Abstract: This paper presents a solution that compatibilizes user mobility and secure access to information servers by means of X.509 certificates with a short validity period. The common approach to compatibilizing user mobility and secure access is based on removable tokens that hold cryptographic information. The use of these techniques restricts user mobility in several ways. First, when specific hardware is required, it must be available in any computer the user may employ to connect from. Second, using software that must be added to well-known client programs means that the user must circumscribe to those hosts where the software is installed or install it on his/her own. The solution we present here does not impose any constraints on hardware and, since it is based on the thin client paradigm, software requirements are minimal.
The application of X.509 certificates permits the use of (de facto) standard software for accessing the information. Furthermore, since the system uses short term certificates it does not necessitate the user eliminating any traces left behind in the client program after its use. Finally, the token (actually, a diskette) can be used with practically any computer, as it contains all the software and data needed for user authentication, and is based on a thin client written in an architecture neutral language like Java. The requirements on the computer the user is connecting from are minimal: having a floppy drive and a Java virtual machine.
An implementation of the framework described here is in use to provide authorized access to internal servers at CICA.
Keywords: Security, authentication, user mobility, certificate, SSL
Public key cryptography is the most adequate option to provide secure access to Internet information servers. Since it permits a secure information exchange between the server and the client without requiring them to share a previously agreed-upon secret [6], applications based on this technology are open and scalable. However, a trust framework must be established in order to ensure that each party can verify the identity of the other. Here is where certification mechanisms come into play.
Essentially, a certificate contains the identifier and the public key of a certain entity digitally signed by a third entity which is trusted by the communicating parties. This third entity is called a Certification Authority (CA). A secure access protocol, like SSL [1], includes in its initiation phase the exchange of certificates identifying the entities in communication. Each certificate must be signed by a CA trusted by the entity receiving it. X.509 certificates [2] are the most widely deployed technology for performing this authentication process.
Since it is an almost omnipresent network, one of the major advantages of Internet information services is that they ease user mobility. We mean user mobility to its broadest extent: we refer not only to users employing portable computers, but also to those users that change their workplace, either inside or outside the corporate network. As stated above, the most common secure access procedures are based on X.509 certificates. Nevertheless, the certification framework defined by the standards and the common practice within it imply some requirements in terms of static management and duration that do not fit the constraints imposed by user mobility in the wide sense of the term.
This paper presents a solution that compatibilizes user mobility and secure access to information servers by means of X.509 certificates with a short validity period (that we call temporary certificates). This solution does not impose any constraints on hardware and, since it is based on the thin client paradigm, software requirements are minimal. In the following sections we will first discuss the disadvantages of using "classical" X.509 certificates when user mobility is a priority, introducing the desirable features of a system that meets both goals of employing a well established certification framework and supporting user mobility. Once these requirements are defined, we will show the elements of a system that satisfies them and the protocol that they use, illustrating the steps involved in user authentication and the major aspects of an implementation currently in use at our Center.
Although not an explicit requirement of the certification framework, the common use of X.509 certificates assumes a long period of validity for them, in the order of (at least) several months. Since a certificate is associated with the identity of a particular element, it is a reasonable conclusion that this identity is not likely to change in a more or less long period of time and, therefore, that the certificate must be valid for that period. Nonetheless, a long period of validity involves a set of management tasks like the necessity of maintaining revocation lists and a meticulous handling of CAs. Furthermore, network clients tend to deal with certificates as information of static nature, holding them in permanent storage to easily access them along their whole lifetime. This imposes on the mobile user the burden of installing and uninstalling the certificates in any client program he/she wishes to use. [7] contains a detailed discussion of these problems and how they can be overcome by short-term certificates.
In essence, user mobility and secure information access can be achieved by the use of a portable element (a token) that contains a certificate or any information needed to obtain it. This information is protected by a secret (a PIN or a passphrase) known only by the user. Since the token is removable, the threat of leaving the certificate permanently installed into the client is avoided. This way, only the person who possesses the token and knows the secret protecting the information it holds will be authenticated. In common practice, this has been attained by using specific software with a standard interface [3] that habitually uses smartcards as tokens. For example, the user can direct Netscape Communicator to install external PKCS#11 compliant libraries that perform cryptographic operations related to secure access.
It is worth noting that the use of these techniques restricts user mobility in several ways. First, when specific hardware (like smartcard readers) is required, it must be available in any computer the user may employ to connect from. While this may not constitute a problem (apart from deployment and maintenance costs) in a more or less limited corporate network, it is not applicable to most of the hosts with Internet access. What's more, using software that must be added to well-known client programs means that the user must circumscribe to those hosts where the software is installed or install it on his/her own. Clearly, this last option conflicts with security and good behavior practices (especially, when the user is in some other organization's network), and is beyond most users knowledge and/or wishes.
A system that offers secure access to information servers for mobile users must, therefore, have the following properties:
With these objectives in mind, we have designed a system that allows a secure access to Internet information servers for mobile users by means of temporary X.509 certificates. The application of X.509 certificates permits the use of (de facto) standard software for accessing the information. Furthermore, since the system uses short term certificates (typically, validity periods are of several hours) it does not necessitate the user eliminating any traces left behind in the client program after its use. The system utilizes a directory to authenticate users, thus simplifying access-level management. Finally, the token (actually, a diskette) can be used with practically any computer, as it contains all the software and data needed for user authentication, and is based on a thin client written in an architecture neutral language like Java. The requirements on the computer the user is connecting from are minimal: having a floppy drive and a Java virtual machine.
