Your SlideShare is downloading. ×
Authentication and signatures   overview
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Authentication and signatures overview

623
views

Published on


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
623
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Marc de Graauw
    marc@marcdegraauw.com
    Authentication&Digital Signature
    anoverview
  • 2. Marc de Graauw
    marc@marcdegraauw.com
    Authentication
  • 3. Marc de Graauw
    marc@marcdegraauw.com
    Authentication
    Smartcard (UZI pass) with:
    private key (RSA)
    X.509 certificate (includes public key)
    PKI-Government
    Personal pass
    guard safely
    no sharing
    PIN protected
  • 4. Marc de Graauw
    marc@marcdegraauw.com
    Sender
    Receiver
    “Hello world”
    “Hello world”
    SHA-1 hash:
    5llABaWYz
    xCrKIdjS...
    Public key:
    MIICHzCCAY
    ygAwIBAgI.....
    OK
    Private key:
    shhhh.....
    RSA sig value:
    c9fVK7vYAdv
    s2DRZVtS...
    RSA sig value:
    c9fVK7vYAdv
    s2DRZVtS...
  • 5. Marc de Graauw
    marc@marcdegraauw.com
  • 6. Marc de Graauw
    marc@marcdegraauw.com
    Security Services (X.800)
    Authentication
    Authorization
    Data Confidentiality
    Data Integrity
    Non-repudiation
  • 7. Marc de Graauw
    marc@marcdegraauw.com
    Secure connection
  • 8. Marc de Graauw
    marc@marcdegraauw.com
    Secure data
  • 9. Marc de Graauw
    marc@marcdegraauw.com
    Security services
  • 10. Marc de Graauw
    marc@marcdegraauw.com
    Authentication with SSL
  • 11. Marc de Graauw
    marc@marcdegraauw.com
  • 12. Marc de Graauw
    marc@marcdegraauw.com
  • 13. Marc de Graauw
    marc@marcdegraauw.com
  • 14. Marc de Graauw
    marc@marcdegraauw.com
    Security with SSL
    Works well only in simple scenario’s
    There is no HL7v3 XML at the client
    The client is (relatively) unsecure
    SSL lays an impenatrable tunnel across the instution’s secure zone
    SSL from server to server is fine, but:
    provides no care provider authentication
  • 15. Marc de Graauw
    marc@marcdegraauw.com
    Context: clients
    all hospitals, GP’s, pharmacists, other healthcare pros
    clients: any kind of client
    latest .NET / Java
    older dev environments (Delphi, BV, etc.)
    thin client/browser
    XSLT heavy
    XML / no XML
    WS-* / no WS-*
    HL7v3 / no HL7v3
  • 16. Marc de Graauw
    marc@marcdegraauw.com
    Context: HL7v3
    no HL7v3 at client (HL7v2, OZIS, other)
    not all data at client
    Act.id
    medication codes
    patient id (BSN) not yet, is reasonable demand
    destination not always known at client
    either: require all data available at client
    or: sign subset of data
  • 17. Marc de Graauw
    marc@marcdegraauw.com
    ‘Lightweight’ authentication token
    X.509 style
    message id
    nonce
    provides unique identification of message
    (if duplicate removal has already taken place)
    time to live
    security semantics can expire
    time to store & check nonce
    addressedParty
    replay against other receivers
  • 18. Marc de Graauw
    marc@marcdegraauw.com
    SSL security
    premises:
    healthcare pro keeps smartcard + pin safe
    software to establish SSL tunnel not corrupted
    PKI, RSA etc. not broken
    assertion:
    healthcare pro sets up SSL tunnel
    assumption:
    messages going over SSL tunnel come from healthcare pro
    weakness:
    insertion of fake messages in SSL tunnel
    measures:
    abort SSL tunnel after period of inactivity, refresh regularly
  • 19. Marc de Graauw
    marc@marcdegraauw.com
    Lightweight token security
    premises:
    healthcare pro keeps smartcard + pin safe
    software to sign token not corrupted
    PKI, RSA etc. not broken
    assertion:
    healthcare pro signed auth token
    assumption:
    message and auth token belong together
    weakness:
    fake message attached to valid token
  • 20. Marc de Graauw
    marc@marcdegraauw.com
    Lightweight token security
    signedData:
    message id
    notBefore / notAfter
    addressedParty
