The Design and Implementation of a SSL Proxy For Content Switch Thesis Proposal by Ganesh Kumar Godavari Department of Computer Science Univ. of Colorado.

Slides:



Advertisements
Similar presentations
Welcome to Middleware Joseph Amrithraj
Advertisements

Hypertext Transfer PROTOCOL ----HTTP Sen Wang CSE5232 Network Programming.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Network Services Networking for Home and Small Businesses – Chapter 6.
9/26/2001Godavari Thesis Proposal SSL Proxy1 The Design and Implementation of a SSL Proxy for Content Switch Thesis Proposal by Ganesh Kumar Godavari Department.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Outline  Introduction to Application Layer  Peer-to-peer paradigm  Client-server paradigm  Domain Name System (DNS)  Flat-naming vs hierarchical-naming.
Design of Web Interface for Advanced Content Switch Thesis proposal by Jayant Patil Department of Computer Science Univ. of Colorado at Colorado Springs.
The Application Layer Chapter 7. Electronic Mail Architecture and Services The User Agent Message Formats Message Transfer Final Delivery.
ClientHello ServerHello Certificate Establish protocol version, session- id, cipher suite, compression method. Certificate Request ServerHelloDone Certificate.
Computer Network Architecture and Programming
Network Analyzer Example
NPCSlli 1 DESIGN AND IMPLEMENTATION OF CONTENT SWITCH ON IXP1200EB Presenter: Longhua Li Committee Members: Dr. C. Edward Chow Dr. Jugal K. Kalita Dr.
1 of 3 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Master Thesis Proposal By Nirmala Bulusu Advisor – Dr. Edward Chow Implementation of Protected Extensible Protocol (PEAP) – An IEEE 802.1x wireless LAN.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
Chapter 22 Web Hosting and Internet Servers Xuanxuan Su.
1 Introduction to Web Development. Web Basics The Web consists of computers on the Internet connected to each other in a specific way Used in all levels.
IT 210 The Internet & World Wide Web introduction.
Barracuda Load Balancer Server Availability and Scalability.
Web Servers Web server software is a product that works with the operating system The server computer can run more than one software product such as .
1 Integration Points: Gateways, Tunnels, and Relays Herng-Yow Chen.
Human-Computer Interface Course 5. ISPs and Internet connection.
Internet-Based Client Access
CP476 Internet Computing Lecture 5 : HTTP, WWW and URL 1 Lecture 5. WWW, HTTP and URL Objective: to review the concepts of WWW to understand how HTTP works.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
Tools for Web Applications. Overview of TCP/IP Link Layer Network Layer Transport Layer Application Layer.
Behzad Akbari Spring 2012 (These slides are based on lecture slides by Lawrie Brown)
TCP/IP Protocols Dr. Sharon Hall Perkins Applications World Wide Web(HTTP) Presented by.
1 Apache. 2 Module - Apache ♦ Overview This module focuses on configuring and customizing Apache web server. Apache is a commonly used Hypertext Transfer.
Component 9 – Networking and Health Information Exchange Unit 1-1 ISO Open Systems Interconnection (OSI) This material was developed by Duke University,
Chapter 4 Networking and the Internet. © 2005 Pearson Addison-Wesley. All rights reserved 4-2 Chapter 4: Networking and the Internet 4.1 Network Fundamentals.
Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),
1 Apache and Virtual Sites and SSL Dorcas Muthoni.
OWL Jan How Websites Work. “The Internet” vs. “The Web”?
Network Security Essentials Chapter 5
Network Security: Lab#3 Transport-Level Security Tools J. H. Wang May 12, 2011.
The Inter-network is a big network of networks.. The five-layer networking model for the internet.
Remote Access Using Citrix Presentation Server December 6, 2006 Matthew Granger IT665.
1 Welcome to CSC 301 Web Programming Charles Frank.
Web Client-Server Server Client Hypertext link TCP port 80.
CITA 310 Section 2 HTTP (Selected Topics from Textbook Chapter 6)
Web Technologies Lecture 1 The Internet and HTTP.
Cryptography and Network Security Chapter 16 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Network and Internet Security Prepared by Dr. Lamiaa Elshenawy
COMP2322 Lab 1 Introduction to Wireshark Weichao Li Jan. 22, 2016.
TOOLS FOR PROXYING. Tools for Proxying Many available applications provide proxy capabilities. The major commercial vendors have embraced hybrid technologies.
JavaScript and Ajax (Internet Background) Week 1 Web site:
Chapter 6.  Internet and characteristics of Internet.  Various Internet protocols  Static IP addressing and Dynamic IP addressing Prepared by Saher.
Draft-carpenter-v6ops-label-balance-02 Brian Carpenter Sheng Jiang (Speaker) Willy Tarreau March 2012 IPv6 Flow Label for Server Load Balancing - update.
1 Chapter 22 World Wide Web (HTTP) Chapter 22 World Wide Web (HTTP) Mi-Jung Choi Dept. of Computer Science and Engineering
Cryptography CSS 329 Lecture 13:SSL.
1 © 1999, Cisco Systems, Inc. 1293_07F9_c1 LocalDirector Version3.1.
WWW and HTTP King Fahd University of Petroleum & Minerals
Affinity Depending on the application and client requirements of your Network Load Balancing cluster, you can be required to select an Affinity setting.
JavaScript and Ajax (Internet Background)
CNIT 131 Internet Basics & Beginning HTML
Real Life Networking Examples
Server Concepts Dr. Charles W. Kann.
Client-Server Interaction
The Design and Implementation of a Secure Content Switch
TASK 4 Guideline.
TCP/IP Protocol Suite: Review
2019/1/1 High Performance Intrusion Detection Using HTTP-Based Payload Aggregation 2017 IEEE 42nd Conference on Local Computer Networks (LCN) Author: Felix.
Lecture 3: Secure Network Architecture
HTTP Hypertext Transfer Protocol
Web Servers (IIS and Apache)
Q/ Compare between HTTP & HTTPS? HTTP HTTPS
Presentation transcript:

The Design and Implementation of a SSL Proxy For Content Switch Thesis Proposal by Ganesh Kumar Godavari Department of Computer Science Univ. of Colorado at Colorado Springs

What is a SSLProxy

Where Does SSL come in Layer MODEL

IXP1EB Setup in Lab

Goal of my Thesis Goal Design Efficient SSL Proxy that can –Handle Multiple SSL Requests –Handle session reusability –Handle Keep-Alive sessions Implementation –HTTPS is very slow compared to HTTP, so designing and implementing an efficient proxy will be challenging. The proxy will be making routing decisions based on IP address, TCP port number, URL, HTTP Meta header, and value of XML tags Deliverables –Design documentation for the SSL Proxy. –Source code for implementing the SSL Proxy on Linux and IXP 12EB –Testing documentation

Thesis Plan Work done Till-Date –Designing a concurrent SSL Proxy (dynamic forking) in Linux that can handle multiple SSL Requests –Study and analyze how session reusability can be achieved Next 2 week –Study and analyze how Keep-Alive sessions can be maintained –Study and analyze how to achieve preforking. –Compare the performance of preforking and dynamic forking versions Next 2 weeks –Port OpenSSL to VxWorks –Compare networking support between Linux and VxWorks Next 3 weeks –Port the SSL Proxy to IXP network Processor and compare performance with Linux based SSL Proxy –Compare the performance of SSL Proxy on Linux and IXP-12EB

Questions/Comments ??

References [1] OpenSSL: The Open Source toolkit for SSL/TLS ( [2] SSL and TLS, by Eric Rescorla [3] SSL and TLS Essentials, by Stephen Thomas [4] mod_ssl: The Apache Interface to OpenSSL ( [5] HTTP Over TLS ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-https-02.txt The specification on how to run HTTP over SSL/TLS [6] Tunneling TCP based protocols through Web proxy servers The specification for the HTTP CONNECT method [7] Analysis of SSL 3.0 Protocol D. Wagner and B. Schneier's USENIX analysis of SSLv3 [8] HyperText Transfer Protocol (HTTP), Version 1.1 (Internet Draft) The application layer protocol Apache+mod_ssl uses over SSL/TLS [9] HyperText Transfer Protocol (HTTP), Version 1.0 (RFC 1945) The application layer protocol Apache + mod_ssl uses over SSL/TLS

References contd. [10] Intel® IXA (Internet Exchange Architecture), [11] WindRiver Tornado Development Tools, [12] Tornado User’s Guide (Windows Version) 2.0 [13] WindRiver VxWorks, Intel®, IXP-1200, IXP-12EB is the registered Trademarks of Intel Corporation Tornado, VxWorks is the registered Trademarks of Wind River Systems, Inc Linux, Apache, Openssl protected under the GNU General Public License