SGFR: Secure Groupware for First Responders http:cs'uccs'edusgfr Contact: chowcs'uccs'edu A NISSC Sp

1
SGFRSecure Groupware for First
Respondershttp//cs.uccs.edu/sgfr/Contact
chow_at_cs.uccs.eduA NISSC Sponsored Project

• C. Edward Chow (PI)
• Chip Benight (PI)
• Ganesh Godavari
• Department of Computer Science
• Part of this work is based on research sponsored
  by the Air Force Research Laboratory, under
  agreement number F49620-03-1-0207. it was
  sponsored by a NISSC summer 2003 grant.

2
Goal of SGFR

• SGFR Secure Groupware for First Responder
• The goal is to design a framework for enhancing
  groupware packages such as instant messenger and
  video conferencing tool,
• with security through
• scalable group key management (Keystone from UT
  Austin), and
• secure model secure group policy management
  (Antigone from U. Michigan)
• With stress level and tool usage effectiveness
  evaluation
• This is a joint project with Dr. Chip Benight of
  psychology department.
• The enhanced secured groupware will be tested in
  a field trial with Citys Emergency Response team.

3
SGFR Features
Psychology EvaluationStress Level
Tracking Effectiveness of Tool Usage(Keyboard/Mou
se Event Tracking,History of Commands, Mistakes,
Popup Quiz?)
Security Enhanced GroupwareInstant
messenger(JabberX)
Group Communication Server Instant Messaging
Server (Jabber)
Group Key ManagmentSecure Group Rekeying
system(Keystone)
4
SGFR System Architecture
SGFR Client
SGFR Group Key Server
SGFR Instant MessengerServer
SGFR Client
SGFR Client
Group key distribution
Registration/authentication
Sign-in create/join chat groups
Encrypt/Decrypt msgs using group key
5
SGFR System Operation
6
Associate JabberX client with Keyserver and
Jabber server

• Users login to the Jabber server
• If login successful, the client registers with
  the Keyserver.
• When a user creates/joins a group, the Keyserver
  gives a key to the client.
• When a user leaves the group, the Keyserver
  generates a new key for the remaining members of
  the group.

7
First group key assigned to group
User ganesh joining group g1
Second group key assigned to groupWhen a member
joined
Output of the Keystone Server
User ayen joining group g1
8
Packet captured by Ethereal Packet Sniffer
Encrypted Hello Surrounded by ltbodygttag
Output of the Jabber server running on a machine
9
Keystone Registrar Setup

• Registrar Setup
• R ltgt S using SSL
• S gt R registrar key KR, client list
• Secret key KR is called registrar key.
• Client list contains the identities and ID
  numbers of clients that does not contain access
  control information

10
Secure Keystone Client Request

• Client Registration
• C ltgt R using SSL
• R gt C IDc, kc
• R gt S IDc, kc KR
• Where Kc is client individual key
• IDc is clients identity number

11
Request and Reply

• A request may contain operations to more than one
  group
• Operations
• Join
• Leave
• Re-synchronize
• C gt S request kc
• S gt C ack kc, ind.rekeykc

12
Key Updates

• Keyserver distributes new keys using the rekey
  messages.
• Reliable key updates can be done using
• TCP
• Reliable multicast Transport protocol
• Key stone uses UDP over IP multicast for
  efficient rekey message delivery and Forward
  Error Correction technique

13
Re-synchronization

• FEC does not provide 100 reliability
• Solution 1
• Client request for retransmission of the lost
  rekey message
• Disadvantages
• Inefficient when the number of lost rekey is
  large
• Solution 2
• Keystone provides resynchronization mechanism for
  clients to update their keys incase of message
  loss.

