Cryptography & Cryptography & The JCEThe JCE

Presented byPresented byGeoff Whittington, Geoff Whittington,

Fireball Technology GroupFireball Technology Group

CryptographyCryptography

The science of securing information.The science of securing information.

Presentation OutlinePresentation Outline MotivationMotivation Language, ConceptsLanguage, Concepts Overview of Java Cryptography Overview of Java Cryptography

ExtensionExtension Implementation commentsImplementation comments A Few Interesting BooksA Few Interesting Books Useful Internet ResourcesUseful Internet Resources

Motivation for Motivation for CryptographyCryptography

Increased reliance on electronic Increased reliance on electronic systemssystems

Increased system infestationIncreased system infestation Increased monitoringIncreased monitoring Increased value of informationIncreased value of information

CryptographyCryptography DefinitionsDefinitions The SetupThe Setup Symmetric SystemsSymmetric Systems Hash FunctionsHash Functions Message Authentication Codes (MAC)Message Authentication Codes (MAC) Asymmetric SystemsAsymmetric Systems Hybrid SystemsHybrid Systems Electronic SignaturesElectronic Signatures

DefinitionsDefinitions Secret Key – shared piece of secret Secret Key – shared piece of secret

information used to protect a larger set of information used to protect a larger set of data.data.

Encrypt –scramble data with a secret key Encrypt –scramble data with a secret key into a hard-to-understand format.into a hard-to-understand format.

Decrypt – scramble encrypted data into Decrypt – scramble encrypted data into readable using a secret key.readable using a secret key.

Cryptographic algorithm – Description of Cryptographic algorithm – Description of how a secret key is utilized to scramble how a secret key is utilized to scramble information.information.

Definitions cont’d...Definitions cont’d... Plaintext (aka Cleartext) – The Plaintext (aka Cleartext) – The

information to be secured.information to be secured. Ciphertext – The Ciphertext – The

scrambled/unreadable information scrambled/unreadable information after an encryption process is after an encryption process is performed.performed.

The SetupThe Setup1.1. Alice wants to securely send Bob a Alice wants to securely send Bob a

secretsecret2.2. Bob wants to be sure information Bob wants to be sure information

came from Alicecame from AliceAlice Bob

Eve

Info

Symmetric CryptographySymmetric Cryptography

Alice Bob

Eve

Secret

Secret

Ciphertext

Security provider Security provider architecturearchitecture

Symmetric AlgorithmsSymmetric Algorithms Substitution and transposition using a Substitution and transposition using a

secret key to obscure the plaintext into secret key to obscure the plaintext into ciphertext.ciphertext.

Fast to implement in software and Fast to implement in software and hardwarehardware

Problem: Secret key used for encryption Problem: Secret key used for encryption and decryption must be known.and decryption must be known.

Examples: RC5, DES, 3DES, Blowfish, AESExamples: RC5, DES, 3DES, Blowfish, AES

Hash FunctionsHash Functions One way operation on information that One way operation on information that

results in smaller set of data, called a results in smaller set of data, called a message digestmessage digest..

MD5 and SHA-1 are hash functions.MD5 and SHA-1 are hash functions. Considered secure when it is Considered secure when it is

computationally infeasible to find two computationally infeasible to find two input data with the same message digest.input data with the same message digest.

Secure hash functions are used in Secure hash functions are used in electronic signatures.electronic signatures.

MACsMACs Message Authentication Codes provide Message Authentication Codes provide

an authentication scheme in symmetric-an authentication scheme in symmetric-based cryptographic protocols.based cryptographic protocols.

MACDocument

Hash and encrypt

MACs cont’d...MACs cont’d... Produces an encrypted message digest with a Produces an encrypted message digest with a

secret key.secret key. Alice sends Bob a document as well as a MAC. Alice sends Bob a document as well as a MAC.

Bob can authenticate who sent the document Bob can authenticate who sent the document by performing the same MAC on the document by performing the same MAC on the document and comparing his MAC to the one that Alice and comparing his MAC to the one that Alice sent. If they match, he knows that Alice sent sent. If they match, he knows that Alice sent the document.the document.

Problem: Secret key must be established and Problem: Secret key must be established and known only to Alice and Bob.known only to Alice and Bob.

Example: message Example: message digestsdigests

use class to get use class to get instance of instance of algorithmalgorithm

Asymmetric Asymmetric CryptographyCryptography

Utilizes two keys: One private to an Utilizes two keys: One private to an individual, and another public to the world.individual, and another public to the world.

