SECURITY, QoS, and (File) Content Differentiation

-Sujeeth Narayan

-Ankur Patwa

-Francisco Torres

Introduction

A new policy based document sharing application Differentiation of document sections according to

intended user roles. Secure transfer of information with QoS Alert on receiving information based on document

priority labeling

What would be used?

LDAP – for authentication and credentials Bandwidth reservation + GRE Tunnels – for file

transfer PasTMon tool + Tunneling for inter-network exchange RSVP + Tunneling for intra-network exchange

XML Parser – for parsing a document to be sent Different modes of sending a new message alert

Voice message Email SMS

Overview

General

Major

Soldier

XML App Server LDAP Server

Internal Firewall

External Firewall

Switch

Location A

Major

Soldier

App Server LDAP

Server

Internal Firewall

External Firewall

Switch

Location B

Internet

Location C

Internet

Internet

President

PC with LiteWeight

Firewall

Cluster of X500

Components

Cluster of Servers LDAP Authentication XML Parsing Service Notification Service File Transfer service

Cluster of File Systems Document distribution

Client side tool Proposed Tool

Proposed Tool

Allow user to classify the information Insert xml tags differentiating between

classified information Encrypt the document and send it to xml

parser

1. Login to LDAP

2. Download user Credentials

3. Sets the user priority value

4. Routing decision based on priority

5. Intranet Routing with RSVP/GRE Tunnel if needed

6. Internet Routing with decisions based on QoS measured.

1 2 3

3

123

Scenario 1

Scenario 2

Encrypted document

Choose best optionbetween DMZ and

User’s X500

Encrypted document

Encrypted document

User’s Private Key

XML Parser decryptsdocument using

Public Key and makescopies of it

Based on list ofreceivers, XML sends

their copies toreceivers’X500

If Receiver is on-line,document is delivered;

otherwise, a notice willbe sent to him IF documenthas been labeled as URGENT

An User logs into the system,and then sends a document

Scenario 3An User logs into the system,

and a document is waiting for him

User logs in:a) Normal Sessionb) As result of a notice sent by the system

DMZ where user gotauthenticated, checkswith user’s X500 fora potential document

for him

X500 verifies the existenceof the document, and sends

it back to DMZ

Document delivered touser

Conclusion

Future work

Research of QoS implementation in this project Bell-Lapadula Model (write-down/read-up)? Images, Sound, Videoconferences? How to

differentiate these on such a scenario?

Conclusion References

Protection: http://www.research.microsoft.com/~lampson/09-protection/Acrobat.pdf Identity Systems: http://books.nap.edu/html/id_questions/ Trusted Computer System Evaluation Criteria: http://www.boran.com/security/tcsec.html Security of the Internet: http://www.cert.org/encyc_article/tocencyc.html Int. to Computer Security: http://csrc.nist.gov/publications/nistpubs/800-12/handbook.pdf Designing an Authentication System: http://web.mit.edu/kerberos/www/dialogue.html Home Network Security: http://www.cert.org/tech_tips/home_networks.html Open Shortest Path First (OSPF):

http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/ospf.htm How routing algorithms work: http://computer.howstuffworks.com/routing-algorithm3.htm Wired-Wireless Network Architectures: http://www.symbol.com/category.php?fileName=WP-

32_network_architectures.xml pasTmon Tool : www.pastmon.sourceforge.net RSVP: http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/rsvp.htm GRE with RSVP:

http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801982ae.shtml

Open LDAP: http://www.openldap.org/ X 500: http://www.terena.nl/library/gnrt/specialist/x500.html

Questions??