By : Shrinivas G. Deshpande Advisor: Dr. Chung E. Wang Second Reader: Prof. Richard Smith
description
Transcript of By : Shrinivas G. Deshpande Advisor: Dr. Chung E. Wang Second Reader: Prof. Richard Smith
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working
and Implementation
By: Shrinivas G. DeshpandeAdvisor: Dr. Chung E. Wang
Second Reader: Prof. Richard Smith
Voyager: Yet Another Secure Web Browser
2
Scope of the Project Study of Secure Socket Layer(SSL) Protocol
SSL Handshake Protocol SSL Record Protocol
Demonstrate how SSL can be used to make clients secure against a secure server
Keys and Digital Certificates Role of Gateways in SSL communication
Voyager: Yet Another Secure Web Browser
3
Requirement Specification1. Introduction to SSL
1. What is SSL and how SSL works2. Client and Server Authentication3. SSL Handshake Protocol4. SSL Record Protocol
2. Difference between http and https1. Demonstrated by developing a Browser that
understands http and https.
3. Certificates and Digital Signatures4. Role of Gateways in SSL
communication
Voyager: Yet Another Secure Web Browser
4
1. Difference between http and https
http Stateless protocol Non secure connection Non Secure Sockets
https Session based
protocol Secure connection Secure Sockets
Voyager: Yet Another Secure Web Browser
5
2.Introduction to SSL SSL- Developed by Netscape Communication SSL – accepted universally on the World Wide
Web for AUTHENTICATED and ENCRYPTED communication between clients and servers
IETF standard called Transport Layer Security is based on SSL
SSL protocol runs above TCP/IP and below higher level protocols such as HTTP
Uses TCP/IP to authenticate itself to an SSL enabled client
Voyager: Yet Another Secure Web Browser
6
What does SSL actually do? Fragments messages to be
transmitted into manageable blocks Compresses the data Encrypts and transmits the data Received data is decrypted Verified, decompressed Reassembled and transmitted to
higher layers
Voyager: Yet Another Secure Web Browser
7
SSL in TCP/IP Protocol Stack
Voyager: Yet Another Secure Web Browser
8
SSL Record Layer
Receives uninterrupted data from upper layers
Fragmentation / Reassemble data Compresses/Decompress data Encrypt/Decrypt and verification of
data
Voyager: Yet Another Secure Web Browser
9
SSL Handshake Protocol Maintains information
about the current state and next state called the pending state
Once the handshake is complete, the two parties have shared secrets used to encrypt records and compute keyed messages authentication codes on their contents.
Maintains the handshake state information of the client and server and ensures that the protocol state machines of client and server work consistently
Voyager: Yet Another Secure Web Browser
10
SSL Record Protocol
Receives uninterrupted data from upper layers
Fragmentation / Reassemble data
Compresses/Decompress data
Encrypt/Decrypt and verification of data
Voyager: Yet Another Secure Web Browser
11
Design:Secure Library Class Diagram
Voyager: Yet Another Secure Web Browser
12
http connection sequence diagram
Voyager: Yet Another Secure Web Browser
13
https connection sequence diagram
Voyager: Yet Another Secure Web Browser
14
How/Why Gateways use SSL SSL designed to provide security between client and server and avoid
man-in-the-middle attack SSL considers a proxy server as a middleman Gateways act as clients and authenticate servers. Client authentication
is not possible. Gateway/proxy can internally authenticate client within the firewall Packet Filtering by allowing specific ports for specific traffic. 443 in case
of SSL SSL can works with gateways that support SOCKS. SOCKS is a networking
proxy protocol that enables hosts on one side of a SOCKS server to gain full access to hosts on the other side of the SOCKS server without requiring direct IP-reach ability. SOCKS is often used as a network firewall, redirecting connection requests from hosts on opposite sides of a SOCKS server. The SOCKS server authenticates and authorizes requests, establishes a proxy connection, and relays data between hosts.
Voyager: Yet Another Secure Web Browser
15
Gateways and SSL
Proxy Server should support SOCKS to support SSL
With SOCKS, DNS is the responsibility of the client
SSL tunneling, DNS is the responsibility of the proxy
Proxy Server can spoof mock on behalf of internal client. Makes connection faster
Voyager: Yet Another Secure Web Browser
16
Implementation Details Client/Server setup for development
Voyager Front-end: Developed Using Java Swing. JRE:1.3.1_02
Secure Library: Developed using Java and JSSE. Testing: Running Apache Tomcat as a Secure Web Server
on Local System on port #: 8443 JSSE is Java implementation of SSL developed by SUN Key/certificate generation
Key/certificate generation using Keytool RSA algorithm used for key generation X.509v3 certificates generated Import/Export certificate to make certificate available for
authentication
Voyager: Yet Another Secure Web Browser
17
Voyager Snapshots
Voyager: Yet Another Secure Web Browser
18
Securely Accessing Tomcat Apache Default page though Voyager
Voyager: Yet Another Secure Web Browser
19
Accessing Golden-1 web site through Voyager
Voyager: Yet Another Secure Web Browser
20
Conclusion Opportunity to learn about
network security How SSL works/implemented Setting up client servers for
secure communications Thanks to Dr. Wang and Prof. Dick
Smith