Secure Collaboration Architecture

Microsoft Netmeeting and Solaris based Sunforum are among many programs that have been created for application sharing applications across Internet. While the use of these programs is very popular, they are lacking in important security aspects that are needed for a robust industrial usage. A typical industrial application need have the following design requirements-

  1. Secure collaboration server outside the company firewall
  2. Authentication mechanism tied to directory like LDAP
  3. Encrypted data exchange tunnel
  4. Backend services like FTP and application sharing
  5. Predictable bandwidth for high volume data
  6. Intrusion detection system

NPTest has implemented the following architecture-


However, before we delve into the details of the system it is worthwhile to pause and look at the need for such collaboration software. NPTest Inc. is a semi-conductor equipment company. It makes testers to test the devices coming out of a semi-conductor fabrication factory. These equipments are used to do failure analysis for a device and to investigate process defects. The testers it makes typically sell for $1m - $4m with a total revenue of about $500m per annum. All the major semiconductor companies distributed all over the world- United States, Japan, Korea Singapore, China, Malaysia and a host of other places use the equipment. Many of the installations are in the production environments where downtime is extremely expensive.

From a marketing perspective the important factors to sell the equipment are:

-Mean Time Between Failure

-Ability and to diagnose issues for the failure and be able to fix them

-Ability to share the equipment between different facilities

-Able to collaborate with the commercial test houses

-Ability to demonstrate the image quality, user interface and other important aspects to the prospective customers

-Cost of fixing the issues arising on the customer site

The process of design-debug process for a device semi-conductor device often needs IP information to be shared between the collaborating laboratories. Confidentiality of the layout/netlist information is very important for companies like Intel and ST since it holds clues to the process innovation done on a particular generation of a technology.

Typically NPTest tools are have an imaging mode used for navigation on the surface of the device. For most cases where a device packs millions of transistors it is necessary to align the live image acquisition with the “layout” done for the device. This involves going to three (or more) known locations on the device surface (akin to looking at it through an electron microscope) as well as the “layout” and establish one-to-one relationship between them. This generates the transformation matrix between the two spaces. After that one can navigate on the surface of the device using the layout window if they are linked together.

The layout information for a typical microprocessor is tens of gigabytes, which is difficult to share within the company. Also, because of the proprietary nature of the layout companies are unwilling to let this information go out of their firewall except in limited fashion. The debug houses and circuit edit houses, either inside the company or outside of it it need the layout information to be able to improve their success rate for signal acquisition or device modification.

The collaboration seeks to solve the following problems-

-It allows remote debug of the system, especially at a beta software/hardware site

-It allows some parts of the service to be done remotely

-It allows quick response to any customer issues

-It allows for remote demonstration of new products

-It allows for sharing of equipment between dispersed laboratories justifying an expensive purchase

-It allows for limited sharing of design data between the design house and a test house on as needed basis

The important issues that had to be solved during the process of implementation were-

-NPTest Server with tied LDAP based authentication: This assures that only the allowed users can get on to the server. This is different from public servers used by Netmeeting and Sunforum.

-Assured Privacy to meetings: To create a secure space for each customer and be sure that no un-authorized person is accessing the space. This was solved using a combination of technology and policy implementation. A commercial third party tool was bought which divided the server into separate named spaces. Each user is provided access to some of these named spaces. Usually, these named spaces are on per customer basis. Only the customer for whom the named space is created could initiate meetings in that space. Thus, for a space created for ST Micro Inc. can have meetings initiated by people of that company. The server authenticates each user who signs on to the server and his user id is indicated in a separate window. This was needed since in applications like Netmeeting user can impersonate someone else’s identity easily. The person who initiates the meeting controls who can join the conference. All the participants in a meeting are displayed in real-time in a separate window and the initiator can kick out any participant.

-Control Flow: The initiator of the meeting can declare a meeting in which he could allow passing of controls (view-execute) or does not allow that( view only). If a meeting is declared view-execute than any participant can request control, which the initiator can grant at will. After that anytime initiator does any mouse or keyboard activity the control is passed back to him automatically.

-Security consideration on sharing a terminal window: On a Unix system it is possible to share a terminal window, which is potentially opening a big security hole in the firewall of the company. To obviate this two policies have been implemented- all the meetings are timed out and also the shared application should always have the current focus. The latter is to discount the possibility that a user inadvertently shares an application and forgets about that.

-Encryption: Open SSH was used to created an encrypted tunnel. There is an option of using AES 128, 192,256, DES, blowfish or arkforce. This is helpful while talking to the IT security of the customers as they feel reassured. Also, NPTest has operations in over 65 countries and some of these countries have export restrictions from USA. All the remote collaboration software sells have to be reported to the export control through an established mechanism.

-Intrusion Detection: Open source intrusion detection system was compiled with the Solaris kernel. This is used to deflect the denial of service, buffer overflow and other attacks. The first connection to the server is through the intrusion detection mechanism. This system also monitors the activity pattern on the system and triggers alarms for any unusual activity.

-Windows implementation: Netmeeting opens a number of socket connections in single session. All the socket connections have to be wrapped up in the secure socket layer. All the outgoing socket connections are routed to the localhost configured as proxy so that all the outgoing connection are made to go through the encrypted ssh tunnel.

Conclusion: From some of the details discussed above it is clear that most off-the-shelf collaboration software available do not meet the requirements of an industrial application. There are several important considerations- security and policy features, which are needed to make a collaboration application which will be accepted by the IT of semi-conductor companies. The important features are authentication, encryption and control provided to the originator of the meeting. The good news is that both Netmeeting and Sunforum have a rich API to enable this and that there are enough open source components, which overcome the shortcomings of commercial software on Windows and Solaris.