14
keyserver

• Keyserver.cmain()
• sslInfoInit(sslInfo, keyFile, certFile,
  caFile, caPath)
• sslCTX sslInit(sslInfo, 1)
• if (getSpec(servRec, f) ! 0) in spec.c..
• / the specification file is processed /
• setupKGraph(servRec)
• setupReqAddr((servRec-gtreqAddr)) // listen
  for requests for clients
• setupReqAddr((servRec-gtregReqAddr))
  //listen for requests from registrar

15
Keystone Specification File

• // 1 group, group-oriented TCP, period 1.0, DES3,
  RSA
• global-parameters
• begin
• rekey-period 1.0
• encryption DES3-CBC
• message-digest MD5
• signature-scheme RSA
• key-file serverkey.rsa
• request-port 20002
• register-port 30002
• key-tree-degree 4
• access-control none
• end
• group g1
• begin
• rekeying GROUP-ORIENTED
• rekey-delivery TCP-unicast

16
Key Trees

(changed to k1-8)
k1-8k123
k1-8k456
k1-8k78
(changed to k78)
k78k7
k78k8
k9
u2
u3
u4
u5
u6
u7
u8
u9
u1
Wong et al. SIGCOMM 98, Wallner et al. Internet
Draft
17
Registrar setup

• Registrar.cmain()
• / connect to keyserver /
• sslInfoInit(sslInfo, keyFile, certFile, caFile,
  caPath)
• sslCTX sslInit(sslInfo, 1)
• ssl sslConnect(sslCTX, ksAddr.sk)
• / receive register initialization from
  keyserver /
• msg.size sslRecv(ssl, msg.msg, msg.max)
• curr msg.msg
• curr getMsgHdr(curr, ver, type, size,
  seq, msgSPI, msgVer)
• if (type ! INIT_REGISTER) / error /
• if (sslRecvFile(ssl, cListFilename) ! 0) /
  error /
• while (1)
• if (childProcess(sk, ksAddr.sk, regSA, indSA,
  sslCTX, seqToKS, lockFile, clientAuthInfo)! 0)

18
Registrar Client Registration

• Registrar.cchildProcess()
• ssl sslAccept(sslCTX, sk)
• if (cliAuthInfo ! NULL)
• if ((i checkClientCert(ssl, cliAuthInfo)) lt
  0) / ERROR /
• if (consRegToKS(indSA, seqToKS, reg) ! 0)
• fprintf(stderr, "ERROR registration to
  key server\n")
• return -1
• / sign and encrypt registration info with
  regSA /
• putMsgSize(reg.msg, 0)
• if (signEncMsgSA(reg, regSA) ! 0)
• return -1

19
Client Setup

• Protocol.cinitializeclient()
• sslInfoInit(sslInfo, keyFile, certFile, caFile,
  caPath)
• registerSSL(ksCtx, sslInfo, regAddr)
• registerSSL.cregisterSSL()
• sslCTX sslInit(sslInfo, 1)
• ssl sslConnect(sslCTX, regAddr-gtsk)
• Gchat.ccmd_join()
• reqGroups(ksCtx, numGrps, grpName, request)
• Where request can be join/leave/resyn
• getGroupKey(ksCtx, grpName, version)

20
SSL Initialization

• void sslInit(SSLInfo sslInfo, int verifyPeer)
• / SSL initialization /
• SSLeay_add_ssl_algorithms()
• SSL_load_error_strings()
• if ((sslCTX SSL_CTX_new(SSLv3_method()))
  NULL)
• ERR_print_errors_fp(stderr)
• return NULL
• if (verifyPeer)
• SSL_CTX_set_verify(sslCTX,
  SSL_VERIFY_PEER, NULL)
• else
• SSL_CTX_set_verify(sslCTX,
  SSL_VERIFY_NONE, NULL)
• return ((void ) sslCTX)
• /

