370 likes | 521 Views
The Design and Implementation of a Secure Content Switch. Master Thesis Presentation Ganesh Kumar Godavari Department of Computer Science Univ. of Colorado at Colorado Springs. Outline of the Talk. Content Switch and Overview of SSL Related Literature
E N D
The Design and Implementation of a Secure Content Switch Master Thesis Presentation Ganesh Kumar Godavari Department of Computer Science Univ. of Colorado at Colorado Springs Secure Content Switch/godavari
Outline of the Talk • Content Switch and Overview of SSL • Related Literature • Design of Secure Content Switch (SCS) • Performance of SCS implementation • Lessons Learned and Future Directions • Conclusion Secure Content Switch/godavari
Content Switch (CS) server1 home.htm ContentSwitch server2 client • Route packets based on high layer (Layer 5/7) headers and content. • Examples: • Direct Web traffic based on pattern of URLs, host tags, cookies. • Can Route incoming email based on email address;Connect POP/IMAP based on login • Web switches and Intel XML Director/accelerator are special cases of content switch. . . uccs.jpg Index.htm . rocky.mid server9 Secure Content Switch/godavari
What Services It Can Provide • Enabling premium services for e-commerce, ISP, and Web hosting providers • Load Balancing and High Available Server Clusters: Web, E-commerce, Email, Computing, File, SAN • Policy-based networking, differential/QoS services. • Firewall, Strengthening DoS protection, cache/firewall load-balancing • ‘Flash-crowd' management • Email Spam Protection, Virus Detection/Removal Secure Content Switch/godavari
About SSL • Secure Sockets Layer (SSL) protocol • developed by Netscape Communications to ensure private and authenticated communications • put into the public domain for the Internet community Secure Content Switch/godavari
OpenSSL • OpenSSL is based on the excellent SSLeay library developed by Eric A. Young and Tim J. Hudson. • Open Source toolkit implementing the Secure Socket Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols as well as a full-strength general purpose cryptography library • Important Libraries • SSL • The OpenSSL ssl library implements the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols • Crypto • The OpenSSL crypto library implements a wide range of cryptographic algorithms used in various Internet standards. The services provided by this library are used by the OpenSSL implementations of SSL, TLS, and they have also been used to implement SSH, OpenPGP, and other cryptographic standards Secure Content Switch/godavari
Command Interface • The Openssl program is a command line tool for using the various cryptography functions of OpenSSL's crypto library from the shell. It can be used for • Creation of RSA, DH and DSA key parameters • Creation of X.509 certificates, and Certificate Revocation List (CRL) • Calculation of Message Digests o Encryption and Decryption with Ciphers • SSL/TLS Client and Server Tests • Handling of S/MIME signed or encrypted mail Secure Content Switch/godavari
Secure Content Switch(SCS) • Secure content switch is a transparent proxy that can translate between encrypted and unencrypted data transport on socket connections. • Need for secure network access and high performance • e-commerce transactions require security • Need high performance for better Quality of Service Solution: just plug in SCS between client and the server and thereby add Secure Socket Layer (SSL) support. Secure Content Switch/godavari
Goal & Design of Secure Content Switch • In addition to the above, we need to be able to route requests based on content to a set of backend real servers. Design Considerations • Our real Servers can be located at different places • Efficiency must not be ruined • Easy to understand/write content switching rules. • Dynamic rule update • Session Reusability Secure Content Switch/godavari
Related Literature • [1]George Apostolopoulos, David Aubespin, Vinod Peris, Prashant Pradhan, Debanjan Saha, “ Design, Implementation and Performance of a Content-Based Switch”, Proc. Infocom2000, Tel Aviv, March 26 - 30, 2000, http://www.ieee-infocom.org/2000/papers/440.ps • [2] Gregory Yerxa and James Hutchinson, “Web Content Switching” , http://www.networkcomputing.com. • [3] “Release Notes for Cisco Content Engine Software”. http://www.cisco.com”. • [4] “Foundry ServIron Installation and Configuration Guide,” May 2000.r http://www.foundrynetworks.com/techdocs/SI/index.html • [5] “Intel IXA API SDK 4.0 for Intel PA 100,” http://www.intel.com/design/network/products/software/ixapi.htm and http://www.intel.com/design/ixa/whitepapers/ixa.htm#IXA_SDK Secure Content Switch/godavari
Design of Secure Content Switch Secure Content Switch/godavari
Advantages of Secure Content Switch • Preferential Treatment • Secure Content Switch has been developed to handle secure Content based routing of Requests. • e.g. high purchase requests can be routed to the fast real server • Security • The Secure Content Switch establishes the secure connection if the Server doesn't support HTTPS Secure Content Switch/godavari
