ebook img

Protocols for secure client-server applications in the Joint Maritime command Information System PDF

80 Pages·1997·3.2 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Protocols for secure client-server applications in the Joint Maritime command Information System

NPS ARCHIVE 1997.09 WELDON, S. NAVAL POSTGRADUATE SCHOOL Monterey, California THESIS PROTOCOLS FOR SECURE CLIENT-SERVER APPLICATIONS IN THE JOINT MARITIME COMMAND INFORMATION SYSTEM by Steven G. Weldon September, 1997 Thesis Advisor: Dennis Volpano Second Reader: Cynthia Irvine Thesis W399 Approved for public release; distribution is unlimited. DUDLEY KNOX UBRAFY SCHOOL POSTGRADUATE NAVAL MQNTERF^ CP DUDLEY KNOX LIBRARY NAVAL POSTGRADUATESCHOOL MONTEREY, CA93943-5101 REPORT DOCUMENTATION PAGE FormApproved OMB No. 0704-0188 Publicreportingburdenforthiscollectionofinformation isestimatedtoaverage1 hourperresponse, includingthetimeforreviewing instruction, searchingexistingdatasources, gatheringandmaintainingthedataneeded, andcompletingandreviewingthecollectionofinformation. Send comments regardingthisburdenestimateoranyotheraspectofthiscollectionofinformation, includingsuggestionsforreducingthis burden, to WashingtonheadquartersServices, DirectorateforInformationOperationsandReports, 1215JeffersonDavis Highway, Suite1204,Arlington,VA 22202-4302, andtotheOfficeofManagementandBudget, PaperworkReductionProject(0704-0188)WashingtonDC20503. 1. AGENCY USEONLY(Leaveblank) 2. REPORT DATE 3. REPORTTYPEANDDATESCOVERED September 1997 Master's Thesis 4. TITLEANDSUBTITLE 5. FUNDING NUMBERS PROTOCOLS FOR SECURE CLIENT-SERVER APPLICATIONS IN THE JOINT MARITIME COMMAND INFORMATION SYSTEM. 6. AUTHOR(S) Weldon, Steven G. PERFORMING ORGANIZATION 7. PERFORMINGORGANIZATION NAME(S)ANDADDRESS(ES) 8R.EPORTNUMBER Naval Postgraduate School Monterey, CA 93943-5000 9. SPONSORING/MONITORINGAGENCY NAME(S)ANDADDRESS(ES) 10.SPONSORING/MONITORING AGENCY REPORTNUMBER 11. SUPPLEMENTARY NOTES Theviews expressed in this thesisarethose ofthe author anddonotreflectthe official policyorposition ofthe Department ofDefenseortheU.S. Government. 12a. DISTRIBUTION/AVAILABILITYSTATEMENT 12b. DISTRIBUTIONCODE Approved for publicrelease; distribution is unlimited. ABSTRACT (maximum 200 words) The new architecture for the Joint Maritime Command Information System, referred to as JMCIS'98, seeks to provide uniform access to tactical and non-tactical information. The goal is to allow access to such information using Wide Area Network technology and Personal Computers running Windows NT in a web environment. This architecture relies on web servers to deliver executable content, such as Java applets, to clients and gateway servers toroute requests to the appropriate serversand/or databases. This architecture raises new security risks which must be addressed. Two ofthese risks are addressed in this thesis: executing downloaded code from a web server and transmitting sensitive information, such as passwords, to gatewayservers We investigate threecryptographic protocols to address these risks. The first protocol treats the risk ofexecuting downloaded code from a web server by using digital signatures. The second protocol addresses the transmission of sensitive information to a gateway server by using certificates and symmetric key cryptography. Finally, we explore an alternative approach, that ofthe Secure Sockets Layer, which provides mutual authentication. We discuss how the first two protocols can be implemented in Java using the Java Developer's Kit (JDK) 1.1 and the Java Cryptography Extension _____ (JCE) 1.1. 