the websocket protocol
play

The WebSocket Protocol IETF 80 HyBi WG Takeshi Yoshino tyoshino at - PowerPoint PPT Presentation

Feb 04, 2024 •50 likes •450 views

The WebSocket Protocol IETF 80 HyBi WG Takeshi Yoshino tyoshino at google dot com Background Evolution of web apps Dynamic and real-time application Webmail, Chat, word processing, etc. HTTP is not designed for web apps Large

  1. The WebSocket Protocol IETF 80 HyBi WG Takeshi Yoshino tyoshino at google dot com

  2. Background • Evolution of web apps – Dynamic and real-time application – Webmail, Chat, word processing, etc. • HTTP is not designed for web apps – Large overhead – Hanging-GET is necessary for real-time server push

  3. WebSocket is (1) • New protocol over TCP – Opening handshake • HTTP-esque request and response – Newly defined WebSocket frame • New API for JavaScript var ws = new WebSocket("ws://example.com/foobar"); ws.onmessage = function(evt) { /* some code */ } ws.send("Hello World"); …

  4. WebSocket is (2) • Intended to replace hanging-GET based bidirectional channel – Two XMLHttpRequest  One WebSocket • Full duplex • Smaller overhead • Fewer TCP connection • Simpler API

  5. Other Requirements • Coexist with HTTP on the same port – Use 80/443 which are rarely blocked • Work with HTTP infrastructure – Proxy and firewall • Allow cross origin connection – http://example.com/foo.js establish WebSocket to ws://example.org/chat • Fit JavaScript programming model

  6. Security Concern • Cross protocol attack – Abuse of WebSocket on browser • By malicious JavaScript • To attack HTTP server, cache, … – Abuse of XMLHttpRequest • To attack WebSocket server • Port scanning

  7. Protocol Overview • User-agent establishes TCP – Order, reliable transmission, congestion control are guaranteed by TCP • Opening handshake • Exchange WebSocket frames • Closing handshake

  8. Opening Handshake (1) Example • Client GET /chat HTTP/1.1 Host: server.example.com sends Upgrade: websocket Connection: Upgrade Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== Sec-WebSocket-Origin: http://example.com • Server HTTP/1.1 101 Switching Protocols Upgrade: websocket replies Connection: Upgrade Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo= with

  9. Opening Handshake (2) • HTTP compliant request/response format – Can go through intermediaries for HTTP – Code for HTTP can be diverted • “GET /chat HTTP/1.1 ” – Requested resource is “/chat” • “Host: server.example.com” – Enables name virtual hosting • “Upgrade” and “Connection” header – Tells the server to switch to WebSocket protocol

  10. Opening Handshake (3) Peer Validation • Check if the peer is WebSocket ready – Only ones understand WebSocket can generate valid Sec-WebSocket-Accept • Challenge from client : Sec-WebSocket-Key – BASE64(Random 16 octets) • Response from server : Sec-WebSocket-Accept – BASE64(SHA-1(concat <Key> and <GUID>)) – SHA-1 is common, verifiable – GUID is uniquely defined for WebSocket – “258EAFA5 -E914-47DA-95CA-C5AB0DC85B11 ”

  11. Opening Handshake (4) • Sec-WebSocket-Origin – Optional for non-browser clients – Server MAY check • Sec-* prefix – Prevents cross protocol attack with XHR • Cookie/Set-Cookie as well as HTTP • Sec-WebSocket-Extensions and Sec-WebSocket-Protocol – Discuss later

  12. Framing (1) Requirements • Support binary payload • Single framing for simplicity – HyBi 00 used 0x00 <UTF-8> 0xFF for text frame  Use payload length field for all type • Some fields for frame type, extensibility

  13. Framing (2) Frame Diagram 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-------+-+-------------+-------------------------------+ |F|R|R|R| opcode|R| Payload len | Extended payload length | |I|S|S|S| (4) |S| (7) | (16/63) | |N|V|V|V| |V| | (if payload len==126/127) | | |1|2|3| |4| | | +-+-+-+-+-------+-+-------------+ - - - - - - - - - - - - - - - + | Extended payload length continued, if payload len == 127 | + - - - - - - - - - - - - - - - +-------------------------------+ | | Extension data | +-------------------------------+ - - - - - - - - - - - - - - - + : : +---------------------------------------------------------------+ : Application data : +---------------------------------------------------------------+

