cryptography & the jce presented by geoff whittington, fireball technology group
TRANSCRIPT
Cryptography & Cryptography & The JCEThe JCE
Presented byPresented by
Geoff Whittington, Geoff Whittington,
Fireball Technology GroupFireball Technology Group
CryptographyCryptography
The science of securing information.The science of securing information.
Presentation OutlinePresentation Outline
MotivationMotivation Language, ConceptsLanguage, Concepts Overview of Java Cryptography Overview of Java Cryptography
ExtensionExtension Implementation commentsImplementation comments A Few Interesting BooksA Few Interesting Books Useful Internet ResourcesUseful Internet Resources
Motivation for Motivation for CryptographyCryptography
Increased reliance on electronic Increased reliance on electronic systemssystems
Increased system infestationIncreased system infestation Increased monitoringIncreased monitoring Increased value of informationIncreased value of information
CryptographyCryptography
DefinitionsDefinitions The SetupThe Setup Symmetric SystemsSymmetric Systems Hash FunctionsHash Functions Message Authentication Codes (MAC)Message Authentication Codes (MAC) Asymmetric SystemsAsymmetric Systems Hybrid SystemsHybrid Systems Electronic SignaturesElectronic Signatures
DefinitionsDefinitions
Secret Key – shared piece of secret Secret Key – shared piece of secret information used to protect a larger set of information used to protect a larger set of data.data.
Encrypt –scramble data with a secret key Encrypt –scramble data with a secret key into a hard-to-understand format.into a hard-to-understand format.
Decrypt – scramble encrypted data into Decrypt – scramble encrypted data into readable using a secret key.readable using a secret key.
Cryptographic algorithm – Description of Cryptographic algorithm – Description of how a secret key is utilized to scramble how a secret key is utilized to scramble information.information.
Definitions cont’d...Definitions cont’d...
Plaintext (aka Cleartext) – The Plaintext (aka Cleartext) – The information to be secured.information to be secured.
Ciphertext – The Ciphertext – The scrambled/unreadable information scrambled/unreadable information after an encryption process is after an encryption process is performed.performed.
The SetupThe Setup
1.1. Alice wants to securely send Bob a Alice wants to securely send Bob a secretsecret
2.2. Bob wants to be sure information Bob wants to be sure information came from Alicecame from Alice
Alice Bob
Eve
InfoInfo
Symmetric CryptographySymmetric Cryptography
Alice Bob
Eve
Secret
Secret
Secret
Secret
Ciphertext
Ciphertext
Security provider Security provider architecturearchitecture
Symmetric AlgorithmsSymmetric Algorithms
Substitution and transposition using a Substitution and transposition using a secret key to obscure the plaintext into secret key to obscure the plaintext into ciphertext.ciphertext.
Fast to implement in software and Fast to implement in software and hardwarehardware
Problem: Secret key used for encryption Problem: Secret key used for encryption and decryption must be known.and decryption must be known.
Examples: RC5, DES, 3DES, Blowfish, AESExamples: RC5, DES, 3DES, Blowfish, AES
Hash FunctionsHash Functions
One way operation on information that One way operation on information that results in smaller set of data, called a results in smaller set of data, called a message digestmessage digest..
MD5 and SHA-1 are hash functions.MD5 and SHA-1 are hash functions. Considered secure when it is Considered secure when it is
computationally infeasible to find two computationally infeasible to find two input data with the same message digest.input data with the same message digest.
Secure hash functions are used in Secure hash functions are used in electronic signatures.electronic signatures.
MACsMACs
Message Authentication Codes provide Message Authentication Codes provide an authentication scheme in symmetric-an authentication scheme in symmetric-based cryptographic protocols.based cryptographic protocols.
MACMACDocumentDocument
Hash and encrypt
MACs cont’d...MACs cont’d...
Produces an encrypted message digest with a Produces an encrypted message digest with a secret key.secret key.
Alice sends Bob a document as well as a MAC. Alice sends Bob a document as well as a MAC. Bob can authenticate who sent the document Bob can authenticate who sent the document by performing the same MAC on the by performing the same MAC on the document and comparing his MAC to the one document and comparing his MAC to the one that Alice sent. If they match, he knows that that Alice sent. If they match, he knows that Alice sent the document.Alice sent the document.
Problem: Secret key must be established and Problem: Secret key must be established and known only to Alice and Bob.known only to Alice and Bob.
