Secure System Solution and Security Technology Hitachi Review Vol. 47 (1998), No. 6 245 Chisato Konno, D.Sc. Mitsuhiro Tsunoda Yasushi Kuba Satoru Tezuka OVERVIEW: The and intranet systems are rapidly spreading through society. Their corporate systems are widely applied to, for example, information sharing and information transfer via the Web, access to groupware and databases, support for decision-making by linking with data and processes on existing backbone systems, and customization services for data warehouses and customers which leads to business innovation. The expansion and development of network computing can only be achieved by implementing system and information security. This article describes a security framework suitable for the development of a distributed environment, the scope of connection over the network, methods of implementing a secure system solution considering system cost and usability suitable for the type of information transferred over the network, and security technology and products to implement these functions. INTRODUCTION APPLICATION of the technology of the, which was developed on a noncommercial network for use with academic and public information, has been rapidly expanding its scope of application to not only corporate systems (intranets) but also the intercorporate systems (extranets) and corporate-consumer systems (electronic commerce: EC) because of its openness on a global scale and excellent operability. It is expected that corporations, homes, and society as a whole will be connected together by a seamless network, and proper system services allowed for each type of user will be provided safely from anywhere on the network, resulting in the development of a highly information-oriented society. In order to implement this huge distributed environment, security technology aimed at protecting the system and information connected with the network is indispensable, and the importance of security is increasing in proportion to the expansion of the application and the scope of connection. Security technology based on cryptography has implemented system access control, data protection on the network, authentication of the other party in communication, assurance of communication authenticity, and prevention of communication disavowal. Hitachi proposes a totally secure system solution to support the development of the and intranets. SECURE SYSTEM FRAMEWORK An information system based on Protocol (IP) enables corporate information systems and public systems to develop extensively from a data sharing and data transmission infrastructure. Fig. 1 shows the entire configuration. A corporate information system (intranet) and SOHO mobile systems utilizing technology to allow the access from outside of the corporation must provide access control and data protection with a firewall, secure communications, and file encryption. An authentication is introduced into the system to implement more precise user authentication for the use of information or programs stored in the system. An extranet for intercorporate data transfer and business transactions requires public authentication (notarization) of an order or settlement (payment) and a more reliable and band-assured network infrastructure service. For advanced use of the, a secure commerce and an authentication center that assures secure network transactions for consumer electronic commerce are needed. Fig. 2 illustrates a security framework configuration to implement the above functions. The framework is provided with hardware incorporating encryption technology, the basis for security, such as an encryption router or an IC card.
Secure System Solution and Security Technology 246 Enterprise intranet and extranet system EC and public systems Office automation and groupware system Backbone system Web and database Intercorporate electronic commerce Certificate, Other corporate directory extranet Certificate issue and user control Access control and user authentication Firewall (Gauntlet)* 1 (Firewall-1)* 2 External WWW Japan Hitachi Commerce Solution Certificate Service Co. Bank or Virtual mall credit card company File encryption, electronic signature Cipher library Intranet (Secure communication library) Encryption router Encryption-based communication system Communication channel encryption Access VPN Browser Facsimile Public network Mobile or SOHO environment Telephone Cellular telephone, PHS Mobile, SOHO, Home (Consumer) Security (data protection, access control, authentication, and copyright protection) Prevention of data alteration, wiretapping, theft, destruction, masquerade, repudiation, and unauthorized access. WWW: world wide web EC: electronic commerce SOHO: small office, home office PHS: personal handyphone system VPN: virtual private network : encrypted communication *1 Gauntlet is a trademark of Network Associates, Inc., U.S.A. *2 Firewall-1 is a trademark of Check Point Software Technology Ltd. Fig. 1 Concept of Secure Intranet and Systems. Illustration of an overview of secure and intranet systems that connect corporations, homes, and society as a whole via a secure seamless global network is shown. Development of the network is supported by strong flexible security technology. Services and solutions Enterprise business media service Enterprise network outsourcing service Satellite information distribution service Hitachi Commerce Solution Certificate issuing service (Japan Certificate Service Co., Ltd.) Contents delivery service VPN Service Secure middleware Network management Certificate Secure e-mail Secure WWW Directory Secure commerce Firewalls Secure communication library Electronic signature Digital watermark Secure socket Cipher Private key cipher: MULTI2*1, DES Public key cipher: Elliptic curve cipher, RSA Hardware Encryption LSI IC card application system Digital receiving equipment for satellite broadcasts Encryption router : Hitachi s product VPN: virtual private network *1: MULTI2 is the original private key cipher algorithm and is registered to ISO. Fig. 2 Hitachi Security Framework. The entire hardware and software hierarchy for implementing a total security system suitable for the application or system configuration.
