System and method for trusted path communications

Description Submit all comments and votes

FIELD OF THE INVENTION

This invention relates generally to data communication systems, and more specifically to secure data processing on a data communication system.

BACKGROUND OF THE INVENTION

Data Enclave

Individuals working in a departmental computing environment typically have a substantial amount of computing power on their desks in the form of personal computers and workstations. A workstation has a computational subsystem, keyboard, and display for user interaction, and typically substantial amounts of local data storage in the form of fixed and removable media.

In order for the individual in the departmental computing environment to interact and share data, their workstations are typically attached to a local area network (LAN) which permits the transfer of data files and electronic mail between the workstations. In addition, "servers" may be attached to the LAN to provide specialized services, such as the management of centralized databases, which are not practical for individual workstations.

Departmental computing environments are typically members of a larger organization or have other reasons to communicate with computing facilities outside themselves. They therefore make use of a special kind of server, called a "gateway", to gain access to a wide area network (WAN). WANs are often interconnected (called "internetting") to provide world-wide data transmission paths.

Departmental Computing Environment

A typical overall departmental computing environment is shown in FIG. 1. In the departmental computer environment 1, large amounts of valuable data are stored on magnetic or other electronic Media 2, 4 for processing in the Workstations 10 and file servers (not shown). This media offers the benefits of compact storage, easy retrieval, and in the case of removable Media 4 (e.g., "diskettes"), convenient sharing and distribution.

In addition, data is transmitted freely around the Local Area Network 12 and occasionally through a Gateway 14 to the Wide Area Network 16 and Remote Sites 18. This transmission is necessary in order for the organization performing departmental computing to perform its internal work and interact with the outside world.

There is also a requirement that certain operations, including but not limited to the transmission of data to the outside world, be restricted to individuals who possess special privileges. Examples of such operations are messages (electronic mail) which are directive in nature, such as users transferring funds, and operations such as the adding of new orders or the granting of limited access to departmental data to users on the Wide Area Network 16 (remote login and file transfer).

Threats Against Department Computing Environment

The threats against the departmental computing environment are shown in FIG. 2.

The data in this environment is vulnerable to theft and tampering. Removable media can be stolen, copied, and returned with no sign that loss has occurred. The fruits of thousands of hours of labor can be stolen in a package that fits easily in a coat pocket. Crucial data can be modified or destroyed, either directly or through the agency of technical entities such as "viruses", which are introduced into the Workstations 10 and servers through the agency of corrupted media or through the wide area network connection.

There are also threats to the privileged operations. Unauthorized individuals, masquerading as someone else, can cause disruptive or erroneous directives to be issued and thereby perpetrate sabotage and fraud. Malicious "hackers" with access to the wide area network can use that network to "reach in" to the departmental computing environment and masquerade as authorized users or otherwise obtain access to data, which they can then transfer worldwide, again with no sign that compromise has occurred.

Accordingly, there is a need for techniques whereby a departmental computing system 1 can be converted into a "data enclave." Within such an enclave:

(1) Data can be restricted to a single organization, such as a government agency or a corporation.

(2) Sharing of data between organizational elements (directorates, departments, projects, etc.) can be controlled. For example, it may be required that data such as a telephone directory be accessible by every employee, but data such as engineering drawings should not be allowed to circulate throughout the whole corporation.

(3) Sharing of data between individuals in organizational elements can be controlled. For example, even though an individual is a member of the engineering department, that individual may not have a "need to know" for all of the drawings in the department.

(4) Data is protected from technical attacks such as "viruses" and "worms."

(5) Intellectual property is protected irrespective of whether it is on electronic media, being processed in a Workstation, or being transferred around the local area network.

(6) The protections are achieved with minimum cost and disruption of operations, such as would occur if access to the wide area network were forbidden.

(7) Privileged operations are restricted to those users possessing the requisite privileges and cannot be invoked, through masquerading or other technical means, by unauthorized users.

As shown in overview form in FIG. 3, and as will be described more fully in the Detailed Description of the Invention, the facilities provided by the present invention convert a departmental computing environment into a "data enclave" 20 with a well-defined perimeter 22. Sharing of data within the Enclave 20 is controlled, and movement of data within and outside the enclave can only be effected by authorized individuals with suitable privilege. There are no "sneak paths" or "holes" that exist.

The present invention also minimizes the damage that can be done by privileged individuals who become subverted. Cryptographic keys are transmitted and stored entirely in enciphered form, and well-known techniques (called "antitamper" technology) can be used to protect an enclave key when it is in use inside a cryptographic device. Theft of elements of the present invention does not compromise any part of the operation of the invention.

