1 / 38

PWB 506: Secure Data Transmission with PowerBuilder

PWB 506: Secure Data Transmission with PowerBuilder. Arthur Hefti CEO arthur@catsoft.ch August 15-19, 2004. Content Overview. Speaker introduction The challenge Encryption Sending data Real life problems 3rd party tools. Speaker Introduction. Arthur Hefti

pahana
Download Presentation

PWB 506: Secure Data Transmission with PowerBuilder

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. PWB 506: Secure Data Transmission with PowerBuilder Arthur Hefti CEO arthur@catsoft.ch August 15-19, 2004

  2. Content Overview • Speaker introduction • The challenge • Encryption • Sending data • Real life problems • 3rd party tools

  3. Speaker Introduction • Arthur Hefti • PowerBuilder developer since 1993 • CPD Professional, CP Instructor • President Swiss PowerBuilder User Group for 5 years • CEO of CATsoft Development GmbH, Zurich, Switzerland • Custom made software development and consulting • Client / Server and Web • Web: http://www.catsoft.net or http://www.catsoft.ch • Email: arthur@catsoft.ch

  4. The Challenge • Transmit confidential data securely over the Internet • Use as few as possible preconditions on the client side • Easy Deployment • Key management • Secure key distribution • Use and manage certificates • Hardware and software barriers • Pass firewalls and proxy servers • Different software combinations behave different

  5. Encryption • Brief history • Message verification • Symmetric encryption • Asymmetric encryption

  6. Brief History Of Encryption • 1900 BC Egypt: Derivation of standard hieroglyphics • 400 BC Sparta: Skytale (wood stick) • 50 BC Julius Caesar: simple substitution • 1585 Blaise de Vigenère: polyalphabetic substitution • 1790‘s Thomas Jefferson: wheel cipher • 1930 - 1945 Enigma in Germany during WWII • 1978 RSA algorithm published • 1990 Experimental results on quantum cryptography

  7. Encryption „Machines“ Wheel or Disc Ciper Skytale Enigma Thomas Jefferson‘s Wheel Ciper

  8. Message Verification: Hash • A hash is used to ensure that a message is not altered • Generates a small digest from a large message • One way algorithm • Different messages create different digest • The hash is transmitted together with the message • More Information • Popular hashes are SHA-1 and MD5 • http://en.wikipedia.org/wiki/Hash_function

  9. Hash Example SHA-1 • Digest is always 20 byte • Sample 1 • This is a sample text for the Techwave 2004. This text could go on and on. Digest: 95 DD BD C1 B4 CF D8 BA 75 33 C3 69 6F 01 00 E9 F2 78 48 19 • Sample 2 • 1 different character but a completely different digest • This is a sample text for the Techwave 2005. This text could go on and on. Digest: 00 EF 15 AF 28 EB 11 34 E9 A3 C1 F0 F4 3E CC CB CB 9D BB 90

  10. Encryption Types • Symmetric encryption / shared secret key • Same key is used to encrypt and decrypt data • Asymmetric encryption / public key • Different, yet related, keys for encryption and decryption

  11. Symmetric Encryption • Advantage • Usually quite fast • Disadvantage • Shared secret key • Sender and receiver have to exchange the key • Key should change often • Key is in sending application (could be extracted) • More information • http://en.wikipedia.org/wiki/Symmetric_key_algorithm

  12. Symmetric Encryption Algorithms • DES • 40 or 56 bit • 40 bits = 2^40 possible keys, an average 2^39 keys must be tried • Can be done in a couple of hours -> Low security • 3-DES • 3 times applied DES encryption, usually EDE • Still very secure • IDEA, Blowfish • Very secure • AES • Successor of DES • Very secure

  13. Symmetric Data Encryption plaintext Receiver secret symmetric key Symmetric encrypted text Transmit Symmetric encrypted text Sender secret symmetric key plaintext

  14. Asymmetric Encryption • Advantage • Public key is known to everybody • Can‘t be used to decrypt message • Can be stored in sending application • Disadvantage • Quite slow • About 1000 times slower than symmetric encryption • More information • http://en.wikipedia.org/wiki/Asymmetric_key_algorithm

  15. Asymmetric Encryption Algorithms • RSA • Relies for its security on the difficulty of factoring very large integers • Diffie-Hellman • Exponential key agreement • Elgamal • Based on discrete logarithms

  16. RSA • RSA • Principle 1973 discovered at the GCHQ in Great Britain but kept secret • Described 1977 by Rivest, Shamir and Adleman • Patended in the US till September 2000 • RSA is the most commonly used public algorithm • It relies on the difficulty of factoring large integers • Secure from a key length of 1024 bits (available 512, 1024, 2048, 4096) • More detailed information • http://en.wikipedia.org/wiki/RSA

