encryption boot camp on the jvm

ENCRYPTION BOOT CAMP

security is your mission

SECURITY ON THE JVMWhat’s your position?

ENCRYPTING?

statistics say probably not

WORRIED?You should be

Matthew McCullough

@matthewmccull

#EncryptBC

http://speakerrate.com/matthew.mccullough

ANCIENT HISTORYEverything old is new again

Sensitive Data

Recipient orStorage

Sensitive Data

Recipient orStorage

Sensitive Data

“I’m all over

this new

encryption

stuff boss”

44 B.C.That’s 2,054 years ago...

Julius Caesar

Caesar Cipher

A B C D E F G

a.k.a. ROT(2) Shift Cipher

Caesar Cipher

A B C D E F G

Caesar Cipher

RotationInteger=

Rot(x)

Caesar Cipher

Z M S R

Caesar Cipher

Z M S RA N T S if encrypted with ROT(-1)

Caesar Cipher

Z M S RA N T S if encrypted with ROT(-1)

B O U T if encrypted with ROT(-2)

/** * A naively simple rotation cipher implementation. * USAGE: groovy RotateWord.groovy <yourword> */public class RotateWord { /** * Rotate one character by the specified amount */ private static char rotateChar(char c, int rotationAmount) { //a == 97, z == 122 int num = (int)c int rotated = num + rotationAmount int adjusted //Handle roll-around wrapping if (rotated > 122) adjusted = rotated - 26 else if (rotated < 97) adjusted = rotated + 26 else adjusted = rotated char adjustedChar = (char)adjusted return adjustedChar } /** * Rotate the entire String by the specified rotation amount. */ public static String rotateAllChars(String plainText, int rotationAmount) { String encodedMessage = "" //Loop through each character in the plaintext for (int i = 0; i < plainText.length(); i++) { //TODO: Improve to handle upper and lower case letters char c = plainText.toLowerCase().charAt(i) encodedMessage += rotateChar(c, rotationAmount) } return encodedMessage } public static void main (String[] args) { String originalword = args[0] println "Rot(-3) Word: " + rotateAllChars(originalword, -3) println "Rot(-2) Word: " + rotateAllChars(originalword, -2) println "Rot(-1) Word: " + rotateAllChars(originalword, -1) println "Original Word: ${originalword}" println "Rot(1) Word: " + rotateAllChars(originalword, 1) println "Rot(2) Word: " + rotateAllChars(originalword, 2) println "Rot(3) Word: " + rotateAllChars(originalword, 3) println "Rot(4) Word: " + rotateAllChars(originalword, 4) println "Rot(5) Word: " + rotateAllChars(originalword, 5) println "Rot(6) Word: " + rotateAllChars(originalword, 6) println "Rot(7) Word: " + rotateAllChars(originalword, 7) }}

> groovy RotateWord.groovy ants

Rot(-3) Word: xkqpRot(-2) Word: ylrq

Rot(2) Word: cpvuRot(3) Word: dqwv

Rot(-1) Word: zmsr

Original Word: ants

Rot(1) Word: bout

Rot(-1) Word: zmsr

Original Word: ants

Rot(1) Word: bout

BROKENPerfectly safe data is a myth

Compromised

! Every algorithm is vulnerable

! crack by brute force

! Crack by rainbow tables

! Function of time + money + hardware

Which would you hit?

$10,000

Now which would you hit?

JCE PRIMERThe world of Java crypto

Java Cryptography Extension

★ known as JCE

★ included in all JREs Since Java 1.2

★ known as JCE

★ Pluggable provider architecture

★ known as JCE

★ JCE extends Java Cryptography Architecture (JCA)

JCE Providers

! Default Sun JRE providers! SUN! SunJCE! SunJSSE! SunRsaSign

! Bouncycastle provider! Adds AES capabilities

Registering a Provider

! Static! <java-home>/lib/security/java.security! security.provider.n=masterClassName

! Dynamic! java.security.Security class

! addProvider()! insertProviderAt()

! not persistent across VM instances

EnCryption & the Law

country borders stop bits

JCE Strength

!Jurisdiction Policy Files! “Strong”! “Unlimited”

JCE Strength

! Strong strength included in all JREs

! Unlimited strength is a separate download available based on US export rules

Worldwide Policy

// File: default_local.policy// Some countries have import limits on crypto strength.// This policy file is worldwide importable.grant { permission javax.crypto.CryptoPermission "DES", 64; permission javax.crypto.CryptoPermission "DESede", *; permission javax.crypto.CryptoPermission "RC2", 128, "javax.crypto.spec.RC2ParameterSpec", 128; permission javax.crypto.CryptoPermission "RC4", 128; permission javax.crypto.CryptoPermission "RC5", 128, "javax.crypto.spec.RC5ParameterSpec", *, 12, *; permission javax.crypto.CryptoPermission "RSA", 2048; permission javax.crypto.CryptoPermission *, 128;};

