SKI is a complete TLS visibility solution. In this section we show a simple TLS visibility example using a
SKI FastKey Buffer,
SKI Decryptor and WireShark. The SKI Sensor discovers session secrets from processes created by a traffic generator and sends the them to the FastKey Buffer. A
SKI Decryptor receives mirrored encrypted traffic and retrieves session keys from the FastKey Buffer. The Decryptor uses these keys to decrypt the traffic, and outputs decrypted traffic on an interface monitored by WireShark. You can inspect the decrypted traffic using WireShark user interface.
SKI can be used in a wide variety of use cases. This example is meant to illustrate SKI’s basic features. Please review the full document to understand the broader applicability and scalability of SKI.
Create an Evaluation Account¶
Start by creating an account on Nubeva’s Account Console. Enter you email and company name and login with one the supported OAuth providers.
Nubeva only supports OAUTH logins through Google, Microsoft, and Amazon. We do not ask you for a password, and do not store your passwords or keys.
Once your account is created you will see your account details and your account token.
You will need your account token to launch SKI Sensors.
Step 1: Run a FastKey Buffer¶
Please see FastKey Buffer for details about the FastKey(TM) key buffer.
Step 2: Run a SKI Sensor¶
Please see SKI Sensor for instructions how to launch a SKI Sensor. A sample traffic generation script is provided in the section. You may generate traffic using the sample script or by any other means.
Test Key Discovery¶
You can see the keys by running:
curl https://<key server domain>:4433/dumpkeys
Step 3: Run a SKI Decryptor¶
Run a SKI Decryptor on the same node as the FastKey Buffer. Please see SKI Decryptor for instructions how to launch a SKI Decryptor.
You should mirror traffic from the sensor instance to the decryptor. You can use AWS VPC Traffic Mirrors or your own tapping or spanning tools.
Step 4: Run Wireshark¶
Run Wireshark on the same node as the SKI Decryptor and the FastKey Buffer. You can launch a containerized version of Wireshark to see encrypted and decrypted traffic.
If you are running on AWS you can deploy the above configuration using the following cloud formation template: https://nubevalabs.s3.amazonaws.com/nudemo/nubeva-demo.template.yaml. You may also use Terraform scripts.
Please see Quick Starts if you would like to test additional open source traffic inspection tools.
There are many more ways to deploy and scale SKI. The figure below illustrates a very similar configuration, the only difference is that the FastKey Buffer is run on a third node.