Issue No. 03 - June (1996 vol. 16)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/40.502404
PES, Privacy Enhanced Sockets, is a user-level subsystem providing network privacy for stream sockets. This document presents its design and implementation in UNIX and Microsoft Windows systems. PES provides secure channels on top of standard stream sockets, allowing existing client-server applications to transparently use secure channels instead of standard remote connections. PES is composed of two entities which can be almost transparently added to existing systems: a dynamic library and a trusted proxy server. All cryptographic details concerning the establishment of secure channels are solely handled by instances of these two entities using the Diffie-Hellman public-key algorithm. Man-in-the-Middle attacks are prevented using asymmetric cryptography for host authentication. Host's public keys are acquired and stored on a per-user basis such as for PGP, which does not require central management but only a reduced user intervention. PES has been tested with several applications -- telnet, ftp, several X11 and WWW applications -- in SunOS, Solaris and Microsoft Windows 3.1. Performance tests run in Sun SPARCstations show a low latency time and an acceptable throughput degradation.
Public-key security, network privacy, client-servers, cryptography, Diffie-Hellman algorithm
P. Guedes and A. Zúquete, "Transparent Authentication and Confidentiality for Stream Sockets," in IEEE Micro, vol. 16, no. , pp. 34-41, 1996.