Download Shareware and Freeware Software for Windows, Linux, Macintosh, PDA

line Home  |  About Us  |  Link To Us  |  FAQ  |  Contact

Serving Software Downloads in 956 Categories, Downloaded 49.484.902 Times

seppl 0.4

  Date Added: May 07, 2010  |  Visits: 1.272

seppl

Report Broken Link
Printer Friendly Version


Product Homepage
Download (93 downloads)



seppl is both a protocol definition and a software implementation of a new encryption layer for IPv4. seppl project makes use of symmetric cryptography for encrypting the whole traffic on a network. Its implementation is designed around Linux netfilter/iptables. seppl introduces two new netfilter targets: CRYPT and DECRYPT. A firewall rule may thus be used for encrypting/decrypting the incoming and outgoing network traffic. This makes seppl extraordinarily easy to use, since no daemons need to run for secure communication. seppl uses the encryption engine of the Linux Cryptographic API which is available in kernel 2.4.22 and newer. seppl is primarily intended for encrypting wireless LANs (as secure replacement of the broken WEP encryption) and local ethernet networks but may be used for large scale VPN solutions as well. The protocol seppl relies on is not compatible with any other software. The protocol is open and well defined but there is no implementation other than this reference software. Why SEPPL, there are already IPSEC, CIPE,...? CIPE may be used for point-to-point connections only. It has tunnel structure and thus introduces new IP addresses. This is not always desirable. It requires a user space daemon. IPSEC/FreeSwan is extremely complicated to use. Due to its strange routing scheme it is nearly impossible to use together with routing daemons. IPSEC is heavyweight. seppl is truely peer-to-peer. It encrypts seamlessly all outgoing traffic and it thus compatible with routing daemons. It is extremely easy to use as well, as it makes no change to the normal routing behaviour. seppl is extremely lightweight. The Implementation The implementation consists of three Linux kernel modules: seppl.o, ipt_CRYPT.o and ipt_DECRYPT.o. The former is the in-kernel key manager, the latter are the two new netfilter targets. Both depend on seppl.o. seppl.o must be inserted into kernel in first place. The key manager may be accessed with the file /proc/net/seppl_keyring. It contains binary key data, and is initially empty. You may add a new key by writing it to that file. The two Python scripts seppl-ls and seppl-gen-key me be used for key management. seppl-ls may be used for converting seppl keys between the binary format used by /proc/net/seppl_keyring and a human readable XML based format. Simply call seppl-ls for a list of all currently active keys. seppl-gen-key generates a new key from /dev/urandom. By default it will use the XML format. The parameter -x forces binary mode. You may generate and activate two keys "linus" and "alan" by issuing the following command lines: seppl-gen-key -n linus -x > /proc/net/seppl_keyring seppl-gen-key -n alan -x > /proc/net/seppl_keyring seppl-ls without argument lists the new keys saved in the kernel keyring. You may remove all (currently unused) keys by issuing: echo clear > /proc/net/seppl_keyring Since seppl is based on symmetric cryptography using shared keys you have to copy newly generated keys to every host you want to connect to your seppl infrastructure. (preferably via SSH or any other secure file transfer) You get a binary copy of your current keyring by issuing: cat /proc/net/seppl_keyring > keyring.save Now copy that file keyring.save to