170 likes | 406 Views
X-Road (X-tee). A platform-independent secure standard interface between databases and information systems to connect databases and information systems of the public sector.
E N D
X-Road (X-tee) A platform-independent secure standard interface between databases and information systems to connect databases and information systems of the public sector
No redundant centralization:Security Servers create connections directly to each otherData from Central Servers is cached in Security Servers by use of DNSSEC Certificates are available for verification from X-Road Central Servers. Central Servers are duplicated Traffic between Security Servers is encrypted with PKI. Security Servers have to be certified by X-Road Certification Authority X-Road Security Server is a standard software solution that encrypts/decrypts outgoing/ingoing messages, filters ingoing messages as a firewall, and logs messages it receives To secure the system, each party accesses X-Road via it’s Security Server Information systems need: SOAP or XMLRPC client + understanding of X-Road rules Database is adapted to X-Road by setting up Adapter Server, which contains:SOAP or XMLRPC server + X-Road rules X-Road is a platform-independent secure standard interface between databases and information systems Extra interface from every database to every information system would have been expensive... There are various databases and information systems in different platforms with need to co-operate... Population Register (Progress) SOAP server SOAP client Security Server Internet Internet X-Road Security Server Citizen Business Register (Oracle) Citizen Portal SOAP server ? Security Server Security Server SOAP client Land Register (MSSQL) Information System of Company A Officers SOAP server Security Server Security Server Security Server SOAP client Motor Vehicle Register (Oracle) SOAP server Information System of Company B Officers more than 100 Databases... more than 1000 Information Systems... CA Central Servers
X-Road: Message on the road Information System Security Server of DB checks whether the Information System is authorized for this method This is the second level of authorization If certificate was valid, the Security Server of DB sends its certificate back to finish creation of secure connection As secure channel has been created and other party verified, Security Server of IS sends signed message to Security Server of DB Security Server of DB sends signed response message to the Security Server of IS Security Server of IS opens TCP connection to the Security Server of DB and sends its certificate to start TLS security protocol Security Server of IS Security Server of DB sends the decrypted message to the Adapter Server Security Server of DB verifies signature of the message and logs the message Security Server of DB signs the response message Security Server of DB verifies over DNSSEC the certificate received from the Security Server of IS SOAP client Internet X-Road User (citizen or officer) Adapter Server commits the method call in the database Security Server of IS checks the signature of response message and logs the response message Finally, user receives response he/she requested! Security Server of IS sends decrypted response message to the Information System In addition to the message body with data for method call, the message contains also a message header with user’s Personal Code, the name of Information System, unique ID of the message etc. Security Server of IS verifies over DNSSEC the certificate received from the Security Server of DB Security Server of DB Whether user is identified by ID-card, password, face or something else is up to the Information System, provided that the way of identification is reliable The Security Server of IS asks over DNSSEC the Central Server for IP address of the Security Server(s) of DB As user chooses to call a method (usage of which is authorized by the Information System), a message with method call goes towards the Security Server Information System gives user access to methods user is authorized to use This is first level of authorization The Security Server signs the message with it’s private key User authenticates himself/herself Information System must be able to get to know the proper Personal Code of user Database SOAP server CA Central Servers
X-Road: Levels of authorization If Database does not trust Information System to grant individual permissions, it has possibility to hold additional permission matrix on the granularity of individual users Permission matrix on the granularity of Information Systems is held by the Security Server of the Database Security Server of IS Information System SOAP client Internet X-Road User (citizen or officer) Permission matrix on the granularity of individual users is held by the Information System Information System is capable to grant permissions to its users only on those methods that Information System itself is authorized to use by permission matrix held by the Security Server of DB But this would be awful in case of hundreds of Information Systems with thousands of users! Database SOAP server Security Server of DB CA Central Servers
X-Road: Trusted logs Security Server of IS Information System With message given, it is always possible to check later the authenticity of the message – whether such a message really existed or not. As X-Road trusted logs cannot be broken, the result of the check is trustworthy XMLRPC client Security Server of DB logs messages coming from the Information Systems If evil administrator of any Security Server would even try to change the local log, the hash in Security Server does not match the hash in Central Servers any more! Therefore, the logs cannot be broken Internet X-Road User (citizen or officer) Security Server of IS logs response messages coming from the Databases Database XMLRPC server Both Security Servers hash their logs and send their hash chain periodically to the Central Servers Security Server of DB CA Central Servers
X-Road: A protocol with standard implementation provided • Any custom information system having specified security level may join X-Road • Those institutions (companies) which do not have a secure information system of their own, are welcome to install standard Mini-InfoSystem-Portal (MISP) to gain access to X-Road