Security Service Overview

Security Services

This document last updated: February 26, 1996

=====================================================================

Security Service Overview

The identification of a user by a server before allowing access by this user and a reciprocal identification of the server by the user, is a key component for providing security in a distributed computing environment. At SIUC, a security service is being developed to handle this component of the distributed computing environment. CyberSAFE's Challenger is the software product that was chosen to handle the identification between users and servers. The software uses a protocol called network.

Before beginning a discussion about the security service, a review of the Challenger terminology would be beneficial.

network: A protocol/mechanism for providing secure authentication. Also used as a generic product/application name for products using this protocol.
Authentication: The process by which the identity of a user is verified.
Clear Text: The term used to refer to packets of information being transported across a network or to data stored on a disk in visible and non-encrypted form.
Ticket: An "admission slip" to a kerberized application.
Kerberize: To modify an application to use the network functions that provide authentication.
Network ID: The generic name being used to identify the Challenger id that will be needed to access applications being protected by the SIUC security service.
Secret Key: The secret key is derived using a one-way transformation algorithm from the principal's password and is stored in the Challenger principal database.
Principal: Any user, client, network service, application, or host system that has a secret key stored with Challenger.
Guest: An individual with anonymous access to SIUC resources.

Challenger uses the process called "authentication" instead of a standard login procedure to verify a user's identity. Authentication is performed by using a piece of information that only the client and the server know. Knowing the secret verifies the identity of the user. Typically the secret is a secret key generated from a password. The secret key is then sent out across the network instead of the password. If the authentication process is successful the user will be given a "ticket" that can be used to access any "kerberized" application to which the user has authorized access. The information being shared during this process is encrypted as it travels across the network and not sent in clear text. This prevents the information from being used by anyone who may have captured the packet containing this information or who could be monitoring the network searching for this type of information.

The goal of the security service is to provide a computing environment that can minimize the risks of intrusions by "outsiders" while reducing, for users of the service, the overhead and vulnerabilities inherent in maintaining a server accessible to a diverse clientele.

The security service is available to all users, units, or departments of the SIUC community running a server using a UNIX operating system. The use of the security service is optional. Please note that the use of the security service requires software to be installed on the server. The security service provides the users with:

A "trusted" mechanism for identifying users before allowing them to access their applications.
A file of userids and passwords managed, maintained and protected from "outsiders" by the security service.
A "single signon" capability when multiple applications are involved.
An extended authentication process through the use of token devices for secure applications.

Servers utilizing the security service will need to share in the responsibility of maintaining a secure distributed computing environment. Servers with applications accessible by anonymous users may not contain links to other servers or applications. The anonymous user must be contained within this application to help prevent this application from becoming a doorway for access by "outsiders". Applications with links to other servers or applications must forward the credentials used to access this application to the target application that is being linked to.

The security service provides three classes of users: Anonymous, SIUC General and SIUC Secure.

Anonymous users will have access to applications that contain a guest access procedure. These applications would probably contain general information about SIUC that could be shared with the "world".

SIUC General users will have access to applications that require identification using some type of valid SIUC userid such as a network or CMS id. Information in these applications would be for the use of SIUC faculty, staff and students and would not contain sensitive or restricted information such as student, personnel or budget data.

SIUC Secure users will have access to applications that contain student, budget, personnel or other restricted information. Users accessing this information will need a valid Network ID to gain access. Please note that the SIUC Secure class requires the purchase of client software.

How the security service will function at SIUC can perhaps best be addressed by a discussion of how the current dial-in server functions. The dial-in server runs a kerberized dial-in application that provides access for all three classes of users. When a user has successfully connected to the dial-in server it requests the security service(network) to authenticate the users. The users is then prompted by network to provide an id and password. If the process is successful the user could be provide a menu of applications from which to select. (This menu may not be seen if using some of the currently available scripts.) Not all of these applications are kerberized nor do they need to be to use the security service.

Anonymous class users can access the Dial-in server using the id "GUEST". They are given a menu with a list of unrestricted/unsecured applications. The applications on this menu do not contain links to any of the applications on the menu received by the other two classes of users. Users from the SIUC General/Secure classes would use their SIUC Network ID to get access to their menu. The menu contains both kerberized and non-kerberized applications. Should the user select a kerberized applications, the ticket generated during authentication by the dial-in server would be used to access the application. If the user selects a non-kerberized application, such as mainframe services, the connection would be made to the application and the application could then require the user to logon with an id appropriate for that application. An example would be if the user chose the mainframe services application to access VM/CMS, once the connection was established they would be prompted for their VM/CMS id and password. =====================================================================

Send questions to: Computer Support Center
Send suggestions about Web page content to: Security Services