[AG-TECH] AG Security

Allan Spale aspale at evl.uic.edu
Thu Jul 18 14:37:45 CDT 2002


The basic level of security on the AG that was discussed during the
presentation was at least telephone secure (i.e. most people do not have
the capability to "tap" your phone call, but some people do).  Of course,
you make an excellent point with not using insecure channels if something
requires the highest level of security.


Allan
EVL at UIC
node-op

On Thu, 18 Jul 2002, Hails, Bob wrote:

> There's also no guarantee that someone isn't standing in one of the
> rooms outside the view of the camera.  A good rule of thumb is that you
> shouldn't say or do anything in front of a camera or microphone that you
> wouldn't want to be public knowledge.  If there is content that
> absolutely positively must be kept secure then this might not be the
> best medium to use.
> 
> 
> bob hails | director of distance education
> 
> sam m. walton college of business
> reynolds center for enterprise development | room 112
> university of arkansas
> fayetteville, ar   72701
> 
> hails at walton.uark.edu
> tel:  479.575.2366
> fax: 479.575.6999
> url:  http://wcob.uark.edu/disted
> IM: therealbobhails  (AIM & Yahoo)
> 
> 
> 
> -----Original Message-----
> From: Ivan R. Judson [mailto:judson at mcs.anl.gov] 
> Sent: Thursday, July 18, 2002 1:31 PM
> To: 'Allan Spale'; ag-tech at mcs.anl.gov
> Subject: RE: [AG-TECH] AG Security
> 
> 
> 
> There is never any guarantee (nor mechanism to detect, necessarily) if
> someone is eavesdropping via multicast.  However, if the streams are
> encrypted, then you decrease the probability that eavesdroppers can gain
> access to the data, related to the amount of effort and resources they
> have to crack the crypto method you use.
> 
> On another note, the key distribution mechanism we use for the secure
> room is a prototype.  Yes it is cumbersome, no it isn't the way it
> should be done.  SecureID cards, key chain devices, or even biometric
> sensors could be used to do key management or
> identification/authentication.  We haven't had to do that for 1.0, which
> means we can focus on building 2.0 with those features in place (which
> they are).
> 
> If you want to eliminate eavesdropping, the easiest mechanism is to use
> a bridge, which has performance trade-offs.
> 
> --Ivan
> 
> ..........
> Ivan R. Judson .~. http://www.mcs.anl.gov/~judson
> Futures Laboratory .~.  630 252 0920
> Argonne National Laboratory .~. 630 252 6424 Fax
>  
> 
> > -----Original Message-----
> > From: owner-ag-tech at mcs.anl.gov
> > [mailto:owner-ag-tech at mcs.anl.gov] On Behalf Of Allan Spale
> > Sent: Thursday, July 18, 2002 1:24 PM
> > To: ag-tech at mcs.anl.gov
> > Subject: [AG-TECH] AG Security
> > 
> > 
> > Hello,
> > 
> > One of the questions today that I received during my
> > presentation about the Access Grid concerned security.  
> > Specifically, how can one guarantee that no one can eavesdrop 
> > (video and/or audio) on an AG session.  I am somewhat aware 
> > about the Secure Room and its purpose, but what other options 
> > are there?  When I described this process, my explanation 
> > made this process of reserving this room seem cumbersome 
> > (i.e. having to specifically request use of the Secure Room 
> > as opposed to reserving a non-secure venue).
> > 
> > The other idea I thought about was setting up an
> > instituition-level venues server (Virtual Venues server 
> > software).  If this was done, what assurances would there be 
> > to keep people from eavesdroping on the internal session. 
> > 
> > Taking this one step further, if there were shared
> > applications used during a session (and I do not think 
> > exposing DPPT data streams would really matter, but for the 
> > sake of argument), it is more of the writers of the 
> > applications to provide their own security mechanism to 
> > assure that the data streams are secured?
> > 
> > I would appreciate any people sharing their information with
> > me.  In this way, I can help address the security issue in a 
> > much better manner in any future AG presentation.  Thanks.
> > 
> > 
> > Allan
> > EVL at UIC
> > node-op
> > 
> > 
> 




More information about the ag-tech mailing list