External ad-hoc communication for PalCom Thomas Forsström

advertisement
External ad-hoc communication for PalCom
Thomas Forsström
David RaimossonAbstract
BlablablaIndex
1 Introduction......................................................................................................4
1.1 Background...........................................................................................................4
1.2 Problem definition................................................................................................4
1.3 Goal & Purpose.....................................................................................................4
1.4 Outline..................................................................................................................4
2 Theory .........................................................................................................................15
2.1 Secure Socket Layer (SSL) in Java...........................................................................15
2.2 Virtual Private Network with OpenVPN……………………………………………16
2.3 HTTP traffic filters………………………………….………………………………17
3 Method ........................................................................................................................29
3.1 Scope ....................................................................................................................31
4 Results .........................................................................................................................41
4.1 Program/prototype.....................................................................................................43
4.2 Protocol.......................................................................................................................49
5 Conclusions .................................................................................................................65
5.1 ??????????????????????.............................................................................................66
6 Future Work ...............................................................................................................73
6.1 ??????????????????????????........................................................................................73
Reference list ......................................................................................................................75
Appendices.........................................................................................................................79
A Questions and metrics ...................................................................................................79
B Word Index...................................................................................................................80
1
Introduction
1.1
Background
In many situations different electronic devices are used together but not working seamlessly, since they
are not developed for it. This does not only apply to electronic devices but also different software that
people want to cooperate but were not made for it. The situation has been noticed before and one
approach to solve it is the PalCom [1] project.
A small PalCom software is installed into an existing device, for instance a web camera, making it a
functional PalCom unit, capable of communicating with other PalCom units and offering services, like
sending an image.
The communication between the PalCom units is based on a special broadcasting protocol, to make
auto-detection possible. This works well in smaller local networks, for example when your using
BlueTooth or on a smaller Ethernet inside a router and/or firewall.
1.2
Problem definition
Sometimes one would like to connect smaller PalCom networks over the Internet or any larger network,
but the current protocol does not scale up very well. With many units the network will be flooded with
broadcast messages. Another problem is that routers and firewalls might not let the traffic pass. Still,
there are situations when geographically spread out units are wanted to be connected. An example
might be equipment stationed at the 10 different hospitals in Scania, Sweden. Another example could be
the different participators within the PalCom project situated in Lund, Århus and Sienna.
1.3
Goal & Purpose
A desired solution to this problem would be to create a ”tunnel” so that PalCom units can find and
connect to PalCom units in another place. It is probable that the solution will contain a program that is
started in each local PalCom network that will connect to another. These instances of the program will
then handle the information about the local accessible PalCom units and distribute this to the other
PalCom networks. In practice this connection between the PalCom networks should be controlled,
which PalCom networks that are allowed to connect from the outside etc.
According to the problem definition, the communication between the program instances must pass
through firewalls seamlessly because it is not possible to ask every security manager to open a specific
port for the program.
The information sent between the PalCom networks should also be encrypted, sensitive information as
in the hospital case may be sent.
Quality of service is an aspect that also should be covered for a real application.
1.4
Outline
2 First programs like Napster, VPN and Skype should be
studied to find a hinch for a solution. Then a program should
be developed that can communicate with PalCom units,
traverse firewalls and send information to another instance of
the program.
Theory
2.1
Secure Socket Layer (SSL) in Java
Java Secure Socket Extension (JSSE) [2] is a packet that extends j2SDK with secure connections over
an insecure network for instance the Internet by implementing SSL [3, 4] and Transport Layer Security
(TLS). These layers are located between the application layer and the TCP/IP layer. SSL is a protocol
used to protect traffic between two parties from being read or modified by an outsider and to ensure that
the other side is who he pretends to be. Security in SSL is achieved by encrypted messages and
certificates, usually X509, are used for identifying the users. A SSL Handshake is performed when
choosing a cryptographic algorithm and the keys for it, the certificates are also examined during the
handshake.
SSL uses both symmetric and asymmetric keys where symmetric means that the same key is used both
for encryption and decryption of messages which is faster than asymmetric keys where a public and a
private key is used.
Data Encryption Standard (DES) and Advanced Encryption Standard (AES) are two examples of
algorithms that use symmetric keys. Asymmetric algorithms such as RSA (Rivest, Shamir & Adleman)
uses a pair of keys where one key performs the inverse of the other, that is if you encrypt with the
private key then everybody with the public key can decrypt and read the message while if you encrypt
with the public key then only the person with the private key can read the message.
The asymmetric keys in SSL are used to identify the parties and to choose a symmetric key that will be
used to encrypt/decrypt the data which is to be transferred during the session.
Hash algorithms such as Message Digest (MD5) and Standard Hash Algorithm 1 (SHA-1) helps to
