VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation - PowerPoint PPT Presentation

About This Presentation
Title:

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation

Description:

VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By: Shrinivas G. Deshpande Advisor: Dr. Chung E. Wang – PowerPoint PPT presentation

Number of Views:125
Avg rating:3.0/5.0
Slides: 21
Provided by: shr120
Category:

less

Transcript and Presenter's Notes

Title: VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation


1
VOYAGER Yet Another Secure Web Browser to
Demonstrate Secure Socket Layer Working and
Implementation
  • By Shrinivas G. Deshpande
  • Advisor Dr. Chung E. Wang
  • Second Reader Prof. Richard Smith

2
Scope of the Project
  • Study of Secure Socket Layer(SSL) Protocol
  • SSL Handshake Protocol
  • SSL Record Protocol
  • Demonstrate how SSL can be used to make clients
    secure against a secure server
  • Keys and Digital Certificates
  • Role of Gateways in SSL communication

3
Requirement Specification
  1. Introduction to SSL
  2. What is SSL and how SSL works
  3. Client and Server Authentication
  4. SSL Handshake Protocol
  5. SSL Record Protocol
  6. Difference between http and https
  7. Demonstrated by developing a Browser that
    understands http and https.
  8. Certificates and Digital Signatures
  9. Role of Gateways in SSL communication

4
1. Difference between http and https
  • http
  • Stateless protocol
  • Non secure connection
  • Non Secure Sockets
  • https
  • Session based protocol
  • Secure connection
  • Secure Sockets

5
2.Introduction to SSL
  • SSL- Developed by Netscape Communication
  • SSL accepted universally on the World Wide Web
    for AUTHENTICATED and ENCRYPTED communication
    between clients and servers
  • IETF standard called Transport Layer Security is
    based on SSL
  • SSL protocol runs above TCP/IP and below higher
    level protocols such as HTTP
  • Uses TCP/IP to authenticate itself to an SSL
    enabled client

6
What does SSL actually do?
  • Fragments messages to be transmitted into
    manageable blocks
  • Compresses the data
  • Encrypts and transmits the data
  • Received data is decrypted
  • Verified, decompressed
  • Reassembled and transmitted to higher layers

7
SSL in TCP/IP Protocol Stack
8
SSL Record Layer
  • Receives uninterrupted data from upper layers
  • Fragmentation / Reassemble data
  • Compresses/Decompress data
  • Encrypt/Decrypt and verification of data

9
SSL Handshake Protocol
  • Maintains information about the current state and
    next state called the pending state
  • Once the handshake is complete, the two parties
    have shared secrets used to encrypt records and
    compute keyed messages authentication codes on
    their contents.
  • Maintains the handshake state information of the
    client and server and ensures that the protocol
    state machines of client and server work
    consistently

10
SSL Record Protocol
  • Receives uninterrupted data from upper layers
  • Fragmentation / Reassemble data
  • Compresses/Decompress data
  • Encrypt/Decrypt and verification of data

11
DesignSecure Library Class Diagram
12
http connection sequence diagram
13
https connection sequence diagram
14
How/Why Gateways use SSL
  • SSL designed to provide security between client
    and server and avoid man-in-the-middle attack
  • SSL considers a proxy server as a middleman
  • Gateways act as clients and authenticate servers.
    Client authentication is not possible.
  • Gateway/proxy can internally authenticate client
    within the firewall
  • Packet Filtering by allowing specific ports for
    specific traffic. 443 in case of SSL
  • SSL can works with gateways that support SOCKS.
    SOCKS is a networking proxy protocol that enables
    hosts on one side of a SOCKS server to gain full
    access to hosts on the other side of the SOCKS
    server without requiring direct IP-reach ability.
    SOCKS is often used as a network firewall,
    redirecting connection requests from hosts on
    opposite sides of a SOCKS server. The SOCKS
    server authenticates and authorizes requests,
    establishes a proxy connection, and relays data
    between hosts.

15
Gateways and SSL
  • Proxy Server should support SOCKS to support SSL
  • With SOCKS, DNS is the responsibility of the
    client
  • SSL tunneling, DNS is the responsibility of the
    proxy
  • Proxy Server can spoof mock on behalf of internal
    client. Makes connection faster

16
Implementation Details
  • Client/Server setup for development
  • Voyager Front-end Developed Using Java Swing.
    JRE1.3.1_02
  • Secure Library Developed using Java and JSSE.
  • Testing Running Apache Tomcat as a Secure Web
    Server on Local System on port 8443
  • JSSE is Java implementation of SSL developed by
    SUN
  • Key/certificate generation
  • Key/certificate generation using Keytool
  • RSA algorithm used for key generation
  • X.509v3 certificates generated
  • Import/Export certificate to make certificate
    available for authentication

17
Voyager Snapshots
18
Securely Accessing Tomcat Apache Default page
though Voyager
19
Accessing Golden-1 web site through Voyager
20
Conclusion
  • Opportunity to learn about network security
  • How SSL works/implemented
  • Setting up client servers for secure
    communications
  • Thanks to Dr. Wang and Prof. Dick Smith
Write a Comment
User Comments (0)
About PowerShow.com