.. _`Secure Networking Tutorial`: ########################## Secure Networking Tutorial ########################## *This tutorial demonstrates secure networking features of OpenSplice.* Prerequisites ************* DDS applications on a single host use shared memory for inter process communication. Network communication is needed only in scenarios running DDS applications on multiple hosts. To follow the demonstration of OpenSplice’s secure networking features you will need at least two machines connected to the same IP network and OpenSplice installed. Please refer to OpenSplice Getting Started Guide to install OpenSplice on these hosts. This tutorial is based on the Chat Tutorial delivered with OpenSplice (see ``$OSPL_HOME/examples/dcps/standalone/*/Tutorial``). To demonstrate OpenSplice’s secure networking features, no changes to the applications’ source code is necessary. Please refer to the Chat Tutorial ``README.txt`` file and be familiar with building and running the applications (of your preferred programming language) before continuing. Please build and run the Chat Tutorial applications on all hosts. A more in-depth description of the Chat Tutorial can be found in the *DCPS C Tutorial Guide*. Preparation *********** The Chat Tutorial gave a brief introduction to a typical DDS application. Before activating any security configurations you should know how to start OpenSplice with a customized configuration. |caution| Modifying the default configuration is not recommended because it might affect other users or applications. .. _`Customizing OpenSplice Configuration`: Customizing OpenSplice Configuration ==================================== Default settings for OpenSplice are read from a configuration file located at ``/etc/configs/ospl.xml``. To customize settings it is best to run OpenSplice using a *different* configuration file. Create a file named ``ospl.xml`` with the content listed below in the Chat Tutorial’s directory: :: OpenSplice Security 10485670 5.0 snetworking 3340 3350 3360 |windows| Windows users should change the value of the configuration element at ``OpenSplice/Domain/Service/Command`` to ``snetworking.exe``. Stop OpenSplice if it is already running. To tell OpenSplice to use this file for configuration, the system variable ``OSPL_URI`` has to be set with a file URI pointing to the just-created configuration file. For example: :: % export OSPL_URI=file://ospl.xml will point to a file named ``ospl.xml`` in the current working directory and :: % export OSPL_URI=file:///home/user/ospl.xml will point to ``ospl.xml`` in a ``/home/user`` directory. Ensure that you have read and write permissions for the file pointed at. Now start OpenSplice again. You will see that the status message contains a new DDS domain name. :: % ospl start % Starting up domain "OpenSplice Security" . Ready Note that when running OpenSplice with the configuration listed above, each OpenSplice node will broadcast heartbeat messages every second, targeting the UDP port 3360. These messages are used to discover other OpenSplice nodes in the network. Only when a second OpenSplice node has been discovered in the network by heartbeats ChatRoom messages will be broadcasted to the UDP target port 3340 (best effort) and 3350 (reliable). So, do not expect any ChatRoom messages to show up in the network traces as long as you operate with a single OpenSplice node. Running Chat Tutorial Without Security ====================================== Before securing the Chat Tutorial we will run the applications without security activated by using the configuration presented above. This way we can analyse network traffic and identify potential vulnerabilities. Run the MessageBoard application on one host by executing: :: % ./exec/MessageBoard On the other host run the Chatter application by executing: :: % ./exec/Chatter The MessageBoard application will print the following output: :: % Chatter 1: Hi there, I will send you 10 more messages. % Chatter 1: Message no. 1 % Chatter 1: Message no. 2 % Chatter 1: Message no. 3 % … |caution| If running the applications in another shell, ensure that the system variable ``OSPL_URI`` points to the same configuration file as indicated above when starting OpenSplice. Otherwise the applications won’t start up correctly. To analyse network traffic you may use a tool like Wireshark [#]_. Re-run the Chatter application with Wireshark capturing traffic from your network interface. You should see some UDP packets being captured. Analysing packets sent to UDP port 3350 shows the plain text content of our Chat Tutorial messages as you can see in the following screen: .. _`OSPL Sniff Showing Unencrypted Traffic`: .. centered:: **OSPL Sniff Showing Unencrypted Traffic** .. image:: /images/OSPL_tutorial_sniff_unencrypted.png :width: 140mm :align: center :alt: OSPL Sniff Showing Unencrypted Traffic Activating Secure Networking **************************** At this point the