Chandler Security

What's Changed

• In short: did an about face regarding crypto and PKI

What made us change

• Received a PKI for P2P proposal from Dartmouth
• Asked a lot of questions about the proposal; did our own research
• Researched the open source space regarding cryptographic libraries
• Concluded PKI would be simpler to implement than originally thought
• Decided to implement PKI in-house using existing open source libraries
• Prepare for audit later

PKI in Chandler Context

• PKI means sharing workflow different compared to username/password (see Figure below)
  • with PKI need to set up a sharing network, or friends network in advance
  • being sharing friends means having exchanged, and normally verified each others certificates
  • once sharing network established, sharing is straight forward
• Mutually authenticated SSL is the protocol of choice for secure communications over the network
• Where SSL is not possible due to firewalls or other reasons, the fallback is to exchange encrypted and signed sharing information over XMPP or email
• Initially will work with Chandler created certificates, enabling certificates from real CAs later

NOTE: There is actually a step missing in the picture: before sharing, we need to verify that we have marked the certificate trusted.	.

Figure: Different workflows with PKI and password based systems

Open Source Libraries

• Chose OpenSSL as the underlying cryptograpic library
  • OpenSSL provides encryption and decryption services and support for several cryptographic protocols and technologies, including SSL and S/MIME
  • well-known, widely deployed, easy(ish) to find experts & Google for answers
  • although documentation lacking, there is a great book about OpenSSL
  • actively-developed
  • mature
  • there are several Python bindings for OpenSSL

• • other major contender was NSS

• Chose M2Crypto Python bindings
  • M2Crypto is a wrapper around OpenSSL, making it easy to use from Python
  • actively developed
  • provides a wide coverage of OpenSSL
  • also covered by the OpenSSL book

• • other contenders included PyOpenSSL and POW

• Looked at EGADS entropy service as an interesting cross-platform entropy source and developed Python wrapper for it. May need to rethink due to resource issues in EGADS.
  • need entropy to provide randomness for OpenSSL
  • backup plan is to go with platform-specific solutions

Schedule

• 0.4 Release
  • creation of certificates
  • password protecting private keys
  • ability to forget certificates and start using new ones
  • verification of certificates using digital fingerprints
  • sharing over SSL
  • establishing friends network
• 0.5 and forward
  • secure sharing over XMPP and email
  • store cryptographic material in Chandler repository
  • support for certificates issues by real CAs
  • secure replication and synchronization of repositories
  • certificate revocation checks
  • audit

NOTE: Gryptographic groups are not in Canoga schedule, and group support in general will be implement in the application layer for Canoga.

Links

• http://wiki.osafoundation.org/twiki/bin/view/Chandler/SecurityFramework
• http://wiki.osafoundation.org/twiki/bin/view/Chandler/DartmouthPkiProposal
• http://wiki.osafoundation.org/twiki/bin/view/Chandler/CryptographicRequirements
• http://wiki.osafoundation.org/twiki/bin/view/Chandler/CryptoSchedule
• http://wiki.osafoundation.org/twiki/bin/view/Chandler/CryptoDesign

-- HeikkiToivonen - 03 May 2004