reliable client server connections
play

Reliable client-server connections Making Telnet secure Thijs - PowerPoint PPT Presentation

Sep 11, 2023 •1.15k likes •1.39k views

Reliable client-server connections Making Telnet secure Thijs Rozekrans Ren e Klomp thijs.rozekrans@os3.nl rene.klomp@os3.nl System and Network Engineering University of Amsterdam July 3, 2013 Thijs Rozekrans, Ren e Klomp (UvA)

  1. Reliable client-server connections Making Telnet secure Thijs Rozekrans Ren´ e Klomp thijs.rozekrans@os3.nl rene.klomp@os3.nl System and Network Engineering University of Amsterdam July 3, 2013 Thijs Rozekrans, Ren´ e Klomp (UvA) Reliable client-server connections July 3, 2013 1 / 16

  2. Introduction • Authentication of both clients and servers • Decentralised • Based on TLS • Proof of concept Thijs Rozekrans, Ren´ e Klomp (UvA) Reliable client-server connections July 3, 2013 2 / 16

  3. Introduction How can current techniques be used to validate the identity of both client and server, using a TLS connection, in a decentralised way? Thijs Rozekrans, Ren´ e Klomp (UvA) Reliable client-server connections July 3, 2013 3 / 16

  4. Motivation • Increase usage of certificate by clients and servers • Eliminate the need for certificate authorities • Diginotar debacle • Foreign governments • Centralized • Techniques are available • Currently no implementations exist Thijs Rozekrans, Ren´ e Klomp (UvA) Reliable client-server connections July 3, 2013 4 / 16

  5. Design considerations • PGP or X.509 (CA’s) • Validating certificates • Daemon or Library • Programming language Thijs Rozekrans, Ren´ e Klomp (UvA) Reliable client-server connections July 3, 2013 5 / 16

  6. PGP or X.509 • X.509 • Widely adapted • Validation of certificate is done by CA • PGP • Certificates are managed by users • Decentralized design (web-of-trust) Thijs Rozekrans, Ren´ e Klomp (UvA) Reliable client-server connections July 3, 2013 6 / 16

  7. Validating certificates Thijs Rozekrans, Ren´ e Klomp (UvA) Reliable client-server connections July 3, 2013 7 / 16

  8. Daemon or Library • Library • Existing GnuTLS library • Daemon • Forwarding mechanism • Caching • Access to private keys • Multiple programming languages Thijs Rozekrans, Ren´ e Klomp (UvA) Reliable client-server connections July 3, 2013 8 / 16

  9. Programming Language • Performance • Future extension Thijs Rozekrans, Ren´ e Klomp (UvA) Reliable client-server connections July 3, 2013 9 / 16

  10. Implementation • Daemon • Python • PyGnuTLS Library • Pass file descriptor of existing connection Thijs Rozekrans, Ren´ e Klomp (UvA) Reliable client-server connections July 3, 2013 10 / 16

  11. Implementation TCP Handshake Client Server Library Library Encrypted Daemon Daemon Thijs Rozekrans, Ren´ e Klomp (UvA) Reliable client-server connections July 3, 2013 11 / 16

  12. Implementation • Based on certificate UID • LDAP • DANE • Flags to disable certain checks • DNSSEC • Reponds with: • OK + id • ERR + code + message Thijs Rozekrans, Ren´ e Klomp (UvA) Reliable client-server connections July 3, 2013 12 / 16

  13. Implementation • Forwarding mechanism • Telnet application as an example • Possible with every other application TCP Handshake Telnet TCP-Forwarder TCP-Forwarder Telnetd Library Library Encrypted Daemon Daemon Thijs Rozekrans, Ren´ e Klomp (UvA) Reliable client-server connections July 3, 2013 13 / 16

  14. Conclusion How can current techniques be used to validate the identity of both client and server using a TLS connection in a decentralised way? • By creating a daemon it is possible! • Easily implemented using single call to library • It does work with an existing application (Telnet) • https://github.com/OS3/rp2_68 Thijs Rozekrans, Ren´ e Klomp (UvA) Reliable client-server connections July 3, 2013 14 / 16

  15. Future work • (D)TLS for UDP and SCTP • (Soft)HSM • Caching • Certificate Pinning • Libraries in other languages Thijs Rozekrans, Ren´ e Klomp (UvA) Reliable client-server connections July 3, 2013 15 / 16

  16. Questions Are there any questions? made possible by Thijs Rozekrans, Ren´ e Klomp (UvA) Reliable client-server connections July 3, 2013 16 / 16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Evolution of the Web 1 Client Server 2 2 / 22 1 Client Server 2 2 / 22 1 Client Server

Evolution of the Web 1 Client Server 2 2 / 22 1 Client Server 2 2 / 22 1 Client Server

E LIOM Tierless Web programming from the ground up Gabriel R ADANNE Jrme V OUILLON Vincent B ALAT Vasilis P APAVASILEIOU Evolution of the Web 1 Client Server 2 2 / 22 1 Client Server 2 2 / 22 1 Client Server DOM 2 2 / 22 1

778 views • 42 slides
Multi-Threaded Servers December 6, 2007 1 Client-Server Communication Client Client Client

Multi-Threaded Servers December 6, 2007 1 Client-Server Communication Client Client Client

Multi-Threaded Servers December 6, 2007 1 Client-Server Communication Client Client Client Client Client Client Client Client Client Google Client Client Client Client Client Client Many clients; 1 server Server starts and then

333 views • 6 slides
Services Do A for me. Sockets and Client/Server OK, heres your answer.

