the websocket protocol
play

The WebSocket Protocol IETF 80 HyBi WG Takeshi Yoshino tyoshino at - PowerPoint PPT Presentation

Feb 04, 2024 •50 likes •450 views

The WebSocket Protocol IETF 80 HyBi WG Takeshi Yoshino tyoshino at google dot com Background Evolution of web apps Dynamic and real-time application Webmail, Chat, word processing, etc. HTTP is not designed for web apps Large

  1. The WebSocket Protocol IETF 80 HyBi WG Takeshi Yoshino tyoshino at google dot com

  2. Background • Evolution of web apps – Dynamic and real-time application – Webmail, Chat, word processing, etc. • HTTP is not designed for web apps – Large overhead – Hanging-GET is necessary for real-time server push

  3. WebSocket is (1) • New protocol over TCP – Opening handshake • HTTP-esque request and response – Newly defined WebSocket frame • New API for JavaScript var ws = new WebSocket("ws://example.com/foobar"); ws.onmessage = function(evt) { /* some code */ } ws.send("Hello World"); …

  4. WebSocket is (2) • Intended to replace hanging-GET based bidirectional channel – Two XMLHttpRequest  One WebSocket • Full duplex • Smaller overhead • Fewer TCP connection • Simpler API

  5. Other Requirements • Coexist with HTTP on the same port – Use 80/443 which are rarely blocked • Work with HTTP infrastructure – Proxy and firewall • Allow cross origin connection – http://example.com/foo.js establish WebSocket to ws://example.org/chat • Fit JavaScript programming model

  6. Security Concern • Cross protocol attack – Abuse of WebSocket on browser • By malicious JavaScript • To attack HTTP server, cache, … – Abuse of XMLHttpRequest • To attack WebSocket server • Port scanning

  7. Protocol Overview • User-agent establishes TCP – Order, reliable transmission, congestion control are guaranteed by TCP • Opening handshake • Exchange WebSocket frames • Closing handshake

  8. Opening Handshake (1) Example • Client GET /chat HTTP/1.1 Host: server.example.com sends Upgrade: websocket Connection: Upgrade Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ== Sec-WebSocket-Origin: http://example.com • Server HTTP/1.1 101 Switching Protocols Upgrade: websocket replies Connection: Upgrade Sec-WebSocket-Accept: s3pPLMBiTxaQ9kYGzzhZRbK+xOo= with

  9. Opening Handshake (2) • HTTP compliant request/response format – Can go through intermediaries for HTTP – Code for HTTP can be diverted • “GET /chat HTTP/1.1 ” – Requested resource is “/chat” • “Host: server.example.com” – Enables name virtual hosting • “Upgrade” and “Connection” header – Tells the server to switch to WebSocket protocol

  10. Opening Handshake (3) Peer Validation • Check if the peer is WebSocket ready – Only ones understand WebSocket can generate valid Sec-WebSocket-Accept • Challenge from client : Sec-WebSocket-Key – BASE64(Random 16 octets) • Response from server : Sec-WebSocket-Accept – BASE64(SHA-1(concat <Key> and <GUID>)) – SHA-1 is common, verifiable – GUID is uniquely defined for WebSocket – “258EAFA5 -E914-47DA-95CA-C5AB0DC85B11 ”

  11. Opening Handshake (4) • Sec-WebSocket-Origin – Optional for non-browser clients – Server MAY check • Sec-* prefix – Prevents cross protocol attack with XHR • Cookie/Set-Cookie as well as HTTP • Sec-WebSocket-Extensions and Sec-WebSocket-Protocol – Discuss later

  12. Framing (1) Requirements • Support binary payload • Single framing for simplicity – HyBi 00 used 0x00 <UTF-8> 0xFF for text frame  Use payload length field for all type • Some fields for frame type, extensibility

