General Introduction of Web Service Security

来源：互联网发布：淘宝兑换虾米会员编辑：程序博客网时间：2024/04/30 23:51

Background :

When i read book "Prentice.Hall.PTR.Developing.Enterprise.Web.Services.An.Architects.Guide.eBook", i wrote this article for recording the keypoints.

Part 1 Web Risks

Risks in Information Transaction

¨ Identity risks

¨ Information theft

¨ Information interception

¨ Negligence

Security Is An End-to-End Process

Risks come out not only during data transport between one computer and another computer, but also after transport. Mainly present on Data Handling and Forwarding, Data Storage and Errors in Identity.

Solution Strategy

Issue - Data Handling and Forwarding

There are many means to address these types of data handling and forwarding problems. The first is simply to re-encode and encrypt the data before the server forwards it. Another solution is to encrypt the data so that it can be partially decrypted by the receiving server. The partial decrypt allows only routing information to be gathered so the information can be forwarded to the appropriate representative as encrypted data.

Part 2 Web Service Security Issues

As more and more Web applications and Web sites are simply repackaged, wrapped, and exposed as Web services, these security risks and issues will pervade Web services environments as well.

Data Protection and Encryption（数据保护和加密）

Data protection refers to the management of transmitted messages so that the contents of each message arrives at its destination intact, unaltered, and not viewed by anyone along the way.

¨ Data integrity: assures the recipient that the data was neither damaged nor intercepted by a third-party and altered while in transit

¨ Data privacy: assures the recipient that the contents of the data have not been viewed by any third-party

Point-to-point data protection solution - Secure Sockets Layer (SSL) protocol

¨ Creat a secure tunnel based on public-key encryption techniques

¨ Supports authentication of the origination computer to the destination computer

¨ Supports authentication of the destination computer(optionally)

However, SSL can’t be a solution for End-to-end Process for reasons:

¨ It does not provide end-to-end data protection between multiple parties

¨ It does not support selectively encrypting segments of a message

Protect Data Privacy: Authentication and Authorization（保护数据隐私：认证和授权）

Authentication refers to verifying that the identity of an entity is in fact that which it claims to be.The entity trying to have its identity authenticated is known as the principal（委托人）. The evidence used to prove the principal's identity is known as the credentials（资格证书）

After a principal's identity has been authenticated, authorization mechanisms are used to determine what the user (or application) will be allowed to access.

Classification of technologies and approaches(implement authentication and authorization for Web services)

¨ System-level approaches

Usually, the operating system or the Web server handles authentication and authorization prior to forwarding the SOAP request to the Web service.

Common system-level approaches to authentication include basic passwords, encrypted passwords, and digital certificates.

¨ Application-level approaches

Application-level approaches require custom development, and usually have to be modified with changes to the authentication mechanism. They can pass credentials as part of the SOAP message.

In this case, the Web service must parse the credentials as well as implement authentication and authorization mechanisms itself. The credentials can be transmitted as part of the SOAP header or the SOAP body.

This example depicts a SOAP envelope that uses the optional SOAP header specification to pass username and password credentials. Before the SOAP body, the SOAP header is defined that includes UserName and Password elements. SOAP messages that either lack a header or present incorrect credentials will not be allowed to invoke the GetRealTimeQuote method.

<soap:Envelope

     xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">

  <soap:Header>

    <AuthHeader xmlns="http://tempuri.org/">

      <UserName>MyUserName</UserName>

      <Password>MyPassword</Password>

    </AuthHeader>

  </soap:Header>

  <soap:Body>

    <GetRealTimeQuote xmlns="http://tempuri.org/">

      <symbol>HPQ</symbol>

    </GetRealTimeQuote>

  </soap:Body>

</soap:Envelope>

¨ Third-party approaches

The third-party single sign-on service manages and maps the single credential held by service requesters to each of the service providers. The complexities of maintaining, managing, and revoking authentication credentials and authorization access list are handle by the third-party service provider.

Two examples of single sign-on services are Microsoft Passport and the Liberty Alliance.

