* A proposed new standard called MashSSL could eliminate the security concerns
Application mashups are gaining traction in the enterprise. There’s no doubt that productivity can be enhanced when new functionality can be delivered quickly and conveniently by combining information from multiple sources. However, there’s a trade-off in application security. Mashups hold the potential to introduce a new network attack vector. A proposed new standard called MashSSL could eliminate the security concerns, making enterprise mashups as secure as any SSL transaction.
The concept of drawing data from multiple applications to feed another application or report is nothing new. Programmers have been doing this for decades. A new twist to this old concept is to use the Web to aggregate data and logic from different applications – often from different services providers – to populate a new application. In Web 2.0 terminology, this is called a “mashup.”
Mashups are gaining widespread popularity, especially with consumer-oriented applications. For example, on Starbucks.com, you can enter a zip code to find a nearby location. A mashup aggregates data that builds a map showing locations of the closest stores, as well as a list of events scheduled for each store. All the data is assembled on the fly based on the zip code you enter.
Mashups are making their way into business-oriented applications, too, as they offer the promise of faster deployment of business functionality. Mashup technologies can combine internal data or services with external information or services to quickly create a new service for the business user. For example, an oil field services company has a database of all the locations of its wellheads. By combining the internally-owned GPS location data with externally-provided satellite images, an engineer sitting at his desk can view the area surrounding the wellhead to visually survey the right-of-way area around the wellhead.
While business professionals may view mashups as a quick way to get new and beneficial functionality out of their business applications, chief security officers (CSO) lose sleep over the thought of implementing mashups. Why? Because they provide new opportunities for an attack on the enterprise, for data theft, and for compromised desktops. The problem is that mashups occur at the application layer, and there’s currently no standard for authenticating applications to ensure trust. On the contrary, it is quite easy to inject bad data or steal good data because the applications can’t “peak behind the browser” to see who is really sitting at the wheel.
A new startup company, SafeMashups, has looked at this problem from all angles and is proposing a new protocol for mashups based on the already widely accepted standard of Secure Sockets Layer (SSL). The MashSSL protocol provides a standardized way for Web applications to securely identify each other when mashing through a potentially untrusted browser.
SafeMashups founder and CEO Ravi Ganesan has a long history of addressing tough security issues. He was previously the founder and CEO of TriCipher, a supplier of authentication products, and the CTO at electronic payments company CheckFree. Ganesan has over a dozen patents in security, with another forty patents pending. In addition to Ganesan’s experience, SafeMashups has benefited from its incubation at the University of Texas at San Antonio (UTSA) Institute for Cyber Security (ICS). In other words, SafeMashups has the security pedigree to bring to market a new proposed standard.
MashSSL builds on the inherent virtues and addresses the multi-party limitations of SSL. The protocol essentially puts an authenticated (trusted) man-in-the-middle (MITM) object between two Web applications that communicate via a browser. The MashSSL protocol is exactly as secure as SSL, which so far has stood the test of time. Here’s a brief synopsis of the MashSSL concept, starting with SSL:
The SSL protocol establishes communication between two entities. The Client is the party that initiates the protocol; the Server is the target recipient. Both parties have digital certificates. Through a back-and-forth exchange of session IDs, certificates and various messages, the Client and Server establish a trust relationship with each other. The ensuing exchange of information – say, credit card information – is encrypted with a session key that is exclusive to the Client and Server. Even if a MITM intercepts the information being exchanged, it cannot decipher the information without the session key. SSL is widely considered to be secure in the presence of even a large number of MITM adversaries.
SSL is fundamentally a two-party protocol that was carefully designed to eliminate the possibility of a third party MITM. A mashup, however, requires at least three parties – the end user’s browser and two or more Web applications that control the data that would come together for the new application. SafeMashups has found a way to deliberately insert a number of MITM adversaries which can make a number of manipulations to messages en route between Client and Server, but where all the manipulations cancel each other out in a way such that the Client and Server always receive what they would have gotten in the absence of any adversaries. The process is still secure as SSL, but it allows for the insertion of multiple parties in the data exchange.
The resulting protocol, MashSSL, requires one Web service (the Client), the user’s browser (the MITM), and a second Web service (the Server) to cooperate in order for the protocol to work. The browser has to be brought into the cryptographic scheme that makes SSL secure. Additionally, any number of legitimate third parties can be brought into the scheme, allowing for multiple Web applications to participate.
I won’t even attempt to do justice to a further explanation of how MashSSL works in this short article. If you want the details, Ganesan published a great white paper with an explanation even a technical novice like me can understand. You’ll find the whitepaper and some good videos in the MashSSL education center.
MashSSL today is a proven concept in search of legitimacy. VeriSign, the number one certificate authority, has already pledged support for MashSSL. The next step is for SafeMashups to build deeper industry support for the protocol, which it is doing through the formation of the MashSSL Standards Consortium. SafeMashups is turning over its intellectual property claims to the consortium in order to make MashSSL an open industry standard.
The standard specification for MashSSL 1.0 exists today. Ganesan expects a broad list of authors from the consortium to publish Version 1.1 within a few months. By the end of 2009, we could start seeing products that incorporate the new standard. That’s good news for enterprises who want to create functionality-extending mashups in a secure fashion.