  13. Framing (2) Frame Diagram 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-------+-+-------------+-------------------------------+ |F|R|R|R| opcode|R| Payload len | Extended payload length | |I|S|S|S| (4) |S| (7) | (16/63) | |N|V|V|V| |V| | (if payload len==126/127) | | |1|2|3| |4| | | +-+-+-+-+-------+-+-------------+ - - - - - - - - - - - - - - - + | Extended payload length continued, if payload len == 127 | + - - - - - - - - - - - - - - - +-------------------------------+ | | Extension data | +-------------------------------+ - - - - - - - - - - - - - - - + : : +---------------------------------------------------------------+ : Application data : +---------------------------------------------------------------+

  14. Framing (3) Requirements for Length Field • Small overhead for small payload – Consider power sensitive mobile device – Short size like 8 bit is preferred • Less fragmentation for large data – Big range like 64 bit is preferred

  15. Framing (4) 7/16/63 Encoding • At least 7-bit payload length field • 2 nd octet of header = RSV4(1), payload_len(7) • Extended payload length field may follow • 0 <= payload_len <= 125 – 7 bit • 126 <= payload_len <= 2^16-1 – 7 bit + 16 bit extended header • 2^16 <= payload_len <= 2^63-1 – 7 bit + 64 bit extended header

  16. Framing (5) 7/16/63 Encoding • 63 bit value + 1 bit padding = 64 bit occupation • Limit is set to 2^63-1 since some platform doesn’t support unsigned 64 -bit integer • Example – 5  0x5 – 256  0x7E 0x0100 – 65536  0x7F 0x0000000000010000

  17. Framing (6) Opcodes • 0x0 Continuation frame • 0x1 Connection close • 0x2 Ping • 0x3 Pong • 0x4 Text frame • 0x5 Binary frame • 0x7-0xF Reserved

  18. Framing (7) Room for Extension • 4 reserved bits in header – RSV1, RSV2, RSV3, RSV4 • 9 undefined opcodes 0x7-0xf • Extension data field

  19. Framing – Open Issue • Single opcode for control frames or Multiple opcodes for each control frames – Single control opcode 1 leading octet of payload is control type • Easy to tell intermediaries the frame cannot be fragmented – Define the range of control opcodes – Multiple opcodes for each control type • How to specify extension field length

  20. Ping and Pong • Built-in ping – For keep alive, health check, … • Alice send ping control • Bob MUST reply with pong control with the same payload as received ping

  21. Frame Masking (1) Background • Security concern raised by Adam Barth Malicious Attacker script Victim controlled HTTP host Victim cache browser <WebSocket opening handshake string> …some bytes… GET /foobar.js HTTP/1.1 Host: example.com … Malicious data …

  22. Frame Masking (2) Background • Intermediaries designed for HTTP may be poisoned • Mask client-to-server frame – Prevent attacker controlled byte sequence from going over wire

  23. Frame Masking (3) Current Masking Method • For each frame – Get 4 octets from cryptographically secure random number generator – masked_data[i] = clear_text[i] XOR mask[i % 4] – send mask and masked_data to server Clear text XOR Mask Mask Ma Mask Masked data Masked data

  24. Frame Masking – Open Issue • Mask frame or mask payload – In-frame masking is less secure? – Making whole frame is bad for intermediaries? • Mask only client-to-server or both direction – Debugging is easier if symmetric • Mask extension field or not

  25. Fragmentation (1) • Enable sending part of message separately – Useful for dynamically generated contents – Flush partial data to vacate buffer • Similar concept as HTTP chunked encoding • Planned to be used for multiplexing • Message : complete unit of data on app level • Frame : network layer unit

  26. Fragmentation (2) • Use FIN bit and “Continuation” opcode • Example – For message "abcdefg..." – Frame1 • !FIN, opcode=<original opcode>, payload=abc... – Frame2 • !FIN, opcode=CONTINUATION, payload=ijk... – Frame3 • FIN, opcode=CONTINUATION, payload=stu...