Non-Repudiation and Signatures（认可和签名）

Alongside privacy are the following related and equally important issues:

¨ Data authenticity(数据真实性): This verifies the identity of the sender of a message. The concept of data authenticity answers the question: Who sent this message?

¨ Data integrity（数据完整性）: This verifies that the message data that was received was in fact the same data that was sent by the sender, and the information was not modified in any way in transit. The concept of data integrity answers the question: Is this data really what the sender sent?

¨ Non-repudiation（认可）: It provides a means to prove that a sender sent a particular message, and does not allow the sender to later disavow having sent it. The concept of non-repudiation answers the question: Can the sender deny having sent this message?

These issues are addressed by the concept of Digital signatures（数字签名）

Digital signatures allow the receiver of a document to verify that the source from which it came has created (or viewed) and validated the contents of the document. It also supports the ethic of accountability in that the identity of the person who validated the document can be proved and the person can be held accountable for their validation.

Digital signatures technology is based on Public Key Infrastructure (PKI) technologies. The basic process is as follows:

¨ The document that is to be signed is transformed using the private key of the sender.

¨ When the document is received, the receiver transforms the received document using the public key of the sender. Since only a transformation using the public key of the sender can undo the initial transformation using the private key of the sender, the receiver can be certain that the owner of the private key has signed the document

XML Signatures technology

<Reference> element specifies the URI for the actual resource

---<DigestMethod> element that specifies the algorithm used to calculate the digest

------<DigestValue> element that contains the actual calculated digest value

A example:

What Receiver should do?

On receiving the signed document, the receiver must simply follow these steps to verify the signature as well as the integrity of the received data:

1. Calculate the digest of the <SignedInfo> element using the digest algorithm specified in the <SignatureMethod> element.

2. Use the public key of the sender (from the <KeyInfo> element or from external sources) to verify the signature of the digest.

3. Calculate the digests of each of the resources (within each <Reference> element) using the algorithm specified in the <DigestMethod> element. Compare the calculated values with those specified within the <DigestValue> of each <Reference> element to verify the integrity of the data.

Part 3 Types of Security Attacks and Threats

l Malicious Attacks(恶意攻击)

Web services expose critical application interfaces and operations and make them accessible through HTTP traffic. Each of these hundreds and thousands of operations represents a potential security problem.

l Denial of Service Attacks(DoS)（拒绝服务）

A denial-of-service (DoS) attack is an attack in which a user is deprived of a service that it normally expects to have available to it.

Cases:

1 The most common type of DoS attack is a buffer overflow attack.（超负荷攻击）

2 Sending extremely large XML documents to a Web service can also be considered a type of DoS attack.

3 Replay attack with a valid message is repeatedly sent to a service

In these cases, it is critical to authenticate the requester(验证请求的真实性) before starting to process the request.

l Dictionary Attacks（词典攻击）

A dictionary attack is an action in which a client takes advantage of weak passwords or other authentication mechanisms to gain access to a service

l Internal Threats（内在威胁）

Attacks from inside

Part 4 Web Services Security Roadmap

This roadmap is based on a document entitled "Security in a Web Services World: A Proposed Architecture and Roadmap" that was jointly submitted by IBM and Microsoft.

· WS-Security. This builds on the SOAP specification and specifies how to sign and secure SOAP messages.

· WS-Policy. This specifies a generic format through which to describe the security capabilities and requirements for SOAP message senders and receivers. This group includes not only consumers and endpoints, but also intermediaries.

· WS-Trust. This specifies and describes the model for establishing and coordinating trust relationships between multiple parties.

· WS-Privacy. This builds on WS-Security, WS-Policy, and WS-Trust to specify a model by which organizations using Web services can indicate preferences as well as conformance to particular privacy policies.

· WS-SecureConversation. This builds on WS-Security and WS-Trust to specify how Web services can mutually manage and authenticate security contexts. It includes describing how Web services can authenticate messages from service requesters as well as how service requesters can authenticate Web services.

· WS-Federation. This builds on WS-Security, WS-Policy, WS-Trust, and WS-SecureConversation to specify how to broker and manage heterogeneous, federated trust contexts.

· WS-Authorization. This specifies how access policies for Web services are specified and managed using a flexible and extensible authorization format and language.