Upload
dinhdang
View
218
Download
1
Embed Size (px)
Citation preview
Apple Computer, Inc.
AppleÕsAppleÕsSecuritySecurityArchitectureArchitecture(ASA)(ASA)
Aram P�rezAram P�rezChief Security ArchitectChief Security Architect
[email protected]@apple.com
Apple Data Security GroupApple Data Security Group
Apple Computer, Inc.
OverviewOverview¥ Apple Data Security Group¥ Why provide a security architecture?¥ Requirements¥ Building Blocks¥ The Security Architecture¥ Restrictions, Extensions and Wishes¥ Summary¥ Q&A
¥ Apple Data Security Group¥ Why provide a security architecture?¥ Requirements¥ Building Blocks¥ The Security Architecture¥ Restrictions, Extensions and Wishes¥ Summary¥ Q&A
Apple Computer, Inc.
Apple Data Security GroupApple Data Security Group¥Mission:
Ð To make a wide range of data security protocolsand services available to developers
Ð To provide a consistent and easy to use interfacefor the user
¥Motto:ÒThink CrypticÓ
¥Mission:Ð To make a wide range of data security protocols
and services available to developersÐ To provide a consistent and easy to use interface
for the user¥Motto:
ÒThink CrypticÓ
Apple Computer, Inc.
Apple Data Security GroupApple Data Security Group¥Mission:
Ð To make a wide range of data security protocolsand services available to developers
Ð To provide a consistent and easy to use interfacefor the user
¥Motto:ÒThink CryptoÓ
¥Mission:Ð To make a wide range of data security protocols
and services available to developersÐ To provide a consistent and easy to use interface
for the user¥Motto:
ÒThink CryptoÓ
Apple Computer, Inc.
OrganizationOrganization¥Two teams
Ð Security FrameworkÐ Applied Security
¥Two teamsÐ Security FrameworkÐ Applied Security
Apple Computer, Inc.
Security FrameworkSecurity Framework¥Provide a framework to support multiple
algorithms, certificate types, trust policiesand data stores
¥Integrate new data security technologies intothe system without requiring changes tosecurity applications
¥Encourage innovative security products byproviding powerful access to low levelcryptographic functions
¥Provide a framework to support multiplealgorithms, certificate types, trust policiesand data stores
¥Integrate new data security technologies intothe system without requiring changes tosecurity applications
¥Encourage innovative security products byproviding powerful access to low levelcryptographic functions
Apple Computer, Inc.
Applied SecurityApplied Security¥Provide a consistent user experience for
handling passwords, keys and certificates¥Abstract key and certificate types for
developer through drag-and-drop and highlevel protocol toolkits
¥Automate certificate management forcreation, storage and revocation
¥Provide a consistent user experience forhandling passwords, keys and certificates
¥Abstract key and certificate types fordeveloper through drag-and-drop and highlevel protocol toolkits
¥Automate certificate management forcreation, storage and revocation
Apple Computer, Inc.
Why ProvideWhy Providea Security Architecture?a Security Architecture?
¥It is becoming a fundamentalrequirement in an operating system
¥Low barrier of entry for developers¥Ability to provide consistent user experience
for customers¥Faster time to market for providing
new security services
¥It is becoming a fundamentalrequirement in an operating system
¥Low barrier of entry for developers¥Ability to provide consistent user experience
for customers¥Faster time to market for providing
new security services
Apple Computer, Inc.
RequirementsRequirements¥Leverage industry work
Ð We did not want to re-invent the wheel¥Easily supported on all Apple OSs¥Extensible and flexible
Ð Easy to add new technologiesÐ Support software, hardware or both
¥Leverage industry workÐ We did not want to re-invent the wheel
¥Easily supported on all Apple OSs¥Extensible and flexible
Ð Easy to add new technologiesÐ Support software, hardware or both
Apple Computer, Inc.
More RequirementsMore Requirements¥A complete security model with
a good level of abstraction¥Multiple certificate models and formats
Ð X.509, PGP, etc.
¥A complete security model witha good level of abstraction
¥Multiple certificate models and formatsÐ X.509, PGP, etc.
Apple Computer, Inc.
Building BlocksBuilding Blocks¥Successful concepts from PowerTalk:
Keychain and DigiSign¥License of a full featured industry
proven security API¥Provide for the most popular cryptographic
algorithms
¥Successful concepts from PowerTalk:Keychain and DigiSign
¥License of a full featured industryproven security API
¥Provide for the most popular cryptographicalgorithms
Apple Computer, Inc.