  17. Asymmetric Data Encryption plaintext Receiver public key asymmetric encrypted text Transmit asymmetric encrypted text Sender secret private key plaintext

  18. Encryption Summary • Symmetric encryption • Quite Fast • Problem is key exchange • Asymmetric encryption • Slow • Public key is known to everybody • Real live • Combination for data exchange

  19. Encryption At Sender plaintext Generate random symmetric key Create hash Encrypt with symmetric key Encrypt with public key Asymmetric encrypted symmetric key and hash Symmetric encrypted text Encrypted message

  20. Decryption At Receiver Encrypted message Asymmetric encrypted symmetric key and hash Symmetric encrypted text Decrypt with private key Decrypt with symmetric key from sender Hash and symmetric key from sender plaintext create hash verify hashes

  21. Certificates • Required for large-scale use of public key cryptography • Contains • Public key • Identity information of publisher (name, etc) • Signature • More details • http://en.wikipedia.org/wiki/Public_key_certificate

  22. Sending Data • Sending through secure connection • SSL • VPN • Sending encrypted data • Email • HTTP-Post in a form • Web Service

  23. Secure Connection • Principle • How it works • SSL • Secure Sockets Layer • Secure connection between client and server • Not necessary a end-to-end security solution • VPN • Virtual Private Network • Secures all communication between to end points • Ends normally within the LAN

  24. Secure Connection: Principle • Uses public key cryptography • Public key based key exchange • Symmetric key based traffic encryption

  25. Secure Connection: SSL • Advantage • Runs from any browser in any place (https) • Disadvantage • Server needs high security certificate • Port 443 on client side has to be open • PowerBuilder • Connect with HTTPS • Client needs to take care of protocol and proxy logon

  26. Secure Connection: VPN • Advantage • Connects two or more networks and can be use for every communication • Disadvantage • Needs infrastructure like e.g. firewalls or client software • PowerBuilder • Is transparent, no need to take care of it

  27. Sending Encrypted Data • Email • Available at most desktops • HTTP-Post • Send data through a HTTP • Web Service • Standard for data exchange

  28. Sending Encrypted Data: Email • Advantage • Available at most desktops • Disadvantage • No feedback if data was received • PowerBuilder • Send Email through MAPI (mailSessionObject) • Send by OLE with Outlook • Use some 3rd party SMTP component

  29. Sending Encrypted Data: HTTP-Post • Advantage • Can be used from any application that can access the internet • Feedback is possible • Disadvantage • No standard for sending data • PowerBuilder • HTTP-Post

  30. Sending Encrypted Data: Web Service • Advantage • Standard for exchanging data • Can be used from any application that can access the internet • Feedback is possible • Disadvantage • Not easy to access • Not yet very wide used • Standard for encryption not fixed yet

  31. Web Service And PowerBuilder • In any version • HTTP-Post is available for accessing a Web Service • In PowerBuilder 8 • Easysoap comes with PowerBuilder • 3rd Party DLL like Pocketsoap • In PowerBuilder 9 • PBSoapClient90.pbd and PBSoapClient90.dll (through Easysoap) • Details in PB HTML Help Chapter 30

  32. Real Live Problems • Proxy servers • Firewalls • Software

  33. Real Live Problems: Proxy Servers • Proxy server removes empty SoapAction header • Error „No SoapAction header“ from receiver • Login on proxy server • InternetSetOption() API call • InternetConnect() with user and password • SetOption() for SoapConnection • Conversions • Convertion of HTTP-Post to a Get • Closed ports on proxy server • Often in large companies no way to open the SSL port 443

  34. Real Live Problems: Firewalls • Closed ports on firewall • Often in large companies no way to open the SSL port 443

  35. Real Live Problems: Software • Windows version and IE • Not possible to connect through proxy server with certain combinations of the operating system and IE (e.g. NT 4 SP 5 and IE 5) • Components • Pocketsoap through some proxy servers

  36. 3rd Party Tools • Crypto++ TM library • Class library of cryptographic schemes (symmetric and asymmetric encryption, one way hash functions, random numbers, compression, etc) • C++ source • Public domain • Various platforms • http://www.cryptopp.com • Open Source SOAP Clients • EasySoap, http://easysoap.sourceforge.net • PocketSoap, http://www.pocketsoap.com

  37. Literature • The Code Book, The Science of Secrecy from Ancient Egypt to Quantum Cryptography • Simon Singh, ISBN 3-446-19873-3 • wikipedia.org

  38. Questions?

More Related