View
61
Download
1
Category
Tags:
Preview:
DESCRIPTION
Horse Racing System. (CSC 7250 Project I). Supervised by: Prepared by:. Prof. Michael Lyu Wilson Ngan. Agenda. Introduction Demonstration Question & Answer. INTRODUCTION. Secure Zone. Non-Secure Zone. Database Server. UDDI Registry Server. Workstation 1. Authentication Module. - PowerPoint PPT Presentation
Citation preview
Horse Racing System
Supervised by:
Prepared by:
Prof. Michael Lyu
Wilson Ngan
(CSC 7250 Project I)
Agenda
Introduction Demonstration Question & Answer
INTRODUCTION
Architecture Overview
Non-Secure Zone
Workstation 1
Internet
Workstation n
Workstation 2
UDDI Registry Server
Secure Zone
DatabaseServer
ApplicationServer
Terminal 3Terminal 2
Terminal 1
Authentication Module
Firewall
Application Server
Tomcat
Apache AIX 1.1Connection Pool
SOAP HTTP
Database Server Workstations Terminals
JSPServlet
Authentication Module
OPENSSLJNI
JDBC
Workstations
Workstations
Crypto API
PCKS
Smart Card Reader
Windows Application
SOAP
Application Server
Terminals
Terminals
Web Application
HTTP
Application Server
Database Server
Oracle 9i Server
Application Server
Oracle 9i Instance
JDBC
UDDI Registry Server
Application Server
UDDI Registry Server
Terminal
UDDI
UDDI
UDDI
Registry Web Services
Search Web Services
Mutual Authentication
TomcatAuthentication ModuleOracle 9i Workstations
Generate Server Challenge, Session Key()
Request Server Challenge()
Save Session ID, Server Challenge, Session Key()
Return Session ID, Server Challenge()
Send Session ID, RSA Encrypted Server Challenge, Certificate, Client Challenge()
Retrieve Server Challenge()
Verify Signature()
Verify Certificate Chain()
Send RSA Encrypted Session Key, RSA Encrypted Client Challenge()
Verify Signature, Decrypt Session Key()
Secure Data Exchange
TomcatAuthentication ModuleOracle 9i Workstations
Send Session ID, 3Des Encypted Instruction()
Retrieve Session Key()
Decrypt and Execute Instruction()
Send 3Des Encrypted Result()
Decrypt Result()
Session Clean Up
TomcatAuthentication ModuleOracle 9i Workstations
Send Session ID, 3Des Encypted Logout Instruction()
Retrieve Session ID, Session Key, Server Challenge()
Send 3Des Encrypted Result()
Decrypt and Execute Instruction()
Retrieve Session Key()
Web Service
Web Services Architectures SOAP—Protocol over HTTP WSDL – Description of Web Service UDDI – Searching Web Service
Language Independent (XML) Flexible Inefficient (Large overhead) Sample
Client – SmartApp Server – DemoLogin
Web Service
Package Name Vendor Server
Java Web Services Developer Pack (Java WSDP)
Sun Tomcat
Emerging Technologies Toolkit (ETTK) IBM Websphere
Apache eXtensible Interaction System (AXIS) Apache Apache
Microsoft’s .NET Framework Microsoft IIS
Table 1 Summary of Web Service Development Toolkit
Openssl
FREE for commercial and non-commercial Base on SSLeay library developed by Eric A. Young Complete cryptographic library Open Source Multi-platform (Windows, Unix, Linux, MasOS, VMS, OS2) Support SSL/TLS, CA operation, all PKCS standards Command Tools Sample (OpensslWrapperCOM)
Crypto API
Windows ONLY FREE for commercial and non-commercial High Level API Open for different vendor to implement All key pairs store in Container Big Endian / Little Endian Each key pairs responsible for
AT_KEYEXCHANGE AT_SIGNATURE
Sample (sRitCryptoLib)
Summary of Cryptographic Provider
Command Line Platform Language CA support
OpenSSL Yes Windows, Unix, Linux, MasOS, VMS, OS2
C Yes
JCE No Follow Java Java No
Bouncy Castle No Follow Java Java Yes
Crypto API No Windows VC Yes
Table 2 Summary of Cryptographic Library
Free Marker
FREE for commercial and non-commercial Alternatives to JSP Design for MVC (Model View Controller) model Template Engines Support non-web application
Free Marker
ATL/COM
Part of the Microsoft Foundation Classes COM -- Component Object Model
reusable very efficient components
ATL is Active Template Library Clean and Fast development technology
Sample (OpensslWrapperCOM)
JNI
Java Native Interface Bridge between Java and C Alternative Source of Standard Library
CPU usage Memory usage
Warning !!!! Java VM will crash if memory leakage exists
Sample (CryptoWrapperJNI)
ANT
Robust Build tools Preserve the development environment Used by major JAVA editor
Forte, Netbeans, Ellipse
Support command line Sample (Horse Racing System)
DEMONSTRATION
Horse Race System
Stable Management
Stable Management(Add Stable)
Stable Management(Delete Stable)
Stable Management(Modify Stable)
Race Management
Race Management(Add Race)
Race Management(Delete Race)
Race Management(Modify Race)
DEMONSTRATION (Client Application)
Get Challenge
DEMONSTRATION (Client Application)
Sign Challenge
DEMONSTRATION (Client Application)
Logon
DEMONSTRATION (Client Application)
Logout
Q & A
END
Recommended