[AG-TECH] Security in AG

[Thomas D. Uram]

Hi Shudo:

The scheme you outlined--that the encryption keys are distributed over
the secure soap connection--is correct.  We have, however, recently
discovered that the default options on the Globus connections we've been
using don't include encryption support.  Therefore, encryption keys are
being distributed in clear text in response to SOAP calls to the venue
server.

There are currently no encrypted venues on the transitional venue
server, so this issue is of no consequence to users of the TVS.

If you are running a venue server with encrypted venues, you need to
understand that the keys are available to persons sniffing traffic on
your network.

Our next development cycle will address this issue.

If you have any questions or concerns about this issue, please let us know.

Tom


shudo at ni.aist.go.jp wrote:
> From: Robert Olson <olson at mcs.anl.gov>
> 
>>>- Encryption key?
>>>
>>>* Are the video/audio streams encrypted? Hashed up and sent that way
>>>through the network? No one can decypher them unless he has the key? How
>>>is that key known by all parties? Who sets that key?
>>
>>The streams are encrypted, yes. The key is set by the manager of the Venue, 
>>and is maintained in the Venue. Keys are distributed to clients that are 
>>allowed access via the access control mechanism.
> 
> 
> How is the key distribution secure?
> 
> I know we can see a shared key on one of the configuraiton window of
> VIC in case video streams are encrypted.  The key has to be
> transmitted from the venue server to an AG client and the AG client to
> VIC and RAT.  I suppose in both cases the key is encrypted because it
> is transmitted over a https connection.  Is this correct?
> 
>   Kazuyuki Shudo
>   Grid Technology Research Center
>   National Institute of Advanced Industrial Science and Technology (AIST)
> 
>