External ad-hoc communication for PalCom Thomas Forsström David RaimossonAbstract BlablablaIndex 1 Introduction......................................................................................................4 1.1 Background...........................................................................................................4 1.2 Problem definition................................................................................................4 1.3 Goal & Purpose.....................................................................................................4 1.4 Outline..................................................................................................................4 2 Theory .........................................................................................................................15 2.1 Secure Socket Layer (SSL) in Java...........................................................................15 2.2 Virtual Private Network with OpenVPN……………………………………………16 2.3 HTTP traffic filters………………………………….………………………………17 3 Method ........................................................................................................................29 3.1 Scope ....................................................................................................................31 4 Results .........................................................................................................................41 4.1 Program/prototype.....................................................................................................43 4.2 Protocol.......................................................................................................................49 5 Conclusions .................................................................................................................65 5.1 ??????????????????????.............................................................................................66 6 Future Work ...............................................................................................................73 6.1 ??????????????????????????........................................................................................73 Reference list ......................................................................................................................75 Appendices.........................................................................................................................79 A Questions and metrics ...................................................................................................79 B Word Index...................................................................................................................80 1 Introduction 1.1 Background In many situations different electronic devices are used together but not working seamlessly, since they are not developed for it. This does not only apply to electronic devices but also different software that people want to cooperate but were not made for it. The situation has been noticed before and one approach to solve it is the PalCom [1] project. A small PalCom software is installed into an existing device, for instance a web camera, making it a functional PalCom unit, capable of communicating with other PalCom units and offering services, like sending an image. The communication between the PalCom units is based on a special broadcasting protocol, to make auto-detection possible. This works well in smaller local networks, for example when your using BlueTooth or on a smaller Ethernet inside a router and/or firewall. 1.2 Problem definition Sometimes one would like to connect smaller PalCom networks over the Internet or any larger network, but the current protocol does not scale up very well. With many units the network will be flooded with broadcast messages. Another problem is that routers and firewalls might not let the traffic pass. Still, there are situations when geographically spread out units are wanted to be connected. An example might be equipment stationed at the 10 different hospitals in Scania, Sweden. Another example could be the different participators within the PalCom project situated in Lund, Århus and Sienna. 1.3 Goal & Purpose A desired solution to this problem would be to create a ”tunnel” so that PalCom units can find and connect to PalCom units in another place. It is probable that the solution will contain a program that is started in each local PalCom network that will connect to another. These instances of the program will then handle the information about the local accessible PalCom units and distribute this to the other PalCom networks. In practice this connection between the PalCom networks should be controlled, which PalCom networks that are allowed to connect from the outside etc. According to the problem definition, the communication between the program instances must pass through firewalls seamlessly because it is not possible to ask every security manager to open a specific port for the program. The information sent between the PalCom networks should also be encrypted, sensitive information as in the hospital case may be sent. Quality of service is an aspect that also should be covered for a real application. 1.4 Outline 2 First programs like Napster, VPN and Skype should be studied to find a hinch for a solution. Then a program should be developed that can communicate with PalCom units, traverse firewalls and send information to another instance of the program. Theory 2.1 Secure Socket Layer (SSL) in Java Java Secure Socket Extension (JSSE) [2] is a packet that extends j2SDK with secure connections over an insecure network for instance the Internet by implementing SSL [3, 4] and Transport Layer Security (TLS). These layers are located between the application layer and the TCP/IP layer. SSL is a protocol used to protect traffic between two parties from being read or modified by an outsider and to ensure that the other side is who he pretends to be. Security in SSL is achieved by encrypted messages and certificates, usually X509, are used for identifying the users. A SSL Handshake is performed when choosing a cryptographic algorithm and the keys for it, the