prevent unauthorized persons to alter or switch the message. These makes a unique checksum smaller
than the original message that works as a fingerprint so if someone tries to alter the message the hash
sum for this new message will not match the old hash sum. Message Authentication Code (MAC) is a
kind of checksum to be able to control if the message has been tampered with. The sender sends
message M and MAC(M) and the receiver creates his own MAC(M) to compare with the senders
version, if the two match then the message is intact.
HMAC or Keyed-Hash Message Authentication Code is a type of MAC with the use of a hash function
and a shared secret key where the key is put inside the hashed data with the message. Then both parties
must have the key to be able to check the data which makes it more secure.
Java uses MAC while OpenVPN uses HMAC.
When the handshake is complete the transfer of encrypted data can begin with minimized risk for
attacks.
The packages java.security and javax.net.ssl in Java handles secure sockets to set up secure
connections.
2.2
Virtual Private Network with OpenVPN
VPN like javas JSSE is a tool for handling of secure connections over an insecure network. Their
biggest purpose today is to connect company networks over secure WANs. VPN is an encrypted tunnel
between two computers that prevents the traffic inside the tunnel to be tampered with or eavesdropped.
The development of IPSec came first but it progressed slowly, was complex and demanding on the
routers. This made developers look for other solutions such as SSL that grew fast because of wide use
on the web. It is also easier to implement and administrate.
With Linux came a good test bed for this kind of applications and the tun or tap interface was invented.
A tun device works as a virtual network adapter and looks like a hardware unit for p2p in the operative
system. Instead of sending bits over a network cable the device sends it to user space where programs
can open the tun device just like a file and write or read IP packets to and from it. By writing a small
program that that sends the bits from the tun device to a network socket a simple VPN without the
security is created. Tap devices works in a similar way only instead of emulating point to point it looks
like an Ethernet device. OpenVPN is an application among others that uses tun and tap instead of IPSec.
The packets are encapsulated in UDP or TCP for transmission over the VPN tunnel and by putting the
connection over for instance SSH one can create a real VPN. OpenVPN uses encryption to make the
messages harder or almost impossible to read but also a secure hash to ensure that the package came
from the correct source. To prevent reply attacks the use of timestamps or unique IDs in the packages,
OpenVPN uses sliding window algorithm to solve this. OpenSSL gives full RSA PKI support as well as
SSL/TLS for initial authentification in OpenVPN.
OpenVPN supports most known operating systems such as Windows, Linux, MAC OS X and Solaris. It
can handle NAT and dynamic IP addresses in an easy manner. “VPNs can be used as building blocks to
construct anything from a small secure telecommuting solution, to a large-scale secure WAN.” This
sounds interesting for our purposes. We will then need to write an interface for interacting between
OpenVPN and PalCom and also some sort of login-server with a list of available servers and public
servers for use when a client is located between a NAT.
2.3
HTTP traffic filters
To get a simple way through firewalls we intend to use port 80 that is used for HTTP traffic. This is
because all major networks contain a webserver and since large networks are often not NAT:ed every
computer in the network should be open on this port.
There is a ”complication” though, many companies and organizations know about this and analyze the
traffic on this port. Not strange, because spyware and other unwanted programs are often exploiting it.
So, in order to get through these filters we need to know how the filters that are in use work and what
they are looking for.
1) Scripts
2) Special words and phrases like ”secret” and ”Company Confidential”
3) Bad HTTP headers, payloads are on the contrary not inspected that often
3 This implies that we do not need to worry too much about
the HTTP filtering. A protocol for sending information is
presented in section 5.2.Method
We began our search for a good solution by installing OpenVPN which we thought might work for
building a tunnel between different PalCom networks if it could be ported to PalCom and support all
the requirements we had. The setup was one laptop running Windows XP on a public IP address and
one Linux machine with Mandriva as operative system and sitting behind a NAT router. After a bit of
configuration according to the manual on the webpage we tried to connect with the Linux machine as
server and the laptop as client but that did not work since we could not access the NAT router and
forward a port to the server. This is something that we will try to solve by using client-to-client mode in
OpenVPN at a later stage. In an effort to get anything working we tried the easier alternative with the
server located on the laptop and using the stationary machine as client because the NAT router will let
traffic out from the local network inside it. It proved successful and we got a connection and a tunnel
set up between the two computers but traffic inside the tunnel did not work due to firewalls on each
computer. ZoneAlarm on the laptop will effectively stop ping packets and attempts to reach a web
server (apache) that we were running there if the settings is hard, medium did the trick to get access
there. The Linux server had shorewall installed and after consulting their homepage http://shorewall.net
and http://openvpn.net/archive /openvpn-users/2005-07/msg00084.html we could configure it as
follows:
In file shorewall/policy the lines
“vpn
fw
ACCEPT”
“fw
vpn
ACCEPT”
were added.
In file shorewall/tunnels the line “openvpn:22
In file shorewall/interfaces the line “vpn
net
130.235.50.219” were added.
tun0” were added.
These changes made pinging work over the tunnel and the client could also reach the apache server over
the tunnel.
After evaluating OpenVPN we did the same with java SSL where a tunnel was setup using secure
sockets between a server and a client but also between two clients using a public server. First we
implemented a client and a server without the use of secure sockets to test that it could connect at all.
This proved a success and the solution expanded with a secure layer. When using java one has to insert
the certificates in keystores and truststores for safekeeping with the help of keytool, a program that is
included in the java installation, and it was also discovered that the certificates created for the test in
OpenVPN did not work since keytool complained that the certificates were of other type than x509 for
some reason. After creating new certificates, importing them into keystores and truststores and
implementing a server/client solution with secure sockets we discovered that it worked as fine as with
OpenVPN.
Since both solutions seem to lack deal breakers we discussed the two alternatives and wrote a list with
pros and cons to get an easier view of the different repercussions that will follow from our choice.
Java SSL
–
+




