Emergency Alerts as RSS Feeds with Interdomain Authorization

1

Emergency Alerts as RSS Feeds with Interdomain

Authorization

Filippo Gioachin1, Ravinder Shankesi1, Michael J. May1,2, Carl A. Gunter1, Wook Shin1

1 University of Illinois Urbana-Champaign2 University of Pennsylvania

2

Emergency Messaging• Emergency messaging has requirements we see

in other contexts as well• Scalability• Timeliness• Targeted delivery

• Public health emergency messaging has additional requirements

• Sender integrity and authentication• Message integrity• Recipient integrity and authentication• Wide scale distribution with targeted delivery

• We need interdomain messaging with multiple levels of authentication

3

Emergency Messaging

4

Emergency Messaging

auth

alerts

alerts

5

Emergency Messaging

alerts

•Roles•Permission•Location•Employer•Specialty

•Policies for permissions•Access Control Lists

•Alert policies•Permissions•Scope•Location

6

Emergency Messaging

alerts

auth

token

tokenAlerts summary

• Attribute based policies

• Summaries

7

Our approach

• Leverage existing technologies for a scalable interdomain authentication and authorization system

• Rights as user attributes• Policies given in terms of attributes• Interdomain federation and trust between state

authorities and local organizations

• Alerts as messages with policies• Policies based on CDC standardized messaging format• Policies defined by CDC, enforced by states

• Alerts provided as summaries• Natural mechanism for regularly updating and dynamic

content

8

Our approach

• Shibboleth attribute based authentication• SAML token based• Users authenticate to a local Identity Provider

(IdP) which provides a signed attribute cookie• Users use the cookie to authenticate to the

service provider• RSS based message feeds

• XML based message summary format• Widely deployed mechanism for distributing

links to dynamically updated content• SSL encryption between nodes• Result: Shibboleth RSS

9

Contributions

• Architecture and implementation of Shibboleth RSS

• Application to standards based messaging formats

• Scalability and performance estimates from experiments

10

Design Considerations

• What attributes to consider?• Attributes from CDC message format - Common Alerting

Protocol (CAP) and Public Health Directory Schema (PHINDir)

• What workload to put on server and client?• RSS from CAP on the server• RSS to HTML done on client• Custom user filtering done with JavaScript on client

• How to design policies?• Forcing redesign of policies are a burden on alert

authors• Generic policies will match most messages and speed

policy filtering• Custom policies can be attached if desired

11

Policy Evaluation

• System architect predefines common policies• Policy names are associated with each alert

• Policies need to be evaluated only once per request• User attributes compared once against existing

policies and stored for later use

12

High Level Architecture

1 Req

1: Redirect

IdentityProvider

Public HealthDirectory

2: Auth

3 4

5: Token

Alert Filter

Alert Database

Policies

Alerts to RSS6

5

7: Alerts

8: RSS

8: RSS

13

Performance Evaluation• Vary the number of policies and number of alerts

• Alerts• Small = 128 Kb (54 infos in 15 alerts) • Big = 512 Kb (216 infos in 60 alerts)

• Policies• Few = 10 rules• Many = 50 rules

• Critical operations• SSL tunnel establishment• PHP web page processing• Policy evaluation• Message filtering based on policy• Summarizing messages in RSS• Transforming RSS to HTML for viewing

14

Performance Evaluation

Dow

nloads per second

15

Performance Evaluation

• Optimizations:• CAP to RSS feed format• Cached policies per

user• Searched for all policies

at once

• Results:• SSL the biggest

performance hit• Size of the input

matters, not number of policies

Dow

nloads per

second

16

Conclusion

• Shibboleth RSS offers a scalable method for interdomain emergency alerts• Attributes let us define policies• RSS lets us summarize policies for reading

• Performance penalty reasonable after SSL• About 45% - 60% throughput

• Federated trust makes interdomain messaging practical

17

References

• Illinois Security Lab• http://seclab.uiuc.edu

• Shibboleth RSS Project• http://seclab.uiuc.edu/securerss

• Demo video• http://seclab.uiuc.edu/resources/shibbol

ethRSSDemo.html

• Or Google “Shibboleth RSS”