Journal "Software Engineering" (Programmnaya Ingeneria) | Secure Network Channel for Web Services based on SSL/TLS Technology in a Linux Environment

Main

New Issue

Archive

Most cited articles

Editor in chief

Editorial board

For the authors

Publishing ethic

Peer reviewing

Publishing House

Old site

Russian

Issue N3 2022 year

DOI: 10.17587/prin.13.124-131

Secure Network Channel for Web Services based on SSL/TLS Technology in a Linux Environment

R. E. Asratian, rea@ipu.ru, V. A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences, Moscow, 117997, Russian Federation

Corresponding author: Asratian Ruben E., Leading Researcher, V. A. Trapeznikov Institute of Control Sciences of Russian Academy of Sciences, Moscow, 117997, Russian Federation, E-mail: rea@ipu.ru

Received on January 27, 2022

Accepted on February 14, 2022

An approach to the organization of secure interaction in distributed systems via a public network is considered, based on the organization of secure communication channels based on sSl/TLS technology. Unlike VPN technology, the described approach is strictly focused on supporting only HTTP/SOAP interactions in distributed systems, which allows you to implement authentication and authorization based on HTTP-header data and client public key certificates as ready-made technical solutions. The approach implies the use of special gateways that provide switching from HTTP to HTTPS on the client side and switching from HTTPS to HTTP on the web server side and make up a "transparent" communication channel for system components. It is assumed that both client programs and web servers are located in the same secure private network (or even on the same network node) with the gateways serving them, and only the interaction between the gateways is carried out through the public network. The work of gateways is based on the use of SSL/TLS technology to add a secure channel over an already open TCP connection. The main idea of the approach is that in this case, security tools are connected at high levels of the OSI protocol hierarchy, which allows gateways to analyze high-level parameters of information requests and responses of web servers contained in HTTP-headers. And this, in turn, allows you to add additional "intelligence" to the gateways associated with authentication of servers and clients, as well as with the differentiation of access rights to information resources up to individual functions (methods) of web services based on the data contained in "Subject Name" attribute of public key certificates. The implementation of the approach in the Linux environment and the results of an experimental study are described. In particular, the study showed that when calling service functions with a runtime of 0.5 seconds or higher, the secure channel increases the total query execution time by only a few percent, even with a rather large amount of data being transmitted (up to 200 kilobytes).

Keywords: distributed systems, information security, web services, SSL/TLS technology, public key certificates, Linux

pp. 124–131

For citation:
Asratian R. E. Secure Network Channel for Web Services based on SSL/TLS Technology in a Linux Environment, Programmnaya ingeneria, 2022, vol. 13, no. 3, 124—131.