Max Key Sizes

Algorithm Max Key Size

DES 64

DESede3des

RC2 128

RC4 128

RC5 128

RSA 2048

Others 128

Key Size & Security

Symmetric Key Size

160 bit DES

Key Size & Security

Symmetric Key Size

Asymmetric Key Size

1024 bit RSA

160 bit DES

Key Size & Security

Symmetric Key Size

Asymmetric Key Size

Security

1024 bit RSA

112 bits

160 bit DES

Key Size & Security

Symmetric Key Size

Asymmetric Key Size

Security Security

1024 bit RSA

112 bits

160 bit DES

128 bits

Random Numbers

Seed the machine

SecureRandom

! java.security.SecureRandom

! Cryptographically strong random number generator (RNG)

! “Unable to distinguish from a true random source”

package com.ambientideas;

import java.security.NoSuchAlgorithmException;import java.security.SecureRandom;

/** * Use the SecureRandom java security class to generate * a more expensive, but cryptographically secure random number. */public class SecureRandomNumber { public static void main( String[] args ) throws NoSuchAlgorithmException { //Do the expensive one time setup of the // random number generator instance SecureRandom prng = SecureRandom.getInstance("SHA1PRNG"); //Get the next random number String randomNum = new Integer( prng.nextInt() ).toString(); System.out.println("Random number: " + randomNum); }}

Result

Random number: 1633471380

Digests & HashesOne way functions

What is a Digest?

! Small set of bytes representing a large message

! Small change in message = large change in digest

! Integrity check for large data

! Password storage mechanism

MessageDigest

! java.security.MessageDigest

! Multiple algorithms available! MD5 (128 bit)! SHA-1 (160 bit)

MessageDigest

!MD5! U. S. Department of Homeland

Security said MD5"considered cryptographically broken and unsuitable for further use"

http://xkcd.com/538/

import java.security.MessageDigest;import java.security.NoSuchAlgorithmException;

/** * Digest a string message via SHA1. * * Demonstrate that very similar messages * have radically different hashes. */public class MessageDigestSHA { public static void main( String[] args ) throws NoSuchAlgorithmException { //Set up the message to be encoded String message1 = "Four score and seven years ago"; String message2 = "Four score and seven tears ago"; System.out.println("Message1 SHA1 digest: " + shaAndBase64Encode(message1)); System.out.println("Message2 SHA1 digest: " + shaAndBase64Encode(message2)); } /** * Helper function to both SHA-1 hash and * base64 encode the resulting bytes to a String */ public static String shaAndBase64Encode(String message) throws NoSuchAlgorithmException { MessageDigest sha = MessageDigest.getInstance("SHA-1"); //Salt could be applied here //Integer salt = <some random number generator> //sha.update(salt.getBytes()); byte[] digest = sha.digest(message.getBytes()); return new sun.misc.BASE64Encoder().encode(digest); }}

Message1 SHA1 digest: DmCJIg4Bq/xpGIxVXxo3IB0vo38=Message2 SHA1 digest: oaLHt8tr31ttngCDjyYuWowF5Mc=

String message1 = "Four score and seven years ago";String message2 = "Four score and seven tears ago";

Result

JDK KeytoolKey generation, storage & management

Keytool

! Creates! Keystore! Truststore

! Functions! -genkey! -list! -import! -export! -certreq

Creating a keystore

keytool -genkeypair -keyalg RSA -keysize 2048 -keystore myapp.keystore

Enter keystore password: ********Re-enter new password: ********

What is your first and last name? [Unknown]: Matthew McCulloughWhat is the name of your organizational unit? [Unknown]: Consulting What is the name of your organization? [Unknown]: Ambient Ideas, LLCWhat is the name of your City or Locality? [Unknown]: DenverWhat is the name of your State or Province? [Unknown]: ColoradoWhat is the two-letter country code for this unit? [Unknown]: US

Is CN=Matthew McCullough, OU=Consulting, O="Ambient Ideas, LLC", L=Denver, ST=Colorado, C=US correct? [no]: yes

Enter key password for <mykey>! (RETURN if same as keystore password):

Creating a keystorekeytool -genkeypair -keyalg RSA -keysize 2048 -keystore myapp.keystore

Using a keystore

java -Djavax.net.ssl.keyStore=keystore \ -Djavax.net.ssl.keyStorePassword=y3$1t1s \ ServerApp

Using a Truststore

java -Djavax.net.ssl.trustStore=truststore \ -Djavax.net.ssl.trustStorePassword=tru$tM3 \ ClientApp

JSSENetwork communications security

! Java Secure Socket Extension

! Built on top of JCE

! Specific to networking

! Standard as of JRE 1.4

! Implementations of! Secure Sockets Layer (SSL) 2.0 and 3.0! Transport Layer Security (TLS) 1.0

JAASAuthentication and Authorization

! Java Authentication and Authorization Service

! Single sign on helper

! Supports biometric, smartcard devices

! Adds “user” control(above code control)

SYMMETRICMy key is your key

Why Symmetric?

