Apps Messaging: security

John Taylor jontayler at gmail.com
Tue Apr 10 05:08:44 PDT 2007 

On 10 Apr 2007, at 12:59, Mark Taylor wrote:

> On Fri, 6 Apr 2007, John Taylor wrote:
>
>> Security
>> ------------
>> The question of applications spoofing one another has come up a  
>> few times.
>> While I don't really believe it's a serious risk (those astronomers -
>> they're such jokers!), I set out below a simple modification to  
>> the above
>> protocol that would make it more secure.  This is  based on  
>> proposals by
>> Mark Taylor in discussions we had a year ago - if they don't make  
>> any sense
>> then blame my faulty memory rather than Mark.
>>
>> The register operation could be changed as follows:
>> (id, application-secret) = register*(hub-secret)
>>
>> The hub-secret is a secret that can only be easily known by  
>> applications
>> running under the user's uid and is intended to defeat other users  
>> on the
>> same machine who might try (e.g.) port scanning.  For instance, it  
>> could be
>> a random string written into the .ivoamsg file.  The application- 
>> secret is a
>> per-application secret that apps must keep track of and use along  
>> with their
>> id to identify themselves.  Thus, operations 2-8 would all include  
>> this as
>> an extra parameter (though it wouldn't be transmitted to any  
>> receiving
>> application by the hub.)  This prevents Topcat pretending to be  
>> Aladin and
>> vice versa (you guys!).
>
> John,
>
> I think this is what I proposed before, but if we're starting from
> scratch it can be a bit simpler: the register message is
>
>    secret-id = register*(hub-secret)
>
> and the returned secret-id is used, as per your existing method  
> signatures, as sender identification for every communication  
> between the application and the hub, e.g.
>
>    unregister(secret-id)
>
> this application secret-id is never seen by any other application  
> though.  The hub will maintain a separate and parallel list of ids
> which serve as public identifiers for each application to use for
> instance as return values for the getApplicationIds() method.

Good point - I'll make that change.  Can you think of a situation  
where an application would need to know its own public-id?


>
> Mark
>
> -- 
> Mark Taylor   Astronomical Programmer   Physics, Bristol  
> University, UK
> m.b.taylor at bris.ac.uk +44-117-928-8776 http://www.star.bris.ac.uk/ 
> ~mbt/
>

More information about the apps mailing list