Individuals desiring access to Media 2,4 have to deal with a Secure Computer 24, in this case a security server, only when Media 2,4 is initialized. "Unlocking" a unit of Media 2,4 requires an operation no more complicated than using a television remote control. Overhead and delay is concentrated at the time a Media 2,4 is "unlocked", and no delays or incompatibilities are introduced during operations using the Media 2 or 4.

Remotely invoked privileged operations at the security server 24 are under the positive control of the user. That control is cryptographically protected and mutually authenticated.

Identification and authentication of users to the security server 24 is both simpler and more robust than former implementations such as passwords. The same basic steps are used for security operations dealing with Media 2,4 and dealing with the security server 24.

In the data protection area, the system associates Media 2 or 4 primarily with users and secondarily with machines or Workstations 10. This is a more natural structure than one where media is only useable on a single machine or Workstation 10.

Control logic computes allowed access at the last possible moment using the combination of an "access vector" assigned to an individual and the "device attributes" assigned to a particular Workstation 10, which can be used to enforce a variety of security policies. For example, an individual's access to data may be restricted not only on the basis of the individual's attributes but also to protected physical locations. Thus an individual's access vector may grant "read" access to a unit of media which contains proprietary engineering data, but the comparison against the device attributes making the access, may restrict display of the contents of the unit of media to those machines inside a particular facility or office. Physical security measures can then be used to restrict who may be in the vicinity when the data is displayed. Previous implementations in this area have permitted only an "all or nothing" approach to access.

Trusted Path

The problems addressed by the Trusted Path functions arise because of the use of networks 12 and Workstations 10 to communicate between human users and secure computers 24. Malicious hardware and/or software in the Workstation 10 or network, possibly operating in concert with a subverted user, has the ability to perform the following hostile actions.

(1) Masquerade as a secure computer. In this attack, a bogus secure computer (not shown) is installed on the Network 12 and logically interposed between the legitimate Secure Computer 24 and the human user. The bogus secure computer then makes requests of the human user, displays forged or modified data, or otherwise induces the user to perform some insecure act. For example, the bogus secure computer may intercept and discard a message giving a critical order, while all the time presenting displays to the human user which indicate that the message was sent.

(2) Masquerade as a user site. This is the symmetric attack to that described in the previous paragraph. A bogus user site (not shown) is interposed between the legitimate human user and the Secure Computer 24. This bogus user site then accesses data, or performs operations, which are in violation of the security policy. The location of the bogus user site enables it to intercept responses from the Secure Computer 24, so that the legitimate user is unaware that a bogus site is on the network. The bulk of the so-called "hacker" attacks that appear in the popular press are of this class.

(3) Masquerade as another user. In this attack, a subverted or malicious individual gains access to a legitimate site, but then is able to masquerade as a different, and in general more privileged, human user. The majority of the so-called "insider" attacks are of this form.

(4) Surreptitiously transform data. This is a sophisticated and extremely dangerous form of attack in which some intermediate element in the path between the human user 5 and the secure computer performs "two-faced" actions. That is, the element displays one set of data to the human user 5 while simultaneously transmitting something else to the Secure Computer 24. For example, malicious software in a Workstation may be programmed to detect a funds transfer order, and then modify the amount or the recipient in ways not intended for use by the human user 5.

(5) Misdirect or appropriate cryptographic keys. In this attack, some intermediate element diverts, copies, or otherwise appropriates cryptographic keys destined to some authorized user 5 and methods and redirects them to unauthorized persons who have obtained cryptographic devices and wish to use them to either decrypt intercepted data or prepare and encipher forgeries of data to be submitted to the secure computer.

The Trusted Path, according to the present invention, is used for security-relevant interactions between a human user and a Secure Computer 24. These interactions fall into four broad categories, as set forth below.

(1) Identification and Authentication. In these operations, the human user is identifying himself or herself to the Secure Computer 24 for purposes of secure processing. There are two aspects to identification and authentication: authenticating the identity of the human user and authenticating the location (e.g. a Workstation 10) from which the human user is accessing the Secure Computer 24. Both aspects are used by the Secure Computer 24 to determine the nature of information it will display to, or the kinds of actions it will permit to be initiated by, the human user. The use of both aspects enables the implementation of sophisticated security policies by the Secure Computer 24. For example, an individual may be authorized to access engineering drawings, but only from terminals located inside the engineering area; even though the individual is authorized for information, the policy may prohibit the individual from exercising the authorization when in a residence or temporary lodgings.

(2) Trusted Command Initiation. These are operations performed by the human user which have serious security consequences; they will, in general, involve the exercise of some special privilege by the user. An example of trusted command

initiation is the decision to override the security policy enforced by the secure computer and release data to persons who would normally be unauthorized to access it. Such a facility is necessary to prevent the security policy from interfering with proper operation in exceptional or emergency situations. Another example is the exercise of a human user of the privilege to send an official, cryptographically authenticated message which has the effect of an order or directive.

