- Role Playing
- DoD Evaluation
DAS is a Java servlet that performs asymmetric private key operations (such as RSA decryption, RSA and ECDSA signing, or ECDH key agreement) on demand for properly authenticated users. Typically the users are members of a group that may be thought of either as a community of interest (COI) or as defining a particular security role.
DAS is supported by and fully compatible with DAS-enabled CSPid 2.0 and above, thereby making DAS services available to any security-enabled application that makes use of CSPid. Authentication to a DAS server may be direct or delegated through a separate proxy service.
Sharing sensitive documents among the members of a COI
DAS† allows sensitive documents and even entire disk partitions to be securely shared among the frequently changing members of one or more Communities of Interest (CoIs). Once a document is encrypted for a particular CoI (or for the union of several CoIs), DAS ensures that it can only be decrypted by a current member of that group. Documents need not be re-encrypted as group membership rosters change — DAS figures out in real time who should have access to a given document.
Facilitating 'role-based' signing
Another application of DAS is to facilitate 'role-based' signing: issue a special 'role certificate' and load its private key along with a 'duty roster' of authorized 'watch officers' into a DAS server. DAS will ensure that only active watch officers can sign documents using that role's private key.† Recipients use the 'role certificate' to validate incoming signed messages while the DAS system audit trail records forensic evidence if knowledge of exactly which individual watch officer signed a given document is ever required.
Defining Groups and Roles
Groups may be defined using a local certificate database or via queries to an existing LDAP repository. As of release 1.7, DAS supports dynamic LDAP groups as well as static ones when used with SecretAgent 5.9 client software. As of release 6.0, SecretAgent clients allow documents to be encrypted for arbitrary intersections (of unions) of static and dynamic LDAP groups.
†DAS-mediated decryption and signing services may be accessed via DAS-enabled CSPid by nearly all security-enabled applications (including S/MIME clients such as Microsoft Outlook and Mozilla Thunderbird), or directly by SecretAgent and SpyProof! clients. Client applications can access DAS services on behalf of an authorized subject using either direct or delegated authentication.
REQUIREMENT: Sensitive documents must be shared among the members of a community of interest (CoI).
SETUP: An asymmetric key pair is generated for the CoI, a certificate is obtained on the public component, and the private component is put under control of a DAS server. The DAS server is configured to honor decryption requests (for a document’s random symmetric encryption key) only from those users who pass a real-time test of CoI membership (preferably involving strong authentication).
OPERATION: A DAS-enabled client† is used to encrypt each sensitive CoI document under a random symmetric key that is wrapped in the CoI certificate. Whenever a current CoI members wishes to decrypt a CoI document, their DAS-enabled client automatically contacts the appropriate DAS server to recover the document's symmetric key and decrypt it.
RESULT: By securely mediating the decryption process, the DAS server ensures that only active CoI members access sensitive plaintext. Since the CoI private key is securely protected by the DAS server (possibly on an independent HSM), at no time is it available for compromise even by authorized CoI members.
How DAS Mediates the Decryption Process Within a COI‡
Regardless of it's origin, when a user attempts to decrypt a document or e-mail message encrypted for a particular CoI, their DAS-enabled client† automatically establishes a TLS-secured session with the appropriate DAS webserver. DAS accepts a decryption request from the client and applies one of several configurable authentication mechanisms to check the user's membership in that CoI.
(Click diagram for a detailed DAS Architecture Diagram in PDF form)
If DAS determines that the user is currently a CoI member, it processes the request and returns a document decryption key to the client application; otherwise, the request is denied. (Actually, a document might be encrypted for a number of ordinary recipients, a set of CoIs, or even the intersection of several COIs, so that the above process might be repeated until either a CoI membership test is passed or the user is found to possess the private key of one of the ordinary recipients.) If a document has been encrypted for a union of CoIs, the user need only be a member of one of them to decrypt the document; if it has been encrypted for an intersection of CoIs, the user must be a member of all of them to decrypt the document. (As of release 6.0, SecretAgent clients support arbitrary combinations of unions and intersections.)
