> > (video and/or audio) on an AG session.  I am somewhat aware
> > about the Secure Room and its purpose, but what other options
> > are there?  When I described this process, my explanation
> > made this process of reserving this room seem cumbersome
> > (i.e. having to specifically request use of the Secure Room
> > as opposed to reserving a non-secure venue).
> >
> > The other idea I thought about was setting up an
> > instituition-level venues server (Virtual Venues server
> > software).  If this was done, what assurances would there be
> > to keep people from eavesdroping on the internal session.
> >
> > Taking this one step further, if there were shared
> > applications used during a session (and I do not think
> > exposing DPPT data streams would really matter, but for the
> > sake of argument), it is more of the writers of the
> > applications to provide their own security mechanism to
> > assure that the data streams are secured?
> >
> > I would appreciate any people sharing their information with
> > me.  In this way, I can help address the security issue in a
> > much better manner in any future AG presentation.  Thanks.
> >
> >
> > Allan
> > EVL at UIC
> > node-op
> >
> >


-- 
   Don Morton                   http://MRoCCS.cs.umt.edu/~morton/
   Department of Computer Science       The University of Montana
   Missoula, MT 59812 | Voice (406) 243-4975 | Fax (406) 243-5139



More information about the ag-tech mailing list