Successfully reported this slideshow.
Marc de Graauw<br />marc@marcdegraauw.com<br />Authentication&Digital Signature<br />anoverview<br />
Marc de Graauw<br />marc@marcdegraauw.com<br />Authentication<br />
Marc de Graauw<br />marc@marcdegraauw.com<br />Authentication<br />Smartcard (UZI pass) with:<br />private key (RSA)<br />...
Marc de Graauw<br />marc@marcdegraauw.com<br />Sender<br />Receiver<br />“Hello world”<br />“Hello world”<br />SHA-1 hash:...
Marc de Graauw<br />marc@marcdegraauw.com<br />
Marc de Graauw<br />marc@marcdegraauw.com<br />Security Services (X.800)<br />Authentication<br />Authorization<br />Data ...
Marc de Graauw<br />marc@marcdegraauw.com<br />Secure connection<br />
Marc de Graauw<br />marc@marcdegraauw.com<br />Secure data<br />
Marc de Graauw<br />marc@marcdegraauw.com<br />Security services<br />
Marc de Graauw<br />marc@marcdegraauw.com<br />Authentication with SSL<br />
Marc de Graauw<br />marc@marcdegraauw.com<br />
Marc de Graauw<br />marc@marcdegraauw.com<br />
Marc de Graauw<br />marc@marcdegraauw.com<br />
Marc de Graauw<br />marc@marcdegraauw.com<br />Security with SSL<br />Works well only in simple scenario’s<br />There is n...
Marc de Graauw<br />marc@marcdegraauw.com<br />Context: clients<br />all hospitals, GP’s, pharmacists, other healthcare pr...
Marc de Graauw<br />marc@marcdegraauw.com<br />Context: HL7v3<br />no HL7v3 at client (HL7v2, OZIS, other)<br />not all da...
Marc de Graauw<br />marc@marcdegraauw.com<br />‘Lightweight’ authentication token<br />X.509 style<br />message id<br />no...
Marc de Graauw<br />marc@marcdegraauw.com<br />SSL security<br />premises:<br />healthcare pro keeps smartcard + pin safe<...
Marc de Graauw<br />marc@marcdegraauw.com<br />Lightweight token security<br />premises:<br />healthcare pro keeps smartca...
Marc de Graauw<br />marc@marcdegraauw.com<br />Lightweight token security<br />signedData:<br />message id<br />notBefore ...
Marc de Graauw<br />marc@marcdegraauw.com<br />Hospital workflow<br />doctor makes round<br />360 seconds per patient<br /...
Marc de Graauw<br />marc@marcdegraauw.com<br />SOAP Envelope<br />SOAP Body<br />Authentication alternatives<br />SOAP Hea...
Marc de Graauw<br />marc@marcdegraauw.com<br />SOAP Envelope<br />Authentication alternatives<br />SOAP Header<br />Auth T...
Marc de Graauw<br />marc@marcdegraauw.com<br />HL7 Medical Application<br />HL7v3 <br />Medical<br />Content<br />HL7 Cont...
Marc de Graauw<br />marc@marcdegraauw.com<br />Authentication alternatives<br />Authentication tokens in SOAP Headers sepa...
Marc de Graauw<br />marc@marcdegraauw.com<br />WS-*<br />WS-* is confused about whether it is a document format or a messa...
Marc de Graauw<br />marc@marcdegraauw.com<br />Digital Signatures<br />
Marc de Graauw<br />marc@marcdegraauw.com<br />Some philosophy<br />“The President of the United States is John McCain”<br...
Marc de Graauw<br />marc@marcdegraauw.com<br />Signed Data<br />
Marc de Graauw<br />marc@marcdegraauw.com<br /><code code=”27” codeSystem=”2.16.840.1.113883.2.4.4.5” /> <br />"Dissolve i...
Marc de Graauw<br />marc@marcdegraauw.com<br />XML fragment<br />
Marc de Graauw<br />marc@marcdegraauw.com<br />Digitally signed token<br />
Marc de Graauw<br />marc@marcdegraauw.com<br />What You See Is What You Sign<br />
Marc de Graauw<br />marc@marcdegraauw.com<br />Token & XML Signature<br />XML Signature<br />Componenten<br />Met WSS<br /...
Marc de Graauw<br />marc@marcdegraauw.com<br />Meerdere Signatures, 1 certificaat<br />Bericht + handtekening<br />Certifi...
Upcoming SlideShare
Loading in …5
×