  27. Extension (1) • Negotiate on opening handshake • Modify payload or even whole frame • Attach some information – as RSV1-4, new opcode or per-frame extension data field

  28. Extension (2) Negotiation Example Sec-WebSocket-Extensions: deflate-stream Sec-WebSocket-Extensions: mux; max-channels=4; flow-control, deflate-stream Sec-WebSocket-Extensions: x-private-extension • Applied in order the extensions are listed • Server accepts part of requested extensions

  29. Extension – Open Issue • How to assign reserved bits and opcodes • How multiple extensions interact • Intermediaries are allowed to join/split fragmented frames with extension? How? • Extension may consume unused opcodes?

  30. Subprotocol • Client may request subprotocol by Sec-WebSocket-Protocol header • Server choose one from requested subprotocols and echo back it to accept

  31. Closing Handshake (1) Background • WebSocket is full-duplex – Peer may send a frame anytime • RST hazard – A peer may close socket without reading out all received data from TCP stack – Cause sending RST – Peer may miss some data due to RST • shutdown(SHUT_WR) is not available everywhere • Implement safe-close on WebSocket layer

  32. Closing Handshake (2) • Alice sends close frame to Bob Last data • Bob sends close frame to Alice Close control • Bob closes socket • Alice closes socket Close control TCP FIN • A peer can close TCP once TCP FIN both received and sent close Alice Bob

  33. Closing Handshake (3) • What this assures for Alice – Alice received all data sent from Bob • wasClean parameter of onclose handler – It's safe for Alice to close TCP connection • No more data coming from Bob  No RST hazard • What this DOES NOT assure for Alice – Bob received all data sent from Alice • This requires 3-way close handshake

Recommend

Kaazing Gateway: An Open Source HTML 5 Websocket Server HTML 5 Websocket Server Speaker

Kaazing Gateway: An Open Source HTML 5 Websocket Server HTML 5 Websocket Server Speaker

Kaazing Gateway: An Open Source HTML 5 Websocket Server HTML 5 Websocket Server Speaker Jonas Jacobi Co-Founder: Kaazing Co-Author: Pro JSF and Ajax, Apress Agenda Real-Time Web? Why Do I Care? Scalability and

751 views • 38 slides
Web Sockets WebSockets Last time we say how to establish a WebSocket connection Today,

Web Sockets WebSockets Last time we say how to establish a WebSocket connection Today,

Web Sockets WebSockets Last time we say how to establish a WebSocket connection Today, we'll parse and send messages over the socket WebSocket Frame https://tools.ietf.org/html/rfc6455#section-5.2 Protocols Sidenote Many of the

469 views • 27 slides
Whats wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs Mikhail Egorov /

Whats wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs Mikhail Egorov /

Whats wrong with WebSocket APIs? Unveiling vulnerabilities in WebSocket APIs Mikhail Egorov / @0ang3el #DeepSec2019 # whoami Security researcher / full-time bug hunter https://bugcrowd.com/0ang3el https://hackerone.com/0ang3el

989 views • 67 slides
WebSocket Server Implementation Chao-Wei Peng HTTP Request Model Service Http Client Http

WebSocket Server Implementation Chao-Wei Peng HTTP Request Model Service Http Client Http

WebSocket Server Implementation Chao-Wei Peng HTTP Request Model Service Http Client Http Server Thread Waiting Http Request Run Service Http Response HTTP Weakness Server sends response only if someone requests it. WebSocket Protocol

274 views • 11 slides
WebSocket Slide title APITALS 50 pt e subtitle 32 pt Salvatore.Loreto@ericsson.com November

WebSocket Slide title APITALS 50 pt e subtitle 32 pt Salvatore.Loreto@ericsson.com November

WebSocket Slide title APITALS 50 pt e subtitle 32 pt Salvatore.Loreto@ericsson.com November 3rd, 2009 WebSocket Defines full-duplex communications using a single TCP connection (compared to Comet technologies) It is a mechanism for

571 views • 13 slides
Web Technologies in Java EE JAX-RS 2.0, JSON-P, WebSocket, JSF 2.2 $ whoami Luk Fry

Web Technologies in Java EE JAX-RS 2.0, JSON-P, WebSocket, JSF 2.2 $ whoami Luk Fry

Web Technologies in Java EE JAX-RS 2.0, JSON-P, WebSocket, JSF 2.2 $ whoami Luk Fry Software Engineer, JBoss, Red Hat AeroGear, (Arquillian, RichFaces) Interests HTML5, Web Components, AngularJS Living and

1.17k views • 83 slides
What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i -Key-Protocol, i = 1, 2, 3, Family of protocols Secure electronic payment Based on credit card payments Christopher Hsu Can be extended

407 views • 4 slides
The realtime web: HTTP/1.1 to WebSocket, SPDY and beyond Guillermo Rauch @ QCon . November 2012.

