Java Secured Socket Extension JSSE - PowerPoint PPT Presentation

1 / 31

About This Presentation

Title:

Java Secured Socket Extension JSSE

Description:

Digital Signature. Digital Certificate. Symmetric Key Algorithm. Key. Plain Text. Cipher Text ... Period of validity, Subject, Subject's public key, Signature. ... – PowerPoint PPT presentation

Number of Views:592

Avg rating:3.0/5.0

Slides: 32

Provided by: gijoj

Category:

more less

Transcript and Presenter's Notes

Title: Java Secured Socket Extension JSSE

1
Java Secured Socket Extension (JSSE)

By
Gijo Joseph

2
Topics

JSSE Overview
JSSE Features
SSL/TLS Overview
Cryptography Concepts- A refresher
SSL Protocol
JSSE Architecture/Implementation
References

3
JSSE Overview

JSSE is a Java package that enables secure
network communications
- Data encryption, Authentication, Message
integrity
Implements java version of SSL and TLS (Transport
Layer Security) protocols
Using JSSE, we can provide secure transfer of
data over TCP/IP and other protocols such as
HTTP, Telnet, NNTP, IMAP, LDAP, FTP that runs
over TCP/IP.

4
JSSE Overview (cont.)

JSSE encompasses many of the same concepts and
algorithms as those in JCE (Java Cryptography
Extension) but automatically applies them
underneath a simple stream socket API extension.
Latest release is JSSE 1.0.2. This is a
non-commercial reference implementation

5
JSSE Features

Pure Java implementation
Exportable
Supports for SSL v2 v3, TLS1.0
Classes to create secure channels
Cipher suite negotiation
Client and Server authentication
Server session management APIs

6
JSSE Features (cont.)

Runs on Personal Java 3.1
HTTPS Support
RSA Cryptography Algorithms
Basic utilities for key and certificate
management
Cryptographic suites, including
- RSA, RC4, DES, Triple DES, Diffie- Hellman,
DSA etc.

7
SSL/TLS Overview

SSL (Secured Socket Layer) was created by
Netscape Communication Corporation in 1994
SSL provides a standard protocol operating over
TCP/IP
SSL provides secured services confidentiality
through encryption, integrity via a MAC
algorithm, optional authenticity and
non-repudiation of both a socket client and a
socket server.

8
SSL/TLS Overview (cont.)

SSL also operates under other TCP based protocols
such as HTTP, NNTP, ...
SSL is the most widely used protocol for
implementing cryptography on the web.
SSL v3 is the most current SSL standard.
TLS (Transport Security Protocol) defined by
IETF, in 1999, extends SSL v3 with enhancements
to the authentication aspects of the SSL
algorithms.
RFC2246 is the TLS document

9
Cryptography Concepts A refresher

Secret Key (Symmetric Key) Algorithms
Public Key (Asymmetric Key) Algorithms
Message Digest
Message Authentication Code (MAC)
Digital Signature
Digital Certificate

10
Symmetric Key Algorithm
Key
Cipher Text
Plain Text
Plain Text
Receiver
Sender
11
Public Key Encryption
Step One Step Two
Sender
Receivers public key
Receiver
Plain Text
Cipher Text
Plain Text
Sender
Receiver
Receivers public key
Receivers private key
12
Message Digest
Message
One-way hash function
Message digest
13
Message Authentication Code (MAC)

Similar to Cryptographic hash (Message Digest),
except that it is based on a secret key
Typically, message authentication codes are used
between two parties that share a secret key in
order to validate information transmitted between
these parties.

14
Digital Signature
Sender
Document
Hash Function
Message Digest
Digital Signature
Receiver
Senders Private key
15
Digital Signature Verification
document
?
digital signature
message digest
message digest
senders public key
16
Digital Certificate

A public key certificate is a digitally signed
statement from one entity (usually, CA) saying
that the public key (and some other info) of
another entity has some specific value.
Public key certificate contains several fields,
including Issuer, Period of validity, Subject,
Subjects public key, Signature.

17
SSL Protocol

SSL connection is divided in to two phases
Handshake and Data Transfer
During handshake
- client and server agree on a set of algorithms
- client and server establish a set of
cryptographic keys
- server optionally authenticates client
Data Transfer occurs after handshake is complete.
Data (with MAC) is encrypted (secret key). Each
data fragment has a Record header.

18
SSL Handshake process
Client
Server
(1) Supported ciphers, Random
(2) Chosen cipher, Random, Certificate
(3) Encrypted Master Secret
(4)Compute keys
(4) Compute keys
(5) MAC of handshake messages
(6) MAC of handshake messages
19
SSL Handshake process (cont.)

The client sends the server a list of algorithms
its willing to support, along with a random
number used as input to the key generation
process
The server chooses a cipher out of that list and
sends it back along with a certificate containing
the servers public key. The certificate also
provides the servers identity for authentication
purposes and the server supplies a

20
SSL Handshake process (cont.)

random number which is used as part of the key
generation process
The client verifies the servers certificate and
extracts the servers public key. The client then
generates a random secret string called the
pre_master_secret and encrypts it using the
servers public key. It sends the encrypted
public key to the server.

21
SSL Handshake process (cont.)

The client and server independently compute the
encryption and MAC keys from the
pre_master_secret and the client and servers
random values.
The client sends a MAC of all the handshake
messages to the server
The server sends a MAC of all the handshake
messages to the client

22
JSSE Architecture

JSSE is based on the same design principles found
else where in the Java Cryptography Architecture,
such as
- Implementation Independence
- Algorithm Independence
- Provider architecture

23
JSSE Packages

javax.net.ssl
- contains the set of core classes and
interfaces for the JSSE APIs.
javax.net
- this is not specific to the JSSE, but it is
needed to support basic client socket and server
socket factory functionality.
javax.security.cert
- is also not specific to the JSSE, but it is
needed to support basic certificate management
functionality.

24
JSSE Packages (cont.)

com.sun.net.ssl
Provides classes related to creating and
configuring secure socket factories. These
classes are provided with the Reference
implementation of JSSE. They are not part of
JSSE1.0.2 standard API, and thus may not be
available with other implementations

25
JSSE Class Diagram
26
JSSE Classes

SSLSocket - A socket that supports SSL, TLS
secure socket protocols
SocketFactory - A factory for socket objects
SSLSocketFactory - A factory for ServerSocket
objects
SSLServerSocket - A server socket that supports
SSL, TLS secure socket protocols
ServerSocketFactory - A factory for
ServerSocket objects

27
JSSE Classes (contd..)

SSLServerSocketFactory - A factory for
SSLServerSocket objects
SSLSession - An interface to an object
encapsulating an SSL session
SSLSessionContext - An interface to an object
encapsulating a collection of SSL sessions
identified with a session ID
SSLBindingEvent - An event class encapsulating
SSL session binding and unbinding events

28
JSSE Classes (cont.)

SSLBindingListener - A listener interface
implemented by objects wanting to be made aware
of SSL session binding and unbinding events
HandshakeCompletedEvent - An event class
encapsulating the fact that an SSL handshake has
completed
HandshakeCompletedListener - A listener
interface implemented by objects wanting to be
made aware of SSL handshke completion events

29
JSSE Providers