Hitachi Review Vol. 47 (1998), No. 6 247 The secure middleware includes an electronic signature using encryption technology, a secure protocol, a firewall, an authentication, and other application s to implement secure communications. System services and solutions are built on these functions. A secure system solution that meets the user s application can be configured by combining such services and solutions. An approach to configuring a secure system solution and remarkable security technologies and products will be described below. SECURE SYSTEM SOLUTION Security Policy The security policy defines the security assurance stance by clarifying and classifying what are the threats, against whom should protection be taken, what is the subject of protection, and what cost should be paid for security. Security policy planning is considered important for designing, introducing, and operating a security system. Even a single security hole could lower the security level of the entire distributed system. Discussed below are the secure system configuration created on the basis of the security policy and the concept of its procedures for creating the system. Functions for Implementing a Secure System The following functions are necessary to implement a secure system. (1) Network access control This function controls access to networks by distinguishing them as either inside or outside the or corporation network. Control is implemented by filtering such as packet-filtering through a firewall or a router. (2) Terminal control This function controls terminals, that is, restricts s or sections that can access the system and use the information stored in it. (3) Available application control This function controls the available applications for each user or department. It is also used for preventing persons from using applications that are not related to their jobs, for example, by restricting web page viewing or Telnet utilization. (4) User control This control feature identifies an authentic user. The user authentication capability can be strengthened by providing an electronic certificate in addition to the use of an identification (ID) number and a password. It is suitable for a job or business limited to specified users. Secure System Configuration and Security Measures To select security measures and cost, the system must be designed with consideration for cost effectiveness. It is important to provide appropriate measures at necessary points, and the required security level is determined by the types of data flowing over the network and the anticipated degree of damage or monetary loss due to wrongful use of the data. Fig. 3 outlines the secure system configuration and its security measures. (1) Configuration of a closed network within the This is a corporate LAN environment without connection to outside networks and is used only by users within an or corporation. The configuration of this network, which is not connected with any network external to the, will use authentication and access control setting at the and antivirus software as its basic security measures. Since illegal access within the is a major risk, the capability of strict user identification may be necessary. (2) Open data configuration to users within the This configuration provides an environment where the corporate system is connected with the by leased lines to use external services. This type of configuration needs to protect against illegal intrusion from the outside. Installation of a firewall or similar protection is essential at the interface with the external network, which is a particularly important point for security measures. (3) Data exchange configuration for users within the This configuration provides an environment where data exchange is performed within the via the. It includes SOHO and mobile access systems. The configuration requires measures against data interception on the. User authentication is essential for mobile access. (4) Data exchange configuration for outside users This extranet configuration allows data exchange with users external to the via the. It requires measures against communication data forging, user masquerade, and repudiation of once approved data. Examples of this type of configuration include electronic commerce (EC) between
Secure System Solution and Security Technology 248 Larger Availability range Password Access control Countermeasure against virus Closed network within Corporate LAN Firewall Log analysis Data open to users within Corporate LAN Firewall External information Secure communication Seamless VPN Data exchange for users within Corporate LAN Confidential information Corporate LAN Data exchange with users external to the Other party s transaction network Authentication bureau Transaction information Certificate Secure commerce Authentication bureau Inside enterprise network Smaller Lower Security level Higher Fig. 3 System Configurations and Security Measure Levels. System utilization configurations and security countermeasure levels can be broadly divided into four types. corporations and consumer EC over the. Procedures for System Integration of a Secure System A security solution is fundamentally based on the security policy. The security solution prescribes the standard procedures for designing a secure system by identifying access control setting information through definition of users and services for example, applications such as web access, e-mail, and file transfer and utilizing the setting information for actual installation. The procedures are described below. (1) Investigation of the design requirements Establish a security policy by extracting and sorting the service requirements to be satisfied and the restrictions. (2) Basic architecture design Design a basic network architecture and review the method of implementing the required services, always taking security into consideration. (3) Detailed architecture design Check security factors for providing services, and make necessary security reinforcement. (4) System evaluation Check the system periodically to see that it meets the established security policy. BASIC TECHNOLOGY SUPPORTING THE SECURE SYSTEM Discussed below is a basic security technology that supports the implementation of the secure system mentioned above. Basic Security Product Architecture Today s corporate information systems are created in the intranet environment placing emphasis on technology, and are also shifting to systems using distributed object technology. On the other hand, client- system configurations based on mainframes and UNIX s* also have been widely employed. Thus the entire system s security can be realized by providing security architecture and a repertory of products that can be applied to various types of system configurations. Hitachi has implemented security applications including: (1) a firewall to protect an entire corporate information system, (2) a virtual private network (VPN) to provide secured communications in the or mobile environment, and (3) a provision of precise security at each basic unit of transaction or service in the or an intranet environment (Fig. 4). *: UNIX is a registered trademark of X/Open Company Limited.