  14. Framing (3) Requirements for Length Field • Small overhead for small payload – Consider power sensitive mobile device – Short size like 8 bit is preferred • Less fragmentation for large data – Big range like 64 bit is preferred

  15. Framing (4) 7/16/63 Encoding • At least 7-bit payload length field • 2 nd octet of header = RSV4(1), payload_len(7) • Extended payload length field may follow • 0 <= payload_len <= 125 – 7 bit • 126 <= payload_len <= 2^16-1 – 7 bit + 16 bit extended header • 2^16 <= payload_len <= 2^63-1 – 7 bit + 64 bit extended header

  16. Framing (5) 7/16/63 Encoding • 63 bit value + 1 bit padding = 64 bit occupation • Limit is set to 2^63-1 since some platform doesn’t support unsigned 64 -bit integer • Example – 5  0x5 – 256  0x7E 0x0100 – 65536  0x7F 0x0000000000010000

  17. Framing (6) Opcodes • 0x0 Continuation frame • 0x1 Connection close • 0x2 Ping • 0x3 Pong • 0x4 Text frame • 0x5 Binary frame • 0x7-0xF Reserved

  18. Framing (7) Room for Extension • 4 reserved bits in header – RSV1, RSV2, RSV3, RSV4 • 9 undefined opcodes 0x7-0xf • Extension data field

  19. Framing – Open Issue • Single opcode for control frames or Multiple opcodes for each control frames – Single control opcode 1 leading octet of payload is control type • Easy to tell intermediaries the frame cannot be fragmented – Define the range of control opcodes – Multiple opcodes for each control type • How to specify extension field length

  20. Ping and Pong • Built-in ping – For keep alive, health check, … • Alice send ping control • Bob MUST reply with pong control with the same payload as received ping

  21. Frame Masking (1) Background • Security concern raised by Adam Barth Malicious Attacker script Victim controlled HTTP host Victim cache browser <WebSocket opening handshake string> …some bytes… GET /foobar.js HTTP/1.1 Host: example.com … Malicious data …

  22. Frame Masking (2) Background • Intermediaries designed for HTTP may be poisoned • Mask client-to-server frame – Prevent attacker controlled byte sequence from going over wire

  23. Frame Masking (3) Current Masking Method • For each frame – Get 4 octets from cryptographically secure random number generator – masked_data[i] = clear_text[i] XOR mask[i % 4] – send mask and masked_data to server Clear text XOR Mask Mask Ma Mask Masked data Masked data

  24. Frame Masking – Open Issue • Mask frame or mask payload – In-frame masking is less secure? – Making whole frame is bad for intermediaries? • Mask only client-to-server or both direction – Debugging is easier if symmetric • Mask extension field or not

  25. Fragmentation (1) • Enable sending part of message separately – Useful for dynamically generated contents – Flush partial data to vacate buffer • Similar concept as HTTP chunked encoding • Planned to be used for multiplexing • Message : complete unit of data on app level • Frame : network layer unit

  26. Fragmentation (2) • Use FIN bit and “Continuation” opcode • Example – For message "abcdefg..." – Frame1 • !FIN, opcode=<original opcode>, payload=abc... – Frame2 • !FIN, opcode=CONTINUATION, payload=ijk... – Frame3 • FIN, opcode=CONTINUATION, payload=stu...

  27. Extension (1) • Negotiate on opening handshake • Modify payload or even whole frame • Attach some information – as RSV1-4, new opcode or per-frame extension data field

  28. Extension (2) Negotiation Example Sec-WebSocket-Extensions: deflate-stream Sec-WebSocket-Extensions: mux; max-channels=4; flow-control, deflate-stream Sec-WebSocket-Extensions: x-private-extension • Applied in order the extensions are listed • Server accepts part of requested extensions

  29. Extension – Open Issue • How to assign reserved bits and opcodes • How multiple extensions interact • Intermediaries are allowed to join/split fragmented frames with extension? How? • Extension may consume unused opcodes?

