1 NSIS Interim Meeting 2005, Munich GIMPS Implementation Bernd Schloer, Christian Dickmann, Andreas Westermaier Xiaoming Fu, Hannes Tschofenig, Elwyn Davies.

Slides:

Advertisements

Similar presentations

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

Advertisements

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

THE CASE FOR PREFETCHING AND PREVALIDATING TLS SERVER CERTIFICATES Emily Stark, Lin-Shung Huang, Dinesh Israni, Collin Jackson, Dan Boneh Presented by:

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

Securing Network Communication. 2 Security Issues in Communication Privacy  Anyone can see content Integrity  Someone might alter content Authentication.

March 2009IETF 74 - NSIS1 Implementation of Permission-Based Sending (PBS) NSLP: Network Traffic Authorization draft-hong-nsis-pbs-nslp-02 Se Gi Hong*,

Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.

Telematics group University of Göttingen, Germany Overhead and Performance Study of the General Internet Signaling Transport (GIST) Protocol Xiaoming.

1 IETF 64th meeting, Vancouver, Canada GIST over SCTP Xiaoming Fu Christian Dickmann Jon Crowcroft.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

1 IETF 64th meeting, Vancouver, Canada Design Options of NSIS Diagnostics NSLP Xiaoming Fu Ingo Juchem Christian Dickmann Hannes Tschofenig.

Mobility Support in NSIS 57th IETF Meeting, July 13-18, Vienna Xiaoming Fu Henning Schulzrinne Hannes Tschofenig.

NSIS Transport Layer draft-ietf-nsis-ntlp-00.txt Slides:

1 IETF 64th meeting, Vancouver, Canada Context Transfer Using GIST Xiaoming Fu John Loughney.

Design and Implementation of a Server Director Project for the LCCN Lab at the Technion.

IETF 62nd March 2005 GIMPS State machine draft-fu-nsis-ntlp-statemachine-01.txt Xiaoming Fu, Tseno Tsenov, Hannes Tschofenig, Cedric Aoun, Elwyn Davies.

Applicability Statement of NSIS Protocols in Mobile Environments (draft-ietf-nsis-applicability-mobility-signaling-03) Sung-Hyuck Lee, Seong-Ho Jeong,

NSIS based NetServ Signalling Protocol Design and Implementation Roberto Francescangeli Visiting PhD student.

Chapter 4.1 Interprocess Communication And Coordination By Shruti Poundarik.

Chapter 2  Overview of Network Management 1 Chapter 2 Overview  Why is network mgmt necessary?  Network managers job  Network management vocabulary.

Cs490ns-cotter1 SSH / SSL Supplementary material.

1 Chapter 27 Internetwork Routing (Static and automatic routing; route propagation; BGP, RIP, OSPF; multicast routing)

DEMIGUISE STORAGE An Anonymous File Storage System VIJAY KUMAR RAVI PRAGATHI SEGIREDDY COMP 512.

SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.

1 Chapter Client-Server Interaction. 2 Functionality  Transport layer and layers below  Basic communication  Reliability  Application layer.

A stateless Ping tool for simple tests of GIMPS implementations Christian Dickmann, Ingo Juchem, Sebastian Willert, Xiaoming Fu University of Göttingen.

High Performance Computing & Communication Research Laboratory 12/11/1997 [1] Hyok Kim Performance Analysis of TCP/IP Data.

Module 7: Fundamentals of Administering Windows Server 2008.

Introduction to Secure Sockets Layer (SSL) Protocol Based on:

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

GIMPS * – The NSIS Transport Layer draft-ietf-nsis-ntlp-06.txt Slides: Robert Hancock, Henning.

Web Security : Secure Socket Layer Secure Electronic Transaction.

XMPP Concrete Implementation Updates: 1. Why XMPP 2 »XMPP protocol provides capabilities that allows realization of the NHIN Direct. Simple – Built on.

0 NAT/Firewall NSLP IETF 61th November 2004 draft-ietf-nsis-nslp-natfw-04.txt Martin Stiemerling, Hannes Tschofenig, Cedric Aoun.

0 NAT/Firewall NSLP IETF 62th – March 2005 draft-ietf-nsis-nslp-natfw-05.txt Martin Stiemerling, Hannes Tschofenig, Cedric Aoun.

Telematics group University of Göttingen, Germany Overhead and Performance Study of the General Internet Signaling Transport (GIST) Protocol Xiaoming.

Lecture 11 Page 1 Advanced Network Security Cryptography and Networks: IPSec and SSL/TLS Advanced Network Security Peter Reiher August, 2014.

GIMPS * – The NSIS Transport Layer draft-ietf-nsis-ntlp-05.txt Slides: Robert Hancock, Henning.

1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.

Applicability Statement of NSIS Protocols in Mobile Environments (draft-ietf-nsis-applicability-mobility-signaling-01) Sung-Hyuck Lee, Seong-Ho Jeong,

Reconsidering Internet Mobility Alex C. Snoeren, Hari Balakrishnan, M. Frans Kaashoek MIT Laboratory for Computer Science.

Technical Presentation

Overview of DAQ at CERN experiments E.Radicioni, INFN MICE Daq and Controls Workshop.

Reliable Server Pooling Sockets API Presenter: Aron Silverton IETF 61 Washington, D.C

Basic Routing Principles V1.2. Objectives Understand the function of router Know the basic conception in routing Know the working principle of router.

1 SSH / SSL Supplementary material. 2 Secure Shell (SSH) One of the primary goals of the ARPANET was remote access Several different connections allowed.

