PWB 506: Secure Data Transmission with PowerBuilder

1
PWB 506 Secure Data Transmission with
PowerBuilder
Arthur Hefti CEO arthur_at_catsoft.ch August 15-19,
2004
2
Content Overview

• Speaker introduction
• The challenge
• Encryption
• Sending data
• Real life problems
• 3rd party tools

3
Speaker Introduction

• Arthur Hefti
• PowerBuilder developer since 1993
• CPD Professional, CP Instructor
• President Swiss PowerBuilder User Group for 5
  years
• CEO of CATsoft Development GmbH, Zurich,
  Switzerland
• Custom made software development and consulting
• Client / Server and Web
• Web http//www.catsoft.net or http//www.catsoft.
  ch
• Email arthur_at_catsoft.ch

4
The Challenge

• Transmit confidential data securely over the
  Internet
• Use as few as possible preconditions on the
  client side
• Easy Deployment
• Key management
• Secure key distribution
• Use and manage certificates
• Hardware and software barriers
• Pass firewalls and proxy servers
• Different software combinations behave different

5
Encryption

• Brief history
• Message verification
• Symmetric encryption
• Asymmetric encryption

6
Brief History Of Encryption

• 1900 BC Egypt Derivation of standard
  hieroglyphics
• 400 BC Sparta Skytale (wood stick)
• 50 BC Julius Caesar simple substitution
• 1585 Blaise de Vigenère polyalphabetic
  substitution
• 1790s Thomas Jefferson wheel cipher
• 1930 - 1945 Enigma in Germany during WWII
• 1978 RSA algorithm published
• 1990 Experimental results on quantum
  cryptography

7
Encryption Machines
Wheel or Disc Ciper
Skytale
Enigma
Thomas Jeffersons Wheel Ciper
8
Message Verification Hash

• A hash is used to ensure that a message is not
  altered
• Generates a small digest from a large message
• One way algorithm
• Different messages create different digest
• The hash is transmitted together with the message
  
• More Information
• Popular hashes are SHA-1 and MD5
• http//en.wikipedia.org/wiki/Hash_function

9
Hash Example SHA-1

• Digest is always 20 byte
• Sample 1
• This is a sample text for the Techwave 2004. This
  text could go on and on.
• Digest 95 DD BD C1 B4 CF D8 BA 75 33 C3 69 6F
  01 00 E9 F2 78 48 19
• Sample 2
• 1 different character but a completely different
  digest
• This is a sample text for the Techwave 2005. This
  text could go on and on.
• Digest 00 EF 15 AF 28 EB 11 34 E9 A3 C1 F0 F4
  3E CC CB CB 9D BB 90

10
Encryption Types

• Symmetric encryption / shared secret key
• Same key is used to encrypt and decrypt data
• Asymmetric encryption / public key
• Different, yet related, keys for encryption and
  decryption

11
Symmetric Encryption

• Advantage
• Usually quite fast
• Disadvantage
• Shared secret key
• Sender and receiver have to exchange the key
• Key should change often
• Key is in sending application (could be
  extracted)
• More information
• http//en.wikipedia.org/wiki/Symmetric_key_algorit
  hm

12
Symmetric Encryption Algorithms

• DES
• 40 or 56 bit
• 40 bits 240 possible keys, an average 239
  keys must be tried
• Can be done in a couple of hours -gt Low security
• 3-DES
• 3 times applied DES encryption, usually EDE
• Still very secure
• IDEA, Blowfish
• Very secure
• AES
• Successor of DES
• Very secure

13
Symmetric Data Encryption
plaintext
Receiver
secret symmetric key
Symmetric encrypted text
Symmetric encrypted text
Transmit
Sender
secret symmetric key
plaintext
14
Asymmetric Encryption

• Advantage
• Public key is known to everybody
• Cant be used to decrypt message
• Can be stored in sending application
• Disadvantage
• Quite slow
• About 1000 times slower than symmetric encryption
• More information
• http//en.wikipedia.org/wiki/Asymmetric_key_algori
  thm

15
Asymmetric Encryption Algorithms

• RSA
• Relies for its security on the difficulty of
  factoring very large integers
• Diffie-Hellman
• Exponential key agreement
• Elgamal
• Based on discrete logarithms

16
RSA

• RSA
• Principle 1973 discovered at the GCHQ in Great
  Britain but kept secret
• Described 1977 by Rivest, Shamir and Adleman
• Patended in the US till September 2000
• RSA is the most commonly used public algorithm
• It relies on the difficulty of factoring large
  integers
• Secure from a key length of 1024 bits (available
  512, 1024, 2048, 4096)
• More detailed information
• http//en.wikipedia.org/wiki/RSA