  30. Subprotocol • Client may request subprotocol by Sec-WebSocket-Protocol header • Server choose one from requested subprotocols and echo back it to accept

  31. Closing Handshake (1) Background • WebSocket is full-duplex – Peer may send a frame anytime • RST hazard – A peer may close socket without reading out all received data from TCP stack – Cause sending RST – Peer may miss some data due to RST • shutdown(SHUT_WR) is not available everywhere • Implement safe-close on WebSocket layer

  32. Closing Handshake (2) • Alice sends close frame to Bob Last data • Bob sends close frame to Alice Close control • Bob closes socket • Alice closes socket Close control TCP FIN • A peer can close TCP once TCP FIN both received and sent close Alice Bob

  33. Closing Handshake (3) • What this assures for Alice – Alice received all data sent from Bob • wasClean parameter of onclose handler – It's safe for Alice to close TCP connection • No more data coming from Bob  No RST hazard • What this DOES NOT assure for Alice – Bob received all data sent from Alice • This requires 3-way close handshake

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Kaazing Gateway: An Open Source HTML 5 Websocket Server HTML 5 Websocket Server Speaker

Kaazing Gateway: An Open Source HTML 5 Websocket Server HTML 5 Websocket Server Speaker

Kaazing Gateway: An Open Source HTML 5 Websocket Server HTML 5 Websocket Server Speaker Jonas Jacobi Co-Founder: Kaazing Co-Author: Pro JSF and Ajax, Apress Agenda Real-Time Web? Why Do I Care? Scalability and

751 views • 38 slides
Web Sockets WebSockets Last time we say how to establish a WebSocket connection Today,

Web Sockets WebSockets Last time we say how to establish a WebSocket connection Today,

Web Sockets WebSockets Last time we say how to establish a WebSocket connection Today, we'll parse and send messages over the socket WebSocket Frame https://tools.ietf.org/html/rfc6455#section-5.2 Protocols Sidenote Many of the

469 views • 27 slides
Whats wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs Mikhail Egorov /

Whats wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs Mikhail Egorov /

Whats wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs Mikhail Egorov / @0ang3el #DeepSec2019 # whoami Security researcher / full-time bug hunter https://bugcrowd.com/0ang3el https://hackerone.com/0ang3el

989 views • 67 slides
WebSocket Server Implementation Chao-Wei Peng HTTP Request Model Service Http Client Http

WebSocket Server Implementation Chao-Wei Peng HTTP Request Model Service Http Client Http

WebSocket Server Implementation Chao-Wei Peng HTTP Request Model Service Http Client Http Server Thread Waiting Http Request Run Service Http Response HTTP Weakness Server sends response only if someone requests it. WebSocket Protocol

274 views • 11 slides
WebSocket Slide title APITALS 50 pt e subtitle 32 pt Salvatore.Loreto@ericsson.com November

WebSocket Slide title APITALS 50 pt e subtitle 32 pt Salvatore.Loreto@ericsson.com November

WebSocket Slide title APITALS 50 pt e subtitle 32 pt Salvatore.Loreto@ericsson.com November 3rd, 2009 WebSocket Defines full-duplex communications using a single TCP connection (compared to Comet technologies) It is a mechanism for

571 views • 13 slides
Web Technologies in Java EE JAX-RS 2.0, JSON-P, WebSocket, JSF 2.2 $ whoami Luk Fry

Web Technologies in Java EE JAX-RS 2.0, JSON-P, WebSocket, JSF 2.2 $ whoami Luk Fry

Web Technologies in Java EE JAX-RS 2.0, JSON-P, WebSocket, JSF 2.2 $ whoami Luk Fry Software Engineer, JBoss, Red Hat AeroGear, (Arquillian, RichFaces) Interests HTML5, Web Components, AngularJS Living and

1.17k views • 83 slides
What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i -Key-Protocol, i = 1, 2, 3, Family of protocols Secure electronic payment Based on credit card payments Christopher Hsu Can be extended

407 views • 4 slides
The realtime web: HTTP/1.1 to WebSocket, SPDY and beyond Guillermo Rauch @ QCon . November 2012.

