In need of a "simple" secured tcp/ip protocol.

[K2]

I have a project where I want to transmit requests in the form of xml
documents from a Java client which will then accept xml documents in
response from a server over a tcp/ip socket connection. I've been told
that the content of this information also needs to be transmitted securely.
The server is to be housed on a very resource limited (tiny memory
footprint) system, so it's necessary to take a minimalistic approach.
With this in mind, how could I best achieve a secure connect between the
server and client under these conditions? The server implementer
(written in C) believes that they can use SSH for this, while I cannot
find any proof that this design is feasible. Any ideas on this? Thanks.

 

[Gordon Beaton]

The server implementer (written in C) believes that they can use SSH
for this, while I cannot find any proof that this design is
feasible. Any ideas on this?

You can use SSH to create a secure tunnel between your clients and
server, then use "normal" TCP sockets to communicate through the
tunnel. Or you can use SSL (the SSH protocol) directly from your
application with javax.net.ssl.SecureSocket.

Some hopefully useful links:
http://www.rpatrick.com/tech/ssh-ssl/
http://www.oreilly.com/catalog/openssl/index.html
http://javaalmanac.com/egs/javax.net.ssl/Client.html

/gordon

 

[Filip Larsen]

I have a project where I want to transmit requests in the form of xml
documents from a Java client which will then accept xml documents in
response from a server over a tcp/ip socket connection. I've been told
that the content of this information also needs to be transmitted securely.
The server is to be housed on a very resource limited (tiny memory
footprint) system, so it's necessary to take a minimalistic approach.

If you have control over the code for both client and server and both
run in a trusted environment to which you can deploy securely (i.e. your
security requirement are only concerned about securing transmission over
an untrusted network once the application is deployed), you should be
able to employ one of the standard encryption algorithms like AES in
both ends. If different clients belong to different security domains
which do not trust each other you may have to extend such a simple
symmetric encryption with a protocol for secure key exchange.

However, there are many security scenarios where this is not good enough
(with todays Internet deployment most such scenarios involve untrusted
client environments), so think careful about what your security
requirements really are. I recommend the use of "attack trees" to get an
overview over what it is you really want to secure with your
application.

With this in mind, how could I best achieve a secure connect between the
server and client under these conditions? The server implementer
(written in C) believes that they can use SSH for this, while I cannot
find any proof that this design is feasible. Any ideas on this?

Thanks.

There is a fairly large body of encryption libraries and protocols in
existence that your team can draw on, some even open source
implementations. If you go for a standard protocol (like SSL/TLS) you
gain a lot of freedom to choose implementation in either end
independently from each other. From your very loose description of the
system and the constraints it sounds to me that SSL indeed could be a
protocol to consider.

Note that I have tried to keep this response in general terms to avoid
giving you any false ideas about what is possible and secure enough in
your case. Based on your short description there is no way that I or
anyone else can make sound concrete security advice for you since this
requires detailed system knowledge. Sure, someone may comment that it is
technically feasible to make a request-response protocol using SSH on
the server, but remember that this does not in itself imply that such a
solution is "secure enough" in your case. Don't let implementation drive
your security design.


Regards,

 

[dimitar]

It is very important to use trusted certificates (DO NOT use custom
all-trusting TrustManager). If you want to be extra secure, you can also
use a custom keystore containing only the certs needed by your app.

SSH is fine, especially if you need to interoperate with some
shell-based solution. A popular Java SSH implementation is JSch.

If you control both the client and the server you can go with plain JSSE
sockets as somebody else already suggested. The Legion of the Bouncy
Castle have pretty good set of algorithms some of which can run even on
J2ME devices.

Hope this helps,
Dimitar