! Fast

! Bulk data

! Controlled environment

! Never decrypted at remote end

Symmetric Problems

! Keys vulnerable to capture

Symmetric Problems

! Eavesdropping on future communications after key compromise

! Key distribution challenges

! Triangular number key growth

Symmetric Problems! Triangular number key growth

DES & 3DES

! Block cipher

! DES is known to be broken

! 3DES and DESede

! basically three passes of DES

! Reasonably strong

Blowfish

! Secure replacement for DES

! Faster than DES

! Block cipher

! Rivest’s code 4

! Stream cipher

! Advanced Encryption Standard

! Government standard! Rijndael algorithm

(Joan Daemen, Vincent Rijmen)! 4 years of evaluation! Final in December 2000

! Very Secure

! block cipher

import java.security.InvalidKeyException;import java.security.NoSuchAlgorithmException;import java.security.NoSuchProviderException;

import javax.crypto.BadPaddingException;import javax.crypto.Cipher;import javax.crypto.IllegalBlockSizeException;import javax.crypto.KeyGenerator;import javax.crypto.NoSuchPaddingException;import javax.crypto.SecretKey;

import sun.misc.BASE64Encoder;

/** * Use the SecureRandom java security class to generate * a more expensive, but cryptographically secure random number. */public class SymmetricEncrypt { public static void main( String[] args ) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { final String message1 = "Four score and seven years ago"; //Build a new encryption key final KeyGenerator keyGen = KeyGenerator.getInstance("DESede"); keyGen.init(168); final SecretKey desKey = keyGen.generateKey(); //Set up the cipher final Cipher desCipher = Cipher.getInstance("DESede/ECB/PKCS5Padding"); ////////////////////////////////////// //Put the cipher in encryption mode desCipher.init(Cipher.ENCRYPT_MODE, desKey); //Encrypt and output the base64 data byte[] clearText = message1.getBytes(); byte[] encryptedBytes = desCipher.doFinal(clearText); BASE64Encoder b64e = new sun.misc.BASE64Encoder(); String base64Encrypted = b64e.encode(encryptedBytes); System.out.println("Encrypted text: " + base64Encrypted); ////////////////////////////////////// //Put the cipher in decryption mode desCipher.init(Cipher.DECRYPT_MODE, desKey); //Decrypt and output the original string byte[] decryptedBytes = desCipher.doFinal(encryptedBytes); String decryptedText = new String(decryptedBytes); System.out.println("Decrypted text: " + decryptedText); }}

Encrypted text: P0FT6N3XXrohtsz7OLh3FGYY0wErkPIur1DP6Csbj4g=Decrypted text: Four score and seven years ago

String message1 = "Four score and seven years ago";

Result

Encrypted isn’t enough?

http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation

ASYMMETRICThrowing away keys

faster than an intern locksmith

Diffie-Hellman

! Key Agreement Protocol

! Alice & Bob independently generate the shared (session) key

! asymmetric Key handshake

! 1970s

! Vulnerable to MITM attack! Fixed by

! PKI! signing the agreed key

DH Diagrammed

! Ron Rivest, Adi Shamir, Leonard Adleman

! Published in 1978

! M.I.T. Patented in 1983

! Patent Expired in 2000

import java.io.IOException;import java.security.InvalidKeyException;import java.security.KeyPair;import java.security.KeyPairGenerator;import java.security.NoSuchAlgorithmException;import java.security.NoSuchProviderException;import java.security.PrivateKey;import java.security.PublicKey;import java.security.SecureRandom;

import javax.crypto.BadPaddingException;import javax.crypto.Cipher;import javax.crypto.IllegalBlockSizeException;import javax.crypto.NoSuchPaddingException;