Services Do A for me. Sockets and Client/Server OK, heres your answer.

Services Do A for me. Sockets and Client/Server OK, heres your answer. Communication Now do B. OK, here. Client Server Jeff Chase request/response paradigm ==> client/server roles Duke University - Remote

323 views • 8 slides
sockets cont / RPC 1 last time client/server versus peer-to-peer model names, addresses

sockets cont / RPC 1 last time client/server versus peer-to-peer model names, addresses

sockets cont / RPC 1 last time client/server versus peer-to-peer model names, addresses (IPv4/IPv6), routing socket abstraction two-way pipes to remote machine server sockets bind() (set address) + listen() (wait for connections)

1.45k views • 132 slides
Sockets and Client/Server Communication Jeff Chase Duke University Services Do A for me.

Sockets and Client/Server Communication Jeff Chase Duke University Services Do A for me.

Sockets and Client/Server Communication Jeff Chase Duke University Services Do A for me. OK, heres your answer. Now do B. OK, here. Server Client request/response paradigm ==> client/server roles - Remote

628 views • 46 slides
Interfaces as Contracts A client and a server are bound by a contract The server promises

Interfaces as Contracts A client and a server are bound by a contract The server promises

Interfaces as Contracts A client and a server are bound by a contract The server promises to do its job Defined by the postconditions As long as the client uses the server correctly Defined by the pre-conditions Bertrand Meyer

336 views • 8 slides
Socket Programming Socket Programming Srinidhi Varadarajan Client- -server paradigm server

Socket Programming Socket Programming Srinidhi Varadarajan Client- -server paradigm server

Socket Programming Socket Programming Srinidhi Varadarajan Client- -server paradigm server paradigm Client Client: applicat ion initiates contact with server t r anspor t net wor k (speaks first) dat a link physical

395 views • 20 slides
multi-platform, multi-os client/server Client/Server Communication Suppose we send data

multi-platform, multi-os client/server Client/Server Communication Suppose we send data

multi-platform, multi-os client/server Client/Server Communication Suppose we send data between clients and servers The Java stream hierarchy is a rich source of options Object streams, Data streams, Buffered Readers, Often

266 views • 3 slides
Binding: Connecting From Procedure to Client and Server Remote Procedure Server exports its

Binding: Connecting From Procedure to Client and Server Remote Procedure Server exports its

Binding: Connecting From Procedure to Client and Server Remote Procedure Server exports its interface Three main concerns Identifies itself to network name server Parameter passing Tells local runtime its dispatcher address Failure cases Import

115 views • 7 slides
CS 10: Problem solving via Object Oriented Programming Client/Server Agenda 1. Sockets 2.

CS 10: Problem solving via Object Oriented Programming Client/Server Agenda 1. Sockets 2.

CS 10: Problem solving via Object Oriented Programming Client/Server Agenda 1. Sockets 2. Server 3. Multithreaded server 4. Chat server 2 Sockets are a way for computers to communicate Client 1 makes connection over socket IP:

503 views • 35 slides
Server algorithms and their design many ways that a client/server can be designed each different

Server algorithms and their design many ways that a client/server can be designed each different

slide 1 gaius Server algorithms and their design many ways that a client/server can be designed each different algorithm has various benefits and problems are able to classify these algorithms by looking at the various server differences the

400 views • 25 slides
Server types concurrent, connectionless very uncommon a process is created for each

Server types concurrent, connectionless very uncommon a process is created for each

TCP week 8 5/12/02 1 Clients & Servers Client: in general, an application that initiates a peer-to-peer communication end users usually invoke client software Server: waits for incoming communication requests from a client

552 views • 7 slides
Server and Threads vanilladb.org Where are we? VanillaCore JDBC Interface (at Client Side)

Server and Threads vanilladb.org Where are we? VanillaCore JDBC Interface (at Client Side)

Server and Threads vanilladb.org Where are we? VanillaCore JDBC Interface (at Client Side) Remote.JDBC (Client/Server) Server Query Interface Tx Planner Parse Algebra Storage Interface Sql/Util Concurrency Recovery Metadata Index

787 views • 66 slides
Slow Orbit Feedback - Schematics oco Console Client Event @ 0.5Hz CDEV BPM CORBA Server

Slow Orbit Feedback - Schematics oco Console Client Event @ 0.5Hz CDEV BPM CORBA Server

Top-up Operation at the Swiss Light Source Slow Orbit Feedback - Schematics oco Console Client Event @ 0.5Hz CDEV BPM CORBA Server Event Server Server Event @ 2Hz TRACY Feedback Server Client Poll FB Log Model Server Event

208 views • 8 slides
Content Server Caching Network Client Web Server Browser Avoid Network Latency Avoid Queuing

