Security and the Open Geospatial Consortium

Download Report

Transcript Security and the Open Geospatial Consortium

Security
and the
Open Geospatial Consortium
(OGC)
CEOS/WGISS-27 Workshop
11 Mai 2009
Toulouse
Andreas Matheus, Secure Dimensions GmbH
[email protected]
Agenda
•
•
•
•
•
What do I mean by “Security”?
Typical Requirements and Standards
OGC’ Security and GeoRM Working Groups
OGC’ Interoperability Initiatives
Conclusion and upcoming activities
Helping the World to Communicate
Geographically
Context For This Talk
• Target to be “secured” is a Distributed System
– for exchanging / processing of geospatial information
– implemented by (but not limited to) OGC Web Services
• One mandatory and one optional Threat Model
– Internet Threat Model
– Browser (Client) Threat Model
• In this context, “Security” refers to
– communication between entities
– trust between entities / parties
– protection of assets
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Security – What Do I Mean By That?
• For “the system” itself:
“secure systems will control, through use of specific
security features, access to information such that only
properly authorized individuals, or processes operating on
their behalf, will have access to read, write, create, or
delete information.” [TCSEC]*
• For a “distributed system”:
the „distributed“ property is a characteristic of the system
that shall not have any influence on the definition above.
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Security Relies On Requirements
• Trusted Computer System Evaluation Criteria
– Policy, Marking, Identification, Accountability, Assurance, Continuous
Protection
– Evaluation Classes: D (lowest), C, B, A (highest)
• C: Discretionary Access Rights Management, Identity based AC
• B: Mandatory Access Rights Management, Context based AC
• ISO 10181
–
–
–
–
1: Overview
2: Authentication FW
3: Access Control FW
4: Non-Repudiation FW
– 5: Confidentiality FW
– 6: Integrity FW
– 7: Security Audits and Alarms
FW
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
OGC Sensor Web – A Trusted System?
Register
CAT
Sensors SensorML
Register
SOS
Task
Search
Publish
GetResults
SPS
SOS
SAS
Task
SAS
Alert
Notify
Bind
Notify
WNS
notification
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
The Interoperability Issue
• Exchanging and processing of geospatial Information in a
federation requires interoperability on different levels:
– Data Level Interoperability ensures the ability to “consume” the
information
– Service Level Interoperability ensures the ability to exchange /
obtain the information to be “consumed”
– Security Level Interoperability ensures the ability to the above in a
reliable and trustworthy fashion
• Implementation of all levels can be done by using
standards from the OGC and other bodies
• Establishing secure communication
– Network level
– Application level
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Security Standards
Federation
WS-Federation
Licensing
REL
WSSecureConversation
Authorization
Policy Layer
WS-Policy
Message Security
Web Services
Standards
ODRL
XrML
XACML
GeoXACML
WS-Trust
WSAuthorization
WS-Security
WSDL
This is an
OGC Standard!
PKI
Kerberos
WS-Referral
WS-Routing
LDAP
XML
Encryption
XML Signature
XML Security
Standards
SAML
XCBF
XKMS
Binding Layer
Network Layer
Authentication
ebXML
HTTP / HTTPS
SSL
TLS
IPSec
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Security And The OGC – Working Groups
• GeoRM (Geo Rights Management) DWG – 2004
– http://www.opengeospatial.org/projects/groups/geormwg
– Geospatial Digital Rights Management Reference Model (Abstract
Specification Topic 18)
• Security DWG – 2006
– http://www.opengeospatial.org/projects/groups/securitywg
– Forum for discussing related topics to authentication, access control
and secure communication
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Security And The OGC – Standardization
• GeoRM Common SWG – 2007
– http://www.opengeospatial.org/projects/groups/georm1.0swg
– „define the GeoRM Common Standard for the implementation of
common aspects GeoDRM Reference Model“ [Charter]
• GeoXACML SWG (persistent)
– Potential to be established 2009 (next TC meeting 06/09)
– “purpose … is to develop an OGC Web Services Profile of
GeoXACML” [Draft Charter]
– “another purpose … is to coordinate OGC’s work on GeoXACML
with the work of the OASIS XACML WG“ [Draft Charter]
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Security And The OGC – OWS-3 Initiative
• Timeline 04 – 10/2005
• Dedicated Thread for GeoDRM
• “Click-through" licensed use of a
– Web Map Service (WMS)
– Web Feature Service (WFS)
– Web Portrayal Service (cascade of a WMS and WFS)
• GeoDRM license model for different types of users
– anonymous / registered user
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Security And The OGC – OWS-3 Initiative
• “Click-Through” Licensing
Error: Please read/accept the disclaimer!
Read & Accept Disclaimer
Request
Service
WMS / WFS
Result: Image / 27GML
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Security And The OGC – OWS-3 Initiative
• WS-Security based implementation of secure
communication and exchange of security context information
– Confidentiality
– Integrity
• WS-Security supports different Security Tokens
–
–
–
–
–
Username Tokens (authentication by user/password)
X.509 Tokens (authentication by certificate)