certificates are also examined during the handshake. SSL uses both symmetric and asymmetric keys where symmetric means that the same key is used both for encryption and decryption of messages which is faster than asymmetric keys where a public and a private key is used. Data Encryption Standard (DES) and Advanced Encryption Standard (AES) are two examples of algorithms that use symmetric keys. Asymmetric algorithms such as RSA (Rivest, Shamir & Adleman) uses a pair of keys where one key performs the inverse of the other, that is if you encrypt with the private key then everybody with the public key can decrypt and read the message while if you encrypt with the public key then only the person with the private key can read the message. The asymmetric keys in SSL are used to identify the parties and to choose a symmetric key that will be used to encrypt/decrypt the data which is to be transferred during the session. Hash algorithms such as Message Digest (MD5) and Standard Hash Algorithm 1 (SHA-1) helps to prevent unauthorized persons to alter or switch the message. These makes a unique checksum smaller than the original message that works as a fingerprint so if someone tries to alter the message the hash sum for this new message will not match the old hash sum. Message Authentication Code (MAC) is a kind of checksum to be able to control if the message has been tampered with. The sender sends message M and MAC(M) and the receiver creates his own MAC(M) to compare with the senders version, if the two match then the message is intact. HMAC or Keyed-Hash Message Authentication Code is a type of MAC with the use of a hash function and a shared secret key where the key is put inside the hashed data with the message. Then both parties must have the key to be able to check the data which makes it more secure. Java uses MAC while OpenVPN uses HMAC. When the handshake is complete the transfer of encrypted data can begin with minimized risk for attacks. The packages java.security and javax.net.ssl in Java handles secure sockets to set up secure connections. 2.2 Virtual Private Network with OpenVPN VPN like javas JSSE is a tool for handling of secure connections over an insecure network. Their biggest purpose today is to connect company networks over secure WANs. VPN is an encrypted tunnel between two computers that prevents the traffic inside the tunnel to be tampered with or eavesdropped. The development of IPSec came first but it progressed slowly, was complex and demanding on the routers. This made developers look for other solutions such as SSL that grew fast because of wide use on the web. It is also easier to implement and administrate. With Linux came a good test bed for this kind of applications and the tun or tap interface was invented. A tun device works as a virtual network adapter and looks like a hardware unit for p2p in the operative system. Instead of sending bits over a network cable the device sends it to user space where programs can open the tun device just like a file and write or read IP packets to and from it. By writing a small program that that sends the bits from the tun device to a network socket a simple VPN without the security is created. Tap devices works in a similar way only instead of emulating point to point it looks like an Ethernet device. OpenVPN is an application among others that uses tun and tap instead of IPSec. The packets are encapsulated in UDP or TCP for transmission over the VPN tunnel and by putting the connection over for instance SSH one can create a real VPN. OpenVPN uses encryption to make the messages harder or almost impossible to read but also a secure hash to ensure that the package came from the correct source. To prevent reply attacks the use of timestamps or unique IDs in the packages, OpenVPN uses sliding window algorithm to solve this. OpenSSL gives full RSA PKI support as well as SSL/TLS for initial authentification in OpenVPN. OpenVPN supports most known operating systems such as Windows, Linux, MAC OS X and Solaris. It can handle NAT and dynamic IP addresses in an easy manner. “VPNs can be used as building blocks to construct anything from a small secure telecommuting solution, to a large-scale secure WAN.” This sounds interesting for our purposes. We will then need to write an interface for interacting between OpenVPN and PalCom and also some sort of login-server with a list of available servers and public servers for use when a client is located between a NAT. 2.3 HTTP traffic filters To get a simple way through firewalls we intend to use port 80 that is used for HTTP traffic. This is because all major networks contain a webserver and since large networks are often not NAT:ed every computer in the network should be open on this port. There is a ”complication” though, many companies and organizations know about this and analyze the traffic on this port. Not strange, because spyware and other unwanted programs are often exploiting it. So, in order to get through these filters we need to know how the filters that are in use work and what they are looking for. 1) Scripts 2) Special words and phrases like ”secret” and ”Company Confidential” 3) Bad HTTP headers, payloads are on the contrary not inspected that often 3 This implies that we do not need to worry too much about the HTTP filtering. A protocol for sending information is presented in section 5.2.Method We began our search for a good solution by installing OpenVPN which we thought might work for building a tunnel between different PalCom networks if it could be ported to PalCom and support all the requirements we had. The setup was one laptop running Windows XP on a public IP address and one Linux machine with Mandriva as operative system and sitting behind a NAT router. After a bit of configuration according to the manual on the webpage we tried to connect with the Linux machine as server and the laptop as client but that did not work since we could not access the NAT router and forward a port to the server. This is something that we will try to solve by using client-to-client mode in OpenVPN at a later stage. In an effort to get anything working we tried the easier alternative with the server located on the laptop and using