WebSecFrame - A Way to Improve Corporate Network Security

Transcription

1 WebSecFrame - A Way to Improve Corporate Network Security Frank Losemann losemann@ti.fhg.de Christoph Meinel meinel@ti.fhg.de Institute for Telematics, Trier, Germany Phone: Fax: Abstract This work addresses the problem of user perception of Public-Key-Infrastructures (PKI) in corporate environments built for employees untrained in using certificates for authentication. We are providing users in a corporate environment with a single trusted point of service related to certificates. Its purpose is to explain the corporate intranet security concept and the underlying basic mechanisms of a PKI to the user, as far as needed for proper operation. Introduction There are three approaches supporting user perception of PKI: one is an introduction to be read before requesting a certificate or using the PKI. The second supports the user in new or unknown situations. To achieve this, we have to make sure that users are able to easily access related help online. This is achieved by a helpdesk with an online-user-interface to a database of certificate-related problems. All the dialogboxes of applications making use of the PKI - most likely Web-Browsers - are classified by title, task and application version and put into a database, which provides explanations as well as recommended reactions to be taken by the user. Integrating "security service and helpdesk" it improves corporate security by training the users on a very basic level while they are doing their job. Websecframe provides a clearly defined way on how to solve problems, which occur during certificate handling. The final goal of our approach is to create an appropriate mental model of the corporate access control system and public key infrastructures in general, enabling users to find the appropriate answer to most questions on their own. Overall security is improved by providing advice at the correct level: too detailed advice makes PKIs seem too complicated to novices. Explaining everything step by step, the user will end up with answering the PKI user interface dialogs without understanding them. Hence, it seems better to rely on centralized expert helpdesks rather than on collegues hints of doubtful expertise. The third approach to support the appropriate mental model of PKI is the application design. A

2 "websecframe" is something like a authentication-statusbar. It can be directly integrated into applications or cgi-scripts using the corporate PKI-based security system, or can be added by server-plugins or cgi-scripts to HTML-Documents. Unified User Interface for the Authentication System Websecframes introduce a "certificate to html-gateway" that works platform independent. Visualizing the involved certificates and access-control basics using html-format, it provides a unified user-interface across all https-enabled clients. SSL-protected transmission is necessary and used to insure the integrity of the provided Status information. New browser versions with changed capabilties and user interface for the use or inspection of certificates introduce different ways of accessing the certified information. But integrating this information into the displayed contents, the same frontend to the authentication system is available on all plattforms. This websecframe visualizes the information provided by the involved certificates. Picture 1: Prototype screenshot The information should be read as follows: "CA DevCA1 checked the identity of the certified user. The policy of this CA determines how the CA made sure that the certified public-key belongs to the user described by the certificate. This certified public-key was used to verify the identity of the user that requested the page displayed together with the websecframe. The Web-Server creating this websecframe and serving the requested contents expresses his belief in the identity claimed by the certificate, because it is configured to trust the CA that certified the user. Based on the certified distinguished name a trusted directory may provide additional attributes or properties of the certified user, that are needed to decide about the access to a requested resource." The information in the drop-down-lists of column two and three contain the contents of the certificate and the corresponding directory entry. It is displayed to show or remind users of the basis for the access control decision taken by the server and to clarify the structure of the security system - in a way supporting the creation of our intended mental model. The fourth column is not only used to present information. It is used enabling the user to specify

