Security

1
Chapter 7

• Security

2
Five major concerns

• Privacy information not captured by 3rd party
• Integrity information not compromised or
  altered
• Authentication sender/receiver prove identities
• Authorization access necessary resources
• Nonrepudiation legally prove message was
  sent/received

3
Cryptography

• Address privacy
• Since ancient Egyptians done by hand
• Substitution cipher replace every occurrence,
  e.g., every a becomes b, becomes c etc.
  security-gttfdvsjvz
• Caesar Cipher replace with 3rd letter to right.
  security -gt vhfxulwb

key cipher
ciphertext
plaintext
4
Transportation Cipher

• Ordering of letters is shifted
• e.g. every other letter
• security -gt scry euiy
• Can combine tdsu fvjz
• Modern algorithms are based on bits or blocks
  (groups of bits) rather than letters. Keys have
  length, e.g., 128-bit.
• Until 2000 government placed restrictions on
  strength of cryptosystems exported from US

5
Symmetric Key

• aka Secret-Key cryptography
• Same key to encrypt/decrypt

6
Key Distribution Center (KDC)

• Need secure way to exchange key
• Fed Ex not feasible or very secure
• KDC provides way to distribute, all transmissions
  secure
• BUT one point of failure (KDC), must know all
  parties

7
Data Encryption Standard (DES)

• Common symmetric algorithm
• 56-bit key, encrypts 64-bit blocks (block cipher)
• Reduces computer time needed to encrypt
• No longer considered secure (advances in computer
  power)
• 3DES/TripleDES, 3 passes, much slower
• New standard is Advanced Encryption Standard
  (AES)

8
Public Key Cryptography

• Designed to solve problem of exchanging keys
  securely
• Asymmetric inversely related keys
• Public key freely distributed
• Private key kept secret by its owner

9
Public Key Cryptography

• Only receiver can decrypt (unless key
  compromised)
• Computationally infeasible to deduce private key
  from public key
• Either key can be used to encrypt or decrypt
  message
• Can authenticate merchant only one who can
  decrypt, if key kept secret. OR can have
  customer with secret key, to authenticate
  customer.

10
Authentication with Public Key

• What if want to authenticate both?
• Extremely secure but too costly, so not used.

11
Key Agreement Protocol

• Drawback of public-key Not efficient for sending
  large amounts of data
• Instead, use public key to allow parties to agree
  on a secret key.
• Key agreement protocol is process that allows
  parties to exchange keys over an unsecure medium.

12
Digital Envelope

• Encrypt message with symmetric key (efficient)
• Encrypt symmetric key with public key of receiver
  (authenticates receiver)
• Place both in digital envelope and send to
  receiver

13
Algorithms

• RSA commonly used public-key algorithm.
  Developed 1977 MIT. Used by leading e-commerce.
• PGP (pretty good privacy) used to encrypt email
  and files. web of trust each client can vouch
  for another clients identity.

14
Cryptanalysis

• Trying to decipher ciphertext without knowing the
  key
• Use outside knowledge of plaintext
• Try to find relation between bits of encryption
  key and bits of ciphertext
• Expiration dates on keys important. Less data
  generated that can be used for cryptanalysis.

15
Key Management

• Most compromises result from key theft rather
  than attempts to guess keys.
• Important to choose key length that makes it
  computationally infeasible to try all
  combinations.

16
Java Cryptography Extension (JCE)

• Secret key encryption (3DES)
• Public-key algorithms (RSA, Diffie-Hellman)
• Provider-based, can add new algorithm by adding
  new algorithm providers

17
Encipher-Decipher

• Password-Based encryption
• Encrypts based on generated key
• Uses a value called a salt to make more random
• Security.addProvider(new SunJCE()) sets
  provider (remember can add others)

18
JCE Classes

• Cipher
• Core of JCE
• Create using getInstance, pass transformation
  algorithm, mode (encrypt/decrypt), padding or
  just algorthm
• Algorithms DES, 3DES, Blowfish etc.
• For stream cipher, may specify bits to process
  at a time (e.g., 64, 128)
• Fields DECRYPT_MODE, ENCRYPT_MODE, PRIVATE_KEY,
  PUBLIC_KEY, SECRET_KEY, WRAP_MODE, UNWRAP_MODE

19
PBEKeySpec

• Password-Based encryption
• User-chosen password. Different PBE mechanisms
  may look at different bits of password.
• Convert password characters to PBEKey using
  secret-key factory of appropriate type (e.g.,
  PKCS 5 only looks at low order 8 bits. Store as
  char array so not immutable)
• Key java.security interface
• top-level interface for all keys. All keys have 3
  characteristics
• An algorithm. Encryption or asymmetric operation
  algorithm (DSA, RSA) getAlgorithm
• EncodedForm. Used to transmit key to other party.
  Encoded according to std format such as X.509
  Subject Public Key Info or PKCS 8. getEncoded.
• Format. Name of the format of encoded key.
  getFormat.
• Keys obtained via key generators, certificates,
  other Identity classes used to manage keys.

