5/7/2018 Java Security and a Firewall Extension for Authenticity Control of Java Applets
Outline of the Talk Thesis Objective Internet and Security 5/7/2018 Outline of the Talk Thesis Objective Internet and Security Filtering Methods Object Signing Java Authentication System Performance Analysis Conclusion
5/7/2018 Objective To design and implement a system to regulate the execution of Java applets in a network environment, inside a firewall.
DMZ Firewall Configuration 5/7/2018 DMZ Firewall Configuration DMZ (DeMilitarized Zone) HTTP Proxy Gateway Improves security, since fewer hosts are exposed Reduced bandwidth utilization through caching Provides logging and filtering capabilities
5/7/2018 Executable Content Executable content is executable code downloaded from a remote hosts and run on the downloading principal's machine upon receipt. Examples of executable content are Java applets, JavaScript, ActiveX, and PostScript Java is the most commonly used Java features: Built in security, both in the language and the run-time system Platform independent Object-Oriented
The Threat Several serious security problems have been found in Java 5/7/2018 The Threat Several serious security problems have been found in Java Type confusion attacks (http://www.cs.princeton.edu/sip) Flaws in the networking code Bug in the class loader implementation of Netscape Navigator (http://www.users.zetnet.co.uk/hopwood) Flaw in the security manager implementation of Internet Explorer Malicious applets that hang the system or send forged e-mail messages (http://www.rstcorp.com/hostile-applets/index.html)
HTTP - HyperText Transfer Protocol 5/7/2018 HTTP - HyperText Transfer Protocol HTTP request through a proxy GET http://www.foo.com/stuff/info.html HTTP/1.0 Proxy-Connection: Keep-Alive User-Agent: Mozilla/3.0 (WinNT; I) Host: www.foo.com Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* HTTP reply HTTP/1.0 200 OK Server: JavaWebServer/1.0.1 Content-Length: 1796 Content-Type: text/html Last-Modified: Mon, 17 Nov 1997 03:06:31 GMT Connection: close Date: Fri, 26 Nov 1997 01:06:08 GMT <HTML>
Filtering Methods Inspection of the Content-Type Header Field 5/7/2018 Filtering Methods Inspection of the Content-Type Header Field Straightforward Not all web servers specifies the right MIME type Possible to fool the filter Inspection of HTML Content The <APPLET> tag triggers the start of the JVM Caching causes problems Dynamic content (JavaScript) complicates detection of <APPLET> tags Slow Scanning for known Magic Numbers All Java class files must begin with the 4-byte hex signature CA FE BA BE Fast Can’t distinguish JARs (Java Archive) from zip archives Examination of the requested URL Java executable code must be stored in a .class or a .jar files
5/7/2018 Object Signing Digital signatures are used as a proof that communication came from a particular individual or organization. It can be applied to any kind of electronic document or binary data.
Using Digital Signatures 5/7/2018 Using Digital Signatures Signing Verifying Java Security and a Firewall Extension for Authenticity Control of Java Applets Report.txt Java Security and a Firewall Extension for Authenticity Control of Java Applets Report.txt Compare Hashing Algorithm One-way hash Hashing Algorithm Private key Public key One-way hash Digital Signature Digital Signature One-way hash Encryption Decryption
JAR - Java ARchive New feature in JDK 1.1 5/7/2018 JAR - Java ARchive New feature in JDK 1.1 Reduces the bandwidth utilization Fewer transactions are needed Uses ZIP compression Allows Java applets to be digitally signed
The JAR Format A signed JAR archive contains: 1 Manifest file 5/7/2018 The JAR Format A signed JAR archive contains: 1 Manifest file Contains a section for each signed file in an archive. n Signature Instruction Files Associates signatures to content files. n Digital Signature Instruction Files Signed copy of the corresponding Signature Instruction File. m Content Files The content of the archive. May contain a mix of signed and unsigned files.
Verifying integrity of a signed JAR file 5/7/2018 Verifying integrity of a signed JAR file Digital S. file Signature I. file 1. For each digital signature file: verify integrity of corresponding signature instruction file. 2. For each signature instruction file entry: verify hash of corresponding manifest file entry. 3. For each manifest file entry: verify hash of corresponding file. 1. Encrypted digest: 1wr4X5vg8d22d Name: report.txt Algortihm: SHA SHA-Hash: 6goIqkIAUwu6T Name: jas.java 2. Manifest file Report.txt Name: report.txt Algortihm: SHA SHA-Hash: CmnX58sSgpufb Name: jas.java SHA-Hash: Java Security and a Firewall Extension for Authenticity Control of Java Applets 3.
JAS - Java Authenticaton System 5/7/2018 JAS - Java Authenticaton System Features Detect Java applets in HTTP traffic Block unsigned Java applets Authorization control based on signer’s identity Integrity check of JAR files Editable database of trusted entities User notification when a request is rejected Components Proxy extension called JavaFilter (JF) Authentication Server (AS)
5/7/2018 JAS Message Flow 1. The client sends an HTTP request for a Java applet stored in a JAR file. 2.The Java Filter (JF) detects the request and issues an authorization request to the Authentication Server (AS). 3. AS requests the file from the server. 4. The server returns the JAR file. 5. After authentication and integrity check is the file passed to the proxy. 6. The proxy forwards the file content to the client.
Implementation Both components are written in Java (JDK 1.1.x) 5/7/2018 Implementation Both components are written in Java (JDK 1.1.x) The JavaFilter is an extension to the Java Proxy (Developed by HotLava Consulting (http://www.hotlava.com/software) The Authentication Server is implemented as a servlet Example of reusable classes: ASN.1 types, BER InputStream, X.509 certificate, JarFile HTTP is used in communications between the proxy and the authentication server. Integrates with JDK’s built-in entity database Dynamic notification applet
5/7/2018 Performance Analysis Five test suites with four different files in each suite The proxy alone introduces average latency of 80 ms JAS introduces and average latency of 1,5 s The response time varies considerably depending on which file in the test suite that is requested
Performance Analysis Fb(n): Time for JarFile constructor to finish 5/7/2018 Performance Analysis Fb(n): Time for JarFile constructor to finish Fa(n): Time for authentication procedure to complete Fi(n): Time for integrity check to complete
Performance Analysis Yoda Widedcan Pentium 133 MHz 32 MB RAM 5/7/2018 Performance Analysis Yoda Pentium 133 MHz 32 MB RAM NT 4.0 Workstation Widedcan Pentium 200 MHz 64 MB RAM NT 4.0 Server
5/7/2018 Conclusion The accomplishment of this thesis has been the design, and implementation of a system called JAS JAS is able to detect and reject potential threats, such as: Unsigned applets Applets signed by unauthorized entities JAR archives with integrity flaws. JAS performance could be improved. Possible improvements: JIT Compiler More efficient implementation of the integrity check process Faster cryptographic libraries