Architecture of Secure Content Switch • The web browser makes a request to the secure content switch. • The dispatcher module in the secure content switch forwards the request to the secure content switch child module. In the dynamic forking version of SCS the dispatcher module forks a child process. In Preforking version of SCS the dispatcher module forwards request to a free child. • The secure content switch child module performs the handshake with the client and reads in the request. • The secure content switch child module then sends the request to the Rule module, which performs rule matching and returns the name of the server by which the request can be served. • The secure content switch child forwards the request to the real server based on the routing decision Secure Content Switch/godavari
Dynamic Forking Secure Content Switch Request From Web Browser to the SCS Dispatcher module fork () Secure Content Switch Child module Negotiate SSL Session No Existing SSL Session SSL Request Yes Decrypt Object Using SSL Session Information Yes Encrypt the Object Per Session Information and Send it over HTTPS to the Web Browser Send Object Information To Rule Matching Module Retrieve Server Information Rule Matching Module Retrieve Object From the Server Using Standard HTTP Secure Content Switch/godavari
Request From Web Browser to the SCS Prefork Secure Content Switch Dispatcher module assign assign assign Negotiate SSL Session Secure Content Switch Child Process 1 Secure Content Switch Child Process 2 Secure Content Switch Child Process n No SSL Request Existing SSL Session Yes Yes Decrypt Object Using SSL Session Information Encrypt the Object Per Session Information and Send it over HTTPS to the Web Browser Retrieve Object From the Server Using Standard HTTP Retrieve Server Information Rule Matching Module Send Object Information To Rule Matching Module Secure Content Switch/godavari
E-Commerce Example: 1. Client Client submits via HTTP/Post (or SOAP) the following purchase in XML: <purchase> <customerName>CCL</customerName> <customerID>111222333</customerID> <item><productID>309121544</productID> <productName>IBM Thinkpad T21</productName> <unitPrice>5000</unitPrice> <noOfUnits>10</noOfUnits> <subTotal>50000</subTotal> </item> <item><productID>309121538</productID> <productName>Intel wireless LAN PC Card</productName> <unitPrice>200</unitPrice> <noOfUnits>10</noOfUnits> <subTotal>2000</subTotal> </item> <totalAmount>52000</totalAmount> </purchase> Secure Content Switch/godavari
E-Commerce Example: 2. Content Switch • Content switch receives the packet. • Recognize it is a http post request from http request line POST /purchase.cgi HTTP/1.1 • Recognize it is an XML document from the meta headercontent-type: TEXT/XML • Parsing XML content • Extract values of tag sequences: 52000 purchase/totalAmount CCL purchase/customerName • Rule 1 is matched and packet is routed to one of highSpeedServers.Rule 1: if (xml.purchase/totalAmount > 5000) routeTo(highSpeedServers);Rule 2: if (xml.purchase/customerName == CCL) routeTo(specialCustomerServers); Secure Content Switch/godavari
Java-based Rule Editor • Detect conflicts in content switch rule set • Convert rules into LCS rule module. Secure Content Switch/godavari
Design of Rule Module Server • How can I update rules Dynamically ? • Make rule matching part as an separate process Design considerations • will the rule module run locally on the machine as the SCS is running? • cannot say depends on the user • what is going to be the impact on performance ? • need to study once in detail !! Current Design • Rule module can run as a separate process on the same/different machine. • Rule module is an iterative server1 because we found that encryption and decryption are the bottlenecks not rule matching (from the previous results) Updating Rule Module • Shutdown the rule module, compile the rule module with new rule set and start up the rule module 1 an iterative server is one that can server one request at a time. Secure Content Switch/godavari
Rule Server Module Establish Connection with Rule Server Module Send Url, Src portno, Src IP, HTTP Headers, Data (if any) to the Rule Module Yes Secure Content Switch Child Process No IS (Method == Post) Establish Connection with Default Rule Server Module No Yes Yes IS (content type == x-www-form-urlencoded) No Perform rule matching and send back the Real Server Name, Address and Port # on which Real Server is listening Yes Decrypt the data And populate the rules with values (if any) Secure Content Switch/godavari
Test bed Secure Content Switch/godavari
Configuration of machines used in testbed Secure Content Switch/godavari
SSL Processing Overhead • Average SSL req./sec is 14.7 • Average HTTP req./sec is 180 dilbert.uccs.edu eca.uccs.edu Secure Content Switch/godavari
Dynamic vs. Preforking SCS • The performance of the Pre-forking SCS is better than Dynamic Forking SCS eca.uccs.edu dilbert.uccs.edu oblib.uccs.edu frodo.uccs.edu Secure Content Switch/godavari
Dynamic vs. Preforking SCS • The performance of the Dynamic forking SCS is better than Pre-forked SCS • Reason ? • What is the advantage of using cluster ? eca.uccs.edu dilbert.uccs.edu calvin.uccs.edu frodo.uccs.edu Secure Content Switch/godavari
Performance of Prefork SCS on varying Startup Children • Startup children => no of child Processes spawned ahead of time • It is Suggested always to keep the Startup Children Small if you don’t expect heavy traffic • Having about 25 pre spawned children is better if the traffic load is heavy eca.uccs.edu dilbert.uccs.edu calvin.uccs.edu frodo.uccs.edu Secure Content Switch/godavari