An individual shares his public key to a An individual shares his public key to a Trusted Third Party (TTP)Trusted Third Party (TTP)

Alice can securely send Bob information by Alice can securely send Bob information by encrypting it with Bob’s public key retrieved encrypting it with Bob’s public key retrieved from the TTP. Only Bob’s private key will from the TTP. Only Bob’s private key will decrypt the information.decrypt the information.

Useful for establishing secure channels in Useful for establishing secure channels in an insecure environment: PGP & SSL.an insecure environment: PGP & SSL.

Examples: RSA, ElGamal, and ECCExamples: RSA, ElGamal, and ECC

Asymmetric Cryptography Asymmetric Cryptography cont’d…cont’d…

Based on ‘hard’ math problems Based on ‘hard’ math problems Sharing public keys require a public-Sharing public keys require a public-

key infrastructure (PKI) – retrieving, key infrastructure (PKI) – retrieving, adding and revoking keysadding and revoking keys

Trust is paramount Trust is paramount Asymmetric keys must be much Asymmetric keys must be much

larger than symmetric keyslarger than symmetric keys

Hybrid SystemsHybrid Systems Asymmetric cryptosystems are used Asymmetric cryptosystems are used

for establishing secure channelsfor establishing secure channels With an established secure channel, With an established secure channel,

Alice can exchange a symmetric Alice can exchange a symmetric secret key with Bob and engage in a secret key with Bob and engage in a secure conversation using a secure conversation using a symmetric cipher.symmetric cipher.

Electronic SignaturesElectronic Signatures Alice can sign a document by using her Alice can sign a document by using her

private key. Bob can authenticate her private key. Bob can authenticate her signature by using her public key.signature by using her public key.

Alice signs a document by first hashing Alice signs a document by first hashing it using a secure hash function (SHA-1).it using a secure hash function (SHA-1).

The Digital Signature Standard (DSS) is The Digital Signature Standard (DSS) is a standard means of signing documentsa standard means of signing documents

Java Cryptography Java Cryptography ExtensionExtension

JCE bundled with the SDK in 2002.JCE bundled with the SDK in 2002. Subject to US export restrictions.Subject to US export restrictions. Built on top of java.security and javax.cryptoBuilt on top of java.security and javax.crypto The JCE is a pluggable technology – allowing The JCE is a pluggable technology – allowing

different implementations from many providers.different implementations from many providers. Useful classes are:Useful classes are:

SecretKeyFactorySecretKeyFactory CipherCipher SealedObjectSealedObject KeyGeneratorKeyGenerator KeyAgreementKeyAgreement MacMac SecureRandomSecureRandom

JCE ProvidersJCE Providers Open source providers are Cryptix Open source providers are Cryptix

and Bouncy Castle.and Bouncy Castle. Plugging-in Plugging-in

modifying java.security file.modifying java.security file. Use code to add a providerUse code to add a providerExample:Example:

importimport cryptix.jce.provider.CryptixCrypto; cryptix.jce.provider.CryptixCrypto;Provider cryptix_provider = Provider cryptix_provider = newnew CryptixCrypto(); CryptixCrypto();intint result=Security.addProvider(cryptix_provider); result=Security.addProvider(cryptix_provider);

JCE - SecretKeyFactoryJCE - SecretKeyFactory Generates SecretKey instances for use with a Generates SecretKey instances for use with a

symmetric cipher.symmetric cipher. Useful when the secret key has already been Useful when the secret key has already been

established.established. Supported SecretKey instances are dependent Supported SecretKey instances are dependent

on the ones offered by the installed JCE on the ones offered by the installed JCE providers.providers.

Example:Example:byte[] secretKey = “SecrtKey”.getBytes();byte[] secretKey = “SecrtKey”.getBytes();DESKeySpec desKeySpec = new DESKeySpec( secretKey );DESKeySpec desKeySpec = new DESKeySpec( secretKey );SecretKeyFactory factory = SecretKeyFactory factory =

SecretKeyFactory.getInstance(“DES”);SecretKeyFactory.getInstance(“DES”);SecretKey sk = factory.generateSecret( desKeySpec );SecretKey sk = factory.generateSecret( desKeySpec );

JCE – CipherJCE – Cipher Cipher does the work of encryption and decryptionCipher does the work of encryption and decryption A Cipher is instantiated using the A Cipher is instantiated using the

