[AG-TECH] Security in AG

Colin Perkins csp at csperkins.org
Tue Sep 21 18:57:56 CDT 2004


In addition, the security code in the media tools was written to 
demonstrate that encrypting media streams was feasible on the machines 
available at that time (we added encryption to rat in August 1996), and 
hasn't been audited for security. It'll protect against casual attacks, 
but there are several ways in which a determined attacker could break 
the security.


On 21 Sep 2004, at 09:08, Thomas D. Uram wrote:
> Hi Shudo:
> The scheme you outlined--that the encryption keys are distributed over
> the secure soap connection--is correct.  We have, however, recently
> discovered that the default options on the Globus connections we've 
> been
> using don't include encryption support.  Therefore, encryption keys are
> being distributed in clear text in response to SOAP calls to the venue
> server.
> There are currently no encrypted venues on the transitional venue
> server, so this issue is of no consequence to users of the TVS.
> If you are running a venue server with encrypted venues, you need to
> understand that the keys are available to persons sniffing traffic on
> your network.
> Our next development cycle will address this issue.
> If you have any questions or concerns about this issue, please let us 
> know.
> Tom
> shudo at ni.aist.go.jp wrote:
>> From: Robert Olson <olson at mcs.anl.gov>
>>>> - Encryption key?
>>>> * Are the video/audio streams encrypted? Hashed up and sent that way
>>>> through the network? No one can decypher them unless he has the 
>>>> key? How
>>>> is that key known by all parties? Who sets that key?
>>> The streams are encrypted, yes. The key is set by the manager of the 
>>> Venue, and is maintained in the Venue. Keys are distributed to 
>>> clients that are allowed access via the access control mechanism.
>> How is the key distribution secure?
>> I know we can see a shared key on one of the configuraiton window of
>> VIC in case video streams are encrypted.  The key has to be
>> transmitted from the venue server to an AG client and the AG client to
>> VIC and RAT.  I suppose in both cases the key is encrypted because it
>> is transmitted over a https connection.  Is this correct?
>>   Kazuyuki Shudo
>>   Grid Technology Research Center
>>   National Institute of Advanced Industrial Science and Technology 
>> (AIST)
Colin Perkins

More information about the ag-tech mailing list