Example: message Example: message digestsdigests
use class to get use class to get instance of instance of algorithmalgorithm
Asymmetric Asymmetric CryptographyCryptography
Utilizes two keys: One private to an Utilizes two keys: One private to an individual, and another public to the world.individual, and another public to the world.
An individual shares his public key to a An individual shares his public key to a Trusted Third Party (TTP)Trusted Third Party (TTP)
Alice can securely send Bob information by Alice can securely send Bob information by encrypting it with Bob’s public key encrypting it with Bob’s public key retrieved from the TTP. Only Bob’s private retrieved from the TTP. Only Bob’s private key will decrypt the information.key will decrypt the information.
Useful for establishing secure channels in Useful for establishing secure channels in an insecure environment: PGP & SSL.an insecure environment: PGP & SSL.
Examples: RSA, ElGamal, and ECCExamples: RSA, ElGamal, and ECC
Asymmetric Cryptography Asymmetric Cryptography cont’d…cont’d…
Based on ‘hard’ math problems Based on ‘hard’ math problems Sharing public keys require a public-Sharing public keys require a public-
key infrastructure (PKI) – retrieving, key infrastructure (PKI) – retrieving, adding and revoking keysadding and revoking keys
Trust is paramount Trust is paramount Asymmetric keys must be much Asymmetric keys must be much
larger than symmetric keyslarger than symmetric keys
Hybrid SystemsHybrid Systems
Asymmetric cryptosystems are used Asymmetric cryptosystems are used for establishing secure channelsfor establishing secure channels
With an established secure channel, With an established secure channel, Alice can exchange a symmetric Alice can exchange a symmetric secret key with Bob and engage in a secret key with Bob and engage in a secure conversation using a secure conversation using a symmetric cipher.symmetric cipher.
Electronic SignaturesElectronic Signatures
Alice can sign a document by using her Alice can sign a document by using her private key. Bob can authenticate her private key. Bob can authenticate her signature by using her public key.signature by using her public key.
Alice signs a document by first hashing Alice signs a document by first hashing it using a secure hash function (SHA-1).it using a secure hash function (SHA-1).
The Digital Signature Standard (DSS) is The Digital Signature Standard (DSS) is a standard means of signing documentsa standard means of signing documents
Java Cryptography Java Cryptography ExtensionExtension
JCE bundled with the SDK in 2002.JCE bundled with the SDK in 2002. Subject to US export restrictions.Subject to US export restrictions. Built on top of java.security and javax.cryptoBuilt on top of java.security and javax.crypto The JCE is a pluggable technology – allowing The JCE is a pluggable technology – allowing
different implementations from many providers.different implementations from many providers. Useful classes are:Useful classes are:
SecretKeyFactorySecretKeyFactory CipherCipher SealedObjectSealedObject KeyGeneratorKeyGenerator KeyAgreementKeyAgreement MacMac SecureRandomSecureRandom
JCE ProvidersJCE Providers
Open source providers are Cryptix Open source providers are Cryptix and Bouncy Castle.and Bouncy Castle.
Plugging-in Plugging-in modifying java.security file.modifying java.security file. Use code to add a providerUse code to add a providerExample:Example:
importimport cryptix.jce.provider.CryptixCrypto; cryptix.jce.provider.CryptixCrypto;
Provider cryptix_provider = Provider cryptix_provider = newnew CryptixCrypto(); CryptixCrypto();
intint result=Security.addProvider(cryptix_provider); result=Security.addProvider(cryptix_provider);
JCE - SecretKeyFactoryJCE - SecretKeyFactory Generates SecretKey instances for use with a Generates SecretKey instances for use with a
symmetric cipher.symmetric cipher. Useful when the secret key has already been Useful when the secret key has already been
established.established. Supported SecretKey instances are dependent Supported SecretKey instances are dependent
on the ones offered by the installed JCE on the ones offered by the installed JCE providers.providers.
