Securing and Sharing Files

Slide 1:Securing and Sharing FilesOver The Internet(Content Server Security)

By Amihay Schwarz Instructor: Viktor Kulikov Software System LaboratoryDepartment of Electrical EngineeringTechnion - Israel Institute of Technology

Slide 2:Motivation

The fast rate of growth in information compels us to find ways to store and share our files, sometimes sensitive files, with others. The most comfort way 2day to share files is over the Internet. But the internet conceals a lot of security holes. One's sensitive information may reach unwanted hands.

Slide 3:The solutions in the project

One can store his files on a content server. One can access his files from anywhere and anytime. One can grant permission to others to fetch his files. Only permitted persons can fetch one's files. The storing and sharing process will be secured. This project is also taking into account the commercial aspect and provides commercials solutions.

Slide 4:Security

There are a number of overarching principles that apply in the implementation. The following summarizes these principles: Adopt the principle of least privilege. Use defense in depth. Don't trust user input. Use secure defaults. Don't rely on security by obscurity. Check at the gate. Assume external systems are insecure. Reduce surface area. Fail to a secure mode. Remember you are only as secure as your weakest link. If you don't use it, disable it.

Slide 5:Security

The solution is making use of four key security concepts: Authentication. Positively identifying the clients of the application. Authorization. Defining what authenticated clients are allowed to see and do. Secure Communications. Ensuring that messages remain private and unaltered as they cross networks. Gate keepers. Ensuring that the network Entities can be accessed only form allowed network elements.

Slide 6:The three layers model

Slide 7:Project High Level Design

The project is divided to 4 entities. Web application, that receives requests from the client and forward them to the "Brain" Application Server, that uses as the "Brain" of the solution. Mail application, that is responsible to sending mails. Data Base.

Slide 8:Interfaces

The 4 entities communicate using the following interfaces: FileManageIfc � store file, get files, send file� UserProvisionigIfc � Register, login, Password Recovery� ServiceCredentialIfc � Serializeble class that holds the service credentials that perform the request. MailingIFC � send mail.

Slide 10:Technologies in use

Microsoft .Net .Net Remoting .Net Web application .Net Windows application SQL-Server 2005 Active directory

Slide 11:.Net Remoting

How does it work? The .net Remoting give us abstraction for RMI that we can use, first we need to define the remote object we want to invoke. Then we connect this object to the Remoting by the Remoting APIs. And the net abstraction does all the work.

Slide 12:Transport channels There are several transport channels: HttpChannel. This channel is designed to be used when you host a remote object in ASP.NET. This channel uses the HTTP protocol to send messages between the client and the server. TcpChannel. This channel is designed to be used when you host a remote object in a Microsoft Windows operating system service or other executable. This channel uses TCP sockets to send messages between the client and the server. Custom channels. A custom transport channel can use any underlying transport protocol to send messages between the client and server. For example, a custom channel may use named pipes or mail slots. I decided to use the TCPChannel because it�s the most reliable and it can be easily secure.

Slide 13:Code securely

The remote object binaries are located both in the Proxies and in the Application layer. In the front ends only the interface declaration binaries are located and therefore even if someone brake into the front end he will not have the implementation. Only in the back ends the remote object binaries contains the implementation.

Slide 14:Security

A lot of effort was invested in this project in order to make it secured. One of the project goals was to assimilate Microsoft technology in security and work according to it guide lines. As stated before the solution is making use of four key security concepts: Gate keepers. Ensuring that the network Entities can be accessed only form allowed network elements. Secure Communications. Ensuring that messages remain private and unaltered as they cross networks Authentication. Positively identifying the clients of the application. Authorization. Defining what authenticated clients are allowed to see and do within the application.

Slide 15:Security - Content Web Site

Gate-keeper: Only Https transport Secure Communications TLS transport Server certificates

Slide 16:Security - Content Web Site cont`

Authentication ASP.NET authentication modes include Windows, Forms, Passport and None. The solution uses Forms authentication as authentication mode for to following reasons: Using windows or password authentication force us to provision the user to the AD or to Microsoft Password accordingly. We want the user to use the provided service for its provisioning. The authentication itself is done against the user's records in the Content Server The authentication uses basic authentication (compeering user name and password against the DB) Because we are using TLS and all the data sent to the server is encrypted working with basic authentication is allowed. User's Password is not stored explicitly on the DB. Instead a MD5 hash of the password is stored there. Even if someone breaks into the DB, he will not be able to use the stolen passwords because the FE sends to the content-server the hashed password. If the user is not active for 5 min his session will be expires and he will redirect to the login page.

Slide 17:Security - Content Web Site cont`

Authorization The user is only authorized to use the main page for manipulating his files only after his authentication. In each transaction triggered by the user the web site gets the encrypted user id from his session cookie and decrypt it - this way we can rest sure that the user real credential are used.

Slide 18:Security - Application server

Gate-keeper: only allowed services. 2. Secure Communications The solution uses the .net Remoting security.

Slide 19:Security - Application server

3. Authentication In this stage we authenticate the service that reform the action. The client authentication is done in his login phase. Each Remote method that the Application Server expose receives a ServiceCredentialsIfc argument. In it the service put his service-id and password. The Application server authenticates the service by Basic Authentication against Data Base records. 4. Authorization Service authorization Once the service is authenticate its authorized to perform actions on the remote interface User authorization The user is only authorized to perform actions on his files. Authorization to get others files is checked against invitations from others.

Slide 20:Security � Data Base

1. Gate keeper 2. Secure Communications No need because it's in internal network

Slide 21:Security � Data Base cont`

3. Authentication An DB user will be added. The user will be the user that is running the application server, so the authentication is done by LDAP. 4. Authorization This user will only be authorized to perform logic actions on the schema.

Slide 22:Application Server Class Diagram

Slide 23:DB Tables Relations

Slide 24:U.Cs Diagrams

Slide 25:1. Client connection negotiation

Slide 26:1. Client connection negotiation cont`

Taken from http://conferences.codegear.com/article/images/32136/1348c.jpg

Slide 27:2. Client accessing web server

Slide 28:3.New Client Registration

Slide 29:4. Uploading files

Slide 30:5. Deleting files

Slide 31:6. Downloading a file

Slide 32:7. Send file download invitation

Slide 33:8. Download a file from a friend

Slide 34:Thank you.