/** * Use the SecureRandom java security class to generate * a more expensive, but cryptographically secure random number. */public class EncryptRSA { public static void main( String[] args ) throws NoSuchAlgorithmException, NoSuchProviderException, IOException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { final String message1 = "Four score and seven years ago"; // Generate the Key Pair final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); final SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN"); keyGen.initialize(1024, random); KeyPair pair = keyGen.generateKeyPair(); final PrivateKey privKey = pair.getPrivate(); final PublicKey pubKey = pair.getPublic(); //Encrypt using the private key Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding"); rsa.init(Cipher.ENCRYPT_MODE, privKey); byte[] encryptedBytes = rsa.doFinal(message1.getBytes()); BASE64Encoder b64e = new sun.misc.BASE64Encoder(); String base64Encrypted = b64e.encode(encryptedBytes); System.out.println("Encrypted text: " + base64Encrypted); //Decrypt using the private key rsa.init(Cipher.DECRYPT_MODE, pubKey); byte[] decryptedBytes = rsa.doFinal(encryptedBytes); String decryptedText = new String(decryptedBytes); System.out.println("Decrypted text: " + decryptedText); }}

Encrypted text: A8Is+4r7sDn28fD6IQvZiR5JxPs/vh7UnXrF38acJt6R/ARisj/zLtC7Xn6iJgNQPhc16wkVZhCFem7oNoim+ooTUDDZQ+E3qP6y/DZJGkLBoZuZVLeLAW1LUtHSzduRUOg1uMynJz14wxzwfV8wfRwfatpySkOhGqWS63bPNRs=Decrypted text: Four score and seven years ago

Result

OTHER FRAMEWORKSand alternative JCE providers

Bouncy Castle

! JCE Provider

! Many more encryption and digest algorithms than the Sun provider (AES)

Jasypt

JasyptFrictionless Java encryption

GnuOpen source library

WIFIYou are the weakest link

WIFI Algorithms

!WPA2AES

WIFI Algorithms

!WPA2 AES

TJ Maxx

! $1 billon USD final cost

! 45 million credit card numbers stolen

Many security experts have criticized the

strength of WEP encryption. WEP was initially

cracked in 2001, and most recently broken by

German researchers last month

using an ordinary

laptop in under three

seconds— Tom Espiner, ZDNet UK

WIFI Interception

! Hey Look! A MyFreeWIFI SSID...

! Tempting

! Ridiculously unsafe

Tools of the Trade

!AirCrack!AirSnort!WireShark!Silent Proxies

WEP Cracking

! Listen for packets! Slow! Untraceable

! Inject bad packets! Listen for reply! Faster

! leaves a footprint

WireShark Demo

Upside-Down-TernetDemo

PRINTED MATERIALSDead tree propagation of security

1998 Java 1.1 & 1.2

2004 Java 1.4

2005 Java 5

ENCRYPTION BOOT CAMPsecurity mission completed

@matthewmccull

#EncryptBC

matthewm@ambientideas.com

http://ambientideas.com/blog

REFERENCES

! Sun docs! http://java.sun.com/javase/6/docs/technotes/

guides/security/crypto/CryptoSpec.html! http://java.sun.com/javase/technologies/security/! http://java.sun.com/javase/6/docs/technotes/

guides/security/jsse/JSSERefGuide.html! http://java.sun.com/javase/6/docs/api/java/

security/Security.html

! BouncyCastle JCE Provider! http://www.bouncycastle.org/documentation.html

References

! Sample Code! http://github.com/matthewmccullough/

encryption-jvm-bootcamp

! Miscellaneous! http://www.ietf.org/rfc/rfc3852.txt! http://en.wikipedia.org/wiki/

Abstract_Syntax_Notation_One

References

! CMS! Cryptographic Message Syntax (CMS)

objects! RFC 3852! PKCS#7 (formerly RFC 2630, 3369)! http://www.ietf.org/rfc/rfc3852.txt

! ASN.1! Abstract Syntax Notation One! 1984 X.409, 1988 X.208, 1995 X.680,

2002! http://www.asn1.org/

Acronyms

CREDITS

! http://www.ambientideasphotography.com! http://stockfootageforfree.com/! http://xkcd.com/538/! http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation! http://matdonline.free.fr/RSA-Diffie-Hellman-explained-in-5-

minutes.htm! http://www.isg.rhul.ac.uk/node/329! http://www.isg.rhul.ac.uk/files/IMG_9819.JPG! http://www.usc.edu/dept/molecular-science/pictures/RSA-2003.jpg! All others, iStockPhoto.com

Outtakes

Steganography

! Data in pictures! Not necessarily encrypted! Merely hidden in pedestrian files

Steganography

! MP3! JPEG! DIVX! TCP Retry Packets! Email Headers

Steganography

! High signal to noise ratio! Slow but

! Inconspicuous

Cracks in the News

! Thomas Jefferson letter! London Tube Oyster cards! GSM! Iraq drone video feeds! Pacemakers! Zune! WPA! Blue-ray! DVD! Skype! Windows Vista BitLocker

