Hiroyasu Kimura, Yoshifumi Atarashi, and Hidemitsu Higuchi

Slides:



Advertisements
Similar presentations
1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
Advertisements

71 th IETF meeting Experience of implementing NETCONF over SOAP ( draft-iijima-netconf-soap-implementation-06) Tomoyuki Iijima, Yoshifumi Atarashi, Hiroyasu.
Java Server Pages (JSP)
Cryptography and Network Security
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.
THE CASE FOR PREFETCHING AND PREVALIDATING TLS SERVER CERTIFICATES Emily Stark, Lin-Shung Huang, Dinesh Israni, Collin Jackson, Dan Boneh Presented by:
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Objectives Ch. D - 1 At the end of this chapter students will: Know the general architecture and purpose of servlets Understand how to create a basic servlet.
18-Jun-15 JSP Java Server Pages Reference: Tutorial/Servlet-Tutorial-JSP.html.
Seguridad en Sistemas de Información Francisco Rodríguez Henríquez SSL/TLS: An Introduction.
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) Web Service Description KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.
Application Layer Protocol Negotiation
JSSE API University of Palestine Eng. Wisam Zaqoot April 2010.
Java Server Pages B.Ramamurthy. Topics for Discussion 8/20/20152 Inheritance and Polymorphism Develop an example for inheritance and polymorphism JSP.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
SSL and https for Secure Web Communication CSCI 5857: Encoding and Encryption.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Chapter 5 Java Servlets. Objectives Explain the nature of a servlet and its operation Use the appropriate servlet methods in a web application Code the.
EAP Bluetooth Extension Draft-kim-eap-bluetooth-00 Hahnsang Kim (INRIA), Hossam Afifi (INT), Masato Hayashi (Hitachi)
1 80 th IETF meeting NETCONF Notification over WebSocket Protocol ( draft-iijima-netconf-websocket-ps-00) Tomoyuki Iijima, (Hitachi) Yoshifumi Atarashi,
Servlet Lifecycle Lec 28. Servlet Life Cycle  Initialize  Service  Destroy Time.
© Hitachi, Ltd All rights reserved. NETCONF Configuration I/F Advertisement by WSDL and XSD Hideki Okita, Tomoyuki Iijima, Yoshifumi Atarashi, Ray.
All Rights Reserved Copyright © 2007,Hitachi.Ltd. VLAN data model for NETCONF ( draft-iijima-ngo-vlandatamodel-00) Thursday, March 22, 2007 Tomoyuki Iijima,
Proposed Transport Layer Security (TLS) Evidence Extensions Russ Housley IETF 67 – TLS WG Session.
ECE Prof. John A. Copeland fax Office: Klaus 3362.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
1 82 nd IETF meeting NETCONF over WebSocket ( ) Tomoyuki Iijima, (Hitachi) Hiroyasu Kimura,
PAWS: Security Considerations Yizhuang WU, Yang CUI PAWS WG
All Rights Reserved Copyright © 2005,Hitachi.Ltd. Experience of implementing NETCONF over SOAP ( draft-iijima-netconf-soap-implementation-01) Monday, November.
Public Key Encryption.
Slide title In CAPITALS 50 pt Slide subtitle 32 pt RTSP 2.0 TLS handling Magnus Westerlund draft-ietf-mmusic-rfc2326bis-12.
How to use DNS during the evolution of ICN? Zhiwei Yan.
Introduction to Server-Side Web Development Introduction to Server-Side Web Development Session II: Introduction to Server-Side Web Development with Servlets.
1 Java Servlets l Servlets : programs that run within the context of a server, analogous to applets that run within the context of a browser. l Used to.
CSI 3125, Preliminaries, page 1 SERVLET. CSI 3125, Preliminaries, page 2 SERVLET A servlet is a server-side software program, Responds oriented other.
1 Introduction to Servlets. Topics Web Applications and the Java Server. HTTP protocol. Servlets 2.
Front end (user interfaces) Facilitating the user‘s interaction with the SandS services and processes I. Mlakar, D. Ceric, A. Lipaj Valladolid, 17/12/2014.
1 The Cryptographic Token Key Initialization Protocol (CT-KIP) KEYPROV WG IETF-68 Prague March 2007 Andrea Doherty.
70 th IETF meeting Experience of implementing NETCONF over SOAP ( draft-iijima-netconf-soap-implementation-04) Tomoyuki Iijima, Yoshifumi Atarashi, Hiroyasu.
Cryptography and Network Security Chapter 16 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Emu wg, IETF 70 Steve Hanna, EAP-TTLS draft-funk-eap-ttls-v0-02.txt draft-hanna-eap-ttls-agility-00.txt emu wg, IETF 70 Steve Hanna,
IETF #84 - NETCONF WG session 1 NETCONF WG IETF 84, Vancouver, Canada MONDAY, July 30, Bert Wijnen Mehmet Ersue.
An Analysis of XMPP Security Team “Vision” Chris Nelson Ashwin Kulkarni Nitin Khatri Taulant Haka Yong Chen CMPE 209 Spring 2009.
All Rights Reserved Copyright © 2007,Hitachi.Ltd. Experience of implementing NETCONF over SOAP ( draft-iijima-netconf-soap-implementation-02) Monday, July.
TLS Renegotiation Vulnerability IETF-76 Joe Salowey Eric Rescorla
1 Chapter 7 WEB Security. 2 Outline Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction.
December 14, 2000Securely Available Credentails (SACRED) - Framework Draft 1 Securely Available Credentials (SACRED) Protocol Framework, Draft Specification.
TCS Internal Security. 2 TCS Internal Objective Objective :  Android Platform Security Architecture.
TEE: TLS Authentication Using EAP draft-nir-tls-eap-02.txt Yoav Nir Yaron Sheffer (presenter) Hannes Tschofenig Peter Gutmann IETF-70, Vancouver, Dec.
IETF #82 - NETCONF WG session 1 NETCONF WG IETF 82, Taipei, Taiwan TUESDAY, November 15, Afternoon Session III Bert Wijnen Mehmet Ersue.
IETF68 DIME WG Diameter Applications Design Guidelines Document (draft-fajardo-dime-app-design-guide-00.txt)
1 RFC 4247 Update Status draft-ietf-netconf-rfc4742bis-01.txt Margaret Wasserman IETF 78, Maastricht July 26, 2010.
Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
Handling Errors in Web Applications
Secure Sockets Layer (SSL)
draft-ietf-netconf-reverse-ssh
NETCONF Configuration I/F Advertisement by WSDL and XSD
File Transfer Protocol
67th IETF meeting netconf WG
Objectives In this lesson you will learn about: Need for servlets
RFC 5539 Update Status draft-badra-netconf-rfc5539bis-00
Unit 8 Network Security.
Presentation transcript:

Hiroyasu Kimura, Yoshifumi Atarashi, and Hidemitsu Higuchi 84th IETF meeting NETCONF over WebSocket (http://tools.ietf.org/html/draft-iijima-netconf-websocket-ps-03) Tomoyuki Iijima, (Hitachi) Hiroyasu Kimura, Yoshifumi Atarashi, and Hidemitsu Higuchi (Alaxala Networks) Hi, I’m Tomoyuki Iijima from Hitachi. I’m going to talk about the NETCONF over WebSocket.

Objective of this I-D To propose a way of sending NETCONF over WebSocket protocol. But, we do not intend to make this proposal as mandatory. First of all, this is the objective of this I-D. Objective of this I-D is to propose a way of sending NETCONF over WebSocket protocol. But, we do not intend to make this proposal as mandatory.

Changes since the last IETF meeting As per comments received at the last IETF meeting, we’ve made following changes. Changed description about NETCONF username. We propose extracting information about NETCONF username from TLS. WebSocket needs TLS for ensuring security. Thus, using information in TLS is necessary in order to ensure that NETCONF user is the very person who is authenticated by TLS (certificate). We think, for this purpose, complying with Mr. Badra’s I- D is the best approach since reinventing the wheel is not welcomed. After the previous meeting, we’ve made following changes. First, we’ve added description about NETCONF username authentication. Specifically, we’ve proposed the use of Cookie for NETCONF username at the time of WebSocket opening handshake. And, we’ve added description that this proposal is not limited to browser-based NMS. If implemented as application-based NMS, this I-D can be used to manage large NW.

NETCONF username from TLS I haven’t implemented all of the Mr. Badra’s algorithms yet . But I’ve confirmed that it’s possible for a NETCONF server supporting WebSocket to get TLS Certificate during TLS handshake by, for example, using HTTP server’s API, or seeing SSL_context through SSL_socket. NETCONF server example. public class NetconfWebSocketServlet extends WebSocketServlet{ @Override void doGet(HttpServletRequest req, HttpServletResponse res){ X509Certificate[ ] certificates = (X509Certificate[ ])req.getAttribute(“…X509Certificate”); // NETCONF server can see client’s TLS certificate sent during TLS handshake here. } public WebSocket doWebSocketConnect(HttpServletRequest req, String protocol){ // NETCONF server can see messages sent over WebSocket here. As I mentioned before, we propose the use of Cookie for NETCONF username. The advantage of Cookie is “ease of use.” To set Cookie field at NETCONF client, following API is used. And to get Cookie field at NETCONF server, there’re APIs provided by WebSocket server implementations. To realize this, “Cookie Name” of something like “netconf_username” should be defined. And “Cookie Value” should be set by NETCONF client as “foo,” for example. And, above data should be sent at the time of WebSocket opening handshake from NETCONF client. And above data should be used for NETCONF username authentication at NETCONF server.

NETCONF message NETCONF Client WS Client WS Server NETCONF Server Load html file TLS handshake NETCONF username GET (HTTP server) Start WebSocket (API) GET upgrade: WebSocket protocol: NETCONF HTTP/1.1 101 upgrade: WebSocket protocol: NETCONF WebSocket handshake <hello> The sequence of exchanging NETCONF messages becomes as follows. At the time of WebSocket handshake, name of subprotocol and NETCONF username have to be sent. When netconf username is authenticated, WebSocket connection is established. After WebSocket connection is established, NETCONF messages are exchanged. After NETCONF session is established by <hello> exchange and session ID allocation, NETCONF notifications are sent from NETCONF server. <hello> NETCONF messages on a single session <create-subscription> <notification>

Conclusions We proposed a way of sending NETCONF over WebSocket protocol. We proposed extracting NETCONF username from TLS, that is complying with Mr. Badra’s algorithms. Does WG have interests? If YES, should this I-D move forward as an Experimental I-D? In conclusion, we proposed a way of sending NETCONF over WebSocket protocol. And, we proposed a usage of Cookie for NETCONF username authentication. Does WG have interests? If YES, should this I-D move forward as an Experimental I-D? That’s it for our presentation.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.