Impact of Rules on theperformance of Dynamic SCS • Clearly there is no impact of rules on the the performance of Dynamic Forking Secure Content Switch eca.uccs.edu dilbert.uccs.edu calvin.uccs.edu frodo.uccs.edu Secure Content Switch/godavari
Impact of Rules on theperformance of Dynamic Non-SCS • Clearly there is some impact of Rules on the the Performance of Dynamic Forking Non-Secure content Switch • the smaller the rule set, better the performance • No heavy impact of the performance of the Secure content Switch with increase in the number of rules Secure Content Switch/godavari
Impact of Real Servers on thePerformance of Dynamic SCS • Clearly there is no impact of Real Server on the the Performance of Dynamic Forking Secure content Switch • Is Secure Content Switch the bottleneck ?? calvin.uccs.edu eca.uccs.edu dilbert.uccs.edu frodo.uccs.edu Secure Content Switch/godavari
Impact of Real Servers on thePerformance of Dynamic Non-SCS • Performance is not directly proportional to # of Real Servers !! • Clearly there is impact of Real Server on the the Performance of Dynamic Forking Non-SSL Secure content Switch • Performance was found to degrade when there is only one real server Secure Content Switch/godavari
Performance of SCS in Local Node situation Local Node => Web Server runs on the Content Switch machine, therefore the content Switch can serve the requests by routing requests internally calvin.uccs.edu • No major gains if the real server runs locally or remotely dilbert.uccs.edu Apache Web Server Secure Content Switch/godavari
Lessons Learned: Conflicts among Different Servers on Same Machine While measuring results using web bench for local node situation for Pre-fork Non-secure content switch The apache is running on port 8000, SCS on 80. After serving a few requests SCS stopped serving Requests. I stopped Apache web server, SCS started Serving Requests again. I started the Apache Web server, after serving a few requests SCS stopped serving Requests. This process is continuing Probable conflict on who to serve the request is ruled out, as a request send to Secure Content Switch /APACHE is being handled perfectly well Secure Content Switch/godavari
Local vs. Remote Rule Module • Pre-fork SCS Overtakes Dynamic forking SCS • Dynamic forking SCS Performance was degraded by 100% Rule module walrus.uccs.edu eca.uccs.edu dilbert.uccs.edu frodo.uccs.edu Rule module Secure Content Switch/godavari calvin.uccs.edu
Future Directions • Reducing bottleneck of SSL encryption / decryption by having Parallel Processing we need to maintain state across machine • using cookies • have server id parameter as a part of handshake (OpenSSL – 0.7 may have this feature) • caching of web pages • Tough to achieve in case of dynamic pages. • Modify the Apache web server to include preferred treatment and do fair comparision • have packet rewrite techniques. Secure Content Switch/godavari
Conclusion • Preforking Secure Content Switch • encryption and decryption are the major bottleneck • no major gains if processor speed is increased. • no major benefit if the number of real server or increased • no major benefit if the number of the rules are increased • Dynamic forking Secure Content Switch • encryption and decryption are the major bottleneck • major gains if processor speed is increased. • no major benefit if the number of real server or increased • some impact if the number of the rules are increased • Preforking version of SCS is better than Dynamic forking version of SCS Secure Content Switch/godavari
References [1] OpenSSL: The Open Source toolkit for SSL/TLS (http://www.openssl.org) [2] SSL and TLS, by Eric Rescorla [3] SSL and TLS Essentials, by Stephen Thomas [4] mod_ssl: The Apache Interface to OpenSSL (http://www.modssl.org) [5] HTTP Over TLS ftp://ftp.ietf.org/internet-drafts/draft-ietf-tls-https-02.txt The specification on how to run HTTP over SSL/TLS [6] Tunneling TCP based protocols through Web proxy servers http://www.www.alternic.org/drafts/drafts-l-m/draft-luotonen-web-proxy-tunneling-01.txt The specification for the HTTP CONNECT method [7] Analysis of SSL 3.0 Protocol http://www.counterpane.com/ssl.html D. Wagner and B. Schneier's USENIX analysis of SSLv3 [8] HyperText Transfer Protocol (HTTP), Version 1.1 (Internet Draft) http://www.w3.org/Protocols/HTTP/1.1/draft-ietf-http-v11-spec-rev-06.txt The application layer protocol Apache+mod_ssl uses over SSL/TLS [9] HyperText Transfer Protocol (HTTP), Version 1.0 (RFC 1945) http://www.ietf.org/rfc/rfc1945.txt The application layer protocol Apache + mod_ssl uses over SSL/TLS Secure Content Switch/godavari
References [10] Intel® IXA (Internet Exchange Architecture), http://developer.intel.com/design/ixa/index.htm [11] WindRiver Tornado Development Tools, http://www.windriver.com/products/html/tornado2.html [12] Tornado User’s Guide (Windows Version) 2.0 [13] WindRiver VxWorks, http://www.windriver.com/products/html/vxwks54.html Intel®, IXP-1200, IXP-12EB is the registered Trademarks of Intel Corporation Tornado, VxWorks is the registered Trademarks of Wind River Systems, Inc Linux, Apache, Openssl protected under the GNU General Public License Secure Content Switch/godavari