3 an desired role when accessing resources. This might be necessary to collect accounting information related to different tasks or projects. An employee might be involved in different projects and can easily choose the account to pay the resource. Another case of an "active role"-selection might be the explicit statement, that the user is not acting on his own, but for an absent collegue, which might be a necessary prerequisite for using extended rights. Some privileges might be granted for emergency conditions only and have to be reported and explained elsewhere. To make use of these rights it can be made necessary to shortly describe the problem and the reason why the rights where used. In cases of complicated Role Based Access Control models as i.e. RBAC3 as defined in [San96] we might call an external role browsing application to access the full spectrum of roles provided by the access control system. Last but not least there is a column with a lock image. This column provides access to the online help desk system, which is explained in the following section. Helpdesk organization The certificate handling component of the corporate security system strongly depends on the client used to access the corporate Intranet and installed extensions to standard browser or software such as smartcards. Hence, the initial documentation delivered with standard software components becomes obsolete. Limiting the number of different client-software allowed to access the intranet is not always feasible. The variety of hardware and different operating systems which are installed in a corporate environment can be numerous. Thus, users and help-desk personnel encounter many version and operation system specific dialogs concerning certificate handling. However, by constructing an index of all titles of user dialog screens with screenshots and associated explanations we enable helpdesk personnel and eventually even untrained users to refer to an empircally constructed problem/solution data base. All questions and anwers are classified by program, version and title of the workflow steps or dialogboxes. Unlisted dialogs can be submitted as screenshots via http or for further assistance. We established a mechanism enabling users to directly remark their personal difficulties and possible misunderstandings caused by the provided explanation and set up a workflow for integrating these suggestions into the documentation. Thereby, we are continuously improving the quality of our helpdesk system, that must steadily be kept up to date due to new versions of client software with changing user interfaces. Analyzing the Helpdesk activity we can identify the workflow steps and PKI-dialogs that need to be improved. Another feature of the websecframe is the detection of the client software used to access the corporate network. When accessing the helpdesk, users normally have to explain all those properties of their computing environment which might be relevant for their questions. Autodetecting those properties is feasible by evaluating the http-headers of the connection if the questions are related to a web-browser.

4 Basic tasks The basic tasks which have to be mastered by an untrained user are 1. Learn the concept of delegating trust, and the interpretation of certificates. 2. Understand the role of a certifying authority and the services provided 3. Get to know the role of a directory service 4. Learn the difference between Authentication and Authorization. 5. Configure the user environment to seamlessly integrate into the corporate intranet security concept for single-sign-on using intranet-webservers. In a preconfigured intranet environment all tasks can be supported but the first. Because the computer cannot foresee what action the user intends to take i.e. which resource is requested, the verification of the certificate cannot be fully automated. So the initial focus has to be explaining this issue including necessity and possible threats as well as criteria which can be used to determine the trustworthyness of a given certificate. Experiences We deployed an certificate management system for a large intranet PKI of an european bank. User interface improvement quickly became a central part of the project, to insure user acceptance as well as to lower the administrative burden. The improvements first dealt with the user part of certificate requests and then with the verification process carried out by certifying agents. Adding the visualization feature for certificates to the issueing application quickly raised the idea of integrating more and more information and functions into our websecframe. Explaining the use of certificates became easier, because users were able to see the whole picture at a glance. Outlook Currently we are working on improvements of our helpdesk system. Detailed results of the deployment and experiences with users should be available for the final version of this paper. Perspectives of using colors in websecframes to indicating the reliability, confidentiality or origin of the displayed information will be looked at lateron. References [ISO90] ISO/IEC International Standard Information technology, open systems interconnection, the directory, part 8: Authentication framework, 1990 [Koh99] R.Kohlas, U. Maurer: Reasoning About Public-Key Certification: On Bindungs

5 between Entities and Public Keys; to appear in Springer LNCS, Financial Cryptography 1999 [San96] R.S. Sandhu, E.J. Coyne, H-I. Feinstein, C.E.Youman: Role-Based Access Control Models; IEEE Computer Vol.29,No.2:Feb1996,pp [Sch96] B. Schneier: Applied Cryptography. John Wiley and Sons, New York 2nd editon 1996 [RSA78] R. Rivest, A. Shamir, L. Adleman. A method for obtaining digital signatures and public-key cryptosystems.communications of the ACM, 21(2): , 1978 [Whit98] A.Whitten, J.Tygar: Usability of Security: A Case Study; Technical Report CMU-CS Carnegie Mellon University Pittsburgh 1998 [Woo92] T.Woo, S.Lam: Authentication for Distribiuted Systems; IEEE Computer Jan 1992