Content Server Caching Network Client Web Server Browser Avoid Network Latency Avoid Queuing

Content Server Caching Network Client Web Server Browser Avoid Network Latency Avoid Queuing Delays at Server Cache Content Locally at client Updates? Cache Content at proxies Proxy Server Client Proxy Server Content Server Proxy

781 views • 14 slides
Distributed Processing Distributed Processing, Client/Server, and Clusters , Chapter 13

Distributed Processing Distributed Processing, Client/Server, and Clusters , Chapter 13

Distributed Processing Distributed Processing, Client/Server, and Clusters , Chapter 13 Chapter 13 1 Client/Server Computing Client/Server Computing Client machines are generally single-user PCs Cli t hi ll i l PC or

824 views • 55 slides
Booting PROM (BIOS) perform basic self-test (POST) Lecture 13 and access parameters from

Booting PROM (BIOS) perform basic self-test (POST) Lecture 13 and access parameters from

Booting PROM (BIOS) perform basic self-test (POST) Lecture 13 and access parameters from nvram OS Loader locate and run kernel on disk Located in the MBR (first sector of boot device) May call secondary loader on some

468 views • 11 slides
IOOS Glider DAC John Kerfoot, Rutgers Ben LaCour, NOAA Ben Adams, RPS Bob Fratantonio, RPS

IOOS Glider DAC John Kerfoot, Rutgers Ben LaCour, NOAA Ben Adams, RPS Bob Fratantonio, RPS

IOOS Glider DAC John Kerfoot, Rutgers Ben LaCour, NOAA Ben Adams, RPS Bob Fratantonio, RPS Outline Outline Glider DAC overview Recent Milestones Upcoming Milestones 2 Glider DAC Goals Develop a self-describing NetCDF file

282 views • 16 slides
Bringing New Ideas to Lens Manufacturers John Vanover & Ken Payne DAC Exhibiting.. ALM

Bringing New Ideas to Lens Manufacturers John Vanover & Ken Payne DAC Exhibiting.. ALM

Bringing New Ideas to Lens Manufacturers John Vanover & Ken Payne DAC Exhibiting.. ALM 3.0 Defined by the User, for the User. CL and IOL manufacturing. DAC Precision Blocking. CL and IOL. HMG & XLS - accurate and

578 views • 26 slides
ALDINO ARYYOGA 4105 100 047 SUPERVISOR: WING HENDROPRASETYO, ST, Me. Surabaya, January 13 th

ALDINO ARYYOGA 4105 100 047 SUPERVISOR: WING HENDROPRASETYO, ST, Me. Surabaya, January 13 th

PRESENTED BY: ALDINO ARYYOGA 4105 100 047 SUPERVISOR: WING HENDROPRASETYO, ST, Me. Surabaya, January 13 th 2010 BACKGROUND SHIP BUILDING PROCESS ALWAYS NEED WELDING PROCESS WELD PRODUCT MUST BE INSPECTED ULTRASONIC TEST IS A KIND

247 views • 24 slides
Remote File System Suite Softwarepraktikum f ur Fortgeschrittene Michael Kuhn Parallele und

Remote File System Suite Softwarepraktikum f ur Fortgeschrittene Michael Kuhn Parallele und

Introduction Evaluation Conclusion rfsd librfs grfs Remote File System Suite Softwarepraktikum f ur Fortgeschrittene Michael Kuhn Parallele und Verteilte Systeme Institut f ur Informatik Ruprecht-Karls-Universit at Heidelberg

519 views • 22 slides
Monitoring Systems and POWER5/6 LPARs with Ganglia Michael Perzl michael@perzl.org Agenda

Monitoring Systems and POWER5/6 LPARs with Ganglia Michael Perzl michael@perzl.org Agenda

Monitoring Systems and POWER5/6 LPARs with Ganglia Michael Perzl michael@perzl.org Agenda Ganglia what is it ? Ganglia components and data flow An introduction to RRDTool Ganglia metrics what can be measured ? New

1.19k views • 93 slides
Alternative Approaches to Secure Multicast Yair Amir, Baruch Awerbuch, Theo Schlossnagle,

Alternative Approaches to Secure Multicast Yair Amir, Baruch Awerbuch, Theo Schlossnagle,

Alternative Approaches to Secure Multicast Yair Amir, Baruch Awerbuch, Theo Schlossnagle, Jonathan Stanton The Center for Networking and Distributed Systems Johns Hopkins University http://www.cnds.jhu.edu Johns Hopkins LUCITE 1/99 Meeting

287 views • 12 slides
STWs Connectivity Solution for Mobile Equipment: The Vehicle Data System (VDS) and VDS-Remote

STWs Connectivity Solution for Mobile Equipment: The Vehicle Data System (VDS) and VDS-Remote

STWs Connectivity Solution for Mobile Equipment: The Vehicle Data System (VDS) and VDS-Remote (VDS-R) 31 July 2009, STW, Norcross, Bob Geiger The Evolving World of Off-Highway Data and Connectivity Data mining is becoming more critical each

450 views • 28 slides

More recommend