20
SecretKey

• javax.crypto.interfaces
• Secret (symmetric) key
• No methods or constants
• Only purpose is to group (and provide type
  safety) for secret keys
• Must override equals and hashCode to compare
  contents
• getFormat is RAW. getEncoded returns raw key bytes

21
SecretKeyFactory

• javax.crypto
• Convert Keys to Key specs (or vice versa)
• Work only on secret (symmetric) keys
• Need to know whether algorithm you want to use
  has transparent representation of underlying key
  material. DES, TripleDES supported.
• AlgorithmParameterSpec, PBEParameterSpec other
  interfaces used just for type safety

22
PBEKey

• adds getIterationCount, getPassword, getSalt
• In EncipherDecipher
• getpassword
• convert to char array so mutable, generate
  password keyspec
• get appropropriate key factory for PBE with MD5
  and DES
• use password key spec factory to generate key
• create parameters for algorithm salt
  iteration count
• get instance of Cipher for algorithm
• initialize Cipher for encryption with this key
  parameters
• get array of bytes to encrypt (be careful of
  conversion from String)
• open file
• write encrypted bytes to file
• Also shows encrypted text

23
Decorator Design Pattern

• CipherOutputStream out
• new CipherOutputStream(fileOutputStream,
  cipher)
• CipherOutputStream decorates (provides additional
  capabilites) fileOutputStream
• Possible because each constructor takes
  OutputStream reference as parameter.
  CipherOutputStream and fileOutputStream both
  extend OutputStream
• Alternative CipherFileOutputStream class. Would
  greatly increase of classes. Better to chain
  streams together dynamically. (bottom line
  consider whether it makes sense to extend)

24
Exercise

• Run EncipherDecipher program
• Read code next homework will be encrypting data
• Look up Cipher class on Sun website

25
Security Infrastructure

• We arent all security experts
• Security infrastructure developed for real
  systems
• Basis on which applications interact securely
• Not all issues addressed by each infrastructure
• 3 common infrastructures user registries, PKI,
  Kerberos

26
User Registries

• Manage IDs and passwords
• Single, cheap
• Stored by OS, dbms, http servers
• Only authentication, can combine with other
  techniques
• Brittle if password stolen, attacker has access

Authentication
Message with password
Application
Requester
User Registry
27
PKI Certificates

• Public Key Infrastructure (PKI) integrates
  cryptography with digital certificates and
  certificate authorities
• Transactions using PKI can be more secure than
  using credit card at a restaurant
• www.verisign.com can obtain certificate for
  email
• Digital certificate
• identifies user
• issued by certificate authority (CA)
• includes name, subjects public key, serial ,
  expiration date, signature of trusted CA
• CA is financial institution or 3rd party like
  Verisign
• Certificates held in certificate repositories

28
Certificate Hierarchy

• CA signs for individuals and organizations must
  check carefully!
• certificate can be cancelled, if private key is
  compromised
• Certificate Revocation List (CRL) not very
  effective
• Online Certificate Status Protocol (OCSP) under
  development
• You can get your own Digital certificate
  Outlook -gttools/security

29
Certificate Hierarchy
Internet Policy Registration Authority (IPRA)
root key
policy creation authorities (set policies)
small of these, like VeriSign
Certificate Authorities
Individuals and organizations
30
Register with CA
register public key
Requester
issue certificate
CA
sign message with private key, attach
certificate
use public key to verify, perform cryptography
3rd party
31
Java keystores and keytool

• keytool utility to manage and generate keys,
  certificates, digital signatures
• keystore repository for storing public and
  private keys
• keystore is password protected
• keytool will create keystore if it doesnt exist
• Options
• genkey - produces public/private key pair
• export exports certificate based on key pair
• import imports certificate from trusted CA
• list lists all contents
• alias gives name to key pair for later use.
  Case-insensitive.
• certreq certificate request. X.509
• keystore name and location of keystore
• when certificate is created with keytool,
  prompted for common name, organization name,
  locality, state, country