(3) Trusted Review. These are operations in which the human user wishes to be assure that some element of data contained in the Secure Computer 24 is exactly as the user intended. For example, a human user may wish to perform a trusted review of the aforementioned directive prior to performing the trusted command which adds an authenticator to the message and releases it as "signed" by that user.

(4) Key Management. In these operations, the user is obtaining cryptographic keys from some central key distribution center and loading them in to local cryptographic devices 26 at the user's Workstation 10.

The protocols of the Trusted Path are arranged so that all security alarms are raised at specified secure computers 24, and there is no user responsibility for responding to an alarm. This feature is an improvement over traditional cryptographic checksum and other means which display alarms to users and require them to notify the proper authorities, since it permits the present invention to provide security for users 5 who may be in physical locations where such notification is not possible.

The protocols in the Trusted Path operate at Layers 5, 6, and 7 of the ISO standard for communications protocols. This means that they are independent of the nature or topology of the network. All prior means for achieving Trusted Path have depended somewhat on the nature or topology of the network.

The elements of the present invention are either free-standing units, parts of an already distinguished Secure Computer 24, or devices which attach to existing interfaces to commercial Workstations 10. The only modification required to a commercial Workstation 10 is a software modification. No security reliance is placed on this modification, so that it can be rapidly and economically made to the software of a wide variety of commercial units.

The present invention uses a small number of special elements in a wide variety of ways. Maximum use is made of the cryptographic devices, which are typically the most expensive parts of a data security device. The same devices are used for media protection and authenticated interactions with the Secure Computer 24. Moreover, the elements of the invention are such that they can be constructed from readily available commercial technology.

SUMMARY OF THE INVENTION

The present invention provides a data enclave for securing data carried on physical units of fixed and removable media in a network including a server and one or more workstations, with one or more of the workstations including the physical units of fixed media. Protected storage is provided in the server and in each of the workstations, which also each include a crypto media controller in each workstation that can be used to read the fixed media and the removable media.

A personal keying device is assigned to each user in the enclave, and an enclave key is held in the protected storage in the server and in each of the workstations, and used to protect other keys stored or transmitted on the network. Each user is provided a personal identification number (PIN). A user unique identifier (user UID) is assigned to each user in the enclave and is stored in the user's personal keying device encrypted with the enclave key. User attributes are associated with each user to which a user UID has been assigned, and used to represent the privileges and other security related information that pertains to that user.

A media key is provided for each unit of media, and used to encrypt and protect data carried on the media, with the media keys stored in the personal keying devices. A media unique identifier (media UID) is provided for each unit of media, stored on the media, and used to identify the corresponding media key for the unit of media stored in a personal keying device, and to identify media attributes assigned to the unit of media. Media attributes are associated with each unit of media to which a media UID has been assigned, and used to represent the sensitivity or other security related information that may pertain to the data carried on that unit of media.

An access vector is associated with each media key to form media key/access vector pairs, stored in the personal keying devices, and used to represent the possible conditions of access to the data encrypted on the media for the user assigned to the personal keying device holding the media key/access vector pair or pairs, with each access vector formed using the corresponding media attributes and user attributes, and a set of access rules. The media key/access vector pairs are stored in the personal keying devices enciphered with a combined key including the user's UID, the user's PIN and the enclave key. Device attributes are assigned to each workstation, stored in that device's crypto media controller, and used to represent the security attributes of the workstations.

Each crypto media controller includes access control logic for restricting access to the data on the media based on the user's PIN, the access vector and the device attributes for the workstation from which access is attempted.

According to another aspect of the invention, there is provided a Trusted Path for communication between a workstation and a secure computer over a untrusted communication medium, the Trusted Path comprising a logic and control unit in the workstation and in the secure computer, and an end-to-end authentication token exchange protocol used to assure the logic and control unit in the workstation is communicating with an authentic logic and control unit in the secure computer, and vice versa. The token exchange protocol operates by chaining transactions together so that a forged transaction entered into the interaction between workstation and secure computer is detected the very next time a legitimate transaction is received by a logic and control unit. The system further including a cryptographic checksum protocol used to assure transactions between the logic and control units have not been tampered with, the checksum protocol authenticating single transactions between the workstation and the secure computer rather than sequences of transactions. The system also including an identification and authentication protocol invoked when a user wishes to interact with the secure computer for some period of time, using the keyboard and display of the workstation and the untrusted communications medium, the period of interaction being a session, and the act of initiating a session called logon, and that of terminating one is called logout.

BRIEF DESCRIPTION OF THE DRAWINGS

The operational enhancements and features of the present invention become more apparent from a consideration of the drawings and following detailed description.