Cipher.getInstance factory method Cipher.getInstance factory method Associated with a transformation name in the Associated with a transformation name in the

format, format, algorithm/mode/paddingalgorithm/mode/padding Can operate within four modes: encrypt, decrypt, Can operate within four modes: encrypt, decrypt,

key wrap, key unwrap.key wrap, key unwrap. Must be initialized using a specified mode, and Must be initialized using a specified mode, and

secret key information.secret key information. Example:Example:

Cipher c = Cipher.getInstance(“DES”);Cipher c = Cipher.getInstance(“DES”);c.init( Cipher.ENCRYPT_MODE, secretKey );c.init( Cipher.ENCRYPT_MODE, secretKey );byte[] plaintext = “The time has come for action.”.getBytes();byte[] plaintext = “The time has come for action.”.getBytes();byte[] ciphertext = c.doFinal ( plaintext );byte[] ciphertext = c.doFinal ( plaintext );

JCE - SealedObjectJCE - SealedObject Great for securely persisting objects Great for securely persisting objects

which can be serialized.which can be serialized. Instantiated with a Cipher object and a Instantiated with a Cipher object and a

serializeable object.serializeable object. Any algorithm parameters used by the Any algorithm parameters used by the

Cipher object are stored in the Cipher object are stored in the SealedObject for easy decryption.SealedObject for easy decryption.

Unsealing requires either the same Unsealing requires either the same Cipher object used for sealing or the Cipher object used for sealing or the associated secret key.associated secret key.

JCE - KeyGeneratorJCE - KeyGenerator The KeyGenerator class solves the problem of Alice The KeyGenerator class solves the problem of Alice

or Bob having to come up with their own secret key. or Bob having to come up with their own secret key. It will create one for them. It will create one for them.

Symmetric algorithms have their own specific weak Symmetric algorithms have their own specific weak keys. Users who use weak keys open their keys. Users who use weak keys open their communication to known exploits. For example, a communication to known exploits. For example, a weak key for DES is:weak key for DES is:0000000 FFFFFFF0000000 FFFFFFF

Uses a random number generator, a key size, and a Uses a random number generator, a key size, and a target cryptographic algorithm (like ‘DES’) to target cryptographic algorithm (like ‘DES’) to generate an acceptable key for the developer.generate an acceptable key for the developer.

Example:Example:KeyGenerator kg = KeyGenerator.getInstance(“DES”);KeyGenerator kg = KeyGenerator.getInstance(“DES”);kg.init(56);kg.init(56);SecretKey sk = kg.generateKey();SecretKey sk = kg.generateKey();

Java support for Java support for cryptographycryptography

KeysKeys CertificatesCertificates Key managementKey management Message digestsMessage digests Secure message digestsSecure message digests Digital signaturesDigital signatures Encryption & decryptionEncryption & decryption

Keys & certificates: recapKeys & certificates: recap Two kinds of keys: Two kinds of keys:

secret (symmetric)secret (symmetric) public/private (asymmetric)public/private (asymmetric)

Certificates can be used to Certificates can be used to authenticate public keys:authenticate public keys: Public keys usually transmitted as part Public keys usually transmitted as part

of a certificateof a certificate

IssuesIssues Key management and storageKey management and storage Self-certification?Self-certification? Hierarchy of trustHierarchy of trust

Generation and Generation and import/export of keysimport/export of keys

generator

Key KeyPair

java.security.KeyPairGeneratorjavax.crypto.KeyGenerator

Key factory

encodedkey data

key specificationEg P=3, Q=4, …

java.security.KeyFactoryjavax.crypto.SecretKeyFactory

The Key class The Key class hierarchies: a partial hierarchies: a partial

viewviewjava.security.Key

PublicKey PrivateKey

java.security.interfaces.DSAKey

DSAPrivateKeyDSAPublicKeyRSAPrivateKey

RSAPrivateKeyCrt

RSAPublicKey

java.security.KeyPair

java.crypto.SecretKey

Why so many?Why so many? Certain algorithms require methods Certain algorithms require methods

to access key generation parameters to access key generation parameters for exportfor export DSAKey: methods getP(), getQ(), getG()DSAKey: methods getP(), getQ(), getG()

Certain algorithms have specific Certain algorithms have specific rolesroles DHKey: Diffie-Hellman key exchangeDHKey: Diffie-Hellman key exchange

Example: Example: generate/export key pairgenerate/export key pair

Source: Oaks (2001)

