Cheng-Chia Chen September 1999

Slides:



Advertisements
Similar presentations
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Advertisements

Copyright © 2005 David M. Wheeler, All Rights Reserved Desert Code Camp: Introduction to Cryptography David M. Wheeler May 6 th 2006 Phoenix, Arizona.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
SSL (Secure Socket Layer)
Java Security. Overview Hermetically Sealed vs. Networked Executable Content (Web Pages & ) Java Security on the Browser Java Security in the Enterprise.
Digital Signatures and Hash Functions. Digital Signatures.
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication (Part B)
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.
An Introduction to Security Concepts and Public Key Infrastructure (PKI) Mary Thompson.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
1 Frameworks. 2 Framework Set of cooperating classes/interfaces –Structure essential mechanisms of a problem domain –Programmer can extend framework classes,
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Certificates By Purvi Shah. What is a Certificate A certificate is basically a digitally signed statement from one entity (person, company, etc.), saying.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
1 Homework Study Java Cryptography by Reading the rest of slides and accessing Sun ’ s Java website:
Page 1 Sandboxing & Signed Software Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
JSSE API University of Palestine Eng. Wisam Zaqoot April 2010.
1 Lecture 5 George Koutsogiannakis/ Summer 2011 CS441 CURRENT TOPICS IN PROGRAMMING LANGUAGES.
CSCI 6962: Server-side Design and Programming
X.509 Certificate management in.Net By, Vishnu Kamisetty
Java and Security Cryptography, Symmetric Key, Public Key, Authentication, Digital Signatures, Message Digests.
Chapter 31 Network Security
MT311 Java Application Development and Programming Languages Li Tak Sing ( 李德成 )
Security in Java Sunesh Kumra S
16.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 16 Security at the Application Layer: PGP and.
_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.
Java Security Shmuel Babad CEO MidLink Computing LTD
Java Security Pingping Ma Nov 2 nd, Overview Platform Security Cryptography Authentication and Access Control Public Key Infrastructure (PKI)
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
1 Module Objective & Outline Module Objective: After completing this Module, you will be able to, appreciate java as a programming language, write java.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Java Security Nathan Moore CS 665. Overview Survey of Java Inherent Security Properties Java Runtime Environment Java Virtual Machine Java Security Model.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
JAVA SECURITY BASIC NETWORKING MULTITHREATING Deniz HASTORUN
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
COMPS311F Java Application Development and Programming Languages Li Tak Sing ( 李德成 )
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Csci5931 Web Security1 Java Security Model (GS: Ch. 7)
1 Session 3 Module 4: Java Security Module 5: Cryptography.
Jaas Introduction. Outline l General overview of Java security Java 2 security model How is security maintained by Java and JVM? How can a programmer.
Java Security Session 19. Java Security / 2 of 23 Objectives Discuss Java cryptography Explain the Java Security Model Discuss each of the components.
Creating and Managing Digital Certificates Chapter Eleven.
Java Security cont’d. Using SecurityManager  The basic SecurityManager architecture is simple. Throughout the JDK, the Java security team had to:  Identify.
1 Session 4 Module 6: Digital signatures. Digital Signatures / Session4 / 2 of 18 Module 4, 5 - Review (1)  Java 2 security model provides a consistent.
MT311 Java Application Development and Programming Languages Li Tak Sing ( 李德成 )
Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy
Understanding Security
TCS Internal Security. 2 TCS Internal Objective Objective :  Android Platform Security Architecture.
LAB#8 PKI & DIGITAL CERTIFICATE CPIT 425. Public Key Infrastructure PKI 2  Public key infrastructure is the term used to describe the laws, policies,
Java Cryptography Nick Pullman DSU-MSIA Citigroup Information Security
“Java Cryptography” By Karim Kilany CSCI 485 Presentation Dr.Sherif Aly.
Web Security CS-431.
Security at the Application Layer: PGP and S/MIME
Presentation transcript:

Cheng-Chia Chen September 1999 Security in Java 2 SDK 1.2 Cheng-Chia Chen September 1999

Course Information Textbook: No. References: Introduction to the theory of Computation, by Sipser (PWS), 1997. (新月) Element of the theory of Computation, By H.R.Lewis and C.H. Papadimitriou, (Prentice-Hall), 1998 (全華) Papadimitriou, Computational Complexity (台北) Automata and Computability, By D.C. Kozen, Springer-Verlag,Feb. 1997. Introduction to Automata Theory, Language and Computation, by J.E. Hopcroft and J.D. Ullman, 1979. Grading: homework 20~30% two examinations 60% performance 10~20%

Security Features Overview JDK 1.2 contains substantial security features enhancements: policy-based, easily-configurable, fine-grained access control; new cryptographic services and certificate and key management classes and interfaces; three new tools. These topics are discussed in the following sections: Security Architecture Extensions Cryptography Architecture Extensions Security-Related Tools.

