Content deleted Content added
Wutherings (talk | contribs) No edit summary |
sep lede, layout fix |
||
| (16 intermediate revisions by 11 users not shown) | |||
Line 1:
{{Short description|Prototype of Secure Sockets Layer}}
<!-- This page uses text copied from http://www.cs.utexas.edu/users/lam/NRL/SSL.html but that page now carries CC and GNU licences compatible with Wikipedia -->
[[File:2004 ACM Software System Award Certificate.jpg|thumb|For inventing secure sockets in 1991 and implementing the first [[secure sockets layer]], named SNP, in 1993.]]
'''Secure Network Programming''' (SNP) is a prototype of the first [[Secure Sockets Layer]], designed and built by the Networking Research Laboratory at [[the University of Texas at Austin]], led by [[Simon S. Lam]]. This work was published in the 1994 USENIX Summer Technical conference.<ref name="SNP-USENIX">{{cite journal |last1=Woo |first1=Thomas |last2=Bindignavle |first2=Raghuram |last3=Su |first3=Shaowen |last4=Lam |first4=Simon |title=SNP: An Interface for Secure Network Programming |journal=Proceedings USENIX Summer Technical Conference |date=June 1994 |url=http://www.cs.utexas.edu/users/lam/Vita/Cpapers/WBSL94.pdf |accessdate=21 July 2019}}</ref> For this project, the authors won the 2004 [[ACM Software System Award]].▼
'''Secure Network Programming''' ('''SNP''') is a prototype of the first [[Secure Sockets Layer]], designed and built in 1993 by the Networking Research Laboratory at [[the University of Texas at Austin]], led by [[Simon S. Lam]].
==History==
This work began in 1991 as a theoretical investigation by the Networking Research Laboratory on the formal meaning of a protocol layer satisfying an upper interface specification as a service provider and a lower interface specification as a service consumer.<ref>{{cite journal |last1=Lam |first1=Simon |last2=Shankar |first2=Udaya |title=A Theory of Interfaces and Modules I — Composition Theorem |journal=IEEE Transactions on Software Engineering |date=January 1994 |volume=20 |pages=55–71 |doi=10.1109/32.263755 |url=https://dl.acm.org/citation.cfm?id=631099 |accessdate=21 July 2019}}</ref> The Networking Research Laboratory received a grant from the National Security Agency in June 1991 to investigate how to apply their theory of modules and interfaces to security verification (NSA INFOSEC University Research Program grant no. MDA 904-91-C-7046, 1991-1994). At that time, there were three well-known authentication systems built (MIT's [[Kerberos_(protocol)|Kerberos]]) or being developed (DEC's SPX and IBM's KryptoKnight). All of these systems suffered from a common drawback, namely, they did not export a clean and easy-to-use interface that could be readily used by Internet applications. For example, it would take a tremendous amount of effort to “kerberize” an existing distributed application.▼
▲
Simon S. Lam was inducted into the Internet Hall of Fame (2023) for "inventing secure sockets in 1991 and implementing the first secure sockets layer, named SNP, in 1993."<ref>{{cite web |url=https://cns.utexas.edu/news/accolades/computer-scientist-inducted-internet-hall-fame|title=Simon S. Lam, Regents Chair Emeritus in Computer Science, inducted into the Internet Hall of Fame}}</ref><ref>{{cite web | url=https://www.internethalloffame.org/inductee/simon-s-lam |title=Simon S. Lam, 2023 Internet Hall of Fame inductee}}</ref>
Toward the goal of "secure network programming for the masses," the inventors of SNP conceived secure sockets as a high-level abstraction suitable for securing Internet applications. In 1993, they designed and built a prototype of SNP. Designed as an application sublayer on top of sockets, SNP provides a user interface closely resembling sockets. This resemblance was by design so that security could be retrofitted into existing socket programs with only minor modifications. Also, with such a sublayer carefully designed and its implementation thoroughly debugged, it can be easily used by any Internet application that uses sockets for end-to-end communications. This is a natural idea in hindsight but, in 1993, it was novel and a major departure from mainstream network security research at that time.▼
This work began in 1991 as a theoretical investigation by the Networking Research Laboratory on the formal meaning of a protocol layer satisfying an upper interface specification as a service provider and a lower interface specification as a service consumer.<ref>{{cite journal |last1=Lam |first1=Simon |last2=Shankar |first2=Udaya |title=A Theory of Interfaces and Modules I — Composition Theorem |journal=IEEE Transactions on Software Engineering |date=January 1994 |volume=20 |pages=55–71 |doi=10.1109/32.263755 |url=https://dl.acm.org/citation.cfm?id=631099 |accessdate=21 July 2019|url-access=subscription }}</ref> A case study of adding a security layer between the application and [[network layer]]s was presented.<ref>{{cite book |last1=Lam |first1=Simon |last2=Shankar |first2=Udaya|last3=Woo |first3=Thomas |title=Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy |chapter=Applying a theory of modules and interfaces to security verification |date=May 1991 |chapter-url=https://www.cs.utexas.edu/users/lam/Vita/IEEE/LSW91.pdf | pages=136–154|doi=10.1109/RISP.1991.130782 |isbn=0-8186-2168-0 |s2cid=18581606 | access-date=5 January 2021}}</ref>
SNP's secure sockets support both stream and datagram semantics with security guarantees (i.e., data origin authenticity, data destination authenticity, data integrity, and data confidentiality.) Many of the ideas and design choices in SNP can be found in subsequent secure sockets layers, including: placing authenticated communication endpoints in the [[application layer]], use of [[public key cryptography]] for authentication, a handshake protocol for establishing session state including a shared secret, use of [[symmetric key cryptography]] for data confidentiality, and managing contexts and credentials in the secure sockets layer.▼
▲
The paper presented on June 8, 1994 at the USENIX Summer Technical Conference <ref name="SNP-USENIX">{{cite journal |last1=Woo |first1=Thomas |last2=Bindignavle |first2=Raghuram |last3=Su |first3=Shaowen |last4=Lam |first4=Simon |title=SNP: An Interface for Secure Network Programming |journal=Proceedings USENIX Summer Technical Conference |date=June 1994 |url=http://www.cs.utexas.edu/users/lam/Vita/Cpapers/WBSL94.pdf |accessdate=21 July 2019}}</ref> includes the system design together with performance measurement results from the prototype implementation to clearly demonstrate the practicality of a secure sockets layer.▼
▲Toward the goal of
SNP invented secure sockets for Internet applications in general, independently and concurrently with the design and development of the [[HTTP]] protocol for the [[world-wide web]] which was still in its infancy in 1993. Subsequent secure socket layers ([[Transport Layer Security|SSL]] by [[Netscape]] and [[Transport Layer Security|TLS]] by [[IETF]]), re-implemented several years later using key ideas first presented in SNP, enabled secure e-commerce between browsers and servers. Today, many Internet applications (including [[email]]) use [[HTTPS]] which consists of HTTP running over a secure sockets layer.▼
▲SNP's secure sockets support both stream and datagram semantics with security guarantees (i.e., [[data origin authenticity]], data destination authenticity, [[data integrity]], and data confidentiality).
▲The paper presented on June 8, 1994 at the USENIX Summer Technical Conference
▲SNP
== References ==
{{Dual |source=Networking Research Laboratory |sourcepath=https://www.cs.utexas.edu/users/lam/NRL/SSL.html |sourcearticle=A brief history of the first secure sockets layer |date=2023-05-10}}
{{reflist}}
| |||