Example:Example:byte[] secretKey = “SecrtKey”.getBytes();byte[] secretKey = “SecrtKey”.getBytes();DESKeySpec desKeySpec = new DESKeySpec( secretKey );DESKeySpec desKeySpec = new DESKeySpec( secretKey );SecretKeyFactory factory = SecretKeyFactory factory =
SecretKeyFactory.getInstance(“DES”);SecretKeyFactory.getInstance(“DES”);SecretKey sk = factory.generateSecret( desKeySpec );SecretKey sk = factory.generateSecret( desKeySpec );
JCE – CipherJCE – Cipher Cipher does the work of encryption and decryptionCipher does the work of encryption and decryption A Cipher is instantiated using the A Cipher is instantiated using the
Cipher.getInstance factory method Cipher.getInstance factory method Associated with a transformation name in the Associated with a transformation name in the
format, format, algorithm/mode/paddingalgorithm/mode/padding Can operate within four modes: encrypt, decrypt, Can operate within four modes: encrypt, decrypt,
key wrap, key unwrap.key wrap, key unwrap. Must be initialized using a specified mode, and Must be initialized using a specified mode, and
secret key information.secret key information. Example:Example:
Cipher c = Cipher.getInstance(“DES”);Cipher c = Cipher.getInstance(“DES”);c.init( Cipher.ENCRYPT_MODE, secretKey );c.init( Cipher.ENCRYPT_MODE, secretKey );byte[] plaintext = “The time has come for action.”.getBytes();byte[] plaintext = “The time has come for action.”.getBytes();byte[] ciphertext = c.doFinal ( plaintext );byte[] ciphertext = c.doFinal ( plaintext );
JCE - SealedObjectJCE - SealedObject
Great for securely persisting objects Great for securely persisting objects which can be serialized.which can be serialized.
Instantiated with a Cipher object and Instantiated with a Cipher object and a serializeable object.a serializeable object.
Any algorithm parameters used by the Any algorithm parameters used by the Cipher object are stored in the Cipher object are stored in the SealedObject for easy decryption.SealedObject for easy decryption.
Unsealing requires either the same Unsealing requires either the same Cipher object used for sealing or the Cipher object used for sealing or the associated secret key.associated secret key.
JCE - KeyGeneratorJCE - KeyGenerator The KeyGenerator class solves the problem of The KeyGenerator class solves the problem of
Alice or Bob having to come up with their own Alice or Bob having to come up with their own secret key. It will create one for them.secret key. It will create one for them.
Symmetric algorithms have their own specific Symmetric algorithms have their own specific weak keys. Users who use weak keys open their weak keys. Users who use weak keys open their communication to known exploits. For example, a communication to known exploits. For example, a weak key for DES is:weak key for DES is:
0000000 FFFFFFF0000000 FFFFFFF Uses a random number generator, a key size, and Uses a random number generator, a key size, and
a target cryptographic algorithm (like ‘DES’) to a target cryptographic algorithm (like ‘DES’) to generate an acceptable key for the developer.generate an acceptable key for the developer.
Example:Example:KeyGenerator kg = KeyGenerator.getInstance(“DES”);KeyGenerator kg = KeyGenerator.getInstance(“DES”);kg.init(56);kg.init(56);SecretKey sk = kg.generateKey();SecretKey sk = kg.generateKey();
Java support for Java support for cryptographycryptography
KeysKeys CertificatesCertificates Key managementKey management Message digestsMessage digests Secure message digestsSecure message digests Digital signaturesDigital signatures Encryption & decryptionEncryption & decryption
Keys & certificates: recapKeys & certificates: recap
Two kinds of keys: Two kinds of keys: secret (symmetric)secret (symmetric) public/private (asymmetric)public/private (asymmetric)
Certificates can be used to Certificates can be used to authenticate public keys:authenticate public keys: Public keys usually transmitted as part Public keys usually transmitted as part
of a certificateof a certificate
IssuesIssues
Key management and storageKey management and storage Self-certification?Self-certification? Hierarchy of trustHierarchy of trust
Generation and Generation and import/export of keysimport/export of keys
generator
Key KeyPair
java.security.KeyPairGeneratorjavax.crypto.KeyGenerator
Key factory
encodedkey data
key specificationEg P=3, Q=4, …
java.security.KeyFactoryjavax.crypto.SecretKeyFactory
The Key class The Key class hierarchies: a partial hierarchies: a partial
viewviewjava.security.Key
PublicKey PrivateKey
java.security.interfaces.DSAKey
DSAPrivateKeyDSAPublicKey
RSAPrivateKey
RSAPrivateKeyCrt
RSAPublicKey
java.security.KeyPair
java.crypto.SecretKey
Why so many?Why so many?