Encryption & The Law

!Encryption considered a munition under international law

!1999 Relaxation of rules

Digital Signatures

! Hash with Private Key

! Public Private Key Systems

! Public Key Infrastructure (PKI)

Breakthroughs

! IBM! Statistics on encrypted data

! No compromise on security or anonymity

! Clickers/Tokens

! One Time Pads (paper)

! Message Digests == Hash?! Certificates (x509 v3)! Digital signatures

! Just means hashing a message, then signing the hash with the private key

! Later verified by decrypting the hash with the public key, then re-running the hash and comparing the two hashes.

! Block vs Stream ciphers

Cryptographic Message Syntax

Sign / Digest / Auth / Encrypt

Session Keys

! symmetric key exchanged securely by a private/public key initial transaction

Elliptic Curve

! Faster than standard public key encryption

! Based on elliptic curve logarithm problem

ENCRYPTION BOOT CAMP

security is your mission

1Friday, January 15, 2010

SECURITY ON THE JVMWhat’s your position?

HACK ATTEMPTS PER DAY>3 0 0 , 0 0 0

ENCRYPTING?

statistics say probably not

WORRIED?You should be

Matthew McCullough

@matthewmccull

#EncryptBC

ANCIENT HISTORYEverything old is new again

Recipient orStorage

Sensitive Data

Craziest idea ever! Everyone knows you need to keep secret information hidden in a body cavity and physically transport it to the recipient. All the movies do that.

“I’m all over

this new

encryption

stuff boss”

Even though we make minor adjustments, they are often seeded by our predecessors.Even encryption is over old with a fresh coat of paint

44 B.C.That’s 2,054 years ago...

Julius Caesar

And even the Egyptians before him were trying math for encryption.http://www.amazon.com/Code-Book-Science-Secrecy-Cryptography/dp/0385495323/ref=sr_1_7?ie=UTF8&s=books&qid=1263535206&sr=8-7

Caesar Cipher

A B C D E F G

Caesar Cipher

RotationInteger=

Rot(x)

Caesar Cipher

Z M S R

30s 25s 20s 15s 10s 5s Stop

A N T S if encrypted with ROT(-1)

B O U T if encrypted with ROT(-2)

Encrypted Word

This is not an eye test at your optometristEnglish dictionary attack would be a good approach.ANTS and BOUT are solutions [ROT(+1) and ROT(+2)]

/** * A naively simple rotation cipher implementation. * USAGE: groovy RotateWord.groovy <yourword> */public class RotateWord { /** * Rotate one character by the specified amount */ private static char rotateChar(char c, int rotationAmount) { //a == 97, z == 122 int num = (int)c int rotated = num + rotationAmount int adjusted //Handle roll-around wrapping if (rotated > 122) adjusted = rotated - 26 else if (rotated < 97) adjusted = rotated + 26 else adjusted = rotated char adjustedChar = (char)adjusted return adjustedChar } /** * Rotate the entire String by the specified rotation amount. */ public static String rotateAllChars(String plainText, int rotationAmount) { String encodedMessage = "" //Loop through each character in the plaintext for (int i = 0; i < plainText.length(); i++) { //TODO: Improve to handle upper and lower case letters char c = plainText.toLowerCase().charAt(i) encodedMessage += rotateChar(c, rotationAmount) } return encodedMessage } public static void main (String[] args) { String originalword = args[0] println "Rot(-3) Word: " + rotateAllChars(originalword, -3) println "Rot(-2) Word: " + rotateAllChars(originalword, -2) println "Rot(-1) Word: " + rotateAllChars(originalword, -1) println "Original Word: ${originalword}" println "Rot(1) Word: " + rotateAllChars(originalword, 1) println "Rot(2) Word: " + rotateAllChars(originalword, 2) println "Rot(3) Word: " + rotateAllChars(originalword, 3) println "Rot(4) Word: " + rotateAllChars(originalword, 4) println "Rot(5) Word: " + rotateAllChars(originalword, 5) println "Rot(6) Word: " + rotateAllChars(originalword, 6) println "Rot(7) Word: " + rotateAllChars(originalword, 7) }}

Look at how much effort it is to write even the simplest cipher (Caesar) implementation ourselves.

Rot(-1) Word: zmsr

Original Word: ants

Rot(1) Word: bout

Think about the combinatoric and steganographic possibilities.16Friday, January 15, 2010

BROKENPerfectly safe data is a myth

Compromised

! Every algorithm is vulnerable

! crack by brute force

! Crack by rainbow tables

! Function of time + money + hardware

Which would you hit?