The system is composed of four basic elements. Two of them are executed by the user to securely access information. The other two elements store information about authorized users and access it to provide the secure access mechanisms. This section describes the main features of these four elements.
As stated before, the basic goal of the system is to offer secure access to information servers while allowing maximal user mobility. One of the critical capacities for ensuring this maximal mobility is the ability to use common and widespread client programs. Therefore, one of the basic elements of the system is an information reader (IR) able to employ X.509 certificates and widely adopted by the user community. This reader can be a WWW browser, an e-mail client, a news reader, etc.: there are many such (commercial or not) programs available.
To allow the IR to access the information there must exist a mechanism that permits the user to authenticate and initiate the reader with a temporary certificate valid for the session. This task is accomplished by the temporary certificate client (TCC). This client lives in the user token and is the application the user must execute to start a session. In essence it is a set of Java classes packed in a JAR file. The TCC asks the user for the parameters to identify him/her to the authentication service, negotiates the session parameters with the service and initiates the IR so it starts with an appropriate temporary certificate. It is clear that the TCC must adapt to the different kinds of IR, since reader start and certificate load procedures vary. Nevertheless, the TCC offers a homogeneous interface to the user, requiring the characteristics for the session:
Apart from the TCC application, the user token also contains the cryptographic information that is needed to authenticate the user with the service. This information consists essentially of a private key associated with the user and it is held by a PKCS#12 [4] object stored in a file. The PKCS#12 object is encrypted with a passphrase of arbitrary length that the TCC requires of the user before initiating the negotiation process with the service.
The element that the TCC negotiates with is the temporary certificate server (TCS). It is in charge of validating the user identity with the data sent by the TCC and generating, if the outcome of the validation process is correct, a temporary certificate appropriate to user requirements. Apart from the cryptographic procedures involved in user and session validation, the TCS acts as an on-line CA able to:
The TCS must load, when it starts, the private keys of those CAs acceptable to the information servers it provides access to.
It is clear that there is a series of data the TCS must use either when validating a user or when issuing a certificate, like:
These data are held by a directory accessed by the TCS, that constitutes the fourth element of the system. In its simpler implementation, this directory can be held by a secure configuration file. But those data not used for user authentication can be also stored in a external server (for example, based on LDAP). This way, a TCS can share parts of its configuration with other TCSs, or access data stored in some other corporate servers.
Once we have described the elements that constitute the system, this section will illustrate how they interact. The mechanisms used by the authentication process and for issuing the temporary certificate are shown in Figure 1. The steps of the authentication protocol are:
From the user´s point of view, the process simply consists of starting the TCC application, providing the requested information to it and (optionally) following the steps the IR requests to install a new certificate. At that moment, the IR informs him/her that the requested information can be accessed.
To demonstrate the applicability of the architecture and the protocol described above, we have implemented an authorized access service that uses a Java-based TCS and Netscape 4 as IR. At the moment of writing this paper, this system is in use at CICA to access internal databases and a series of applications that control some of the services the Center offers.
We have presented a framework based on the use of temporary X.509 certificates oriented to allow secure access to information servers for mobile users. This framework employs a set of mechanisms that imposes minimal hardware/software requirements, so practically any Internet connected host can be employed by users of a system based on it. Currently, a first version of such a system is in use to provide authorized access to internal servers at CICA.
Work is ongoing on this issue, as we intend to include support for more information readers, particularly to remote host access through VNC [5]. Other open questions are the refinement of user profiles and the use of the host address the TCC is running on to qualify requests, in the aim of achieving a finer granularity when establishing the information a certain user has the right to access.
[1] A. O. Freier, P. Karlton, P.C. Kocher, The SSL protocol. Version 3, Internet Draft draft-freier-ssl-version3-02.txt, IETF Transport Layer Security Working Group, November 1996.
[2] ITU-T, The Directory - Authentication Framework, Recommendation X.509.
[3] RSA Laboratories, PKCS#11: Cryptographic Token Interface Standard, RSA Laboratories Technical Note, July 1997.
[4] RSA Laboratories, PKCS#12: Personal Information Exchange Syntax Standard, RSA Technical Note, April 1997.
[5] T. Richardson, Q. Stafford-Fraser, K. R. Wood, A. Hopper, Virtual Network Computing, IEEE Internet Computing, vol.2 no. 1, January/February 1998.
[6] B. Schneier, Applied Cryptography, John Wiley & Sons, 1996.
[7] Yung-Kao Hsu, S. P. Seymour, An Intranet Security Framework Based on Short-lived Certificates, IEEE Internet Computing, vol. 2 no. 2, March/April 1998.
 |
Diego R. López is the responsible of the Network Applications Area at CICA, Seville (Spain). He graduated in Physics at the University of Granada in 1985 and joined the Conformance Testing Division of Telefonica I+D, working in several projects related to e-mail and directory services. Since 1992 is member of the technical staff of CICA. His current work is focused on Web publishing interfaces and security-enhanced mail services. |
 |
Marcelo Reina is working at the Computing Center of the Consejería de Economía y Hacienda, Seville (Spain). He graduated in Mathematics at the University of Seville and earned a two-year grant in the Network Applications Area of CICA. His current work is related to the definition and deployment of public certification infrastructures. |