Application Communities Phase II Technical Progress, Instrumentation, System Design, Plans March 10, 2009.

Web Security Web now widely used by business, government, individuals but Internet & Web are vulnerable have a variety of threats – integrity – confidentiality.

Cryptography and Network Security Chapter 16 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Encryption protocols Monil Adhikari. What is SSL / TLS? Transport Layer Security protocol, ver 1.0 De facto standard for Internet security “The primary.

NSIS Interoperability Meeting October 2006 University of Coimbra Portugal.

1 Software Reliability in Wireless Sensor Networks (WSN) -Xiong Junjie

NSIS/NTLP Interoperability Testing to in Paris, France Martin Stiemerling — NEC Network Labs Europe NSIS.

By Nitin Bahadur Gokul Nadathur Department of Computer Sciences University of Wisconsin-Madison Spring 2000.

Institute of Telematics Report from the 3rd NSIS Interop Test – May 9th-11th 2007 University of Karlsruhe, Germany Roland Bless.

Lemon security. Previous security enhancements user lemon: lemon-db-admin-OraMon will create user lemon (Miro). - OraMon switches to user lemon at its.

Extended QoS Authorization for the QoS NSLP Hannes Tschofenig, Joachim Kross.

IETF 55 Nov A Two-Level Architecture for Internet Signaling draft-braden-2level-signal-arch-01.txt Bob Braden, Bob Lindell USC Information.

KYUNG-HWA KIM HENNING SCHULZRINNE 12/09/2008 INTERNET REAL-TIME LAB, COLUMBIA UNIVERSITY DYSWIS.

January 2010 – GEO-ISC KickOff meeting Christian Gräf, AEI 10 m Prototype Team State-of-the-art digital control: Introducing LIGO CDS.

Cryptography CSS 329 Lecture 13:SSL.

Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.

Enhancements for Voltaire’s InfiniBand simulator

Encryption and Network Security

GIST State Machine <draft-ietf-nsis-ntlp-statemachine-02>

TLS Receive Side Crypto Offload to NIC

Originally by Yu Yang and Lilly Wang Modified by T. A. Yang

The Secure Sockets Layer (SSL) Protocol

Presentation transcript:

1 NSIS Interim Meeting 2005, Munich GIMPS Implementation Bernd Schloer, Christian Dickmann, Andreas Westermaier Xiaoming Fu, Hannes Tschofenig, Elwyn Davies May 2005

2 NSIS Interim Meeting 2005, Munich Project overview General implementation approach Important key elements Message-to-FSM distributor Finite state machine NTLP-to-NSLP API TLS over TCP as transport Diagnostics tool (Ping tool) Outline

3 NSIS Interim Meeting 2005, Munich Started in November 2004 Co-operation between Göttingen, Munich, and INT (France) Current developers: Core team: Bernd Schloer, Christian Dickmann (Göttingen), Andreas Westermaier (Munich) Contributors: Henning Peters, Ingo Juchem, Sebastian Willert, Nils Röttger (Göttingen), Alex Zrim, Tseno Tsenov (Munich), Julien Abeille, Youssef Abidi (France) Project overview

4 NSIS Interim Meeting 2005, Munich Current status Basic funcitons of GIMPS-05: implemented including basic API currently IPv4 only Ping test tool: supported Ethereal tool for monitoring GIMPS messages: developed A running testbed Basic TLS support

5 NSIS Interim Meeting 2005, Munich Design overview

6 NSIS Interim Meeting 2005, Munich Message-to-FSM Distributor

7 NSIS Interim Meeting 2005, Munich Check if associated NSLP application is supported by this Node – bypass if not Lookup the flow. Direction determines if senderFSM or receiverFSM is used Create flow and/or FSM if not existing already Validate message Trigger event of the FSM and pass the message Message-to-FSM Distributor

8 NSIS Interim Meeting 2005, Munich Design overview

9 NSIS Interim Meeting 2005, Munich draft-fu-nsis-ntlp-statemachine-02 serves as basis for our implementation Process message according to current running state Generate message in response Maybe pass message to higher layer Maintain message associations (MA) Setup message associations Manage reuse of message associations Maintain message routing state (MRS) Maintain timers Send and receive refreshing Messages State machine

10 NSIS Interim Meeting 2005, Munich API

11 NSIS Interim Meeting 2005, Munich Communication with NSLP layer Combination of unix sockets and shared memory Several NSLP application may connect simultaneously API calls may trigger FSM events FSM passes information and incoming message the NSLP application through the API API

12 NSIS Interim Meeting 2005, Munich TLS Support Used the OpenSSL library TLS handshake triggered by corresponding Stack Proposal in GIMPS-Query Client authentication currently optional No certificate revokation checks NSLP application has currently no possibility to choose desired cipher suite or if it requires client authentication No support to inform the NSLP application about possible connection failures

13 NSIS Interim Meeting 2005, Munich Lessons learned More accurate understanding of GIMPS specifications through work on implementation E.g., stack proposal, message state refresh How to implement it in software systems Implementing an efficient FSM We took a FSM framework used in the Linux kernel 2.6 Current Hashtable implementation is basic For real environment a more scalable solution might be necessary Ethereal dissector helps debugging message format

14 NSIS Interim Meeting 2005, Munich Open issues Stack-Proposal in Response message Switching from TCP to TLS How to choose the peer identity? Higher layer information specification Route change cases GIMPS Hop count WaitConfirm state for Query  FSM/spec issue State repository for upstreaming and downstreaming in middle node

15 NSIS Interim Meeting 2005, Munich Discussions Comments, suggestions welcome!