Encryption ExampleEncryption Example Generate random SecretKeyGenerate random SecretKey KeyGenerator gen = KeyGenerator.getInstance(“DES”);KeyGenerator gen = KeyGenerator.getInstance(“DES”);

SecretKey key = gen.generateKey();SecretKey key = gen.generateKey();

Create and initialize a CipherCreate and initialize a CipherCipher cipher = Cipher.getInstance(“DES”, “SunJCE”);Cipher cipher = Cipher.getInstance(“DES”, “SunJCE”);cipher.init( Cipher.ENCRYPT_MODE, key);cipher.init( Cipher.ENCRYPT_MODE, key);

Perform encryptionPerform encryptionbyte[] plaintext = “the time has come”.getBytes();byte[] plaintext = “the time has come”.getBytes();byte[] ciphertext = c.doFinal( plaintext );byte[] ciphertext = c.doFinal( plaintext );

JCE - KeyAgreementJCE - KeyAgreement Lets Alice and Bob establish a secret key in an Lets Alice and Bob establish a secret key in an

insecure environment.insecure environment. Utilizes an asymmetric system. A developer must Utilizes an asymmetric system. A developer must

choose the key agreement algorithm. (i.e. Diffie-choose the key agreement algorithm. (i.e. Diffie-Hellman)Hellman)

The ‘generateSecret’ method returns the The ‘generateSecret’ method returns the established secret key established secret key

The ‘doPhase’ method performs the exchangeThe ‘doPhase’ method performs the exchange Example:Example:

KeyAgreement ka = KeyAgreement.getInstance(“DH”);KeyAgreement ka = KeyAgreement.getInstance(“DH”);ka..init( alicePrivateKey );ka..init( alicePrivateKey );ka..doPhase( bobPublicKey, true );ka..doPhase( bobPublicKey, true );byte[] secret = ka.generateSecret();byte[] secret = ka.generateSecret();

JCE - SecureRandomJCE - SecureRandom Random numbers are important to Random numbers are important to

securitysecurity {JRE}\lib\security\java.security {JRE}\lib\security\java.security

names the default random number names the default random number generator URL,generator URL,

file:/dev/randomfile:/dev/random

ImplementationImplementation Follow standards and recommend Follow standards and recommend

key sizes blessed by the key sizes blessed by the cryptographic community.cryptographic community.

Peer review a design and its Peer review a design and its implementation.implementation.

Avoid writing protocols from scratch Avoid writing protocols from scratch JCE offers no silver bullet.JCE offers no silver bullet.

ImplementationImplementation Java makes no guarantee when an Java makes no guarantee when an

object is released from memory, object is released from memory, even when calling System.gc()even when calling System.gc()

Minimize copies of the sensitive Minimize copies of the sensitive informationinformation

Wipe your StringBuffer instancesWipe your StringBuffer instances The paranoid ought to consider JNIThe paranoid ought to consider JNI

A Few Interesting BooksA Few Interesting Books General CryptographyGeneral Cryptography

Applied Cryptography 2Applied Cryptography 2ndnd Edition, Bruce Edition, Bruce Schneier.Schneier.

MathematicalMathematical Cryptography: Theory and Practice, Cryptography: Theory and Practice,

Douglas Stinson.Douglas Stinson. Security in GeneralSecurity in General

Information Warfare and Security, Information Warfare and Security, Dorothy E. DenningDorothy E. Denning

Useful Internet Useful Internet ResourcesResources

JCE ProvidersJCE Providers Cryptix Cryptix http://http://www.cryptix.orgwww.cryptix.org Bouncy Castle Bouncy Castle http://http://www.bouncycastle.orgwww.bouncycastle.org

URLsURLs Sun’s Online Developer CommunitySun’s Online Developer Community

http://java.sun.com/http://java.sun.com/ Sun Crypto Reference GuideSun Crypto Reference Guide

http://java.sun.com/j2se/1.4.2/docs/guide/security/Crhttp://java.sun.com/j2se/1.4.2/docs/guide/security/CryptoSpec.htmlyptoSpec.html

Sun’s JCE Reference GuideSun’s JCE Reference Guide http://java.sun.com/j2se/1.4.2/docs/guide/security/jcehttp://java.sun.com/j2se/1.4.2/docs/guide/security/jce

/JCERefGuide.html/JCERefGuide.html Schneier.com – Schneier.com – http://http://schneier.comschneier.com

NewgroupsNewgroups sci.cryptsci.crypt