Security Architecture Extensions JDK 1.0 Security Model (sandbox model): local code: have full access to vital system resources, downloaded remote code (an applet): is not trusted and can access only the limited resources provided inside the sandbox. A security manager is responsible in this and subsequent platforms for determining which resource accesses are allowed.

JDK 1.1 Security Model: A digitally signed applet is treated like local code, with full access to resources, if the public key used to verify the signature is trusted. Unsigned applets are still run in the sandbox. Signed applets are delivered, with their respective signatures, in signed JAR (Java ARchive) files.

JDK 1.2 Security Model: All code ( local or remote) subject to a security policy. The security policy defines the set of permissions available for code from various signers or locations and can be configured by a user or a system administrator. Each permission specifies a permitted access to a particular resource, such as read and write access to a specified file or directory or connect access to a given host and port. A domain is a set of classes whose instances are granted the same set of permissions.

Cryptography Architecture Extensions Java cryptography architecture (JCA), introduced since JDK1.1 a framework for accessing and developing cryptographic functionality for the Java platform. The JCA includes a provider architecture that allows for multiple and interoperable cryptography implementations. Cryptographic service provider (CSP), or simply provider: a package (or a set of packages) that supplies a concrete implementation of a subset of the cryptography aspects of the JDK Security API.

What a provider could provides JDK 1.1: digital signature algorithms, message digest algorithms, and key-generation algorithms. JDK 1.2 adds five more types of services: Keystore creation and management Algorithm parameter management Algorithm parameter generation Key factory support to convert between different key representations Certificate factory support to generate certificates and certificate revocation lists (CRLs) from their encodings also enables a provider to supply a random-number generation (RNG) algorithm.

Default provider of Sun's JRE. Includes implementations of The SUN provider Default provider of Sun's JRE. Includes implementations of a number of DSA (Digital Signature Algorithm) services, MD5 (RFC 1321) and SHA-1 (NIST FIPS 180-1) message digest algorithms, a certificate factory for X.509 certificates and certificate revocation lists, a pseudo-random-number generation algorithm, and a keystore implementation.

Java Cryptography Extension (JCE) Extends the JDK to include APIs for encryption, key exchange, and message authentication code (MAC). JCE and the cryptography aspects of the JDK provide a complete, platform-independent cryptography API. JCE is released separately as an extension to the JDK, in accordance with U.S. export control regulations.

JCA modules The SPI (service provider interface) layer are methods to be implemented by cryptographic service providers (CSPs)

Cryptographic Services An engine class defines a cryptographic service(API) without a concrete implementation. defines API methods that allow applications to access the specific type of cryptographic service it provides, such as a digital signature algorithm. The actual implementations, from one or more providers, are those for specific algorithms. implemented in terms of a service provider interface (SPI). each engine class has a corresponding abstract SPI class that defines the service provider interface methods that cryptographic service providers must implement.

Example an API client may request and use an instance of the Signature engine class to access the functionality of a digital signature algorithm to digitally sign a file. The actual implementation supplied in a SignatureSpi subclass would be that for a specific kind of signature algorithm, such as SHA-1 with DSA or MD5 with RSA. Each instance of an engine class encapsulates an instance of the corresponding SPI class as implemented by a cryptographic service provider. Each API method of an engine class invokes the corresponding SPI method of the encapsulated SPI object.

Certificate Interfaces and Classes JDK 1.2 provides an X.509 v3 implementation of the certificate interfaces. A certificate is a digitally signed statement from one entity (issuer), saying that the public key of another entity(subject) has some particular value. Certificate-related classes (all in the java.security.cert package): Certificate - an abstraction for certificates of various types X.509, PGP, and SDSI CertificateFactory - defines the functionality of a certificate factory, which is used to generate certificate and certificate revocation list (CRL) from their encodings. X509Certificate - an abstract class for X.509 certificates providing a standard way to access all the attributes of an X.509 certificate.

Key Management Classes and Interfaces JDK 1.1 introduced abstract Key interfaces. keystore: a repository of keys and certificates. Multiple implementations are possible, where each implementation is that for a particular type of keystore. A keystore type defines the storage and data format of the keystore information. JDK 1.2 adds A KeyStore class (an engine class): supplies well-defined interfaces to access/modify the information in a a keystore. A default KeyStore implementation: implements the keystore as a file, using a proprietary keystore type (format) named JKS. password-protected for each private key and the entire keystore.

Key Management Classes and Interfaces (cont’d) Key specification interfaces: used for "transparent" representations of the key material that constitutes a key. may consist of the key itself and the algorithm parameters used to calculate the key value. A transparent representation of keys means that you can access each key material value individually. keytool: A tool for managing keys and certificates.