14. SUBJECTTERMS 15. NUMBEROFPAGES Protocols, JMCIS'98, SecureClient-ServerApplications 71 16. PRICECODE 17. SECURITY 18. SECURITY 19. SECURITY 20. LIMITATIONOF CLASSIFICATIONOFREPORT CLASSIFICATIONOFTHISPAGE CLASSIFICATIONOF ABSTRACT ABSTRACT Unclassified Unclassified UL Unclassified NSN7540-01-280-5500 Standard Form 298(Rev. 2-89) Prescribed by ANSIStd.239-18 11 Approved for public release; distribution is unlimited PROTOCOLS FOR SECURE CLIENT-SERVER APPLICATIONS IN THE JOINT MARITIME COMMAND INFORMATION SYSTEM Steven G. Weldon Lieutenant, United States Navy B.A., The George Washington University, 1990 Submitted in partial fulfillment ofthe requirements for the degree of MASTER OF SCIENCE IN COMPUTER SCIENCE from the NAVAL POSTGRADUATE SCHOOL September 1997 DUDLEY KNOX LIBRARY DUDLEYKNOXLIBRARY NAVAL POSTGRADUATE SCHOOL WA SCHOOL MONTEREY, CA 93943-5101 : ABSTRACT IV/l1 • »... *EY CA 83943-5101 The new architecture for the Joint Maritime Command Information System referred to as JMCIS'98, seeks to provide uniform access to tactical and non-tactical information. The goal is to allow access to such information using Wide Area Network technology and Personal Computers ninning Windows NT in a web environment. This architecture relies on web servers to deliver executable content, such as Java applets, to clients and gateway servers to route requests to the appropriate servers and/or databases. This architecture raises new security risks which must be addressed. Two ofthese risks are addressed in this thesis: executing downloaded code from a web server and transmitting sensitive information, suchas passwords, to gateway servers. We investigate three cryptographic protocols to address these risks. The first protocol treats the risk ofexecuting downloaded code from a web server by using digital signatures. The second protocol addresses the transmission ofsensitive information to a gateway server by using certificates and symmetric key cryptography. Finally, we explore an alternative approach, that ofthe Secure Sockets Layer, which provides mutual authentication. We discuss how the first two protocols can be implemented in Java using the JavaDeveloper's Kit (JDK) 1.1 and the Java Cryptography Extension (JCE) 1.1. VI 1 TABLE OF CONTENTS INTRODUCTION I. 1 A. SECURITY ISSUES INJMCIS'98 2 B. ORGANIZATION OFTHESIS 3 II. JMCIS'98 5 A. JMCIS'98 ARCHITECTURE 6 1. Migration Strategy 7 2. Personal ComputerArchitecture 8 3. Communications 10 4. PhasedMigration 10 5. JMCIS Security 11 SUMMARY B. 12 JAVA ID. 15 A. JAVA SECURITY RISKS 15 1. Java Applications 16 2. JavaApplets 16 B. JAVA SECURITYARCHITECTURE 19 1. Class Loader 19 2. Class Verifier 20 3. SecurityManager 20 SUMMARY C. 21 IV. JAVACRYPTOGRAPHYARCHITECTURE AND EXTENSION 23 A. JAVA'SNEW SECURITYFACILITIES 23 1. Signed JARFiles 23 2. JavaCryptographyArchitecture 25 a. Java SecurityAPI 25 b. CryptographyPackage Providers 27 3. JavaCryptographyExtension 28 B. SUMMARY 29 V. JMCIS'98 SECURITY PROTOCOLS 31 A. TRUSTED CODE AND SECURE PASSWORD TRANSMISSION PROTOCOLS 32 1. TrustedCodeProtocol 32 2. SecurePasswordTransmission Protocol 33 3. ImplementingKeys 34 4. ImplementingCertificates 35 B. TRUSTEDCODEPROTOCOL IMPLEMENTATIONUSING JAVA'S JCA 37 ANALTERNATIVE APPROACHTO VERIFYING TRUSTED CODE C. USING JDK 38 1.1 1. EstablishingATrustedEntity 40 2. DownloadingA JARFile 41 D. IMPLEMENTINGTHE SECURE PASSWORD TRANSMISSION PROTOCOL USING JAVA'S JCE 42 ANALTERNATIVE APPROACHTO SECURE PASSWORD TRANSMISSION E. USING THE SECURE SOCKETSLAYER 46 1. RecordLayer 47 a. Change CipherSpec Protocol 49 2. HandshakeProtocol 49 3. Applying SSLToJMCIS'98 andSecurePassword Transmission 5 SUMMARY 52 F. VI. CONCLUSIONS AND RECOMMENDATIONS 53 vn LISTOF REFERENCES ^7 5y INITIALDISTRIBUTION LIST Vlll

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.