DAS provides a web-based administrative interface for all system configuration, key management, and CoI maintenance tasks. Administrators can easily grant or deny users access to large numbers of sensitive files using centrally-managed CoI membership rosters based on DAS' own integrated certificate database, an organization's existing LDAP repository, or on any authentication mechanism provided by a third party. (In fact, membership testing can easily be configured to rely on existing third party solutions for restricted website access, although our existing customers appear to prefer to use their own enterprise-accessible LDAP repositories to define and maintain CoIs as static or dynamic LDAP queries.)
† By "DAS-enabled client" we mean any security-enabled software application that can access a DAS server for private key operations (either directly or indirectly via CSPid). In particular, this includes SecretAgent, SpyProof!, and all popular S/MIME clients such as Microsoft Outlook and Mozilla Thunderbird on all supported platforms. In fact, most standards-compliant, certificate-based security applications on Microsoft Windows that rely on CAPI/CNG CSPs can be made 'DAS-enabled' using CSPid.
‡ Patent pending.
REQUIREMENT: A number of individuals (“watch officers”) are to sign messages that recipients can validate as having been issued by an authorized watch officer. (Normally, recipients don't care which individual issued a given message, only that someone authorized to play the watch officer role did so.)
SETUP: An asymmetric key pair is generated for the watch officer role, a special "watch officer certificate" is obtained on the public component, and the private component is put under the control of a DAS server. The DAS server is configured to perform signing operations only for members on the active duty roster for that watch officer role.
OPERATION: A watch officer uses a DAS-enabled client† to sign outgoing messages; recipients use the special watch officer certificate to validate all incoming messages.
RESULT: Recipients can be assured that authorized watch officers issued all valid messages while the DAS server’s audit trail keeps track of the identities of the individuals who actually performed each signing operation. Since the watch officer private key is securely protected by the DAS server (possibly on an independent HSM), at no time is it available for compromise even by authorized signers.
NOTE: One can easily write a custom DAS "authenticator" that bases the testing of each individual's signing authorization on the possession of an appropriate attribute certificate (AC) as per RFC3281.
† By "DAS-enabled client" we mean any security-enabled software application that can access a DAS server for private key operations (either directly or indirectly via CSPid). In particular, this includes all popular S/MIME clients such as Microsoft Outlook and Mozilla Thunderbird as well as SecretAgent and SpyProof! on all supported platforms. In fact, most standards-compliant, certificate-based security applications on Microsoft Windows that rely on CAPI/CNG CSPs can be made 'DAS-enabled' using CSPid.
DoD Evaluation and User Comments
ISC's DAS interoperability demonstration project (IT 03.09) for CWID 2006 has been judged a "top performing technical solution" and is listed among the top twelve "standout" projects in the final report. The conclusion was that "DAS successfully secured and shared documents and files among established COI." On the issue of performance, they wrote:
"The Document Access Servlet (DAS), IT03.09, was an excellent product to control access to mass circulated documents. DAS provides a significant improvement to control access in this modern era for documents re-transmitted to offices not authorized to view the enclosed data. The trial worked consistently well and issues encountered were easy to troubleshoot and solve. Most issues related to system configuration, setup, and MSEL execution not [negatively impact] product performance. The DAS trial met the CWID objective for Net-centric Enterprise Services."
Here is what a few of the participating warfighters had to say about the demo:
DAS must be hosted on a Java servlet container compliant with Servlet 2.3 and JSP 1.2 specifications. DAS 1.8 has been successfully tested on Apache Tomcat and WebLogic (8.1 and 9.0). DAS 2.0 for Windows includes an optional Tomcat build (currently version 7.0.21) in its installation package; all other builds require Tomcat 5.5.27 or above, or a recent version of WebLogic.
Optional Hardware Support
A network-attached hardware security module (HSM) may be used by one or more DAS servers to protect their system keys. The HSM may be directly connected over the network to the DAS servers (not illustrated), or indirectly connected via a proxy server (provided by ISC as an optional DAS component) as illustrated below:
(Click diagram for a detailed DAS Proxy Server Architecture Diagram in PDF form)
"DAS solves two mission-critical problems encountered by a wide range of organizations," said ISC President Thomas J. Venn. "Once sensitive files have been encrypted for a group, DAS ensures that they can only be decrypted by current group members. DAS also facilitates role-based signing and key agreement."
Server-mediated decryption obviates the need for wholesale re-keying of documents whenever group membership rosters change.
DAS allows a group of watch officers to effectively share a private key and perform 'role-based' signing operations.