Authentication and signatures overview

861 views

Published on

  • Be the first to comment

  • Be the first to like this

Authentication and signatures overview

  1. 1. Marc de Graauw<br />marc@marcdegraauw.com<br />Authentication&Digital Signature<br />anoverview<br />
  2. 2. Marc de Graauw<br />marc@marcdegraauw.com<br />Authentication<br />
  3. 3. Marc de Graauw<br />marc@marcdegraauw.com<br />Authentication<br />Smartcard (UZI pass) with:<br />private key (RSA)<br />X.509 certificate (includes public key)<br />PKI-Government<br />Personal pass<br />guard safely<br />no sharing<br />PIN protected<br />
  4. 4. Marc de Graauw<br />marc@marcdegraauw.com<br />Sender<br />Receiver<br />“Hello world”<br />“Hello world”<br />SHA-1 hash:<br />5llABaWYz<br />xCrKIdjS...<br />Public key:<br />MIICHzCCAY<br />ygAwIBAgI.....<br />OK<br />Private key:<br />shhhh.....<br />RSA sig value:<br />c9fVK7vYAdv<br />s2DRZVtS...<br />RSA sig value:<br />c9fVK7vYAdv<br />s2DRZVtS...<br />
  5. 5. Marc de Graauw<br />marc@marcdegraauw.com<br />
  6. 6. Marc de Graauw<br />marc@marcdegraauw.com<br />Security Services (X.800)<br />Authentication<br />Authorization<br />Data Confidentiality<br />Data Integrity<br />Non-repudiation<br />
  7. 7. Marc de Graauw<br />marc@marcdegraauw.com<br />Secure connection<br />
  8. 8. Marc de Graauw<br />marc@marcdegraauw.com<br />Secure data<br />
  9. 9. Marc de Graauw<br />marc@marcdegraauw.com<br />Security services<br />
  10. 10. Marc de Graauw<br />marc@marcdegraauw.com<br />Authentication with SSL<br />
  11. 11. Marc de Graauw<br />marc@marcdegraauw.com<br />
  12. 12. Marc de Graauw<br />marc@marcdegraauw.com<br />
  13. 13. Marc de Graauw<br />marc@marcdegraauw.com<br />
  14. 14. Marc de Graauw<br />marc@marcdegraauw.com<br />Security with SSL<br />Works well only in simple scenario’s<br />There is no HL7v3 XML at the client<br />The client is (relatively) unsecure<br />SSL lays an impenatrable tunnel across the instution’s secure zone<br />SSL from server to server is fine, but:<br />provides no care provider authentication<br />
  15. 15. Marc de Graauw<br />marc@marcdegraauw.com<br />Context: clients<br />all hospitals, GP’s, pharmacists, other healthcare pros<br />clients: any kind of client<br />latest .NET / Java<br />older dev environments (Delphi, BV, etc.)<br />thin client/browser<br />XSLT heavy<br />XML / no XML<br />WS-* / no WS-*<br />HL7v3 / no HL7v3<br />
  16. 16. Marc de Graauw<br />marc@marcdegraauw.com<br />Context: HL7v3<br />no HL7v3 at client (HL7v2, OZIS, other)<br />not all data at client<br />Act.id<br />medication codes<br />patient id (BSN) not yet, is reasonable demand<br />destination not always known at client<br />either: require all data available at client<br />or: sign subset of data<br />
  17. 17. Marc de Graauw<br />marc@marcdegraauw.com<br />‘Lightweight’ authentication token<br />X.509 style<br />message id<br />nonce<br />provides unique identification of message<br />(if duplicate removal has already taken place)<br />time to live<br />security semantics can expire<br />time to store & check nonce<br />addressedParty<br />replay against other receivers<br />
  18. 18. Marc de Graauw<br />marc@marcdegraauw.com<br />SSL security<br />premises:<br />healthcare pro keeps smartcard + pin safe<br />software to establish SSL tunnel not corrupted<br />PKI, RSA etc. not broken<br />assertion:<br />healthcare pro sets up SSL tunnel<br />assumption:<br />messages going over SSL tunnel come from healthcare pro<br />weakness:<br />insertion of fake messages in SSL tunnel<br />measures:<br />abort SSL tunnel after period of inactivity, refresh regularly<br />
  19. 19. Marc de Graauw<br />marc@marcdegraauw.com<br />Lightweight token security<br />premises:<br />healthcare pro keeps smartcard + pin safe<br />software to sign token not corrupted<br />PKI, RSA etc. not broken<br />assertion:<br />healthcare pro signed auth token<br />assumption:<br />message and auth token belong together<br />weakness:<br />fake message attached to valid token<br />
