Tunnel Security how is the data secured

Document ID : KB000076795
Last Modified Date : 09/04/2018
Show Technical Document Details
Question:
I have been asked by our security team to describe any mechanisms which would prevent non-UIM data or tampered UIM-data from traversing the UIM Tunnel.
  1. Are there any prohibited/restrictions of data types, formats, protocols or commands?
  2. Is there a white list of trusted/allowed data types, formats?
  3. is there message integrity inspection at any point before/after encryption?
  4. Will the Hub blindly encrypt and transmit all data from the MessageBus?
Answer:
  1. Are there any prohibited/restrictions of data types, formats, protocols or commands?
    • The “nimbus” or UIM application level protocol has a strictly defined structure and format. Messages must have a header with various required fields, and a payload.
    • Message payloads can only consist of a strongly typed, nested {key string, type, size, value} data structure termed “Portable Data Structure”, or PDS.
    • Allowable value types are string, integer, long integer, float, and nested PDS. Under limited circumstances a PDS value can be a byte stream, but this is not usual, and support for this within our SDKs is constricted.
    • All commands or responses transferred by the UIM message bus must contain a HMAC like token (known as a SID within UIM) which is used to determine that the sender is authenticated and authorized to access the attempted destination.
    • The hub will not re-transmit any message unless that HMAC token is proven valid and sufficient for the access attempted at the destination point.
    • Routing restrictions can be configured at the tunneling layer to white-list or blacklist commands, and appropriate senders, and receivers for all messages carried.
  2. Is there a white list of trusted/allowed data types, formats?
    • Yes, see above answer.
  3. is there message integrity inspection at any point before/after encryption?
    • Two types of check are performed:
      1. Message integrity is ensured by checking messages conform to the required structure. At ingress and egress of the Hub to hub tunnels etc. messages which do not have the required header fields, payload structure or have an invalid PDS object within the payload PDS are discarded.
      2. The HMAC token described above must be present in the message and must be valid and sufficient for the attempted destination point.
  4. Will the Hub blindly encrypt and transmit all data from the MessageBus?
    • No, as described in previous answers.