X-Road

clappingknaveSoftware and s/w Development

Dec 14, 2013 (3 years and 7 months ago)

55 views

X
-
Road (X
-
tee)


A platform
-
independent secure standard interface


between databases and information systems


to connect databases and information systems


of the public sector


Internet


?


Internet

X
-
Road

There are various databases and information systems

in different platforms with need to co
-
operate...

Population Register

(Progress)

Business

Register

(Oracle)

Land

Register

(MSSQL)

Motor Vehicle

Register

(Oracle)

Citizen Portal

Information System of

Company A

Citizen

Officers

more than 100

Databases...

Information System of

Company B

Officers

more than 1000

Information Systems...

Security
Server

Security
Server

Security
Server

Security
Server

Security
Server

Security
Server

Security
Server

SOAP

client

SOAP

client

SOAP

client

SOAP

server

SOAP

server

SOAP

server

SOAP

server

Extra interface from every database to every

information system would have been expensive...

X
-
Road is a platform
-
independent secure standard interface between
databases and information systems

Database is adapted to X
-
Road by setting up

Adapter Server, which contains:

SOAP or XMLRPC server + X
-
Road rules

Information systems need:


SOAP or XMLRPC client + understanding of X
-
Road rules

To secure the system, each party accesses X
-
Road

via it’s Security Server

X
-
Road Security Server is a standard software solution that
encrypts/decrypts outgoing/ingoing messages, filters ingoing messages
as a firewall, and logs messages it receives

CA

Traffic between Security Servers is encrypted with PKI.

Security Servers have to be certified by X
-
Road Certification Authority

Certificates are available for verification from X
-
Road Central Servers.
Central Servers are duplicated

Central
Servers

No redundant centralization:

Security Servers create connections directly to each other

Data from Central Servers is cached in Security Servers by use of DNSSEC


Internet

X
-
Road

Database

Information

System

User

(citizen

or


officer)

Security
Server
of DB

Security
Server
of IS

SOAP

client

SOAP

server

CA

Central
Servers

X
-
Road: Message on the road

User authenticates
himself/herself


Information System
must be able to get to
know the proper
Personal Code of user

Information System
gives user access to
methods user is
authorized to use


This is first level of
authorization

As user chooses to call
a method (usage of
which is authorized by
the Information System),
a message with method
call goes towards the
Security Server

The Security Server
signs the message
with it’s private key

The Security Server of IS
asks over DNSSEC

the Central Server

for IP address of the
Security Server(s) of DB

Security Server of IS opens
TCP connection to the
Security Server of DB

and sends its certificate

to start TLS

security protocol

Security Server of DB
verifies over DNSSEC

the certificate received
from the

Security Server of IS

If certificate was valid, the
Security Server of DB
sends its certificate back
to finish creation of secure
connection

Security Server of IS
verifies over DNSSEC

the certificate received
from the

Security Server of DB

As secure channel has
been created and other
party verified,

Security Server of IS sends
signed message to
Security Server of DB

Security Server of DB
verifies signature

of the message and

logs the message

Security Server of DB
checks whether the
Information System is
authorized for this
method


This is the second
level of authorization

Security Server of DB
sends the decrypted
message to the Adapter
Server

Adapter Server
commits the method
call in the database

Security Server of DB
signs the response
message

Security Server of DB
sends signed response
message to the

Security Server of IS

Security Server of IS
checks the signature
of response message
and logs the

response message

Security Server of IS
sends decrypted
response message to
the Information System

Finally, user receives
response he/she
requested!

Whether user is
identified by ID
-
card,
password, face or
something else is up to
the Information System,

provided that the way of
identification is reliable

In addition to the
message body with
data for method call,
the message contains
also a message header
with user’s Personal
Code, the name of
Information System,
unique ID of the
message etc.


Internet

X
-
Road

Database

Information

System

User

(citizen

or


officer)

Security
Server
of DB

Security
Server
of IS

SOAP

client

SOAP

server

CA

Central
Servers

X
-
Road: Levels of authorization

Permission matrix
on the granularity
of Information
Systems is held
by the Security
Server of the
Database

Permission matrix on the
granularity of individual users is
held by the Information System

If Database does
not trust
Information System
to grant individual
permissions, it has
possibility to hold
additional
permission matrix
on the granularity
of individual users

But this would be
awful in case of
hundreds of
Information
Systems with
thousands of users!

Information System is capable to
grant permissions to its users
only on those methods that
Information System itself is
authorized to use by permission
matrix held by the Security
Server of DB


Internet

X
-
Road

Database

Information

System

User

(citizen

or


officer)

Security
Server
of DB

Security
Server
of IS

XMLRPC

client

XMLRPC

server

CA

Central
Servers

X
-
Road: Trusted logs

Security Server of IS
logs response
messages coming from
the Databases

Security Server
of DB logs
messages
coming from
the Information
Systems

Both Security Servers
hash their logs and send
their hash chain
periodically to the Central
Servers

If evil administrator of any
Security Server would even
try to change the local log,
the hash in Security Server
does not match the hash in
Central Servers any more!


Therefore, the logs cannot
be broken

With message given, it is always
possible to check later the
authenticity of the message


whether such a message really
existed or not.


As X
-
Road trusted logs cannot
be broken, the result of the
check is trustworthy

X
-
Road: A protocol with standard implementation provided




Any custom information
system having specified security
level may join X
-
Road




Those institutions (companies)
which do not have a secure
information system of their own,
are welcome to install standard
Mini
-
InfoSystem
-
Portal (MISP) to
gain access to X
-
Road