Re: In need of a "simple" secured tcp/ip protocol.
- From: "Filip Larsen" <filip.larsen@xxxxxxxxx>
- Date: Wed, 17 May 2006 09:41:40 +0200
I have a project where I want to transmit requests in the form of xmlsecurely.
documents from a Java client which will then accept xml documents in
response from a server over a tcp/ip socket connection. I've been told
that the content of this information also needs to be transmitted
The server is to be housed on a very resource limited (tiny memory
footprint) system, so it's necessary to take a minimalistic approach.
If you have control over the code for both client and server and both
run in a trusted environment to which you can deploy securely (i.e. your
security requirement are only concerned about securing transmission over
an untrusted network once the application is deployed), you should be
able to employ one of the standard encryption algorithms like AES in
both ends. If different clients belong to different security domains
which do not trust each other you may have to extend such a simple
symmetric encryption with a protocol for secure key exchange.
However, there are many security scenarios where this is not good enough
(with todays Internet deployment most such scenarios involve untrusted
client environments), so think careful about what your security
requirements really are. I recommend the use of "attack trees" to get an
overview over what it is you really want to secure with your
With this in mind, how could I best achieve a secure connect betweenthe
server and client under these conditions? The server implementerThanks.
(written in C) believes that they can use SSH for this, while I cannot
find any proof that this design is feasible. Any ideas on this?
There is a fairly large body of encryption libraries and protocols in
existence that your team can draw on, some even open source
implementations. If you go for a standard protocol (like SSL/TLS) you
gain a lot of freedom to choose implementation in either end
independently from each other. From your very loose description of the
system and the constraints it sounds to me that SSL indeed could be a
protocol to consider.
Note that I have tried to keep this response in general terms to avoid
giving you any false ideas about what is possible and secure enough in
your case. Based on your short description there is no way that I or
anyone else can make sound concrete security advice for you since this
requires detailed system knowledge. Sure, someone may comment that it is
technically feasible to make a request-response protocol using SSH on
the server, but remember that this does not in itself imply that such a
solution is "secure enough" in your case. Don't let implementation drive
your security design.
- Prev by Date: Maven2 and XDoclet : org.xdoclet.plugin.web.TaglibPlugin don't generate TLD inherited attributes
- Next by Date: Class.class and class.getClass, whats the difference
- Previous by thread: Re: In need of a "simple" secured tcp/ip protocol.
- Next by thread: Re: In need of a "simple" secured tcp/ip protocol.