Getting Started

SKI is a complete TLS visibility solution. In this section we show a simple TLS visibility example using a SKI FastKey Buffer, SKI Sensor, SKI Decryptor and WireShark. The SKI Sensor discovers session secrets from processes created by a traffic generator and sends the them to the FastKey Buffer. A SKI Decryptor receives mirrored encrypted traffic and retrieves session keys from the FastKey Buffer. The Decryptor uses these keys to decrypt the traffic, and outputs decrypted traffic on an interface monitored by WireShark. You can inspect the decrypted traffic using WireShark user interface.

../_images/GettingStarted.png

Tip

SKI can be used in a wide variety of use cases. This example is meant to illustrate SKI’s basic features. Please review the full document to understand the broader applicability and scalability of SKI.

Create an Evaluation Account

Start by creating an account on Nubeva’s Account Console. Enter you email and company name and login with one the supported OAuth providers.

../_images/NubevaCreateAccount.png

Note

Nubeva only supports OAUTH logins through Google, Microsoft, and Amazon. We do not ask you for a password, and do not store your passwords or keys.

Once your account is created you will see your account details and your account token.

../_images/NubevaAccount.png

You will need your account token to launch SKI Sensors.

Step 1: Run a FastKey Buffer

Please see FastKey Buffer for details about the FastKey(TM) key buffer.

Step 2: Run a SKI Sensor

Please see Deploying SKI Sensors for instructions to launch a SKI Sensor. A sample traffic generation script is provided in the section. You may generate traffic using the sample script or by any other means.

Test Key Discovery

You can see the keys by running:

curl https://<key server domain>:4433/dumpkeys

Step 3: Run a SKI Decryptor

Please see Deploying SKI Decryptors for instructions to launch a SKI Decryptor.

Note

You should mirror traffic from the sensor instance to the decryptor. You can use AWS VPC Traffic Mirrors or your own tapping or spanning tools.

Step 4: Run Wireshark

You can launch a containerized version of Wireshark to see encrypted and decrypted traffic.

Tip

If you are running on AWS you can deploy the above configuration using the following cloud formation template: https://nubevalabs.s3.amazonaws.com/nudemo/nubeva-demo.template.yaml