The present invention relates to improving the security of data transmission between computers using an insecure network, particularly to methods and systems for improving the integrity and security of messages transmitted from a client to a network server and then to a destination server or from the destination server to a network server and then to the client as part of a distributed computer system.
A distributed computer system comprises multiple distinct computers, which are interconnected. One simple example of a general-purpose distributed system is a networked system comprising several workstations and servers interconnected through a network. Networks are popular because they allow organizations to share information and resources. Furthermore, in a networked system, if one computer breaks, or “crashes,” the others may continue to operate.
The type, cost and reliability of the manner of interconnection can be important considerations in networked systems. Large networks over relatively short distances typically use local area networks (LAN) such as an Ethernet or a Token Ring, which permit communications between a number of different computers on one or more wires. The use of modems allows computer networks to be created over a larger area, because the connections can be made over data links such as telephone lines. Wide area networks (WAN) typically use a combination of fiber optic and copper wire telephone lines as well as microwave links and satellites to connect several smaller LANs. Networks of networks are often referred to as internetworks.
Computer networks, particularly internetworks, can be vulnerable to security breaches. The degree of security of each component in the network differs, in part because each entity may be protected by varying layers of physical and operational security. Furthermore, each component or network in an internetwork may be owned or controlled by different organizations whose security practices differ widely. The interconnections between the computers may be similarly insecure. Since some part of the network may use physically insecure links, such as telephone lines or microwave links, hackers and interlopers may eavesdrop or intercept communications over the telephone line and modify them according to their wishes or copy them for later use. Interlopers who copy login and/or command information have the potential to use that information to gain access to other computers on the network.
Network security is typically based on at least three general concepts. For every request to do an operation, such as execute a diagnostic routine or perform a remote login, the network 1) authenticates the request; 2) controls access via access control criteria; and, 3) audits every request to detect unauthorized uses.
Authentication is the process of verifying the identity of a user initiating a request. One common example of authentication is the use of a password at time of login. Upon receiving a username and password from a user, a host computer retrieves the password associated with the username in a password file, and if the supplied password matches the password associated with that username, the host computer allows access. In the situation just described, however, it is assumed that the user and host are communicating over a secure connection; otherwise, interlopers could intercept the communications from the user to the host and steal the username and password information. The interloper could then illegally access the host at a later time by using the stolen username and password information.
In a networked system comprising multiple interconnected computers, a first computer may request service from a second or destination server through an intermediate server. This first computer is typically called a client. In order to receive service from a destination server, the client must begin by authenticating itself to the destination server. However, because the client may be communicating to the destination server over an insecure line, the client cannot simply send a password in the clear. Instead, the client and the destination server may engage in a multiple query and response exchange, constituting an authentication process, which will convince the destination server that the requesting client is an authorized user.
Encryption-based authentication processes that can be used to so authenticate a client to such a server are known generally. Such authentication processes can be based on public-key or secret-key encryption systems. In a typical secret-key authentication scheme, each authorized party possesses a secret key, which is known only by the party and is registered with a trusted third party, or authentication server. The authentication server maintains a list of registered parties and secret keys and, therefore, must be physically secure. By contrast, in a public-key authentication system, each party has a public key and a private key. The public key is posted; the private key is known only to the party.
One example of a secret-key based network authentication system is the trusted third-party authentication service called Kerberos. Network services and clients requiring authentication register with a Kerberos security server and receive a secret key, where the key (or a pass phrase from which it can be derived) is known only to a principal and the Kerberos security servers.
A Kerberos principal is an identity to which credentials can be assigned and on behalf of which certain computer operations may be performed. A principal can be associated with a role or function belonging to a human computer user, and an individual human user can have multiple principal identities corresponding to multiple function roles for that user.
A principal may also be associated with a software program running on a computer. In this case, the principal may be used to authenticate the identity of that computer to a human user or another software program running on a different computer. The principal may also allow or deny access to certain operations on the computer on which the software program is executing.
In all cases, the physical manifestation of a principal comprises an entry in one or more security databases including the principal's name, secret key, and other data.
Kerberos also generates temporary session keys, which can be used to encrypt messages between two registered Kerberos principals. A typical Kerberos software package is Kerberos Version 5 from Project Athena at the Massachusetts Institute of Technology (MIT). The Kerberos authentication scheme also is discussed in J. Kohl and C. Neuman, The Network Authentication Service (V5), Request for Comments: 1510 (September 1993). Kerberos and other trusted third-party private authentication schemes can allow for secure access between two principals.
Other known systems have been developed to address network security issues. For example, the Secure Sockets Layer (SSL) protocol has been designed specifically to enable entities to authenticate themselves to each other and to protect the information being transmitted across the Internet by using encryption. Both the client and the destination server must support SSL. SSL is application-independent and operates above the Transport layer, meaning that it can operate under application protocols such as HTTP, File Transfer Protocol (FTP), telnet, Network News Transport Protocol (NNTP), and Simple Mail Transport Protocol (SMTP). SSL supports several cryptographic algorithms to support the authentication and encryption functions between the client and the server.