the stationary machine as client because the NAT router will let traffic out from the local network inside it. It proved successful and we got a connection and a tunnel set up between the two computers but traffic inside the tunnel did not work due to firewalls on each computer. ZoneAlarm on the laptop will effectively stop ping packets and attempts to reach a web server (apache) that we were running there if the settings is hard, medium did the trick to get access there. The Linux server had shorewall installed and after consulting their homepage http://shorewall.net and http://openvpn.net/archive /openvpn-users/2005-07/msg00084.html we could configure it as follows: In file shorewall/policy the lines “vpn fw ACCEPT” “fw vpn ACCEPT” were added. In file shorewall/tunnels the line “openvpn:22 In file shorewall/interfaces the line “vpn net 130.235.50.219” were added. tun0” were added. These changes made pinging work over the tunnel and the client could also reach the apache server over the tunnel. After evaluating OpenVPN we did the same with java SSL where a tunnel was setup using secure sockets between a server and a client but also between two clients using a public server. First we implemented a client and a server without the use of secure sockets to test that it could connect at all. This proved a success and the solution expanded with a secure layer. When using java one has to insert the certificates in keystores and truststores for safekeeping with the help of keytool, a program that is included in the java installation, and it was also discovered that the certificates created for the test in OpenVPN did not work since keytool complained that the certificates were of other type than x509 for some reason. After creating new certificates, importing them into keystores and truststores and implementing a server/client solution with secure sockets we discovered that it worked as fine as with OpenVPN. Since both solutions seem to lack deal breakers we discussed the two alternatives and wrote a list with pros and cons to get an easier view of the different repercussions that will follow from our choice. Java SSL – + Minimum solution, can be tailored to do only what we need Not opensource where everybody look inside Will be ported to PalCom only, no other application will have access to the tunnel. Easier to modifie later on No retail solution, easy to get bugs Maybe not as secure Time demanding since everything will be written by us and might run into obstacles Reversed Engineering can reveal security flaws and holes OpenVPN – + Everything needed is included Tested, likely to be secure Relatively easy to configure Under development More than necesseary functionality is included Need to write interface to port to PalCom Other applications get access to the tunnel Bigger installation, more knowledge is required Under development, might take a turn we don’t want it to go After some considerations we decided that the Java SSL solution where the preferable one since the test version we wrote worked and due to the fact that OpenVPN opens the tunnel to other applications. Before this was decided an http embedder was written to be able to trick http proxy’s and firewalls that the traffic being transmitted is for a web server. The solution was done as to be able to work with OpenVPN as well as with the SSL solution. This was solved by configuring SSL or OpenVPN to connect to a local port where a relay with a socket is listening, this socket reads the information, inserts an http-header and transmits it to another relay on the other side where the http-header is stripped and the data is forwarded to a local port where the other end of the encrypted tunnel is listening. By reading the code from the palcom project we began to get some understanding of how it worked in some part of the project which proved to be huge as a whole. The part that we were to be involved with consisted of a few classes. MediaManager has an internal class DistributorThread that inherits PalcomPriorityThread. This thread gets events in its mailbox from UDPCommunicationThread whom inherits CommunicationThread which reads and writes data to and from a socket. It sends data that it receives in MessageWithURLEvents and these events are also created to encapsulate the read data and put in the DistributorThreads mailbox. DistributorThread then distribute these messages to two internal classes in MediaManager, BroadcastDistributor and UnicastDistributor, with the distribute(Message message, Object source) method. MediaManager also has a method send(Message message, String receiverURL) that sends a message with the help of the CommunicationThread or UDPCommunicationThread. 4 We began modifying these parts by creating a class GatewayMediaManager that inherits MediaManager but overwrites the DistributorThreads use, the two internal classes are never used and the send method is changed a little. Instead of the thread and the two classes two other internal threads, TunnelSenderThread and TunnelListenerThread, which has each end of a tunnel. One receives messages from the UDPCommunicationThread and sends it on through the tunnel without changing anything in the data. The other thread listens on the socket from the tunnel and creates messages from the data read but changes the receiver and sender URL and then passes it on to the send method that sends it to the UDPCommunicationThread for distributing in the new network.Results 4.1 Program/prototype 5 Protocol Conclusions 6 Some stuff Future Work 7 Don't know yet... References [1] The PalCom project http://www.ist-palcom.org/ [2] http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#WhySSL [3] http://technet2.microsoft.com/WindowsServer/en/Library/9561d437-9db3-4f66-8b10e580fc6374f51033.mspx?mfr=true [4] http://wp.netscape.com/eng/ssl3/draft302.txt [5] http://openvpn.net [6] James Zarfoss, HMAC, The Keyed Hash-Based MAC Function (2002-01-18) http://the.jhu.edu/upe/2002/01/18/hmac1-the-keyed-hash-based-mac-function/ (2006-10-21) [7] HMAC in Wikipedia the free encyclopedia http://en.wikipedia.org/wiki/HMAC (2006-10-21) [8] Secure Computing: Webwasher http://www.webwasher.com/ 8 Appendices 8.1 Questions and metrics 8.2 Word Index