all other hosts and issue the following command there: cat keyring.save > /proc/net/seppl_keyring That is simple, isnt it? After doing so you may configure your firewall settings on each host: iptables -t mangle -A POSTROUTING -o eth0 -j CRYPT --key linus iptables -t mangle -A PREROUTING -i eth0 -j DECRYPT This will encrypt all outgoing traffic on eth0 with the key "linus". All incoming traffic is decrypted with either "linus" or "alan", depending on the key name specified in the specific network packet. Unencrypted incoming packets are silently dropped. Use iptables -t mangle -A PREROUTING -p 177 -i eth0 -j DECRYPT for allowing both crypted and unencrypted incoming traffic. Thats it. Youre done. All your traffic on the local subnet is now crypted with seppl. The default cipher is AES-128. If you dont specify the name of the used key it defaults to "def". An SysV init script /etc/init.d/seppl is provided. It will load seppls kernel modules and write all keys from the directory /etc/seppl to the kernel keyring. It will not add any firewall rules, however. Performance issues The network packets are increased in size when they are crypted, since two new headers and the IV are added. (36 bytes in average) This conflicts on some way with the MTU management of the Linux kernel and results in having all large packets (that is: package size near MTU) fragmented in one large and another very small package. This will hurt network performance. A work-around of this limitation is using the TCPMSS target of netfilter to adjust the MSS value in the TCP header to smaller values. This will increase TCP perfomance, since TCP packets of the size of the MTU are no longer generated. Thus no fragmentation is needed. However, TCPMSS is TCP specific, it wont help on UDP or other IP protocols. Add the following line before encryption to your firewall setup: iptables -t mangle -A POSTROUTING -p tcp --tcp-flags SYN,RST SYN -o eth0 -j TCPMSS --set-mss $((1500-40-8-16-6-15)) The Protocol For encryption every single unencrypted packet is taken and converted to a crypted one. Not a single further packet is ever sent. Original SEPPL counterpart +------------+ +-----------------------+ | IP-Header | | Modified IP-Header | | +------------+ <==> +-----------------------+ | | Payload | | SEPPL-Header | > Unencrypted +------------+ +-----------------------+ | | Initialization Vector | | +-----------------------+ / | SEPPL-Header | +-----------------------+ | Crypted | Payload | | +-----------------------+ / The original IP header is kept as far as possible. Only three fields are replaced with new values. The protocol number is set to 177, the fragment offset is set to 0 and the total length is corrected to the new length. All other fields are kept as is, including IP options. The unencrypted seppl header consists of a one-byte cipher number and a key name. Currently only 0 and 1 are defined as cipher numbers for AES with 128bit key, resp. AES with 192bit key. The key name (7 bytes) may be used to select a specific key in a larger keyring. The IV is used for CBC coding of the cipher used. It differs from packet to packet, but is not randomly generated. Due to perfomance reasons, only the initial IV on system startup is randomized, all following IVs are generated by incrementing the previous ones. The crypted seppl header consists of three saved fields of the original IP header (protocol number, fragment offset, total length) and a byte which is always 0 for detecting unmatching keys. The payload is the original IP-playload, from the TCP/UDP/other header to the end. Limitations:.