21
SSL Server connection

• void sslAccept(void sslCTX_v, int sock)
• / begin of sslAccept() /
• SSL_CTX sslCTX (SSL_CTX ) sslCTX_v
• SSL ssl X509 peerCert
• if ((ssl SSL_new(sslCTX)) NULL)
• fprintf(stderr, "ERROR no ssl\n")
• return NULL
• SSL_set_fd (ssl, sock)
• if (SSL_accept(ssl) -1)
• ERR_print_errors_fp(stderr)
• SSL_free(ssl)
• return NULL
• if (SSL_CTX_get_verify_mode(sslCTX)
  SSL_VERIFY_PEER)
• if ((peerCert SSL_get_peer_certificate
  (ssl)) NULL)
• fprintf(stderr, "ERROR no peer
  cert\n")

22
SSL Client connection

• void sslConnect(void sslCTX_v, int sock)
• / begin of sslConnect() /
• SSL_CTX sslCTX (SSL_CTX ) sslCTX_v
• SSL ssl
• X509 peerCert
• if ((ssl SSL_new (sslCTX)) NULL)
• fprintf(stderr, "ERROR no ssl\n")
• return NULL
• SSL_set_fd (ssl, sock)
• if (SSL_connect(ssl) -1)
• ERR_print_errors_fp(stderr)
• SSL_free(ssl)
• return NULL
• if ((peerCert SSL_get_peer_certificate
  (ssl)) NULL)

23
Access Control List

• / check client certificates /
• / return -1 if error or client not found /
• int checkClientCert(void ssl_v, ClientAuthInfo
  cliAuthInfo)
• SSL ssl (SSL ) ssl_v
• X509 peerCert
• char peerName256
• int i, peerNameSize
• if ((peerCert SSL_get_peer_certificate
  (ssl)) NULL)
• fprintf(stderr, "ERROR no peer cert\n")
• return -1
• X509_NAME_oneline(X509_get_subject_name(peerCe
  rt), peerName, sizeof(peerName))
• peerNameSize strlen(peerName)1
• / got the subject line so compare with the list
  u want to allow./

24
Encryption CBF

• int EncryptString (char in, char out, unsigned
  char key, int plainlen)
• int cipherlen, tmplen
• unsigned char iv8 1,2,3,4,5,6,7,8
• EVP_CIPHER_CTX ctx
• EVP_CIPHER_CTX_init(ctx)
• EVP_EncryptInit(ctx,EVP_bf_cbc(),key,iv)
• if (!EVP_EncryptUpdate(ctx,out,cipherlen,in,plai
  nlen))
• return -1
• if (!EVP_EncryptFinal(ctx,outcipherlen,tmplen))
  
• return -1

25
Decryption CBF

• int DecryptString(char in, char out, unsigned
  char key, int cipherlen)
• int plainlen, tmplen
• unsigned char iv8 1,2,3,4,5,6,7,8
• EVP_CIPHER_CTX ctx
• EVP_CIPHER_CTX_init(ctx)
• EVP_DecryptInit(ctx,EVP_bf_cbc(),key,iv)
• if (!EVP_DecryptUpdate(ctx,out,plainlen,in,ciphe
  rlen))
• return -1
• if (!EVP_DecryptFinal(ctx,outplainlen,tmplen))
  
• return -2
• plainlen tmplen

26
Testing Results
Table 1 time taken for client registration group
join, group leave
Table 2 time taken for file transfer
27
Conclusion

• A secure group communication software package
  SGFR v.0 was developed.
• Use Digital Certificate to authenticate client
  access.
• Group keys are distributed when members
  join/leave or based on some time period.
• Group key is used to encrypted the messages.
• Enhance text-based chat with remote file download
  and remote display.
• Ported the SGFR v.0 to run on handheld devices
  include PDA running Linux and Sony PalmTop.

28
Future work

• Improve the file transfer capability using
  Reliable Multicast Transport Protocol.
• Improve Keystones error handling mechanism
  between keyserver/registrar and client manager.
• Improve Keystone client manager by moving it into
  socket layer and providing socket layer API
  between a client manager and data processor.
• Integrate with Wireless Sensor Networks and
  improve security of their operations.