1 / 18

Secure Group communication for First Responders [SGFR]

Secure Group communication for First Responders [SGFR]. By Ganesh Godavari. Outline of Talk. About SGFR Goals Software Used Work done till date Conclusion. SGFR. This project is sponsored by Network, Information and Space Security (NISSC) Duration 3 months [June 03 – Aug 31 ]

taya
Télécharger la présentation

Secure Group communication for First Responders [SGFR]

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Group communication for First Responders [SGFR] By Ganesh Godavari

  2. Outline of Talk • About SGFR • Goals • Software Used • Work done till date • Conclusion

  3. SGFR • This project is sponsored by Network, Information and Space Security (NISSC) • Duration 3 months [June 03 – Aug 31 ] • Principal instructor • Dr Edward Chow, Computer Science, UCCS • Dr Chip Benight, Psychology Dept., UCCS

  4. Goal • The goal is to design a framework for enhancing groupware packages such as instant messenger and video conferencing tools with security through • scalable group key management (Keystone from UT Austin), and • secure model (Bell La Padula)

  5. Software Used • Jabberd • Jabber is an open XML protocol for the real-time exchange of messages and presence between any two points on the Internet. • JabberX • A console-mode client for Jabber • Keystone • A Group Key Management system that establishes and maintains group keys for a group of clients

  6. Keystone keystone has the following components • "keyserver0" is a key server program with embedded registrar. • "keyserver" is a key server program without embedded registrar. • "registrar" is a registrar program. • "specwriter" is a specification writer program. • "libks.a" is a library for client control functions.

  7. Pictorial Overview of Keystone

  8. Jabberd Jabber server does the following: • accepts TCP socket connections from compatible clients and server-side components • manages XML streams to and from those clients and components • delivers the core Jabber data types (<message/>, <presence/>, and <iq/>) to authorized clients and components • maintains session information for connected clients (usually IM users) • if necessary, opens connections to and validates connections from other Jabber servers, then routes data to them • stores information on behalf of components and especially IM users, including each user's contact list and some client preferences • so jabber follows a client server model

  9. JabberX JabberX • console-mode Jabber client IM platform. • can send and receive messages, browse and use Jabber services, participate in Jabber groupchats • Written in ‘C’ language

  10. Screendump JabberServer

  11. Screendump Keystone

  12. [root@oblib Keystone1.0]# ./keyserver0 • Specification? spec.2 • *** Request port is 20002. • *** Registrar setup port is 30002. • access control none • pid 23976 in progress • pid 23976 exited • public key • 02010102 01010404 0b000000 02010102 • 01100440 bfe31158 a12c1d85 16ad6305 • 5d4bfb32 f1d3b6f2 7aa5ceb3 04367519 • ffdaacac e3ed7fdb 76d76051 e35563f4 • fd96efb0 fd8af351 e384f7f8 41fb6067 • 0915d657 • group g1 key (100000,2): 5def1274 eca51de5 5d30b65f 9cf37007 5def1274 eca51de5 • req rekey: [N(100002,1)] [N(100000,2)] (108) • join rekey • 0105006c 00000000 00000002 00000001 • 1351d29c 44625901 42e5f4b5 b9852684 • d5892548 061fdf6a 1885d461 a168d3e1 • c7da83ba 6eae79ec 5857d567 77906ade • f635e06c a3ba820a dbda1127 9004f194 • 388eb20e c6857b75 8a9fa8f8 1a168074 • 9240821e b3cf284b 3e1624f1 • JL_JL1: • rekey msg 0 (g1): • pid 24020 in progress • pid 24020 exited

  13. public key • 02010102 01010404 0b000000 02010102 • 01100440 bfe31158 a12c1d85 16ad6305 • 5d4bfb32 f1d3b6f2 7aa5ceb3 04367519 • ffdaacac e3ed7fdb 76d76051 e35563f4 • ffdaacac e3ed7fdb 76d76051 e35563f4 • fd96efb0 fd8af351 e384f7f8 41fb6067 • 0915d657 • req rekey: [N(100003,1)] [N(100000,3)] (108) • join rekey • 0105006c 00000000 00000003 00000001 • b316f5e9 9244c27f e7bfc2d5 c40f3ccd • 46ea5a55 58316b96 488ad2e3 c8d012a2 • 17b481c6 b2c72901 905b97ee 45986e56 • 0a7131ef c8dc57ac 92b575a6 94294a8f • b600cc55 5ca76321 728022af 4a07ad99 • e684e16a 7e9612b6 e3643ec2 • JL_JL1: • rekey msg 0 (g1): [j(100000,3)(100000,2)] • rekey msg 132 • 01040084 00000000 00000001 00000001 • 0402002c 000186a0 00000002 000186a0 • 00000003 1fbacec6 2146f863 6d1c2425 • 0569e904 755c0800 37c32ae8 07000048 • 00000000 d6f50b30 911f653b bdae8c07 • cf337be1 5bdcd195 d9fb4e2d 678fb7f4 • 82631594 329be29a bbb32e24 4e73c9f6 • 920ead76 20024322 4ea758de f77360fb • 300a7d46 • group g1 key (100000,4): 4dcd385a f96e9452 ac8cb02c e705cdae 4dcd385a f96e9452 • req rekey: [D(100002,1)] [D(100000,4)] (60) • join rekey • 0105003c 00000000 00000002 00000001 • aa476a3d 0e316c51 55d2ba2b c229437f • bad5e6cb 7c4698a8 c3e6b2c2 f7963886 • f00b4643 98224767 ed0c0443

  14. Screendump client (ganesh)

  15. Screendump client (ayen)

  16. Screendump client ganesh-parting

  17. Work Done Till Date • Integrated JabberX with Keystone for secure group chatting. • Able to transfer files from one machine to all others in the group. • Ported the JabberX onto compaq IPAQ • Need to add in the BLP model for file distribution.

  18. Conclusion • Need to modify keystone for error handling • Need to reduce keystone’s dependency on 2 encryption libraries i.e. Cryptolib-1.2, Openssl. Openssl’s crypto library must be sufficient enough. • Need to find another method for file transfer as the current way of file transfer i.e. broadcast is not good. • ( I know TCP broadcast is not used for file transfer ) • Have a partial access control provided by Keystone. Need to provide the access control for file transfer

More Related