32
Java keystores and keytool cont

• keytool genkey alias MyCertificate
• (keystore loc c\documents and settings\car,
  default password is changeIt)
• keytool certreq alias MyCertificate file
  myRequest.cer
• myRequest.cer is now digital certificate
  binary format, with keys from MyCertificate
• keytool export alias MyCertificate file
  MyCertificate.cer
• create digital certificate that can be sent to
  others

33
Digital Signature
provides authentication
hash function
hash value
encrypt w private key
Digital Signature
Message
160-bit value also called Message Digest
Secure Hash Algorithm (SHA-1) common
MD5 produces 128-bit hash values
34
Digital Signatures

• Solve authentication/integrity issues
• Since two different messages having the same hash
  is statistically insignificant, gives unique
  signature integrity
• computationally infeasible to compute message
  from hash value
• note signature is tied to contents of message

35
Digital Signature cont
ciphertext encrypted Digital Signature
encrypt w receivers public key
ciphertext
Message
hash function
hash value
encrypt w private key
Digital Signature
Message
decrypt w receivers private key
plaintext message
ciphertext
ciphertext encrypted Digital Signature
hash function
encrypted hash value
?
decrypt w senders public key
hash value
hash value
36
Digital Signature Algorithm (DSA)

• Digital Signature does not prove document was
  sent need timestamping to solve
  non-repudiation.
• 3rd party can digitally sign. See only encrypted
  message, verify sent, not contents.
• DSA makes digital signatures as legally binding
  as handwritten.

37
Java Applets

• Strict security restrictions
• Run in sandbox (secure environment) by default
• To get special permission (e.g., to read/write
  files on users computer) must sign with
  digital signature

38
Digital Signature for Applet

• Must store class file and supporting files in jar
  file
• jar cfm FileTreeApplet.jar FTAmanifest.mf
  com\deitel\advjhtp1\security\signatures\.class
• Create keys, for Java Plug-In use RSA
• keytool genkey keyalg RSA alias myCertRSA
  keytool
• Create certificate using keys
• export alias myCertRSA file myRSACertificate.ce
  r
• Plug-in uses certificates in cacerts keystore.
  Either get your certificate signed by CA like
  Verisign OR add it to cacerts keystore
• keytool import alias MyTrustedCertificate
  keystore cacerts file myRSACertificate.cer
• cacerts must be complete path. On my machine
• c\Program_Files\JavaSoft\JRE\1.2\lib\Security\cac
  erts
• Password changeit
• Now sign jar with your certificate, argument is
  certificate alias, not file
• jarsigner FileTreeApplet.jar myCertRSA
• To load Java Plug-In instead of web browsers jvm
  use htmlconverter.
• htmlconverter signedApplet.html

39
Digital Signature Prompt
40
Exercise

• Use keytool to generate keys and then certificate
• Copy to correct directory (you may also need to
  drag into Eclipse)
• Run ViewCertificate.java
• Get signedApplet to run on your computer
• Look up htmlconverter

41
Java Policy Files

• Java sandbox
• protected environment in which Java applications
  and applets run
• Three security checks security manager, bytecode
  verifier, class loader
• Security manager permissions for resources
• granted via security policy files
• granted on basis of codesigner (signed by) and/or
  source of code (codebase)
• permissions not explicitly declared are not
  granted
• c\programFiles\JavaSoft\JRE\lib\security\java.pol
  icy is system-wide policy file
• Permissions
• java.security.AllPermission disables all
  security use only for testing
• java.io.FilePermission read/write/delete
  particular files
• java.lang.RuntimePermission modify runtime
  behavior
• java.net.SocketPermission create sockets,
  control ports, host names etc.
• java.net.NetPermission modify network properties

42
Java Policy Files cont

• Code can always read a file from same directory
  its in, or a subdirectory of that directory. No
  explicit permission required.
• all files in current directory
• - all files in current directory, recursively
• \\ escape needed for directory separator
• Permission objects created, assign/grant
  permission to code. Security manager can
  create/grant permission objects based on current
  security policy. Policy depends on policy
  configuration files. Policy Tool can be used to
  avoid typing files.

43
Authorized FileWriter.java

• Makes use of java policy file
• Uses VM argument for policy file
  Djava.security.policyauthorizedpolicy
• Also has program argument, the name of the file
  to write. Must be authorized.txt.
• I changed Deitel program to accept text from
  user, was originally just hardcoded.