    coSignedData
    patient id (BSN)
    message type (HL7 trigger event id)
    only possible to retrieve same kind of data for same patient at same time from same destination
    weakness: tampering with other message parameters
    for queries: acceptable (privacy not much more broken)
    for prescription: use full digital signature
  • 21. Marc de Graauw
    marc@marcdegraauw.com
    Hospital workflow
    doctor makes round
    360 seconds per patient
    nurse has file ready
    retrieval times are not acceptable
    pre-signing tokens and pre-fetching data just in time
    possible with auth tokens, not (so much) with SSL
  • 22. Marc de Graauw
    marc@marcdegraauw.com
    SOAP Envelope
    SOAP Body
    Authentication alternatives
    SOAP Header
    Auth Token
    HL7 payload
  • 23. Marc de Graauw
    marc@marcdegraauw.com
    SOAP Envelope
    Authentication alternatives
    SOAP Header
    Auth Token
    Auth Token
    Auth Token
    SOAP Body
    HL7 payload
    HL7 payload
    HL7 payload
  • 24. Marc de Graauw
    marc@marcdegraauw.com
    HL7 Medical Application
    HL7v3
    Medical
    Content
    HL7 Control Query Processing Application
    HL7v3
    Acts
    HL7 Transmission Wrapper Adapter
    HL7v3
    Messages
    HL7 Web Services Messaging Adapter
    SOAP
    Messages
    HTTP Client / Server
  • 25. Marc de Graauw
    marc@marcdegraauw.com
    Authentication alternatives
    Authentication tokens in SOAP Headers separate them from the content
    HL7 sometimes allows multiple payloads, making this problem worse
    The token has to travel across layers with the paylaod
    This violates layering principles
  • 26. Marc de Graauw
    marc@marcdegraauw.com
    WS-*
    WS-* is confused about whether it is a document format or a message format
    document: relevant to the end user
    message: relevant to the mailman
    keep metadata with the document
    putting document metadata in SOAP headers violates layering design principles
  • 27. Marc de Graauw
    marc@marcdegraauw.com
    Digital Signatures
  • 28. Marc de Graauw
    marc@marcdegraauw.com
    Some philosophy
    “The President of the United States is John McCain”
    “Karen believes ‘the President of the United States is John McCain’ ”
    “John says that ‘the President of the United States is John McCain’ ”
    “Dr. Jones says: ‘Mr. Smith has the flu’ ”
  • 29. Marc de Graauw
    marc@marcdegraauw.com
    Signed Data
  • 30. Marc de Graauw
    marc@marcdegraauw.com
    <code code=”27” codeSystem=”2.16.840.1.113883.2.4.4.5” />
    "Dissolve in water"
  • 31. Marc de Graauw
    marc@marcdegraauw.com
    XML fragment
  • 32. Marc de Graauw
    marc@marcdegraauw.com
    Digitally signed token
  • 33. Marc de Graauw
    marc@marcdegraauw.com
    What You See Is What You Sign
  • 34. Marc de Graauw
    marc@marcdegraauw.com
    Token & XML Signature
    XML Signature
    Componenten
    Met WSS
    In SOAP Headers
    SOAP envelope
    <ws:SecToken>
    headers
    Certificate
    <ws:SecToken>
    Certificate
    <ds:Signature>
    <ds:SignedInfo>
    <ds:KeyInfo>
    <ds:Signature>
    <ds:SignedInfo>
    <ds:KeyInfo>
    <ds:Signature>
    <ds:SignedInfo>
    <ds:KeyInfo>
    Sig value
    Sig value
    Sig value
    Sig value
    Digest
    Digest
    Digest
    Digest
    Certificate
    Reference
    Reference
    Certificate
    Getekendegegevens
    Getekendegegevens
    body
    Getekendegegevens
    HL7v3 bericht
    Getekendegegevens
    HL7v3 bericht
    HL7v3 bericht
    HL7v3 bericht
    Prescription1
    Prescription 1
    Prescription 1
    Prescription 1
  • 35. Marc de Graauw
    marc@marcdegraauw.com
    Meerdere Signatures, 1 certificaat
    Bericht + handtekening
    Certificate A
    <Signature1>
    <SignedInfo>
    Certificate
    Sig value 1
    Digest 1
    <Signature2>
    <ds:SignedInfo>
    Signature
    Sig value 2
    persisteren
    Digest 2
    Getekende
    gegevens
    Getekendegegevens 1
    Getekendegegevens 2
    HL7v3 bericht
    HL7v3
    Prescription
    Prescription 1
    Prescription 2

×