[AG-TECH] AG Security

Hails, Bob BHails at walton.uark.edu
Thu Jul 18 14:13:08 CDT 2002 

There's also no guarantee that someone isn't standing in one of the
rooms outside the view of the camera.  A good rule of thumb is that you
shouldn't say or do anything in front of a camera or microphone that you
wouldn't want to be public knowledge.  If there is content that
absolutely positively must be kept secure then this might not be the
best medium to use.


bob hails | director of distance education

sam m. walton college of business
reynolds center for enterprise development | room 112
university of arkansas
fayetteville, ar   72701

hails at walton.uark.edu
tel:  479.575.2366
fax: 479.575.6999
url:  http://wcob.uark.edu/disted
IM: therealbobhails  (AIM & Yahoo)



-----Original Message-----
From: Ivan R. Judson [mailto:judson at mcs.anl.gov] 
Sent: Thursday, July 18, 2002 1:31 PM
To: 'Allan Spale'; ag-tech at mcs.anl.gov
Subject: RE: [AG-TECH] AG Security



There is never any guarantee (nor mechanism to detect, necessarily) if
someone is eavesdropping via multicast.  However, if the streams are
encrypted, then you decrease the probability that eavesdroppers can gain
access to the data, related to the amount of effort and resources they
have to crack the crypto method you use.

On another note, the key distribution mechanism we use for the secure
room is a prototype.  Yes it is cumbersome, no it isn't the way it
should be done.  SecureID cards, key chain devices, or even biometric
sensors could be used to do key management or
identification/authentication.  We haven't had to do that for 1.0, which
means we can focus on building 2.0 with those features in place (which
they are).

If you want to eliminate eavesdropping, the easiest mechanism is to use
a bridge, which has performance trade-offs.

--Ivan

..........
Ivan R. Judson .~. http://www.mcs.anl.gov/~judson
Futures Laboratory .~.  630 252 0920
Argonne National Laboratory .~. 630 252 6424 Fax
 

> -----Original Message-----
> From: owner-ag-tech at mcs.anl.gov
> [mailto:owner-ag-tech at mcs.anl.gov] On Behalf Of Allan Spale
> Sent: Thursday, July 18, 2002 1:24 PM
> To: ag-tech at mcs.anl.gov
> Subject: [AG-TECH] AG Security
> 
> 
> Hello,
> 
> One of the questions today that I received during my
> presentation about the Access Grid concerned security.  
> Specifically, how can one guarantee that no one can eavesdrop 
> (video and/or audio) on an AG session.  I am somewhat aware 
> about the Secure Room and its purpose, but what other options 
> are there?  When I described this process, my explanation 
> made this process of reserving this room seem cumbersome 
> (i.e. having to specifically request use of the Secure Room 
> as opposed to reserving a non-secure venue).
> 
> The other idea I thought about was setting up an
> instituition-level venues server (Virtual Venues server 
> software).  If this was done, what assurances would there be 
> to keep people from eavesdroping on the internal session. 
> 
> Taking this one step further, if there were shared
> applications used during a session (and I do not think 
> exposing DPPT data streams would really matter, but for the 
> sake of argument), it is more of the writers of the 
> applications to provide their own security mechanism to 
> assure that the data streams are secured?
> 
> I would appreciate any people sharing their information with
> me.  In this way, I can help address the security issue in a 
> much better manner in any future AG presentation.  Thanks.
> 
> 
> Allan
> EVL at UIC
> node-op
> 
>

More information about the ag-tech mailing list