The realtime web: HTTP/1.1 to WebSocket, SPDY and beyond Guillermo Rauch @ QCon . November 2012.

The realtime web: HTTP/1.1 to WebSocket, SPDY and beyond Guillermo Rauch @ QCon . November 2012. Guillermo . CTO and co-founder at LearnBoost . Creator of socket.io and engine.io . @ rauchg on twitter http:// devthought.com Author of Wileys

1.41k views • 105 slides
HTML 5 WebSocket delivers the Real-time Web QCon, San Francisco November 18, 2009 1

HTML 5 WebSocket delivers the Real-time Web QCon, San Francisco November 18, 2009 1

HTML 5 WebSocket delivers the Real-time Web QCon, San Francisco November 18, 2009 1 Introduction John Fallows CTO @ Kaazing Author @ Pro JSF &amp; Ajax Contributor @ W3C HTML 5 Contributor @ IETF Bidirectional Hypertext

293 views • 27 slides
Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN

Attacks on TCP 1 Outline What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack 2 TCP Protocol Transmission Control Protocol (TCP) is a core protocol

598 views • 47 slides
Webbit Evented, single-threaded WebSocket server http://webbitserver.org/ @aslak_hellesoy

Webbit Evented, single-threaded WebSocket server http://webbitserver.org/ @aslak_hellesoy

Webbit Evented, single-threaded WebSocket server http://webbitserver.org/ @aslak_hellesoy Webbit Overview Single threaded Non-blocking High throughput 1000+ connections No Servlet API No XML 1 Dependency: Netty

827 views • 23 slides
Pub/sub server for the modern web. Flexible, scalable, easy to use. https://nchan.slact.net What

Pub/sub server for the modern web. Flexible, scalable, easy to use. https://nchan.slact.net What

Pub/sub server for the modern web. Flexible, scalable, easy to use. https://nchan.slact.net What is it? HTTP POST Application Websocket Websocket client EventSource client Long-Poll client Buffering Pub/Sub server for web clients

708 views • 49 slides
Large-scale system of persistently connected devices using WebSocket 7/22/2013 NTT Advanced

Large-scale system of persistently connected devices using WebSocket 7/22/2013 NTT Advanced

Large-scale system of persistently connected devices using WebSocket 7/22/2013 NTT Advanced Technology Corp. Yoshiaki Kozaki System overview Service Service Service provider provider provider Backend (Database, Authentication,

429 views • 7 slides
Forest Protocol Forest Protocol Protocol Update Effort Protocol Update Effort Goals and

Forest Protocol Forest Protocol Protocol Update Effort Protocol Update Effort Goals and

Forest Protocol Forest Protocol Protocol Update Effort Protocol Update Effort Goals and Objectives Goals and Objectives CAR adopted the Forest Protocols in 2005 CAR Board directed staff in 2007 to: Initiate a stakeholder process

532 views • 25 slides
Virgo by Example Florian Waibel, Markus Knauer Survey Who has used Virgo ? RFC 6455 The

Virgo by Example Florian Waibel, Markus Knauer Survey Who has used Virgo ? RFC 6455 The

Virgo by Example Florian Waibel, Markus Knauer Survey Who has used Virgo ? RFC 6455 The WebSocket Protocol WebSockets ? Docker ? Gradle ? git ? Who we are Florian Markus Roadmap 1. Setup Workspace - Intro to

1.11k views • 84 slides
TCP/IP CIS 218/238 Internet Protocol (IP) The Internet Protocol (IP) is responsible for

TCP/IP CIS 218/238 Internet Protocol (IP) The Internet Protocol (IP) is responsible for