More Building BlocksMore Building Blocks¥On staff chief cryptographer: Dr. Richard
Crandall¥Apple patented encryption algorithms
Ð Fast Elliptic Encryption (FEE)¥Fastest Odd-characteristic ECC
Ð Apple Secure Compression (ASC)¥1 pass compression and encryption
Ð Chaotic Dynamic (Chad)¥On staff security architect
¥On staff chief cryptographer: Dr. RichardCrandall
¥Apple patented encryption algorithmsÐ Fast Elliptic Encryption (FEE)
¥Fastest Odd-characteristic ECCÐ Apple Secure Compression (ASC)
¥1 pass compression and encryptionÐ Chaotic Dynamic (Chad)
¥On staff security architect
Apple Computer, Inc.
What Is Our Architecture?What Is Our Architecture?¥It is based on IntelÕs ÒCommon Data Security
ArchitectureÓ or CDSA¥We have licensed CDSA source from
Intel and are porting it
¥ It is based on IntelÕs ÒCommon Data SecurityArchitectureÓ or CDSA
¥We have licensed CDSA source fromIntel and are porting it
Apple Computer, Inc.
ApplicationsApplicationsSystem Security
Services Layered Services, Middleware, etc.Layered Services, Middleware, etc.
Common SecurityServices Manager
CSSM Security APICSSM Security APICSP
ManagerCSP
ManagerTP
ManagerTP
ManagerCL
ManagerCL
ManagerDL
ManagerDL
Manager
Security Add-inModules CSP CSP TP TP CL CL DL DL
HereÕs What It Looks LikeHereÕs What It Looks Like
Apple Computer, Inc.
System Security ServicesSystem Security Services¥Secure e-mail
Ð S/MIMEÐ Open PGP (PGP/MIME)
¥Secure communicationsÐ Secure Sockets Layer (SSL)Ð Transport Layer Security (TLS)
¥Authentication Services
¥Secure e-mailÐ S/MIMEÐ Open PGP (PGP/MIME)
¥Secure communicationsÐ Secure Sockets Layer (SSL)Ð Transport Layer Security (TLS)
¥Authentication Services
Apple Computer, Inc.
More System Security ServicesMore System Security Services¥Secure payments
Ð Secure Electronic Transaction (SET)Ð Micro PaymentsÐ E-Checks
¥Certificate managementÐ CreationÐ RevocationÐ Trust models
¥Secure paymentsÐ Secure Electronic Transaction (SET)Ð Micro PaymentsÐ E-Checks
¥Certificate managementÐ CreationÐ RevocationÐ Trust models
Apple Computer, Inc.
CSP CSP TP TP CL CL DL DL
System SecurityServices
Security Add-inModules
ApplicationsApplications
Layered Services, Middleware, etc.Layered Services, Middleware, etc.
Common SecurityServices Manager
CSSM Security APICSSM Security APICSP
ManagerCSP
ManagerTP
ManagerTP
ManagerCL
ManagerCL
ManagerDL
ManagerDL
Manager
Common SecurityCommon SecurityServices ManagerServices Manager
Apple Computer, Inc.
CSSMCSSM¥The essential component in CDSA that
integrates and manages all categoriesof security services
¥It enables the tight integration of individualservices, while allowingthose services to be provided byinteroperable modules
¥The essential component in CDSA thatintegrates and manages all categoriesof security services
¥It enables the tight integration of individualservices, while allowingthose services to be provided byinteroperable modules
Apple Computer, Inc.
TP TP CL CL DL DL
System SecurityServices
Common SecurityServices Manager
ApplicationsApplications
Layered Services, Middleware, etc.Layered Services, Middleware, etc.
CSSM Security APICSSM Security APICSP
ManagerCSP
ManagerTP
ManagerTP
ManagerCL
ManagerCL
ManagerDL
ManagerDL
Manager
Security Add-inModules CSP CSP
Cryptographic Service ProviderCryptographic Service Provider
Apple Computer, Inc.
CSPCSP¥A module that performs cryptographic
operations and securely stores cryptographickeys
¥May be software, hardware, ora combination of both
¥A module that performs cryptographicoperations and securely stores cryptographickeys
¥May be software, hardware, ora combination of both
Apple Computer, Inc.
CSP CSP CL CL DL DL
System SecurityServices
Common SecurityServices Manager
ApplicationsApplications
Layered Services, Middleware, etc.Layered Services, Middleware, etc.
CSSM Security APICSSM Security APICSP
ManagerCSP
ManagerTP
ManagerTP
ManagerCL
ManagerCL
ManagerDL
ManagerDL
Manager
Security Add-inModules TP TP
Trust PolicyTrust Policy
Apple Computer, Inc.
TPTP¥ÒCertificate semanticsÓ¥A module that implements policies defined
by authorities and institutions¥Policies define the level of trust required
before certain actions can be performed
¥ÒCertificate semanticsÓ¥A module that implements policies defined
by authorities and institutions¥Policies define the level of trust required
before certain actions can be performed
Apple Computer, Inc.