Requirements: No special requirements
Platforms: Linux
Keyword: Decrypt Ipsec Iv Key Keyring Keys May Be Mtu New Protocol Protocol Definition Seppl Software Implementation Tcpmss Used
Users rating: 0/10

License: Freeware Size: 327.68 KB
USER REVIEWS
More Reviews or Write Review


SEPPL RELATED
Programming  -  Useful Java Application Components 0.9.25
UJAC provides a collection of JAVA components which may be useful in some projects. Each component is designed for easy use, easy integration into existing projects, extensibility and last but not least efficiency. Whats New in This Release:...
4.1 MB  
E-Mail Tools  -  KMail Power Tools 0.3
KMail Power Tools is meant to be a suite of enhancements to KMail and may be other mail user agents. It is currently composed of only one (perl) script that acts as a filter (take input from stdin, outputs the modified mail to stdout), adds...
10.24 KB  
Network & Internet  -  ccHost 4.0
ccHost is a Web-based infrastructure that may be used to host and allow for commenting, remixing, and distribution globally. The more installations of ccHost and its variations, the more content there will be available for enjoyment and artistic...
 
3D Graphic Tools  -  Ghost Diagrams 0.8
Ghost Diagrams is a project that takes sets of tiles and tries to find patterns into which they may be formed. The patterns it finds when given randomly chosen tiles are often surprising. It turns out that tiling patterns are a form of...
33.79 KB  
Puzzles  -  Mazesmith 0.7.0 beta
Mazesmith generates mazes that may be played through a Web browser or printed for offline use. The maze is fully customizable with many options, including size, colors, different shapes (or create your own), five different algorithms, and the...
26.62 KB  
Utilities  -  pam_mktemp 1.0.2
pam_mktemp is a PAM module which may be used with a PAM-aware login service to provide per-user private directories under /tmp as a part of account management or PAM session. When an interactive (shell) session is started, a directory is created...
4.1 KB  
Shell & Desktop  -  Key Dropper 1.0
Key Dropper will randomly cause typed keys to be ignored, causing the subject to believe that he/she did not actually press the key. Neat prank for April Fool's Day. To disable, kill keydrop.exe in the task manager or reboot.
8 KB  
Screen Savers  -  Alicia Keys Screensaver 2.0
Alicia Keys is a Rhythm and Blues artist from Manhattan New York that has proven herself as a true musical genius in the industry. Alicia Keys is a singer, songwriter and a nine-time Grammy winner who has taken the continent of Africa into her...
1.58 MB  
Log Analyzers  -  pmacct 0.11.4
pmacct is a small set of passive network monitoring tools to measure, account and aggregate IPv4 and IPv6 traffic; aggregation revolves around the key concept of primitives (VLAN id, source and destination MAC addresses, hosts, networks, AS...
296.96 KB  
Utilities  -  pmacct-contribs 20051103
pmacct is a small set of passive network monitoring tools to measure, account and aggregate IPv4 and IPv6 traffic; aggregation revolves around the key concept of primitives (VLAN id, source and destination MAC addresses, hosts, networks, AS...
30.72 KB  
NEW DOWNLOADS IN NETWORK & INTERNET, NETWORKING TOOLS
Network & Internet  -  Free WiFi Hotspot 3.3.1
Free WiFi Hotspot is a super easy solution to turn your laptop or notebook into a portable Wi-Fi hotspot, wirelessly sharing your internet connections like DSL, Cable, Bluetooth, Mobile Broadband Card, Dial-Up, etc. through the built-in wireless...
1.04 MB  
Network & Internet  -  Easy Uploads 1.8
Easy uploads is a file storage media streaming application designed by Filestreamers that allows you to upload, store, and stream your files from their virtually unlimited file storage server. Easy Uploads can backup,share, and stream your files...
615.97 KB  
Network & Internet  -  PacketFence ZEN 3.1.0
PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) system. Boosting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X...
1024 MB  
Network & Internet  -  django-dbstorage 1.3
A Django file storage backend for files in the database.
10.24 KB  
Network & Internet  -  SQL Inject Me 0.4.5
SQL Inject Me is a Firefox extension used to test for SQL Injection vulnerabilities. The tool works by submitting your HTML forms and substituting the form value with strings that are representative of an SQL Injection attack.
133.12 KB  
Networking Tools  -  gvrpad 0.1
gvrpad is a daemon that makes GVRP announcements of all VLAN interfaces on a FreeBSD system. GVRP is the GARP VLAN Registration Protocol, defined in IEEE 802.1Q (VLANS); GARP is the Generic Attribute Registration Protocol, defined in 802.1D...
15.36 KB  
Networking Tools  -  Cheops 0.61
Cheops is an Open Source Network User Interface. It is designed to be the network equivalent of a swiss-army knife, unifying your network utilities. Cheops is for the network what a file manager is for your filesystem..
317.44 KB  
Networking Tools  -  ssh tunnel on demand 1.0
ssh tunnel on demand provides a script that creates an SSH tunnel on demand. ssh tunnel on demand is a script that makes it possible for a user to create an SSH tunnel to a server and connect to it without needing an account on the box or any...
13.31 KB  
Networking Tools  -  strongSwan 4.1.5
strongSwan is an OpenSource IPsec implementation for the Linux operating system. strongSwan is an OpenSource IPsec implementation for the Linux operating system. In order to have a stable IPsec platform to base our future extensions of the X.509...
1.7 MB  
Networking Tools  -  triggers 0.41
trigger is a lightweight, asynchronous notification mechanism to set off events in and across systems. The poor mans daily snapshot, glastree builds live backup trees, with branches for each day. Users directly browse the past to recover older...
14.34 KB