17
Asymmetric Data Encryption
plaintext
Receiver
public key
asymmetric encrypted text
asymmetric encrypted text
Transmit
Sender
secret private key
plaintext
18
Encryption Summary

• Symmetric encryption
• Quite Fast
• Problem is key exchange
• Asymmetric encryption
• Slow
• Public key is known to everybody
• Real live
• Combination for data exchange

19
Encryption At Sender
plaintext
Generate random symmetric key
Create hash
Encrypt with symmetric key
Encrypt with public key
Asymmetric encrypted symmetric key and hash
Symmetric encrypted text
Encrypted message
20
Decryption At Receiver
Encrypted message
Asymmetric encrypted symmetric key and hash
Symmetric encrypted text
Decrypt with private key
Decrypt with symmetric key from sender
Hash and symmetric key from sender
plaintext
create hash
verify hashes
21
Certificates

• Required for large-scale use of public key
  cryptography
• Contains
• Public key
• Identity information of publisher (name, etc)
• Signature
• More details
• http//en.wikipedia.org/wiki/Public_key_certificat
  e

22
Sending Data

• Sending through secure connection
• SSL
• VPN
• Sending encrypted data
• Email
• HTTP-Post in a form
• Web Service

23
Secure Connection

• Principle
• How it works
• SSL
• Secure Sockets Layer
• Secure connection between client and server
• Not necessary a end-to-end security solution
• VPN
• Virtual Private Network
• Secures all communication between to end points
• Ends normally within the LAN

24
Secure Connection Principle

• Uses public key cryptography
• Public key based key exchange
• Symmetric key based traffic encryption

25
Secure Connection SSL

• Advantage
• Runs from any browser in any place (https)
• Disadvantage
• Server needs high security certificate
• Port 443 on client side has to be open
• PowerBuilder
• Connect with HTTPS
• Client needs to take care of protocol and proxy
  logon

26
Secure Connection VPN

• Advantage
• Connects two or more networks and can be use for
  every communication
• Disadvantage
• Needs infrastructure like e.g. firewalls or
  client software
• PowerBuilder
• Is transparent, no need to take care of it

27
Sending Encrypted Data

• Email
• Available at most desktops
• HTTP-Post
• Send data through a HTTP
• Web Service
• Standard for data exchange

28
Sending Encrypted Data Email

• Advantage
• Available at most desktops
• Disadvantage
• No feedback if data was received
• PowerBuilder
• Send Email through MAPI (mailSessionObject)
• Send by OLE with Outlook
• Use some 3rd party SMTP component

29
Sending Encrypted Data HTTP-Post

• Advantage
• Can be used from any application that can access
  the internet
• Feedback is possible
• Disadvantage
• No standard for sending data
• PowerBuilder
• HTTP-Post

30
Sending Encrypted Data Web Service

• Advantage
• Standard for exchanging data
• Can be used from any application that can access
  the internet
• Feedback is possible
• Disadvantage
• Not easy to access
• Not yet very wide used
• Standard for encryption not fixed yet

31
Web Service And PowerBuilder

• In any version
• HTTP-Post is available for accessing a Web
  Service
• In PowerBuilder 8
• Easysoap comes with PowerBuilder
• 3rd Party DLL like Pocketsoap
• In PowerBuilder 9
• PBSoapClient90.pbd and PBSoapClient90.dll
  (through Easysoap)
• Details in PB HTML Help Chapter 30

32
Real Live Problems

• Proxy servers
• Firewalls
• Software

33
Real Live Problems Proxy Servers

• Proxy server removes empty SoapAction header
• Error No SoapAction header from receiver
• Login on proxy server
• InternetSetOption() API call
• InternetConnect() with user and password
• SetOption() for SoapConnection
• Conversions
• Convertion of HTTP-Post to a Get
• Closed ports on proxy server
• Often in large companies no way to open the SSL
  port 443

34
Real Live Problems Firewalls

• Closed ports on firewall
• Often in large companies no way to open the SSL
  port 443

35
Real Live Problems Software

• Windows version and IE
• Not possible to connect through proxy server with
  certain combinations of the operating system and
  IE (e.g. NT 4 SP 5 and IE 5)
• Components
• Pocketsoap through some proxy servers

36
3rd Party Tools

• Crypto TM library
• Class library of cryptographic schemes (symmetric
  and asymmetric encryption, one way hash
  functions, random numbers, compression, etc)
• C source
• Public domain
• Various platforms
• http//www.cryptopp.com
• Open Source SOAP Clients
• EasySoap, http//easysoap.sourceforge.net
• PocketSoap, http//www.pocketsoap.com

37
Literature

• The Code Book, The Science of Secrecy from
  Ancient Egypt to Quantum Cryptography
• Simon Singh, ISBN 3-446-19873-3
• wikipedia.org

38
Questions?