2

I am looking into securing network communications (UDP and TCP). It is looking like 'use IPSec' is a good solution. I know this is implemented at a lower level, and the application does not need to see it. However I want my Java application to be secure, and to know that it is secure.

So in practice, what do I have to do to use IPSec in a Java application? Do I still use DatagramSocket/ java.net.Socket.Socket? Is there something I need to do with System.getSecurityManager()? Do I have to do configuration at the OS (windows XP talking to an Amazon cloud) level?

At some point I will need to check/provide security credentials. How is that done?

I have done a fair amount of googling, and have seen at the network layer how it works. But I have not found anything along the lines of sample application code that takes advantage of IPSec.

Has anyone done this?

Thanks!

Jon
  • 1,013
  • 1
  • 10
  • 17
  • I am curious why you choose IPSec over an encryption technology with a well known API (like openssl) – Mike Pennington Jun 10 '11 at 11:06
  • I would use SSL as its a standard way of securing a connection. e.g. every browser supports it. You would have no doubt at the Java level that are using SSL and its entirely within application control which appears to be your preference. – Peter Lawrey Jun 10 '11 at 11:07
  • @Mike, Not sure Java supports openssl, but it does have built in SSL support, so I like your thinking. – Peter Lawrey Jun 10 '11 at 11:08
  • Part of the project will be (eventually) implemented on an embedded hardware with limited power, so while SSL is an option, we are considering others. – Jon Jun 10 '11 at 11:14

3 Answers3

2

Ok, I have found the info I was looking for. Maybe the question didnt make it exactly clear what I wanted, but this is what I found:

IPSec needs to be configured on the operating system (to over simplify). You set up a connection between the two machines, and let them go at it. You know you have a secure connection, because you only allow secure connections on that machine. If you did not have IPSec configured it would not be secure, so you just need to make sure that you do.

Security can be a shared secret, or an X509 Certificate

And some useful how tos:

For linux http://www.ipsec-howto.org/x304.html

For Windows: http://www.elandsys.com/resources/ipsec/wincert.html

Jon
  • 1,013
  • 1
  • 10
  • 17
1

To expand on older answers: Suppose that, having to set up IPSec between two endpoints, we want to know if it's in place. If IPSec encryption is happening, it may be the best solution (hardware encryption, keys shared centrally with other services on the machine), but if IPSec encryption isn't being applied, we'd better abort the connection or use application-protocol-level encryption before sending sensitive data.

Unfortunately, there is no standard API for detecting IPSec on a socket (and any Java for doing this is going to have to interface with the native system calls). Further, note that IPSec may be applied by a router somewhere along the route, transparently, so it's only possible to detect it if it's being applied by the OS kernel.

APIs:

  • WSAQuerySocketSecurity
  • setsockopt(sock, IPPROTO_IP, IP_SEC_OPT, &opts) since Solaris 8 (great tutorial here)
  • Shockingly completely(?) undocumented IP_IPSEC_POLICY on linux
  • Well documented IP_IPSEC_POLICY on FreeBSD and MacOS (using the well-established KAME implementation). Search for examples in /usr/src.
Nicholas Wilson
  • 9,435
  • 1
  • 41
  • 80
1

You can't do it - like you said it's at a lower level - much lower!

Is there any particular reason why "use SSL" isn't a good solution?

Alnitak
  • 334,560
  • 70
  • 407
  • 495
  • So an application can not know if it is secured with IPSec or not? – Jon Jun 10 '11 at 11:15
  • 2
    not portably, at any rate. If you're using host-based IPsec then it _might_ be possible to tell using native methods, but they'd be OS dependent. If you're using network-level IPsec then you can't tell at all. – Alnitak Jun 10 '11 at 12:43