The realtime web: HTTP/1.1 to WebSocket, SPDY and beyond Guillermo Rauch @ QCon . November 2012.

The realtime web: HTTP/1.1 to WebSocket, SPDY and beyond Guillermo Rauch @ QCon . November 2012. Guillermo . CTO and co-founder at LearnBoost . Creator of socket.io and engine.io . @ rauchg on twitter http:// devthought.com Author of Wileys

1.41k views • 105 slides
HTML 5 WebSocket delivers the Real-time Web QCon, San Francisco November 18, 2009 1

HTML 5 WebSocket delivers the Real-time Web QCon, San Francisco November 18, 2009 1

HTML 5 WebSocket delivers the Real-time Web QCon, San Francisco November 18, 2009 1 Introduction John Fallows CTO @ Kaazing Author @ Pro JSF &amp; Ajax Contributor @ W3C HTML 5 Contributor @ IETF Bidirectional Hypertext

293 views • 27 slides
Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack 2 TCP Protocol Transmission Control Protocol (TCP) is a core protocol

598 views • 47 slides
Webbit Evented, single-threaded WebSocket server http://webbitserver.org/ @aslak_hellesoy

Webbit Evented, single-threaded WebSocket server http://webbitserver.org/ @aslak_hellesoy

Webbit Evented, single-threaded WebSocket server http://webbitserver.org/ @aslak_hellesoy Webbit Overview Single threaded Non-blocking High throughput 1000+ connections No Servlet API No XML 1 Dependency: Netty

827 views • 23 slides
Pub/sub server for the modern web. Flexible, scalable, easy to use. https://nchan.slact.net What

Pub/sub server for the modern web. Flexible, scalable, easy to use. https://nchan.slact.net What

Pub/sub server for the modern web. Flexible, scalable, easy to use. https://nchan.slact.net What is it? HTTP POST Application Websocket Websocket client EventSource client Long-Poll client Buffering Pub/Sub server for web clients

708 views • 49 slides
Large-scale system of persistently connected devices using WebSocket 7/22/2013 NTT Advanced

Large-scale system of persistently connected devices using WebSocket 7/22/2013 NTT Advanced

Large-scale system of persistently connected devices using WebSocket 7/22/2013 NTT Advanced Technology Corp. Yoshiaki Kozaki System overview Service Service Service provider provider provider Backend (Database, Authentication,

429 views • 7 slides
Forest Protocol Forest Protocol Protocol Update Effort Protocol Update Effort Goals and

Forest Protocol Forest Protocol Protocol Update Effort Protocol Update Effort Goals and

Forest Protocol Forest Protocol Protocol Update Effort Protocol Update Effort Goals and Objectives Goals and Objectives CAR adopted the Forest Protocols in 2005 CAR Board directed staff in 2007 to: Initiate a stakeholder process

532 views • 25 slides
Virgo by Example Florian Waibel, Markus Knauer Survey Who has used Virgo ? RFC 6455 The

Virgo by Example Florian Waibel, Markus Knauer Survey Who has used Virgo ? RFC 6455 The

Virgo by Example Florian Waibel, Markus Knauer Survey Who has used Virgo ? RFC 6455 The WebSocket Protocol WebSockets ? Docker ? Gradle ? git ? Who we are Florian Markus Roadmap 1. Setup Workspace - Intro to

1.11k views • 84 slides
TCP/IP CIS 218/238 Internet Protocol (IP) The Internet Protocol (IP) is responsible for

TCP/IP CIS 218/238 Internet Protocol (IP) The Internet Protocol (IP) is responsible for

TCP/IP CIS 218/238 Internet Protocol (IP) The Internet Protocol (IP) is responsible for ensuring that data is transferred between two Intenret hosts based on a 32 bit address. To be ROUTABLE, a protocol must specify a NETWORK ADDRESS