SAML Tokens (exchange of user assertions)
REL Tokens (exchange of license assertions)
Kerberos Tokens (Microsoft authentication)
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Security And The OGC – OWS-3 Initiative
• Interoperability Program Report (IPR)
– OGC 05-111 (Fraunhofer): “Terms of Use (ToU) Service and Model”
• Implementation
– “Click-Through” License for WMS and WFS (University of the
Bundeswehr München)
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Security And The OGC – OWS-4 Initiative
• Timeline 06 – 12/2006
• Dedicated Thread for GeoDRM
• Use of brokered / negotiated licenses for a
– Web Feature Service (WFS)
• Two phase approach
– I: Negotiation of a license (and the comprised rights)
– II: Managing access to protected services based on the rights and
conditions in the license
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Security And The OGC – OWS-4 Initiative
• Scenario 1
– Unrestricted User-License
• Scenario 2
– Brokered-License
• Scenario 3
– Negotiation of a User-License
• Scenario 4
– Managing access to a
WFS-T for
feature
updates
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Security And The OGC – OWS-4 Initiative
<License>
Rights as
XACML Policy
Authenticity by
XML Signature
Structure of an OWS-4 License
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Security And The OGC – OWS-4 Initiative
• Interoperability Program Reports
– Engineering Viewpoint (con terra)
– Trusted Geo Services (University of the Bundeswehr München)
– Change Request OWS Common (Fraunhofer)
• Implementation (con terra)
– Phase I: Negotiation of licenses
• Implementation (University of the Bundeswehr München)
– Phase II: Licensed feature update using a WFS-T
• Online Demo
– http://www.opengeospatial.org/pub/www/ows4/index.html
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Security And The OGC – OWS-6 Initiative
• Timeline 10/2008 – 04/2009
• Security inside threads
– Geo Processing Workflow (GPW)
• Managed access to OWS and trusted communication between different
security domains
• XACML/GeoXACML based protection of a WMTS and WFS
– Sensor Web Enablement (SWE)
• How to secure a sensor network based on OGC Sensor Web Services?
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Security And The OGC – OWS-6 Initiative
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Security And The OGC – OWS-6 Initiative
Access Control in the Airport Emergency Response Scenario (source: 09-036)
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Security And The OGC – OWS-6 Initiative
• Secure Sensor Web Engineering Report
– Evaluate vulnerabilities, attacks and affects on assets for the Sensor
Web Services specifications
• Sensor Alert Service (SAS)
• Sensor Observation Service (SOS)
• Sensor Planning Service (SPS)
– Assets are
• Sensors, Production Data, Observations, Alerts
– Provide recommendations how to prevent or mitigate the attacks
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Security And The OGC – OWS-6 Initiative
• Interoperability Program Reports
– OWS-6 Security ER (con terra)
– OWS-6 GeoXACML ER (University of the Bundeswehr München)
– OWS-6 Secure Sensor Web ER (AM Consult*)
• Implementation (con terra)
– STS, PDP, PEP
• Implementation (AM Consult*)
– GeoPDP
• Implementation (Geomatys)
– WMS / WFS PEP
*: Secure Dimensions GmbH is the successor of AM Consult
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Security Standards – OGC experience
Federation
WS-Federation
Licensing
REL
WSSecureConversation
Authorization
Policy Layer
WS-Policy
Message Security
Web Services
Standards
ODRL
XrML
XACML
GeoXACML
WS-Trust
WSAuthorization
WS-Security
WSDL
PKI
Kerberos
WS-Referral
WS-Routing
LDAP
XML
Encryption
XML Signature
XML Security
Standards
SAML
XCBF
XKMS
Binding Layer
Network Layer
Authentication
ebXML
HTTP / HTTPS
SSL
TLS
IPSec
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Consensus On Security In The OGC
• Results from the OWS-3, OWS-4, OWS-6 Initiatives
– Use SOAP based communication for service interface
– Secure communication by leveraging WS-Security from OASIS
• Includes use of XML DSig and XML Encryption by W3C
– Access Control based on XACML / GeoXACML
• Items that require standardization/recommendation
– Authentication
– Bootstrapping for secured OGC Web Services
– GeoXACML Profile for OGC Web Services
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Potentially Future Work Items
• GeoXACML SWG
– How to ensure 100% interoperability using GeoXACML to protect
Geo Web Services (includes OGC Services)
– Communicate with OASIS XACML WG to ensure that geo-specific
use cases are included
• GeoRM Common SWG
– How to transport a security context for licensed protection of OGC
Web Services
• OWS-7: Proposal for a Security Thread
– Implementation of Secure Sensor Web ER results for SPS
– Evaluation / comparison of Authentication Mechanisms
CEOS members – get involved in Security for OWS-7
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically
Thank You For Your Attention
It is important,
never to stop asking questions... [Albert Einstein]
Secure Dimensions GmbH – Holistic Geosecurity
Dr. Andreas Matheus
Kederbacherstraße 44
D-81377 München, Germany
Phone
Mobile
Telefax
Email
Web
+49 (0)89 71000667
+49 (0)160 1066366
+49 (0)89 71000668
[email protected]
www.secure-dimensions.de
Security and the Open Geospatial Consortium
Helping the World to Communicate
Geographically