CSP CSP TP TP DL DL
System SecurityServices
Common SecurityServices Manager
ApplicationsApplications
Layered Services, Middleware, etc.Layered Services, Middleware, etc.
CSSM Security APICSSM Security APICSP
ManagerCSP
ManagerTP
ManagerTP
ManagerCL
ManagerCL
ManagerDL
ManagerDL
Manager
Security Add-inModules CL CL
Certificate LibraryCertificate Library
Apple Computer, Inc.
CLCL¥ÒCertificate syntaxÓ¥A module that implements syntactic
manipulation of memory-resident certificatesand certificate revocation lists
¥Each module may choose to implement onlythose operations required to manipulate aspecific certificate data format, such as X.509,SDSI, PGP, etc.
¥ÒCertificate syntaxÓ¥A module that implements syntactic
manipulation of memory-resident certificatesand certificate revocation lists
¥Each module may choose to implement onlythose operations required to manipulate aspecific certificate data format, such as X.509,SDSI, PGP, etc.
Apple Computer, Inc.
CSP CSP TP TP CL CL
System SecurityServices
Common SecurityServices Manager
ApplicationsApplications
Layered Services, Middleware, etc.Layered Services, Middleware, etc.
CSSM Security APICSSM Security APICSP
ManagerCSP
ManagerTP
ManagerTP
ManagerCL
ManagerCL
ManagerDL
ManagerDL
Manager
Security Add-inModules DL DL
Data LibraryData Library
Apple Computer, Inc.
DLDL¥A module that provides stable storage
for security-related data objects¥These objects can be certificates, certificate
revocation lists (CRLs), cryptographic keys,policy objectsor application-specific objects
¥A module that provides stable storagefor security-related data objects
¥These objects can be certificates, certificaterevocation lists (CRLs), cryptographic keys,policy objectsor application-specific objects
Apple Computer, Inc.
System SecurityServices
ApplicationsApplications
Common SecurityServices Manager CSP
ManagerCSP
Manager
CSSM Security APICSSM Security APITP
ManagerTP
ManagerCL
ManagerCL
ManagerDL
ManagerDL
Manager
Default SecurityAdd-in Modules CSP CSP TP TP CL CL DL DL
KeychainAccess
KeychainAccess
KeychainKeychain SSLSSL Cert MgtCert Mgt SignSign EncEnc ??????
What Are We Delivering?What Are We Delivering?
Apple Computer, Inc.
Default CryptographicDefault CryptographicService Provider (CSP)Service Provider (CSP)
¥Fully exportable, available world-wide¥Signatures: FEE (ECDSA), RSA, DSA (full
strength)¥Symmetric: DES, RC2, RC4, ASC
(Apple Secure Compression) (40 bits)¥Key exchange: FEE, RSA, D-H (512)¥Hashes: MD2, MD5, SHA-1
¥Fully exportable, available world-wide¥Signatures: FEE (ECDSA), RSA, DSA (full
strength)¥Symmetric: DES, RC2, RC4, ASC
(Apple Secure Compression) (40 bits)¥Key exchange: FEE, RSA, D-H (512)¥Hashes: MD2, MD5, SHA-1
Apple Computer, Inc.
Default Trust Policy (TP)Default Trust Policy (TP)¥Trust based on X.509 certificates¥Trust based on X.509 certificates
Apple Computer, Inc.
Default Certificate Library (CL)Default Certificate Library (CL)¥X.509 V3 certificates & CRLs¥X.509 V3 certificates & CRLs
Apple Computer, Inc.
Default Data Library (DL)Default Data Library (DL)¥File based¥Protected by ÒpassphraseÓ¥Will store certificates, CRLs, keys and
passwords¥The Keychain will be standard API
for accessing objects stored in DL
¥File based¥Protected by ÒpassphraseÓ¥Will store certificates, CRLs, keys and
passwords¥The Keychain will be standard API
for accessing objects stored in DL
Apple Computer, Inc.
US/Canada Only CSPUS/Canada Only CSP¥Full strength CSP, not exportable¥Signatures: FEE, RSA, DSA¥Symmetric: DES, 3DES, RC2, RC4, ASC
(Apple Secure Compression)¥Asymmetric: FEE, RSA, D-H¥Key exchange: FEE, RSA, D-H¥Hashes: MD2, MD5, SHA-1
¥Full strength CSP, not exportable¥Signatures: FEE, RSA, DSA¥Symmetric: DES, 3DES, RC2, RC4, ASC
(Apple Secure Compression)¥Asymmetric: FEE, RSA, D-H¥Key exchange: FEE, RSA, D-H¥Hashes: MD2, MD5, SHA-1
Apple Computer, Inc.
