Transcript SSL

VOYAGER: Yet Another Secure
Web Browser to Demonstrate
Secure Socket Layer Working and
Implementation
By:
Shrinivas G. Deshpande
Advisor: Dr. Chung E. Wang
Second Reader: Prof. Richard Smith
Scope of the Project

Study of Secure Socket Layer(SSL) Protocol





SSL Handshake Protocol
SSL Record Protocol
Demonstrate how SSL can be used to make
clients secure against a secure server
Keys and Digital Certificates
Role of Gateways in SSL communication
Voyager: Yet Another Secure Web
Browser
2
Requirement Specification
1.
Introduction to SSL
1.
2.
3.
4.
2.
Difference between http and https
1.
3.
4.
What is SSL and how SSL works
Client and Server Authentication
SSL Handshake Protocol
SSL Record Protocol
Demonstrated by developing a Browser that
understands http and https.
Certificates and Digital Signatures
Role of Gateways in SSL communication
Voyager: Yet Another Secure Web
Browser
3
1. Difference between http and https

http




Stateless protocol
Non secure connection
Non Secure Sockets
https



Session based
protocol
Secure connection
Secure Sockets
Voyager: Yet Another Secure Web
Browser
4
2.Introduction to SSL





SSL- Developed by Netscape Communication
SSL – accepted universally on the World Wide
Web for AUTHENTICATED and ENCRYPTED
communication between clients and servers
IETF standard called Transport Layer Security
is based on SSL
SSL protocol runs above TCP/IP and below
higher level protocols such as HTTP
Uses TCP/IP to authenticate itself to an SSL
enabled client
Voyager: Yet Another Secure Web
Browser
5
What does SSL actually do?






Fragments messages to be
transmitted into manageable blocks
Compresses the data
Encrypts and transmits the data
Received data is decrypted
Verified, decompressed
Reassembled and transmitted to
higher layers
Voyager: Yet Another Secure Web
Browser
6
SSL in TCP/IP Protocol Stack
Voyager: Yet Another Secure Web
Browser
7
SSL Record Layer
 Receives uninterrupted data from upper
layers
 Fragmentation / Reassemble data
 Compresses/Decompress data
 Encrypt/Decrypt and verification of
data
Voyager: Yet Another Secure Web
Browser
8
SSL Handshake Protocol
 Maintains information about
the current state and next
state called the pending
state
 Once the handshake is
complete, the two parties
have shared secrets used
to encrypt records and
compute keyed messages
authentication codes on
their contents.
 Maintains the handshake
state information of the
client and server and
ensures that the protocol
state machines of client
and server work
consistently
Voyager: Yet Another Secure Web
Browser
9
SSL Record Protocol
 Receives uninterrupted
data from upper layers
 Fragmentation /
Reassemble data
 Compresses/Decompress
data
 Encrypt/Decrypt and
verification of data
Voyager: Yet Another Secure Web
Browser
10
Design:Secure Library Class Diagram
Voyager: Yet Another Secure Web
Browser
11
http connection sequence diagram
Voyager: Yet Another Secure Web
Browser
12
https connection sequence diagram
Voyager: Yet Another Secure Web
Browser
13
How/Why Gateways use SSL






SSL designed to provide security between client and server and avoid
man-in-the-middle attack
SSL considers a proxy server as a middleman
Gateways act as clients and authenticate servers. Client authentication is
not possible.
Gateway/proxy can internally authenticate client within the firewall
Packet Filtering by allowing specific ports for specific traffic. 443 in case of
SSL
SSL can works with gateways that support SOCKS. SOCKS is a networking
proxy protocol that enables hosts on one side of a SOCKS server to gain full access
to hosts on the other side of the SOCKS server without requiring direct IP-reach
ability. SOCKS is often used as a network firewall, redirecting connection requests
from hosts on opposite sides of a SOCKS server. The SOCKS server authenticates
and authorizes requests, establishes a proxy connection, and relays data between
hosts.
Voyager: Yet Another Secure Web
Browser
14
Gateways and SSL




Proxy Server should support
SOCKS to support SSL
With SOCKS, DNS is the
responsibility of the client
SSL tunneling, DNS is the
responsibility of the proxy
Proxy Server can spoof mock
on behalf of internal client.
Makes connection faster
Voyager: Yet Another Secure Web
Browser
15
Implementation Details



Client/Server setup for development
 Voyager Front-end: Developed Using Java Swing.
JRE:1.3.1_02
 Secure Library: Developed using Java and JSSE.
 Testing: Running Apache Tomcat as a Secure Web
Server on Local System on port #: 8443
JSSE is Java implementation of SSL developed by SUN
Key/certificate generation
 Key/certificate generation using Keytool
 RSA algorithm used for key generation
 X.509v3 certificates generated
 Import/Export certificate to make certificate available
for authentication
Voyager: Yet Another Secure Web
Browser
16
Voyager Snapshots
Voyager: Yet Another Secure Web
Browser
17
Securely Accessing Tomcat Apache Default page though Voyager
Voyager: Yet Another Secure Web
Browser
18
Accessing Golden-1 web site through Voyager
Voyager: Yet Another Secure Web
Browser
19
Conclusion




Opportunity to learn about network
security
How SSL works/implemented
Setting up client servers for secure
communications
Thanks to Dr. Wang and Prof. Dick
Smith
Voyager: Yet Another Secure Web
Browser
20