Chat Tutorial applications should work fine using your own configuration file on both hosts. Up to now all network traffic is sent unencrypted as you can see in the illustration above (`OSPL Sniff Showing Unencrypted Traffic`_). Simple Setup Using GlobalPartition ================================== To activate encryption, you must shut down the tutorial applications and OpenSplice before modifying the configuration file. Two steps have to be done for a simple setup. *First*, add a new security profile to the network service configuration. This defines details of encryption, like the algorithm and the secret cipher key to be used. :: … … *Second*, you have to associate this security profile with a network partition. Enhance the existing global network partition with a new attribute: ``SecurityProfile="GlobalProfile"``. All network traffic sent by the global partition is encrypted using settings from the assigned security profile. :: … … … As an alternative to modifying the configuration file as described above, you can use the complete example configuration listed below for setup. To avoid problems, ensure that all hosts use the same configuration. Restarting OpenSplice and the Chat Tutorial applications using the modified configuration will enable encrypted network traffic. Again, you may use Wireshark to analyse messages sent through the network. As you can see in the screen shown below, it is not possible to read plain text from chat messages exchanged. .. _`OSPL Sniff Showing Encrypted Traffic`: .. centered:: **OSPL Sniff Showing Encrypted Traffic** .. image:: /images/OSPL_tutorial_sniff_encrypted.png :width: 140mm :align: center :alt: OSPL Sniff Showing Encrypted Traffic :: OpenSplice Security 10485670 5.0 networking 3340 3350 3360 If the cipher key is changed in the configuration of only one host (ensure that the key-length is kept the same) and OpenSplice and the Chat Tutorial applications are restarted you will notice that messages sent by the Chatter application won’t reach the MessageBoard running on the other host. On the receiving host a warning message will be logged in the ``ospl-info.log`` file. This file is located in the start-up directory, by default. :: ### Report Message ### Type : WARNING Context : networking nw_plugReceiveChannelReadSocketNonBlocking File : ../../code/nw_plugReceiveChannel.c Line : 1560 Code : 0 Description : decoding failed Node : shark1 Process : networking (5338) Thread : Discovery[@enabled!='false'] b7d1dbb0 Timestamp : 1184225057.899220000 (Thu Jul 12 09:24:17 2007) |caution| Before following the instructions in the next section, please restore the correct cipher-keys and restart the OpenSplice services. Advanced Setup Using Network Partitions ======================================= In OpenSplice, ``DDS topics`` and ``DDS partitions`` can be mapped onto additional network partitions. This allows the separation of network traffic between different applications sharing the same DDS domain. OpenSplice secure networking enables you to use different cipher keys for each network partition to enable confidentiality and integrity of the data exchanged between different applications. For example, the following declaration maps all topics from *ChatRoom* partition onto a dedicated *ChatRoom network partition* using an exclusive multicast address instead of using the *GlobalPartition*: :: ... ... With the security feature enabled, the global partition and each network partition can be associated with its own security profile. In our example we refer to *GlobalProfile* and *ChatRoomProfile*. Each security profile defines the cipher to be used. The ``NULL`` cipher used in *GlobalProfile* may be used for debugging purposes or for single topics/partitions that do not require protection. The configuration sample above also demonstrates the cipher keys may be stored in an external file too. The key within the file is encoded as a hexadecimal-string, in other words a 16-Byte key is formed of 32 characters, for example: ``0f0e0d0c0b0a09080706050403020100``. External files are the preferred way to store keys, to keep them confidential. |caution| **Permissions for the key files should be set so that nobody except the OpenSplice core services may read the files.** Storing the keys in-place in the configuration file which is read by each DDS application on start up would be a potential leak of secret information. .. [#] See http://www.wireshark.org for further information. .. EoF .. |caution| image:: ./images/icon-caution.* :height: 6mm .. |info| image:: ./images/icon-info.* :height: 6mm .. |windows| image:: ./images/icon-windows.* :height: 6mm .. |unix| image:: ./images/icon-unix.* :height: 6mm .. |linux| image:: ./images/icon-linux.* :height: 6mm .. |c| image:: ./images/icon-c.* :height: 6mm .. |cpp| image:: ./images/icon-cpp.* :height: 6mm .. |csharp| image:: ./images/icon-csharp.* :height: 6mm .. |java| image:: ./images/icon-java.* :height: 6mm