899 views • 22 slides
SIGN CODE UPDATE | DOWNTOWN SIGN DISTRICT SPRINGFIELD CITY COUNCIL WORK SESSION April 22, 2019

SIGN CODE UPDATE | DOWNTOWN SIGN DISTRICT SPRINGFIELD CITY COUNCIL WORK SESSION April 22, 2019

SIGN CODE UPDATE | DOWNTOWN SIGN DISTRICT SPRINGFIELD CITY COUNCIL WORK SESSION April 22, 2019 WHAT WILL WE COVER ? Progress Since Most Recent Work Session (March 25, 2019 ) Input Needed (Requested Action Items) Action Items C through

300 views • 26 slides
Open Reading for Free Choice Permission A Perspective from Substructural Logics Colloquium

Open Reading for Free Choice Permission A Perspective from Substructural Logics Colloquium

Huimin Dong Norbert Gratzl Open Reading for Free Choice Permission A Perspective from Substructural Logics Colloquium Logicum 2016, Universitt Hamburg September 12th 2016, Hamburg Outlines Motivations Open Reading Substructural Logics An

399 views • 38 slides
CSI5180. MachineLearningfor BioinformaticsApplications Hidden Markov Models by Marcel Turcotte

CSI5180. MachineLearningfor BioinformaticsApplications Hidden Markov Models by Marcel Turcotte

CSI5180. MachineLearningfor BioinformaticsApplications Hidden Markov Models by Marcel Turcotte Version November 6, 2019 Preamble Preamble 2/82 Preamble Hidden Markov Models In this lecture, we focus on learning algorithms suited for

1.71k views • 152 slides
Reading and writing data Dr. Nomie Becker Dr. Sonja Grath Special thanks to : Prof. Dr. Martin

Reading and writing data Dr. Nomie Becker Dr. Sonja Grath Special thanks to : Prof. Dr. Martin

An introduction to WS 2017/2018 Reading and writing data Dr. Nomie Becker Dr. Sonja Grath Special thanks to : Prof. Dr. Martin Hutzenthaler and Dr. Benedikt Holtmann for significant contributions to course development, lecture notes and

338 views • 18 slides
scheduling 1 1 exercise ssize_t count = read(pipe_fds[0], buffer, 10); F. A, B, and C E. A and

scheduling 1 1 exercise ssize_t count = read(pipe_fds[0], buffer, 10); F. A, B, and C E. A and

scheduling 1 1 exercise ssize_t count = read(pipe_fds[0], buffer, 10); F. A, B, and C E. A and C D. A and B C. (nothing) B. 0 A. 0123456789 Which of these are possible outputs (if pipe, read, write, fork dont fail) ? }

962 views • 93 slides
Data Analysis Kelly Rivers and Stephanie Rosenthal 15-110 Fall 2019 Data Science vs Data Analyt

Data Analysis Kelly Rivers and Stephanie Rosenthal 15-110 Fall 2019 Data Science vs Data Analyt

Data Analysis Kelly Rivers and Stephanie Rosenthal 15-110 Fall 2019 Data Science vs Data Analyt ytics Data sc scien ience is the application of computatio ional and statis istic ical techniques to address or gain insight into some problem

993 views • 43 slides
Compiler Construction Compiler Construction 1 / 54 Mayer Goldberg \ Ben-Gurion University Tuesday

Compiler Construction Compiler Construction 1 / 54 Mayer Goldberg \ Ben-Gurion University Tuesday

Compiler Construction Compiler Construction 1 / 54 Mayer Goldberg \ Ben-Gurion University Tuesday 10 th December, 2019 Mayer Goldberg \ Ben-Gurion University Chapter 5 Agenda tail-call-optimization Compiler Construction 2 / 54 Intuition

670 views • 54 slides
Mol2Net-04 Characterization and overexpression of a glucanase from a newly isolated B. subtilis

Mol2Net-04 Characterization and overexpression of a glucanase from a newly isolated B. subtilis

Mol2Net-04 , 2018 , BIOCHEMPHYS-01 (pages 1- x, type of paper, doi: xxx-xxxx http://sciforum.net/conference/mol2net-4 SciForum Mol2Net-04 Characterization and overexpression of a glucanase from a newly isolated B. subtilis strain Houda HMANI 1,*

203 views • 4 slides

More recommend