44
Authentication

• Ensuring users are who they claim to be
• Java Authentication and Authorization Service
  (JAAS)
• Restrict access to certain aspects of a program
• Allow users to connect to a network
• Regulate resources available on a network
• Plug-in framework
• Allows Kerberos and single sign-on

45
Kerberos

• Similar to a key distribution center
• Open-source protocol

login
has key for each client
Client
Kerberos
Ticket Granting Ticket encrypted w secret key
request service ticket
Ticket Granting Service
authenticates rights to network
ticket with expiration date
46
Single Sign-On

• Problem remembering multiple passwords is
  cumbersome
• Single sign-on login once, access multiple
  applications
• workstation login scripts. Simplest but not
  secure. Password stored in plaintext, sent to app
  server.
• authentication server scripts. More secure,
  passwords on central server.
• tokens. More secure, non-reusable tokens. But
  apps must be built to require tokens.

47
JAAS

• Protects applications from unauthorized users
• Pluggable Authentication Module (PAM)
• Supports multiple authentication systems,
  including Kerberos
• Role-based access control
• Subject user or entity (automated service) that
  requests action
• Subject has associated Principals different
  roles or identities Subject can assume
• Security restrictions can grant permission for
  Principal to make request. Use method doAs of
  class Subject.
• AuthenticateNT shows list of a Subject calls
  WriteFileAction using doAs.
• -Djava.security.policyjava.policy
• -Djava.security.policyjaas.policy
• -Djava.security.auth.login.configjaas.config
• Subject authenticates with NTLoginModule

48
JAAS cont
authenticate Subject independent of
underlying authentication technology may use gt 1,
e.g.,Kerberos SmartCard
Login Context
Authenticates
Commit
Abort
Subject related information about person.
Principals bind names to Subjects. getPrincipals,
getPublicCredentials, getPrivateCredentials
(public/private keys) doAs take Subject and
action to be done.
49
HTTP Authentication

• Password authentication over http is http Basic
  Authentication
• Browser -gt GET/protected/index.html HTTP/1.0 -gt
  web server
• Browser lt- HTTP/1.0 401 Unauthorized
  www-AuthenticateBasic realm Basic
  Authentication Area // Realm is set of Web
  resources
• // Basic is type of authentication. Browser then
  shows dialog
• Browser-gtGET/ AuthenticationBasic dG9tY2F00n.
• // BASICAUTH isnt secure alone -gt Base 64
  Encoded
• // Combine with mechanism like SSL
• Browser lt- HTTP/1.0 200 OK // if user on access
  control list

50
Secure Sockets Layer (SSL)

• Developed by Netscape, used extensively by
  business
• Built into many web browsers
• Operates between TCP/IP application layer
• Implements public key technology using RSA
  algorithm and digital certificates
• Most e-business uses for online transactions
  (wasnt really designed for that)
• Do not require client authentication many
  servers assume valid credit card is sufficient

51
SSL protocol

• client ----- request --- gt server
• lt --- certificate returned
• client prepares random as seed, encrypts with
  public key (from certificate), sends to server
  --- gt seed
• server decrypts using private key to extract seed
• both generate symmetric key
• lt -- encrypted data/secret session -- gt
• secure point-to-point communication. Doesnt
  protect data stored on merchants computer!

52
Java Secure Socket Extension (JSSE)

• Integrates SSL encryption into Java
• Provides encryption, message integrity checks,
  authentication of server and client. Uses
  keystores.
• Server must use a certificate that LoginClient
  trusts
• keytool genkey keystore SSLStore alias
  SSLCertificate
• VM Arguments for LoginServer
• -Djavax.net.ssl.keyStore SSLStore
• -Djavax.net.ssl.keyStorePasswordpassword
• VM Arguments for LoginClient
• -Djavax.net.ssl.trustStore SSLStore
• -Djavax.net.ssl.trustStorePasswordpassword
• where password is the password you used with
  your keystore

53
Java Language Secure Coding

• Several steps to ensure code not malicious
• dont read memory beyond end of array
• dont read uninitialized variables
• (avoid arbitrary memory location)
• detect certain illegal casts between data types
• check access modifiers
• Bytecode verifier
• ensures bytecodes are valid Java
• class has only 1 super class. Final class not
  extended.

54
Java Language Secure Coding

• Class Loader
• read class definition from class, produce
  representation in memory
• Use separate namespaces to prevent interaction
  between malicious and safe code
• Security Manager
• watches for delete file, read from file,
  append/edit file, add/load classes to a package,
  open socket connection.
• AccessControlException if untrusted code attempts
  (possible in our RMI code)

55
Exercises

• Look at system-wide policy file (if have access)
• Run AuthorizedFileWriter. Change policy file and
  parameter to write to a different file.
• Refer to http//java.sun.com/j2se/1.3/docs/guide/
  security/permissions.html

56
Exercise

• Run Authenticate NT
• Run LoginServer and LoginClient