Go into a jewelry store.Two possible storage containers to hit. Your informant has told you how much is in each.4X as much in the safe as in the wooden box.

$10,000

Now which would you hit?

Now the jewelry box contains 1/200th what the safe does. Would you still hit the wooden box?

JCE PRIMERThe world of Java crypto

★ known as JCE

★ JCE extends Java Cryptography Architecture (JCA)

JCE Providers

! Default Sun JRE providers! SUN! SunJCE! SunJSSE! SunRsaSign

! Bouncycastle provider! Adds AES capabilities

! Static! <java-home>/lib/security/java.security! security.provider.n=masterClassName

! Dynamic! java.security.Security class

! addProvider()! insertProviderAt()

! not persistent across VM instances

Can only be done by "trusted" programs with the appropriate privilege25Friday, January 15, 2010

EnCryption & the Law

country borders stop bits

JCE Strength

!Jurisdiction Policy Files! “Strong”! “Unlimited”

JCE Strength

! Strong strength included in all JREs

! Unlimited strength is a separate download available based on US export rules

Worldwide Policy

// File: default_local.policy// Some countries have import limits on crypto strength.// This policy file is worldwide importable.grant { permission javax.crypto.CryptoPermission "DES", 64; permission javax.crypto.CryptoPermission "DESede", *; permission javax.crypto.CryptoPermission "RC2", 128, "javax.crypto.spec.RC2ParameterSpec", 128; permission javax.crypto.CryptoPermission "RC4", 128; permission javax.crypto.CryptoPermission "RC5", 128, "javax.crypto.spec.RC5ParameterSpec", *, 12, *; permission javax.crypto.CryptoPermission "RSA", 2048; permission javax.crypto.CryptoPermission *, 128;};

Max Key Sizes

Algorithm Max Key Size

DES 64

DESede3des

RC2 128

RC4 128

RC5 128

RSA 2048

Others 128

http://java.sun.com/j2se/1.4.2/docs/guide/security/jce/JCERefGuide.html#AppE

Key Size & Security

Symmetric Key Size

Asymmetric Key Size

Security Security

1024 bit RSA

112 bits

160 bit DES

128 bits

Speed is 1000x slower on asymmetric33Friday, January 15, 2010

Random Numbers

Seed the machine

SecureRandom

! java.security.SecureRandom

! Cryptographically strong random number generator (RNG)

! “Unable to distinguish from a true random source”

A cryptographically strong random number generator passes all statistical tests that run in polynomial time asymptotically. It will pass any statistical test for randomness that does not require an exponentially increasing to infinite amount of time to run. All such polynomial time statistical tests will be unable to distinguish the random number generator from a true random source.http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#Conceptshttp://java.sun.com/javase/6/docs/api/java/security/SecureRandom.htmlhttp://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#AppA

Result

Random number: 1633471380

Digests & HashesOne way functions

What is a Digest?

! Small set of bytes representing a large message

! Small change in message = large change in digest

! Integrity check for large data

! Password storage mechanism

OWASP says passwords should never be stored in plaintexthttp://www.owasp.org/index.php/Hashing_Java

MessageDigest

! java.security.MessageDigest

! Multiple algorithms available! MD5 (128 bit)! SHA-1 (160 bit)

MessageDigest

!MD5! U. S. Department of Homeland

Security said MD5"considered cryptographically broken and unsuitable for further use"

http://en.wikipedia.org/wiki/MD543Friday, January 15, 2010

http://xkcd.com/538/

$5 wrench XKCD: http://xkcd.com/538/Missy Elliott XKCD: http://xkcd.com/153/

Message1 SHA1 digest: DmCJIg4Bq/xpGIxVXxo3IB0vo38=Message2 SHA1 digest: oaLHt8tr31ttngCDjyYuWowF5Mc=

String message1 = "Four score and seven years ago";String message2 = "Four score and seven tears ago";

Result

JDK KeytoolKey generation, storage & management

Keytool

! Creates! Keystore! Truststore

! Functions! -genkey! -list! -import! -export! -certreq

Creating a keystore

keytool -genkeypair -keyalg RSA -keysize 2048 -keystore myapp.keystore

Creating a keystorekeytool -genkeypair -keyalg RSA -keysize 2048 -keystore myapp.keystore

Using a keystore

java -Djavax.net.ssl.keyStore=keystore \ -Djavax.net.ssl.keyStorePassword=y3$1t1s \ ServerApp

Using a Truststore

java -Djavax.net.ssl.trustStore=truststore \ -Djavax.net.ssl.trustStorePassword=tru$tM3 \ ClientApp