FIG. 1 is a diagram illustrating a typical departmental computing environment incorporating a local area network with a wide area network.

FIG. 2 is a diagram illustrating possible threats against the departmental computing environment.

FIG. 3 is an overall simplified block diagram of a secure data processing system illustrating the Data Enclave implementation.

FIG. 4 is a simplified block diagram of the main data processing elements in the apparatus implementing the present invention.

FIG. 5 is a simplified block diagram of the Workstation data processing elements using a Workstation configuration supporting coprocessor cryptography.

FIG. 6 is a simplified block diagram of the Workstation data processing elements using a Workstation configuration supporting inline cryptography.

FIG. 6a is a pictorial diagram of a personal keying device illustrating the appearance, features, and functions.

FIG. 6b is a schematic diagram of the data elements created and utilized for the protection of data in the present invention.

FIG. 7 is a simplified block diagram illustrating the steps for the extraction of user data at the Workstation, implemented in the Media Initialization and-Key Generation phase of Data Enclave operation.

FIG. 8 is a simplified block diagram illustrating the step for preparation and sending of a "Request Packet", implemented in the Media Initialization and Key Generation phase of Data Enclave operation.

FIG. 9 is a simplified block diagram illustrating the step for receipt of a "Request Packet" at the Security Server, implemented in the Media Initialization and Key Generation phase of Data Enclave operation.

FIG. 10 is a simplified block diagram illustrating the steps for the checking of user identity and the generation of a Media UID, implemented in the Media Initialization and Key Generation phase of Data Enclave operation.

FIG. 11 is a simplified block diagram illustrating the steps for Access Vector generation, implemented in the Media Initialization and Key Generation phase of Data Enclave operation.

FIG. 12 is a simplified block diagram illustrating the steps for "Key Packet" generation and storage, implemented in the Media Initialization and Key Generation phase of Data Enclave operation.

FIG. 13 is a simplified block diagram illustrating the steps for Media UID and "Key Packet" assignment, implemented in the Media Initialization and Key Generation phase of Data Enclave operation.

FIG. 14 is a simplified block diagram illustrating the steps for extracting identification data and forming a Request, implemented in the Key Assignment phase of Data Enclave operation.

FIG. 15 is a simplified block diagram illustrating the step for the encryption and transmission of a "Request Packet", implemented in the Key Assignment phase of Data Enclave operation.

FIG. 16 is a simplified block diagram illustrating the steps for the computation of an Access Vector, implemented in the Key Assignment phase of Data Enclave operation.

FIG. 17 is a simplified block diagram illustrating the steps for key generation, storage, and transmission, implemented in the Key Assignment phase of Data Enclave operation.

FIG. 18 is a simplified block diagram illustrating the step for the transfer of the key to the personal keying device, implemented in the Key Assignment phase of Data Enclave operation.

FIG. 19 is a simplified block diagram illustrating the steps for Media Key and Access Vector extraction, implemented in the Keying of Devices phase of Data Enclave operation.

FIG. 20 is a simplified block diagram illustrating the steps for Media Key and Access Vector use, implemented in the Keying of Devices phase of Data Enclave operation.

FIG. 21 is a simplified block diagram illustrating the steps for the initialization of the authentication process, implemented in the Identification and Authentication phase of Trusted Path operation.

FIG. 22 is a simplified block diagram illustrating the step for the authentication of identity and the establishment of privileges, implemented in the Identification and Authentication phase of Trusted Path operation.

FIG. 23 is a simplified block diagram illustrating the step for the preparation and transmission of the "Response Packet", implemented in the Identification and Authentication phase of Trusted Path operation.

FIG. 24 is a simplified block diagram illustrating the step for the completion of the authentication sequence, implemented in the Identification and Authentication phase of Trusted Path operation.

FIG. 25 is a simplified block diagram illustrating the steps for the initiation of a privileged operation, implemented in the Privileged Services phase of Trusted Path operation.

FIG. 26 is a simplified block diagram illustrating the steps for the determination of privileges, implemented in the Privileged Services phase of Trusted Path operation.

FIG. 27 is a simplified block diagram illustrating the step for the acknowledgment of privileges, implemented in the Privileged Services phase of Trusted Path operation.

FIG. 28 is a simplified block diagram illustrating the step for the display of the acknowledgment, implemented in the Privileged Services phase of Trusted Path operation.

FIG. 29 is a block diagram of a secure data processing system illustrating the Trusted Path implementation.

FIG. 30 is a simplified block diagram showing the elements of the Trusted Path when Workstation Unit 102 is used only for authenticated communications between Workstation 131 and Secure Computer 104.

FIG. 31 is a simplified block diagram showing the elements of the Trusted Path when Workstation Unit 102 is used for protection of critical and sensitive data at Workstation 131 as well as authenticated communicati