VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By: Shrinivas G. Deshpande Advisor: Dr. Chung E. Wang Second Reader: Prof. Richard Smith Scope of the Project Study of Secure Socket Layer(SSL) Protocol SSL Handshake Protocol SSL Record Protocol Demonstrate how SSL can be used to make clients secure against a secure server Keys and Digital Certificates Role of Gateways in SSL communication Voyager: Yet Another Secure Web Browser 2 Requirement Specification 1. Introduction to SSL 1. 2. 3. 4. 2. Difference between http and https 1. 3. 4. What is SSL and how SSL works Client and Server Authentication SSL Handshake Protocol SSL Record Protocol Demonstrated by developing a Browser that understands http and https. Certificates and Digital Signatures Role of Gateways in SSL communication Voyager: Yet Another Secure Web Browser 3 1. Difference between http and https http Stateless protocol Non secure connection Non Secure Sockets https Session based protocol Secure connection Secure Sockets Voyager: Yet Another Secure Web Browser 4 2.Introduction to SSL SSL- Developed by Netscape Communication SSL – accepted universally on the World Wide Web for AUTHENTICATED and ENCRYPTED communication between clients and servers IETF standard called Transport Layer Security is based on SSL SSL protocol runs above TCP/IP and below higher level protocols such as HTTP Uses TCP/IP to authenticate itself to an SSL enabled client Voyager: Yet Another Secure Web Browser 5 What does SSL actually do? Fragments messages to be transmitted into manageable blocks Compresses the data Encrypts and transmits the data Received data is decrypted Verified, decompressed Reassembled and transmitted to higher layers Voyager: Yet Another Secure Web Browser 6 SSL in TCP/IP Protocol Stack Voyager: Yet Another Secure Web Browser 7 SSL Record Layer Receives uninterrupted data from upper layers Fragmentation / Reassemble data Compresses/Decompress data Encrypt/Decrypt and verification of data Voyager: Yet Another Secure Web Browser 8 SSL Handshake Protocol Maintains information about the current state and next state called the pending state Once the handshake is complete, the two parties have shared secrets used to encrypt records and compute keyed messages authentication codes on their contents. Maintains the handshake state information of the client and server and ensures that the protocol state machines of client and server work consistently Voyager: Yet Another Secure Web Browser 9 SSL Record Protocol Receives uninterrupted data from upper layers Fragmentation / Reassemble data Compresses/Decompress data Encrypt/Decrypt and verification of data Voyager: Yet Another Secure Web Browser 10 Design:Secure Library Class Diagram Voyager: Yet Another Secure Web Browser 11 http connection sequence diagram Voyager: Yet Another Secure Web Browser 12 https connection sequence diagram Voyager: Yet Another Secure Web Browser 13 How/Why Gateways use SSL SSL designed to provide security between client and server and avoid man-in-the-middle attack SSL considers a proxy server as a middleman Gateways act as clients and authenticate servers. Client authentication is not possible. Gateway/proxy can internally authenticate client within the firewall Packet Filtering by allowing specific ports for specific traffic. 443 in case of SSL SSL can works with gateways that support SOCKS. SOCKS is a networking proxy protocol that enables hosts on one side of a SOCKS server to gain full access to hosts on the other side of the SOCKS server without requiring direct IP-reach ability. SOCKS is often used as a network firewall, redirecting connection requests from hosts on opposite sides of a SOCKS server. The SOCKS server authenticates and authorizes requests, establishes a proxy connection, and relays data between hosts. Voyager: Yet Another Secure Web Browser 14 Gateways and SSL Proxy Server should support SOCKS to support SSL With SOCKS, DNS is the responsibility of the client SSL tunneling, DNS is the responsibility of the proxy Proxy Server can spoof mock on behalf of internal client. Makes connection faster Voyager: Yet Another Secure Web Browser 15 Implementation Details Client/Server setup for development Voyager Front-end: Developed Using Java Swing. JRE:1.3.1_02 Secure Library: Developed using Java and JSSE. Testing: Running Apache Tomcat as a Secure Web Server on Local System on port #: 8443 JSSE is Java implementation of SSL developed by SUN Key/certificate generation Key/certificate generation using Keytool RSA algorithm used for key generation X.509v3 certificates generated Import/Export certificate to make certificate available for authentication Voyager: Yet Another Secure Web Browser 16 Voyager Snapshots Voyager: Yet Another Secure Web Browser 17 Securely Accessing Tomcat Apache Default page though Voyager Voyager: Yet Another Secure Web Browser 18 Accessing Golden-1 web site through Voyager Voyager: Yet Another Secure Web Browser 19 Conclusion Opportunity to learn about network security How SSL works/implemented Setting up client servers for secure communications Thanks to Dr. Wang and Prof. Dick Smith Voyager: Yet Another Secure Web Browser 20