A current trend in distributed system development is the concept of managed hosts. In a managed host system, a client will access a network server and, via the network server, request access to a another server, which may be referred to as a remote host or a managed host. Likewise, multiple remote hosts or managed hosts may be accessed by a client via a network server. In larger networks, the network server may be acting as a gateway and proxy for a large number of clients to each access a large number of destination servers. In order for the transaction from a client to a destination server to be secure, both the transactions between the client and the network server and the transactions between the network server and the destination server should be secured by a network authentication and encryption process.
In a certificate-based authentication scheme, all entities that wish to authenticate to one another must register with a third party called a certificate authority. The certificate authority verifies the identity of the registering party and issues certificates which the parties can then use to authenticate themselves to other registered parties. There are many certificate authorities offering suitable certificates of authentication including, for example, those provided by Verisign, Baltimore Technologies, and RSA Laboratories.
There are a number of problems associated with simply using a certificate-based authentication process to secure the transactions between the client and network server and those between the network server and the destination server. Use of this system, for example, would require that the network server and all destination servers possess certificates ultimately traceable to the same top-level certification authority. Furthermore, each individual user of a client system must be issued a client certificate. If the client certificates were stored on the individual workstations, the client would be restricted to using only particular workstations. If the client certificates were stored on a portable media, such as diskettes, they would be subject to loss or theft, decreasing the security of the overall network system. Moreover, client workstations may be any one of a number of different hardware devices, such as PCs or Macintosh, running a variety of different operating systems, such as UNIX or Microsoft Windows®, and there is no single medium supported by all the varieties of clients. In summary, use of a certificate authentication scheme between the client and the network server would be administratively difficult to support.
When Kerberos authentication for all transactions is used, each client workstation is required to possess the software necessary to communicate with the key distribution center (KDC). This approach encounters problems including that of providing many different versions of the software to support the many varieties of clients.
If one authentication scheme is used to secure transactions between the client and the network server, while another authentication scheme is used to secure transactions between the network server and the destination server, then in transactions between the client and the destination server, the network server must act as a proxy for the client, and it may sometimes be undesirable to require the network server to perform client authentication. Since, by using two different authentication schemes, the client would not be authenticating itself to the destination server directly, the network server needs to act as if it has the identity and memory of the client server.
In server-to-server transactions, the user typically has directly logged on to the network server using a shell or command interpreter program. The shell program creates records on the network server that maintain a record of the user's identity and use (i.e. time and date). As long as the user is logged on, the shell logon program exists. In contrast, in a client-to-managed host transaction, the shell or command interpreter program is active on the client computer, but not on the server. The network server, instead, is interfacing with a KDC, or authentication server, on behalf of the client. To do this, a network server configured as a World Wide Web server creates and executes transient processes (such as when an HTTP Common Gateway Interface request is executed) or utilizes an extension to the World Wide Web server (such as a servlet) to query the KDC. Common Gateway Interfaces and servlets are often used interchangeably. These temporary processes must assume in some sense the identity of the user for the length of the transaction. Once their functions are complete, however, the transient processes terminate and disappear or the World Wide Web server extensions become quiescent and available for another use, thus resulting in the loss of any identity or session state data they may have acquired.
When a network server does not maintain any information on a client once it has finished processing a request by the client, the server is described as stateless. A stateless file server avoids retaining client information by deriving information about files and positions within files from the request itself. A stateful server (e.g., one that stores file information in volatile memory) loses the information when the server crashes. In addition, if the client fails, the server may be unaware that the client is no longer using the space allocated to retain information needed for the transactions and may be unable to reclaim the space. In contrast, following the crash of a client or server, the stateless server need only respond to the last fully self-contained request from the client to continue the operation. In a UNIX operating environment, the UNIX processes (e.g. daemons) are sometimes stateful. Individual transient processes, however, are not persistent and, therefore, cannot maintain long-term state information internally.
There is a need, therefore, for a method of and system for increasing security of transactions involving multiple networked computers, and for increasing security of transactions involving a client that sends commands to a managed host via an intermediate server over a non-secure network such as the Internet.
There is also a need for a method of and system for increasing security of transactions involving a client, a network server, and a managed host, where the client is not restricted to one of a limited subset of devices or operating systems because of interoperability or administration concerns.
Moreover, a need exists for a method of and system for increasing security of transactions involving a client, a network server, and a managed host, where the increased security is attained by using an SSL protocol for communications between the client and the network server, a Kerberos authentication system is used to authenticate the identity of the client to the managed host and the managed host to the client, and the client communicates with the managed host through an insecure network connection such as the Internet.
Needs also exist to allow many varieties of clients to communicate with a destination server via a network server over an insecure network connection using authentication protocols and to allow transmission of data or commands over an insecure computer network from a client to a destination server via a network server.
Another desire is for a system and method to allow necessary client information to pass to the network server with each transaction so that the network server may access the destination server on behalf of the client.