JSSENetwork communications security

! Java Secure Socket Extension

! Built on top of JCE

! Specific to networking

! Standard as of JRE 1.4

! Implementations of! Secure Sockets Layer (SSL) 2.0 and 3.0! Transport Layer Security (TLS) 1.0

http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.htmlPreviously an optional add on up through JRE 1.3

http://en.wikipedia.org/wiki/Transport_Layer_SecurityTLS 1.0 in 1999. Improvements to SSL 3.0 (1996)

JAASAuthentication and Authorization

! Java Authentication and Authorization Service

! Single sign on helper

! Supports biometric, smartcard devices

! Adds “user” control(above code control)

SYMMETRICMy key is your key

Why Symmetric?

! Fast

! Bulk data

! Controlled environment

! Never decrypted at remote end

Symmetric Problems

! Eavesdropping on future communications after key compromise

! Key distribution challenges

! Triangular number key growth

How do you distribute keys?System-wide number of keys for N nodes to talk securely to any node is Tnhttp://mathworld.wolfram.com/TriangularNumber.html

Symmetric Problems! Triangular number key growth

DES & 3DES

! Block cipher

! DES is known to be broken

! 3DES and DESede

! basically three passes of DES

! Reasonably strong

Blowfish

! Secure replacement for DES

! Faster than DES

! Block cipher

Sounds like a new flavor of Ben and Jerry’s ice cream62Friday, January 15, 2010

! Rivest’s code 4

! Stream cipher

! Advanced Encryption Standard

! Government standard! Rijndael algorithm

(Joan Daemen, Vincent Rijmen)! 4 years of evaluation! Final in December 2000

! Very Secure

! block cipher

Encrypted text: P0FT6N3XXrohtsz7OLh3FGYY0wErkPIur1DP6Csbj4g=Decrypted text: Four score and seven years ago

Result

Encrypted isn’t enough?

http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation

http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation70Friday, January 15, 2010

ASYMMETRICThrowing away keys

faster than an intern locksmith

http://www.isg.rhul.ac.uk/node/329http://www.isg.rhul.ac.uk/files/IMG_9819.JPGhttp://en.wikipedia.org/wiki/Diffie

Diffie-Hellman

! Key Agreement Protocol

! Alice & Bob independently generate the shared (session) key

! asymmetric Key handshake

! 1970s

! Vulnerable to MITM attack! Fixed by

! PKI! signing the agreed key

http://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange73Friday, January 15, 2010

DH Diagrammed

http://matdonline.free.fr/RSA-Diffie-Hellman-explained-in-5-minutes.htm

RSAhttp://www.usc.edu/dept/molecular-science/pictures/RSA-2003.jpg

! Ron Rivest, Adi Shamir, Leonard Adleman

! Published in 1978

! M.I.T. Patented in 1983

! Patent Expired in 2000

Not patented in many other countries due to paper published before patent.There was later found to be prior art might not have allowed this to get patented at all.

Encrypted text: A8Is+4r7sDn28fD6IQvZiR5JxPs/vh7UnXrF38acJt6R/ARisj/zLtC7Xn6iJgNQPhc16wkVZhCFem7oNoim+ooTUDDZQ+E3qP6y/DZJGkLBoZuZVLeLAW1LUtHSzduRUOg1uMynJz14wxzwfV8wfRwfatpySkOhGqWS63bPNRs=Decrypted text: Four score and seven years ago

Result

OTHER FRAMEWORKSand alternative JCE providers

Bouncy Castle

! JCE Provider

! Many more encryption and digest algorithms than the Sun provider (AES)

http://www.mobilefish.com/developer/bouncycastle/bouncycastle_quickguide_install.html

JasyptFrictionless Java encryption

Works beautifully with Hibernate and The Spring Framework84Friday, January 15, 2010

GnuOpen source library

Hundreds of algorithms implementedhttp://www.gnu.org/software/gnu-crypto/

WIFIYou are the weakest link

WIFI Algorithms

!WPA2AES

WEP can be sniffed for keysWPA2 implements the mandatory elements of 802.11i

TJ Maxx

! $1 billon USD final cost

! 45 million credit card numbers stolen

Many security experts have criticized the

strength of WEP encryption. WEP was initially

cracked in 2001, and most recently broken by

German researchers last month

using an ordinary

laptop in under three

seconds— Tom Espiner, ZDNet UK

http://www.zdnetasia.com/news/security/0,39044215,62011583,00.htm

WIFI Interception

! Hey Look! A MyFreeWIFI SSID...