Security-Related Tools JDK 1.2 introduces three new tools: The keytool is used to create pairs of public and private keys, to import and display certificate chains, to export certificates, and to generate X.509 v1 self-signed certificates and to generate certificate requests that can be sent to a certification authority. The jarsigner tool signs JAR (Java ARchive format) files and verifies the authenticity of the signature(s) of signed JAR files. The Policy Tool creates and modifies the policy configuration files that define your installation's security policy.

Lesson: Quick Tour of Controlling Applets a brief introduction to some of the new security features. It shows how resource accesses, such as reading or writing a file, are not permitted for applets unless explicitly allowed by a permission in a policy file. The steps for this lesson: 1. Observe Applet Restrictions 2. Set Up a Policy File to Grant the Required Permission 3.See the Policy File Effects

Observe Applet Restrictions the Java platform provides protection from attack through the use of a security manager. JDK system code invokes security manager methods to perform resource access control checks. Most browsers install a security manager, so applets typically run under the scrutiny of a security manager. Each such applet is not allowed to access resources unless it is explicitly granted permission to do so by the security policy in effect. the permission must be granted by an entry in a policy file. Type this command in your browser’s location: http://java.sun.com/docs/books/tutorial/ security1.2/tour1/example-1dot2/WriteFile.html

writefile.java /** By default, this applet raises a security exception, unless you configure your policy * to allow applets from its location to write to the file "writetest". */ import java.awt.*; import java.io.*; import java.lang.*; import java.applet.*; public class WriteFile extends Applet { String myFile = "writetest"; File f = new File(myFile); DataOutputStream dos; public void init() { String osname = System.getProperty("os.name"); } public void paint(Graphics g) { try { dos = new DataOutputStream(new BufferedOutputStream(new FileOutputStream (myFile),128)); dos.writeChars("Cats can hypnotize you when you least expect it\n"); dos.flush(); g.drawString("Successfully wrote to the file named " + myFile + " -- go take a look at it!", 10, 10); } catch (SecurityException e) { g.drawString("writeFile: caught security exception: " + e, 10, 10); } catch (IOException ioe) { g.drawString("writeFile: caught i/o exception", 10, 10); } } }

Set up a Policy File to Grant the Required Permission an ASCII text file, can be composed via a text editor or the graphical Policy Tool utility demonstrated in this section. The Policy Tool saves you typing and no need to know the required syntax of policy files, thus reducing errors. use the Policy Tool to create a policy file, named mypolicy, add a policy entry that grants code from the directory where WriteFile.class is stored permission to write the writetest file. The steps are as follows: 1. Start Policy Tool 2. Grant the Required Permission 3. Save the Policy File

Type the command to start the tool: > policytool Start Policy Tool Type the command to start the tool: > policytool The user policy file is by default a file named .java.policy in your home directory.

Grant the Required Permission choose the Add Policy Entry button in the main Policy Tool window. http://java.sun.com/docs/books/tutorial/security1.2/tour1/example-1dot2/ left empty

Glossary in Java Security Certificate (憑證) A certificate is a digitally signed statement from one entity (person, company, etc.), saying that the public key of some other entity has some particular value. If you trust the signature on the certificate, you trust that the association in the certificate between the specified public key and the other entity is authentic. Cryptography Algorithm: an algorithm used to help ensure one or more of the following: 1. the confidentiality of data 2. authentication of the data sender 3. integrity of the data sent 4. nonrepudiation; a sender cannot deny having sent a particular message digital signature algorithm (2,3,4) message digest algorithms (2) encryption and decryption (1) (JCE)

Decryption Digital Signature Decryption is the inverse of encryption; the process of taking ciphertext (encrypted data) and a cryptographic key, and producing cleartext (the original unencrypted data). Digital Signature a string of bits that is computed from some data (the data being "signed") and the private key of an entity. can be used to verify that the data came from the entity and was not modified in transit. Useful characteristics: Its authenticity can be verified, via a computation that uses the public key corresponding to the private key used to generate the signature. It cannot be forged, assuming the private key is kept secret. It is a function of the data signed and thus can't be claimed to be the signature for other data as well. The signed data cannot be changed; if it is, the signature will no longer verify as being authentic.

Domain or Protection Domain A protection domain ("domain" for short) encloses a set of classes whose instances are granted the same set of permissions. In addition to a set of permissions, a domain is comprised of a CodeSource, which is a set of PublicKeys together with a codebase (in the form of a URL). Thus, classes signed by the same keys and from the same URL are placed in the same domain. Classes that have the same permissions but are from different code sources belong to different domains. Currently in JDK 1.2, protection domains are created "on demand" as a result of class loading. Today all code shipped as part of the JDK is considered system code and runs inside the unique system domain. Each applet or application runs in its appropriate domain, determined by its code source.