TCP/IP CIS 218/238 Internet Protocol (IP) The Internet Protocol (IP) is responsible for ensuring that data is transferred between two Intenret hosts based on a 32 bit address. To be ROUTABLE, a protocol must specify a NETWORK ADDRESS

899 views • 22 slides
The HTTP Protocol The HTTP Protocol How to write servers and clients in Java Anders Mller

The HTTP Protocol The HTTP Protocol How to write servers and clients in Java Anders Mller

Objectives Objectives How the HTTP protocol works An Introduction An Introduction to XML and Web Technologies to XML and Web Technologies The SSL security extension from a programmer's point of view The HTTP Protocol The HTTP Protocol

433 views • 10 slides
Internetworking Internetworking Address Resolution Protocol Address Resolution Protocol z

Internetworking Internetworking Address Resolution Protocol Address Resolution Protocol z

Internet Protocol Suite: Transport Internet Protocol Suite: Transport TCP: Transmission Control Protocol Byte stream transfer Internet Protocol Suite Internet Protocol Suite Reliable, connection-oriented service Point-to-point

374 views • 3 slides
FIX Protocol 101 An Introduction To the FIX Protocol Martin Koopman, Former Chair FIX Protocol

FIX Protocol 101 An Introduction To the FIX Protocol Martin Koopman, Former Chair FIX Protocol

FIX Protocol 101 An Introduction To the FIX Protocol Martin Koopman, Former Chair FIX Protocol Ltd Americas Committee martinkoopman@gmail.com Australia Was Early to Electronic Trading But Late to FIX Very early use of electronic trading

809 views • 12 slides
EFFICIENCY OF THE BASIC EMDR PROTOCOL COMPARED TO A RESOURCE PROTOCOL ROLE OF EYE MOVEMENTS IN A

EFFICIENCY OF THE BASIC EMDR PROTOCOL COMPARED TO A RESOURCE PROTOCOL ROLE OF EYE MOVEMENTS IN A

EFFICIENCY OF THE BASIC EMDR PROTOCOL COMPARED TO A RESOURCE PROTOCOL ROLE OF EYE MOVEMENTS IN A RESOURCE PROTOCOL A comparison between one session of the standard protocol versus the reinforced resource protocol The basic EMDR protocol

368 views • 15 slides
The Luxembourg Protocol in the UK Moving Britain Ahead March 16 Luxembourg Protocol 1 As of 26

The Luxembourg Protocol in the UK Moving Britain Ahead March 16 Luxembourg Protocol 1 As of 26

The Luxembourg Protocol in the UK Moving Britain Ahead March 16 Luxembourg Protocol 1 As of 26 th February 2016 the UK is now a Signatory to the Luxembourg Protocol to the Convention on International Interests in Mobile Equipment on Matters

358 views • 6 slides
Dont Hold My Data Hostage A Case For Client Protocol Redesign What is a Client Protocol

Dont Hold My Data Hostage A Case For Client Protocol Redesign What is a Client Protocol

Mark Raasveldt, Hannes Mhleisen Dont Hold My Data Hostage A Case For Client Protocol Redesign What is a Client Protocol anyway? Every database that supports remote clients has a client protocol Using this protocol, clients can query

152 views • 14 slides
Protocol Attacks What is a protocol attack? How does it work? Different types of

Protocol Attacks What is a protocol attack? How does it work? Different types of

Outline : Part 1 Introduction Protocol Attacks What is a protocol attack? How does it work? Different types of protocol attack By Sushant Rewaskar Introduction: Types of attacks What is a protocol attack? Buffer overflow

518 views • 13 slides
1 The http protocol: more WWW: the http protocol http is stateless http: hypertext

1 The http protocol: more WWW: the http protocol http is stateless http: hypertext

Internet apps: their protocols and transport protocols Application Underlying layer protocol Application transport protocol e-mail smtp [RFC 821] World Wide Web TCP remote terminal access telnet [RFC 854] TCP Web http [RFC 2068] TCP

438 views • 5 slides

More recommend