Set up a Fast Key DB

It is possible to launch sensors and decryptors with a Fast Key DB configuration. The configuration is depicted in the figure below. The Fast Key DB service runs on an instance you designate.

../_images/FastkeyServer.png

Sensors configured to use Fast Key DB send keys using DTLS to a defined destination. Keys are sent within 200 microseconds of generation. Fast Key DB includes two required components, sensor and Key-Depot.

If you are deploying via the CloudFormation template, a VPC and a Nubeva Token are required. 2 EC2 instances are used in the build. The Source has 2 docker containers and the Destination/Key DB has 1 container.

The easiest way to deploy Simple DB is with a CloudFormation template stored at https://nubevalabs.s3.amazonaws.com/nubeva-fastkeydb.template.yaml. The source can be found at https://github.com/nubevalabs/templates.

To launch the template you need a VPC and a Nubeva Token. The CloudFormation template runs two EC2 instances. The source instance runs a sensor and traffic generator. The destination instance runs a Fast Key DB Container.

You can launch a subset of the containers yourself. You will need at least a sensor container on the source, and a Simple Key DB on the destination. The following sections describe how to launch each of the containers.

Sensor Container

A sensor container is required on the source instance. This is a standard sensor that uses a special parameter specifying that it should only write keys to key.nubedge.com which must resolve (usually with /etc/hosts) to the destination instance.

docker run -v /:/host -v /var/run/docker.sock:/var/run/docker.sock --add-host key.nubedge.com:<<KeyDB IP address>> --cap-add NET_ADMIN --cap-add SYS_ADMIN --cap-add SYS_RESOURCE --cap-add SYS_PTRACE --name nubeva-agent -d --restart=always --net=host --pid host nubeva/nuagent --accept-eula --contained on --nutoken <<your_token>> --sslcredobj eyJ0eXBlIjoiZHRscyIsImRvbWFpbiI6ImtleS5udWJlZGdlLmNvbTo0NDMzIiwicmVnaW9uIjoidGVzdCIsImFrIjoidXNlciIsInNrIjoicGFzc3dvcmQifQo=

Note that you need to specify the IP address of key.nubedge.com. You will also need to modify your /etc/hosts file.

The last parameter in the command instructs the sensor to send its keys to a Fast Key DB.

--sslcredobj eyJ0eXBlIjoiZHRscyIsImRvbWFpbiI6ImtleS5udWJlZGdlLmNvbTo0NDMzIiwicmVnaW9uIjoidGVzdCIsImFrIjoidXNlciIsInNrIjoicGFzc3dvcmQifQo=

This string is a base64 encoded json object that can be generated using the following command:

echo '{"type":"dtls","domain":"key.nubedge.com:4433","region":"test","ak":"user","sk":"password"}' | base64

Type “dtls” value means a Fast Key DB, ‘domain’ is the destination host name, ‘region’ is ‘test’, user, and password fields can be left the same. They are not used but they are required. You can change the domain to anything however you MUST have a valid cert. This docker container contains a valid cert for key.nubedge.com.

To run a Windows sensor that sends keys to key.nubedge.com run the following PowerShell command (make sure to replace the value of the Nubeva token with your own):

    $DownloadDir = $env:TEMP;   $BaseUrl="https://i.nuos.io/";
$InstallerArg="-baseurl ${BaseUrl}api/1.1/wf/ -sslcredobj eyJ0eXBlIjoiZHRscyIsImRvbWFpbiI6ImtleS5udWJlZGdlLmNvbTo0NDMzIiwicmVnaW9uIjoidGVzdCIsImFrIjoidXNlciIsInNrIjoicGFzc3dvcmQifQo=";
$NubevaTok="<Your Nubeva Token>";
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Invoke-WebRequest -Uri "${BaseUrl}NubevaSensor.latest.setup.exe" -OutFile "$DownloadDir\installer.exe";
& "$DownloadDir\installer.exe" NUTOKEN_USERINPUT=$NubevaTok  API_URL_ARG=${InstallerArg} /q;

Traffic Generator - Optional

You can add a traffic generator container to the source, however this is not required. This is Nubeva’s standard traffic generator container. A container runs for approximately 60-120 seconds. You may use a cron job to run a container every minute. The actual docker command to run this generator once is:

docker run -dti nubevalab/tlsgenerator

Fast Key DB

fastkeydb.py is a python script that uses Flask to simulate Nubeva’s Fast Key DB REST API. The script uses DTLS as a method to receive keys quickly. Source is located in same templates repo noted above.

Linux Fast Key DB

You can deploy a Fast Key DB container with the following command:

docker run -p 4433:4433/TCP -p 4433:4433/UDP -dti --name fastkeydb nubevalab/fastkeydb

You can see keys by running:

curl https://key.nubedge.com:4433/dumpkeys

Windows Fast Key DB

Download fastkeydb.py. You will need to receive the necessary cert files nubedge.ca, nubedge.key and nubedge.pem from Nubeva. The Python script requires the --certs-path parameter to specify the directory path for the cert files e.g. C:\Nubeva\. Note that the last backslash is required.

Edit C:\Windows\System32\drivers\etc\hosts file and add an entry for key.nubedge.com:

127.0.0.1 key.nubedge.com

Install necessary Python libraries:

pip install flask
pip install dtls

Or

python -m pip install flask
python -m pip install dtls

Run the script

python fastkeydb.py --nssfile C:\<path to key log>\keys.log --certs-path C:\<path to certs>\

You can check that Fast Key DB is receiving keys accessing the URL below from a browser:

https://key.nubedge.com:4433/dumpkeys