Truss is a lightweight secure middleware for distributed computing. The goal of Truss is to provide a simple framework for securely routing jobs, and collecting the produced output, over a heterogeneous network of computers. This means that clients and servers running Truss do not have to be on the same operating system, hardware, or asserted trust level.
- Having a single lightweight code base that is used to implement both clients as well as servers
- Providing a simple and extensible means of authenticating the client (from using a local configuration file within the code, to LDAP integration or other forms of single sign on)
- Encrypting all network traffic with AES128, providing both a reasonable degree of security as well as minimal overhead when compared with plain text transmissions
- Using pre-shared keys to provide a password-authenticated Diffie-Hellman key agreement in order to prevent man-in-the-middle attacks
- Re-negotiating the established Diffie-Hellman agreements periodically in order to prevent an attackers ability to break the encryption and read all previous or future network traffic
This project uses 100% Mavenized Java code. This means you will need the following in order to compile the code from source:
- A copy of code (available via Git)
- A Java JDK
- Maven installed on your system
Once these prerequisites are made, all you need to do is go to the root of the checkout (this will contain the pom.xml for this project) and then run: mvn clean compile assembly:single. This will download all required dependencies and then compile the project into a single portable jar file.
| Description | Paramater | Options and Default Value | Applies To |
|---|---|---|---|
| To set the log verbosity | loglevel | off,info,warn,error,fatal (defaults to fatal) | All |
| To provide the username | user | (default is to prompt the user) | All |
| To provide the users password | pass | (default is to prompt the user) | All |
| To provide the pre shared key | key | (default is to prompt the user) | All |
| Servers IP address | sip | (default is 127.0.0.1) | Client |
| The servers port | sport | (default is 8080) | Client |
| The drop off points IP | dip | (default is 127.0.0.1) | Client |
| The drop off points port | dport | (default is 8080) | Client |
| Interactive mode | ic | (default is an automatic client, no GUI provided) | Client |
| The port to listen on | bind | (default is 8080) | Server/Drop Off |
Note: The default password for all accounts is "pw". This can be changed in the Shiro.ini file inside the source code. Also, in that same file, Shiro can be integrated with other authentication systems.
Note: The pre-shared key can be anything you want. Longer keys do provide additional security, but keep in mind that the pre-shared key is only used to facilitate the secure negotiation of a new completely random key and will have no lasting impact on the security of the infrastructure.
Note: The ports that the server and drop off server bind to can be anything. However, using ports above 1024 is recommended so in order to not require root or escalated privileges (on some systems). java -Duser=server -Dpass=password -Dkey=pre_shared_key -Dloglevel=info -Dbind=server_port -jar Truss*.jar
java -Duser=dropoff -Dpass=password -Dkey=pre_shared_key -Dloglevel=info -Dbind=server_port -jar Truss*.jar
java -Duser=secure -Dpass=password -Dkey=pre_shared_key -Dloglevel=info -Dsip=server_ip -Dsport=server_port -Ddip=drop_off_server_ip -Ddport=drop_off_server_port -Dic -jar Truss*.jar
java -Duser=insecure -Dpass=password -Dkey=pre_shared_key -Dloglevel=info -Dsip=server_ip -Dsport=server_port -Ddip=drop_off_server_ip -Ddport=drop_off_server_port -Dic -jar Truss*.jar