Hitachi Review Vol. 47 (1998), No. 6 249 Network Security Hitachi supports implementing basic site security by providing two kinds of firewall products, Gauntlet and FireWall-1, to prevent illegal access to the corporate information system from the outside. Virtual Private Network Hitachi offers a virtual private network (VPN) as a network to interconnect a firm s headquarters and branches instead of leased lines, for example, or as the infrastructure to implement the new work styles such as mobile operations, working at home, or SOHO environments. Hitachi provides two VPN products: VPN for Gauntlet, which can be added to the Gauntlet firewall, and secure socket system, which is applied to mobile access via the public network. Either product allows communications using highly secure MULTI2 cipher 2,3). Security of Distributed Object Environment Hitachi offers security service functions conforming to Common Object Request Broker Architecture (CORBA) Security 2.0 proposed by Object Management Group (OMG), as the security basis for the distributed object system environment created. The messages transferred between objects belonging to the security domain, which is controlled by the security, can all be encrypted by SECIOP, a secure protocol, and turned into signed messages. The access between those objects can be controlled, to establish a secure distributed environment. Also, a single log-in feature can be implemented for plural applications (objects) belonging to the security system domain. Application Security Application security means implementation of secure message exchange and file exchange between applications independent of the security of intervening networks or the configuration of distributed system environments. The secure exchange features are suitable for mission-critical activities because they can be implemented by using a secure communication library from an application, and can be applied precisely at any required level to data needing encryption or signing. These features will actively be applied to basic applications developed in the Enterprise system, government system, etc. Application /mainframe Network security operation platform Unified operation of security within a company Unified management of user information and authentication/ access control (directory and authentication ) Assuring security for basic application groups CORBA security Intermediate (e.g., Web ) Another corporation AP security (Including work flow and document control) Intranet Secure communication on the Preventing unauthorized accesses from the outside Preventing leakage or wiretapping of confidential information Assuring the confidentiality of order reception and placement activities Assuring the privacy of business and personal information Firewall AP security (including extranet and intercorporate EC) / mobile environments VPN between headquarters and branches (VPN for Gauntlet) Mobile user or work at home (Secure socket) Public services such as issuing certificates AP: application program Fig. 4 Secure Corporate Information System Environment Implemented by Hitachi. Provides security infrastructure to implement seamless application for interconnecting corporations or corporations and society as a whole. Security at various levels can be assured for different system configurations and business purposes.
Secure System Solution and Security Technology 250 or extranet environment, and to systems handling personnel, accounting, and financial settlement activities. Security Operation Basis The system provides common operation control based on the technology to allow common operation of various security functions to meet the users needs and system configurations and to minimize operation costs. A secure system is built up on the basis of X.509 public key digital certificate, which is widely employed in the environment. Hitachi provides a certificate issuing for the intranet or the extranet. Its operational load can be reduced by controlling the certificates issued and user s information with a directory conforming to Lightweight Directory Access Protocol (LDAP), which is defined by the Engineering Task Force (IETF). Security is strengthened by allowing an IC card to be used as a certificate storage medium, and by reducing the operation cost of the security system for the end-user through the implementation of a single log-in function. Encryption Technology Supporting the Security Functions Hitachi has developed a variety of security technologies and encryption technologies for security products since the 1980s. The MULTI2 cipher, a private key cipher system announced in 1989, is not only the common technical base for secure systems proposed by Hitachi but also employed widely for network devices and digital satellite broadcast systems. Hitachi also developed Hitachi elliptic curve cipher, a public key cipher system, announced it in July 1997, and shipped the product version, the first in Japan, in September 1997. It is expected to assure the security of new systems in our -based society systems, including electronic commerce in the future. CONCLUSIONS This article describes the secure system solution and security technology and products that will be the basis for the development of the secure and intranet systems. The authors propose total security solutions for more global and seamless network systems, aiming at the implementation and enrichment of corporate information sharing and transfer; corporate activity innovation by interconnection of distributed applications; media distribution infrastructure for homes; and distribution, finance, and administration network services in society as a whole. REFERENCES (1) Kawakami et al., Development of New Management and Information System in Cyberspace Age, Hitachi Hyoron 79, No. 5 (May 1997), pp.416-420, in Japanese. (2) Sasaki et al., Security Technology in the Open Network, Hitachi Hyoron, 79, No. 5(May 1997), pp. 459-464, in Japanese. (3) Sasaki et al., Security. Ohm Co., Ltd. (1996). ABOUT THE AUTHORS Chisato Konno, D.Sc. Joined Hitachi, Ltd. in 1977 and now works at the Strategic Business Development Department of the Information Systems Business Planning Div. He is currently engaged in the planning and development of security related products. Mr, Konno is a member of the Information Processing Society of Japan, and Japan Society for Industrial and Applied Mathematics, and can be reached by e-mail at c-konno@comp.hitachi.co.jp Mitsuhiro Tsunoda Joined Hitachi, Ltd. in 1987 and now works at the Network Systems Department of the Information Systems Div. He is currently engaged in the development and sales of and intranet solution services. Mr. Tsunoda can be reached by e- mail at tsunoda@system.hitachi.co.jp Yasushi Kuba Joined Hitachi, Ltd. in 1988 and now works at the Planning Department of the Software Development Center. He is currently engaged in the planning and development of security-related and other products. Mr. Kuba can be reached by e-mail at kubayasu@soft.hitachi.co.jp Satoru Tezuka Joined Hitachi, Ltd. in 1984 and now works at the Security Research Center of the Systems Development Laboratory. He is currently engaged in the research and development of security systems. Mr. Tezuka is a member of the Information Processing Society of Japan, and can be reached by e-mail at tezuka@sdl.hitachi.co.jp.