! Tempting

! Ridiculously unsafe

Tools of the Trade

!AirCrack!AirSnort!WireShark!Silent Proxies

WEP Cracking

! Listen for packets! Slow! Untraceable

! Inject bad packets! Listen for reply! Faster

! leaves a footprint

WireShark Demo

http://www.wireshark.org/94Friday, January 15, 2010

Upside-Down-TernetDemo

http://www.ex-parrot.com/pete/upside-down-ternet.html95Friday, January 15, 2010

PRINTED MATERIALSDead tree propagation of security

1998 Java 1.1 & 1.2

2004 Java 1.4

2005 Java 5

@matthewmccull

#EncryptBC

matthewm@ambientideas.com

http://ambientideas.com/blog

REFERENCES

! Sun docs! http://java.sun.com/javase/6/docs/technotes/

guides/security/crypto/CryptoSpec.html! http://java.sun.com/javase/technologies/security/! http://java.sun.com/javase/6/docs/technotes/

guides/security/jsse/JSSERefGuide.html! http://java.sun.com/javase/6/docs/api/java/

security/Security.html

! BouncyCastle JCE Provider! http://www.bouncycastle.org/documentation.html

References

! Sample Code! http://github.com/matthewmccullough/

encryption-jvm-bootcamp

! Miscellaneous! http://www.ietf.org/rfc/rfc3852.txt! http://en.wikipedia.org/wiki/

Abstract_Syntax_Notation_One

References

! CMS! Cryptographic Message Syntax (CMS)

objects! RFC 3852! PKCS#7 (formerly RFC 2630, 3369)! http://www.ietf.org/rfc/rfc3852.txt

! ASN.1! Abstract Syntax Notation One! 1984 X.409, 1988 X.208, 1995 X.680,

2002! http://www.asn1.org/

Acronyms

CREDITS

! http://www.ambientideasphotography.com! http://stockfootageforfree.com/! http://xkcd.com/538/! http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation! http://matdonline.free.fr/RSA-Diffie-Hellman-explained-in-5-

minutes.htm! http://www.isg.rhul.ac.uk/node/329! http://www.isg.rhul.ac.uk/files/IMG_9819.JPG! http://www.usc.edu/dept/molecular-science/pictures/RSA-2003.jpg! All others, iStockPhoto.com

Outtakes

Steganography

! Data in pictures! Not necessarily encrypted! Merely hidden in pedestrian files

Steganography

! MP3! JPEG! DIVX! TCP Retry Packets! Email Headers

Steganography

! High signal to noise ratio! Slow but

! Inconspicuous

Cracks in the News

! Thomas Jefferson letter! London Tube Oyster cards! GSM! Iraq drone video feeds! Pacemakers! Zune! WPA! Blue-ray! DVD! Skype! Windows Vista BitLocker

Jefferson: All your liberty are belong to us!GSM: Yet another reason to switch away from AT&TZune: No one cared.

Encryption & The Law

!Encryption considered a munition under international law

!1999 Relaxation of rules

Digital Signatures

! Hash with Private Key

! Public Private Key Systems

! Public Key Infrastructure (PKI)

Breakthroughs

! IBM! Statistics on encrypted data

! No compromise on security or anonymity

http://www.net-security.org/secworld.php?id=7690118Friday, January 15, 2010

! Clickers/Tokens

! One Time Pads (paper)

! Message Digests == Hash?! Certificates (x509 v3)! Digital signatures

! Just means hashing a message, then signing the hash with the private key

! Later verified by decrypting the hash with the public key, then re-running the hash and comparing the two hashes.

! Block vs Stream ciphers

Sign / Digest / Auth / Encrypt

Session Keys

! symmetric key exchanged securely by a private/public key initial transaction

Elliptic Curve

! Faster than standard public key encryption

! Based on elliptic curve logarithm problem

encryption boot camp on the jvm

Technology

understanding jvm

jvm ecosystem languages and the future of jvm

jvm, byte codes & jvm languages

jvm tool interface (jvm ti) implementation in...

zenworks full disk encryption pba reference ·...

jvm compiler challenges -...

oop jvm in context. oop what’s a jvm uplatform-independent...

jvm profiling

self-powered voltage detecting protecting relay … ·...

yubikey integration for full disk encryption · pdf...

installing jvm

basic digital circuits in chisel - compute.dtu.dk · jvm...

jvm overview references virtual machine background jvm:...

mobiflage: - deniable storage encryption for mobile devices...

cold boot attacks on encryption

jvm architecture

jvm troubleshooting guide -...

implementing stored-data encryption · 2019. 12. 21. ·...

lest we remember: cold boot attacks on encryption keys

jvm performance tuning gc tuning parameters -...