  20. 20. Marc de Graauw<br />marc@marcdegraauw.com<br />Lightweight token security<br />signedData:<br />message id<br />notBefore / notAfter<br />addressedParty<br />coSignedData<br />patient id (BSN)<br />message type (HL7 trigger event id)<br />only possible to retrieve same kind of data for same patient at same time from same destination<br />weakness: tampering with other message parameters<br />for queries: acceptable (privacy not much more broken)<br />for prescription: use full digital signature<br />
  21. 21. Marc de Graauw<br />marc@marcdegraauw.com<br />Hospital workflow<br />doctor makes round<br />360 seconds per patient<br />nurse has file ready<br />retrieval times are not acceptable<br />pre-signing tokens and pre-fetching data just in time<br />possible with auth tokens, not (so much) with SSL<br />
  22. 22. Marc de Graauw<br />marc@marcdegraauw.com<br />SOAP Envelope<br />SOAP Body<br />Authentication alternatives<br />SOAP Header<br />Auth Token<br />HL7 payload<br />
  23. 23. Marc de Graauw<br />marc@marcdegraauw.com<br />SOAP Envelope<br />Authentication alternatives<br />SOAP Header<br />Auth Token<br />Auth Token<br />Auth Token<br />SOAP Body<br />HL7 payload<br />HL7 payload<br />HL7 payload<br />
  24. 24. Marc de Graauw<br />marc@marcdegraauw.com<br />HL7 Medical Application<br />HL7v3 <br />Medical<br />Content<br />HL7 Control Query Processing Application<br />HL7v3 <br />Acts<br />HL7 Transmission Wrapper Adapter<br />HL7v3 <br />Messages<br />HL7 Web Services Messaging Adapter<br />SOAP<br />Messages<br />HTTP Client / Server<br />
  25. 25. Marc de Graauw<br />marc@marcdegraauw.com<br />Authentication alternatives<br />Authentication tokens in SOAP Headers separate them from the content<br />HL7 sometimes allows multiple payloads, making this problem worse<br />The token has to travel across layers with the paylaod<br />This violates layering principles<br />
  26. 26. Marc de Graauw<br />marc@marcdegraauw.com<br />WS-*<br />WS-* is confused about whether it is a document format or a message format<br />document: relevant to the end user<br />message: relevant to the mailman<br />keep metadata with the document<br />putting document metadata in SOAP headers violates layering design principles<br />
  27. 27. Marc de Graauw<br />marc@marcdegraauw.com<br />Digital Signatures<br />
  28. 28. Marc de Graauw<br />marc@marcdegraauw.com<br />Some philosophy<br />“The President of the United States is John McCain”<br />“Karen believes ‘the President of the United States is John McCain’ ”<br />“John says that ‘the President of the United States is John McCain’ ”<br />“Dr. Jones says: ‘Mr. Smith has the flu’ ”<br />
  29. 29. Marc de Graauw<br />marc@marcdegraauw.com<br />Signed Data<br />
  30. 30. Marc de Graauw<br />marc@marcdegraauw.com<br /><code code=”27” codeSystem=”2.16.840.1.113883.2.4.4.5” /> <br />"Dissolve in water"<br />
  31. 31. Marc de Graauw<br />marc@marcdegraauw.com<br />XML fragment<br />
  32. 32. Marc de Graauw<br />marc@marcdegraauw.com<br />Digitally signed token<br />
  33. 33. Marc de Graauw<br />marc@marcdegraauw.com<br />What You See Is What You Sign<br />
  34. 34. Marc de Graauw<br />marc@marcdegraauw.com<br />Token & XML Signature<br />XML Signature<br />Componenten<br />Met WSS<br />In SOAP Headers<br />SOAP envelope<br /><ws:SecToken><br />headers<br />Certificate<br /><ws:SecToken><br />Certificate<br /><ds:Signature><br /><ds:SignedInfo><br /> <ds:KeyInfo><br /><ds:Signature><br /><ds:SignedInfo><br /> <ds:KeyInfo><br /><ds:Signature><br /><ds:SignedInfo><br /> <ds:KeyInfo><br />Sig value<br />Sig value<br />Sig value<br />Sig value<br />Digest<br />Digest<br />Digest<br />Digest<br />Certificate<br />Reference<br />Reference<br />Certificate<br />Getekendegegevens<br />Getekendegegevens<br />body<br />Getekendegegevens<br />HL7v3 bericht<br />Getekendegegevens<br />HL7v3 bericht<br />HL7v3 bericht<br />HL7v3 bericht<br />Prescription1 <br />Prescription 1 <br />Prescription 1 <br />Prescription 1 <br />
  35. 35. Marc de Graauw<br />marc@marcdegraauw.com<br />Meerdere Signatures, 1 certificaat<br />Bericht + handtekening<br />Certificate A<br /><Signature1><br /><SignedInfo><br />Certificate<br />Sig value 1<br />Digest 1<br /><Signature2><br /><ds:SignedInfo><br />Signature<br />Sig value 2<br />persisteren<br />Digest 2<br />Getekende<br />gegevens<br />Getekendegegevens 1<br />Getekendegegevens 2<br />HL7v3 bericht<br />HL7v3<br />Prescription<br />Prescription 1 <br />Prescription 2<br />

×