ÒFinancialÓ CSPÒFinancialÓ CSP¥Planning a CSP for financial applications¥Will provide strong cryptography for
financial transactions¥Available worldwide¥Most likely will require application to Òbe
signedÓ
¥Planning a CSP for financial applications¥Will provide strong cryptography for
financial transactions¥Available worldwide¥Most likely will require application to Òbe
signedÓ
Apple Computer, Inc.
Delivery DatesDelivery Dates¥Stand-alone Keychain
Ð 3rd Quarter 1998¥Core CDSA with default add-in modules
(including smartcard support)Ð 1st Quarter 1999
¥CDSA-based KeychainÐ 1st Quarter 1999
¥SSL v3 over CDSAÐ 2nd Quarter 1999
¥Stand-alone KeychainÐ 3rd Quarter 1998
¥Core CDSA with default add-in modules(including smartcard support)Ð 1st Quarter 1999
¥CDSA-based KeychainÐ 1st Quarter 1999
¥SSL v3 over CDSAÐ 2nd Quarter 1999
Apple Computer, Inc.
More DatesMore Dates¥CDSA 2.0
Ð 3-4 months after release of reference code¥CDSA 2.0
Ð 3-4 months after release of reference code
Apple Computer, Inc.
CDSA RestrictionsCDSA Restrictions¥Only CSP/DL multi-service modules allowed
Ð CSPs have minimum key management API:¥Generate¥Find private key by public key
Ð DLs have a ÒfullerÓ object management APIÐ Easier for Keychain and other applications
¥Only ÒoneÓ APIÐ Easier for supporting smartcards
¥Only CSP/DL multi-service modules allowedÐ CSPs have minimum key management API:
¥Generate¥Find private key by public key
Ð DLs have a ÒfullerÓ object management APIÐ Easier for Keychain and other applications
¥Only ÒoneÓ APIÐ Easier for supporting smartcards
Apple Computer, Inc.
More RestrictionsMore Restrictions¥Keys have a single use
Ð Good security practiceÐ Easier export/import compliance
¥Only key references allowed, no raw key bitsÐ Exception for public keys
¥Keys have a well known set of attributesÐ Based on the CSSM_KEY structure
¥Keys have a single useÐ Good security practiceÐ Easier export/import compliance
¥Only key references allowed, no raw key bitsÐ Exception for public keys
¥Keys have a well known set of attributesÐ Based on the CSSM_KEY structure
Apple Computer, Inc.
CDSA ExtensionsCDSA Extensions¥Conversion functions between DL keys and
CSP keysÐ ASA_DBRecordToKeyÐ ASA_FreeKey
¥Conversion functions between DL keys andCSP keysÐ ASA_DBRecordToKeyÐ ASA_FreeKey
Apple Computer, Inc.
CDSA 2.0 Wish ListCDSA 2.0 Wish List¥More object definition
Ð Currently applications are tied to a particular DLbecause they have to know the attributessupported by the DL
¥A better key management APIÐ Currently applications are tied to a particular CSP
because there is no standard key management API
¥More object definitionÐ Currently applications are tied to a particular DL
because they have to know the attributessupported by the DL
¥A better key management APIÐ Currently applications are tied to a particular CSP
because there is no standard key management API
Apple Computer, Inc.
More WishesMore Wishes¥Conversion functions between DL and CSP
Ð Currently there is no way to use a key from a DLwith a CSP
¥Clearer support for smartcards¥Work on system security services APIs that
are based on CDSAÐ SSL/TLSÐ Secure E-mail
¥Conversion functions between DL and CSPÐ Currently there is no way to use a key from a DL
with a CSP¥Clearer support for smartcards¥Work on system security services APIs that
are based on CDSAÐ SSL/TLSÐ Secure E-mail
Apple Computer, Inc.
SummarySummary¥Apple has a Security Architecture
Ð Based on CDSAÐ Will be integrated with the operating systemÐ Will be delivered with every Apple computer
¥Our focus is the System Security Services andthe User experienceÐ CDSA is an enabling technology for usÐ Developers are interested in security functionality
not security APIs
¥Apple has a Security ArchitectureÐ Based on CDSAÐ Will be integrated with the operating systemÐ Will be delivered with every Apple computer
¥Our focus is the System Security Services andthe User experienceÐ CDSA is an enabling technology for usÐ Developers are interested in security functionality
not security APIs
Apple Computer, Inc.
For More InformationFor More Information¥This presentation
Ð http://arcanum.apple.com¥Intel:
Ð http://www.intel.se/ial/security/CDSAÐ Has documentation for Version 1.2
¥The Open Group:Ð http://www.opengroup.org/security/cdsaÐ Has documentation for Version 2.0
¥This presentationÐ http://arcanum.apple.com
¥Intel:Ð http://www.intel.se/ial/security/CDSAÐ Has documentation for Version 1.2
¥The Open Group:Ð http://www.opengroup.org/security/cdsaÐ Has documentation for Version 2.0