Certain algorithms require methods Certain algorithms require methods to access key generation parameters to access key generation parameters for exportfor export DSAKey: methods getP(), getQ(), getG()DSAKey: methods getP(), getQ(), getG()
Certain algorithms have specific Certain algorithms have specific rolesroles DHKey: Diffie-Hellman key exchangeDHKey: Diffie-Hellman key exchange
Example: Example: generate/export key pairgenerate/export key pair
Source: Oaks (2001)
Encryption ExampleEncryption Example
Generate random SecretKeyGenerate random SecretKey KeyGenerator gen = KeyGenerator.getInstance(“DES”);KeyGenerator gen = KeyGenerator.getInstance(“DES”);
SecretKey key = gen.generateKey();SecretKey key = gen.generateKey();
Create and initialize a CipherCreate and initialize a CipherCipher cipher = Cipher.getInstance(“DES”, “SunJCE”);Cipher cipher = Cipher.getInstance(“DES”, “SunJCE”);
cipher.init( Cipher.ENCRYPT_MODE, key);cipher.init( Cipher.ENCRYPT_MODE, key);
Perform encryptionPerform encryptionbyte[] plaintext = “the time has come”.getBytes();byte[] plaintext = “the time has come”.getBytes();
byte[] ciphertext = c.doFinal( plaintext );byte[] ciphertext = c.doFinal( plaintext );
JCE - KeyAgreementJCE - KeyAgreement Lets Alice and Bob establish a secret key in an Lets Alice and Bob establish a secret key in an
insecure environment.insecure environment. Utilizes an asymmetric system. A developer must Utilizes an asymmetric system. A developer must
choose the key agreement algorithm. (i.e. Diffie-choose the key agreement algorithm. (i.e. Diffie-Hellman)Hellman)
The ‘generateSecret’ method returns the The ‘generateSecret’ method returns the established secret key established secret key
The ‘doPhase’ method performs the exchangeThe ‘doPhase’ method performs the exchange Example:Example:
KeyAgreement ka = KeyAgreement.getInstance(“DH”);KeyAgreement ka = KeyAgreement.getInstance(“DH”);ka..init( alicePrivateKey );ka..init( alicePrivateKey );ka..doPhase( bobPublicKey, true );ka..doPhase( bobPublicKey, true );byte[] secret = ka.generateSecret();byte[] secret = ka.generateSecret();
JCE - SecureRandomJCE - SecureRandom
Random numbers are important to Random numbers are important to securitysecurity
{JRE}\lib\security\java.security {JRE}\lib\security\java.security names the default random number names the default random number generator URL,generator URL,
file:/dev/randomfile:/dev/random
ImplementationImplementation
Follow standards and recommend Follow standards and recommend key sizes blessed by the key sizes blessed by the cryptographic community.cryptographic community.
Peer review a design and its Peer review a design and its implementation.implementation.
Avoid writing protocols from scratch Avoid writing protocols from scratch JCE offers no silver bullet.JCE offers no silver bullet.
ImplementationImplementation
Java makes no guarantee when an Java makes no guarantee when an object is released from memory, object is released from memory, even when calling System.gc()even when calling System.gc()
Minimize copies of the sensitive Minimize copies of the sensitive informationinformation
Wipe your StringBuffer instancesWipe your StringBuffer instances The paranoid ought to consider JNIThe paranoid ought to consider JNI
A Few Interesting BooksA Few Interesting Books
General CryptographyGeneral Cryptography Applied Cryptography 2Applied Cryptography 2ndnd Edition, Bruce Edition, Bruce
Schneier.Schneier. MathematicalMathematical
Cryptography: Theory and Practice, Cryptography: Theory and Practice, Douglas Stinson.Douglas Stinson.
Security in GeneralSecurity in General Information Warfare and Security, Information Warfare and Security,
Dorothy E. DenningDorothy E. Denning
Useful Internet Useful Internet ResourcesResources
JCE ProvidersJCE Providers Cryptix Cryptix http://http://www.cryptix.orgwww.cryptix.org Bouncy Castle Bouncy Castle http://http://www.bouncycastle.orgwww.bouncycastle.org
URLsURLs Sun’s Online Developer CommunitySun’s Online Developer Community
http://java.sun.com/http://java.sun.com/ Sun Crypto Reference GuideSun Crypto Reference Guide
http://java.sun.com/j2se/1.4.2/docs/guide/security/Crhttp://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.htmlyptoSpec.html
Sun’s JCE Reference GuideSun’s JCE Reference Guide http://java.sun.com/j2se/1.4.2/docs/guide/security/jcehttp://java.sun.com/j2se/1.4.2/docs/guide/security/jce
/JCERefGuide.html/JCERefGuide.html Schneier.com – Schneier.com – http://http://schneier.comschneier.com
NewgroupsNewgroups sci.cryptsci.crypt