Minimum solution, can be tailored to do only
what we need
Not opensource where everybody look inside
Will be ported to PalCom only, no other
application will have access to the tunnel.
Easier to modifie later on

No retail solution, easy to get bugs


Maybe not as secure
Time demanding since everything will be
written by us and might run into obstacles
Reversed Engineering can reveal security
flaws and holes

OpenVPN
–
+

Everything needed is included




Tested, likely to be secure
Relatively easy to configure
Under development




More than necesseary functionality is
included
Need to write interface to port to PalCom
Other applications get access to the tunnel
Bigger installation, more knowledge is
required
Under development, might take a turn we
don’t want it to go
After some considerations we decided that the Java SSL solution where the preferable one since the test
version we wrote worked and due to the fact that OpenVPN opens the tunnel to other applications.
Before this was decided an http embedder was written to be able to trick http proxy’s and firewalls that
the traffic being transmitted is for a web server. The solution was done as to be able to work with
OpenVPN as well as with the SSL solution. This was solved by configuring SSL or OpenVPN to
connect to a local port where a relay with a socket is listening, this socket reads the information, inserts
an http-header and transmits it to another relay on the other side where the http-header is stripped and
the data is forwarded to a local port where the other end of the encrypted tunnel is listening.
By reading the code from the palcom project we began to get some understanding of how it worked in
some part of the project which proved to be huge as a whole. The part that we were to be involved with
consisted of a few classes.
MediaManager has an internal class DistributorThread that inherits PalcomPriorityThread. This thread
gets events in its mailbox from UDPCommunicationThread whom inherits CommunicationThread
which reads and writes data to and from a socket. It sends data that it receives in
MessageWithURLEvents and these events are also created to encapsulate the read data and put in the
DistributorThreads mailbox. DistributorThread then distribute these messages to two internal classes in
MediaManager, BroadcastDistributor and UnicastDistributor, with the distribute(Message message,
Object source) method. MediaManager also has a method send(Message message, String receiverURL)
that sends a message with the help of the CommunicationThread or UDPCommunicationThread.
4 We began modifying these parts by creating a class
GatewayMediaManager that inherits MediaManager but
overwrites the DistributorThreads use, the two internal classes
are never used and the send method is changed a little. Instead
of the thread and the two classes two other internal threads,
TunnelSenderThread and TunnelListenerThread, which has
each end of a tunnel. One receives messages from the
UDPCommunicationThread and sends it on through the
tunnel without changing anything in the data. The other
thread listens on the socket from the tunnel and creates
messages from the data read but changes the receiver and
sender URL and then passes it on to the send method that
sends it to the UDPCommunicationThread for distributing in
the new network.Results
4.1
Program/prototype
5 Protocol
Conclusions
6 Some stuff
Future Work
7 Don't know yet...
References
[1] The PalCom project
http://www.ist-palcom.org/
[2] http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#WhySSL
[3] http://technet2.microsoft.com/WindowsServer/en/Library/9561d437-9db3-4f66-8b10e580fc6374f51033.mspx?mfr=true
[4] http://wp.netscape.com/eng/ssl3/draft302.txt
[5] http://openvpn.net
[6] James Zarfoss, HMAC, The Keyed Hash-Based MAC Function (2002-01-18)
http://the.jhu.edu/upe/2002/01/18/hmac1-the-keyed-hash-based-mac-function/ (2006-10-21)
[7] HMAC in Wikipedia the free encyclopedia
http://en.wikipedia.org/wiki/HMAC (2006-10-21)
[8] Secure Computing: Webwasher
http://www.webwasher.com/
8
Appendices
8.1
Questions and metrics
8.2
Word Index
Download