Java cryptography internet security
Download
1 / 44

Java Cryptography & Internet Security - PowerPoint PPT Presentation


  • 112 Views
  • Uploaded on

Java Cryptography & Internet Security. 1 Goals of Network Security 2 Basic Cryptographic Concepts 3 Java Security Concepts & Applets 4 Java Cryptographic Architecture (JCE) & Java Cryptographic Extension (JCE) 5 An example: what students have to do.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Java Cryptography & Internet Security' - xylia


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Java cryptography internet security

Java Cryptography & Internet Security

1 Goals of Network Security

2 Basic Cryptographic Concepts

3 Java Security Concepts & Applets

4 Java Cryptographic Architecture (JCE) &

Java Cryptographic Extension (JCE)

5 An example: what students have to do ...


1 goals of network security
1 Goals of Network Security

Security is multilateral !

  • Confidentiality

    • symmetric encoding systems (bilateral)

    • asymmetric encoding systems (multilateral)

    • special protocols: S-HTTP, SSL

  • Integrity

    • digital signatures, (multilateral)

    • Message Autentification Code (MAC)

  • Availability

    • diversified networks

  • Assign somebody / Commitment

    • digital signatures (multilateral)


  • 2 basic cryptographic concepts
    2 Basic Cryptographic Concepts

    • crypto system

    • cryptographically secure message digest (SHA-1, MD5, ...)

    • cryptographic cipher: encryption & decryption

      • symmetric encryption (DES, IDEA, ...)

      • asymmetric encryption (public key) (RSA, ElGamal, ...)

    • certificate (X.509 standard)

    • digital signatures: signing and verifying (DSA, RSA, ...)


    Kryptosystem
    Kryptosystem

    M : plaintext space

    C : ciphertext space

    K : key space

    M : message

    C : cipher message

    K : key

    E = Encrypt

    D = Decrypt

    E ( M ) = C

    D ( C ) = M

    DK (EK (M) ) = M |  M  M

    E : M × K  C

    D : C × K  M


    Message Digest = one way hash function

    w = h (x)

    Message Authentification Code (MAC) = hash function with secure key

    w = h (x, k)


    Random number

    symmetric encryption

    k = secure key

    Key

    generator

    k

    ciphertext

    plaintext

    plaintext

    encrypt

    decrypt

    x

    C(x)

    x

    B

    A

    asymmetric encryption

    s = private key

    Key

    generator

    t = public key

    ciphertext

    plaintext

    plaintext

    encrypt

    decrypt

    x

    C(x)

    x

    B

    A


    X 509 certificate
    X.509 Certificate

    version

    serial number

    Algorithm identifier

    Issuer (name of CA)

    Period of validity

    Subject (user name)

    Public key

    Signature (CA)


    Random number

    symmetric authentification

    k = secure key

    Key

    generator

    k

    Text with authentific.

    text

    Text, testresult

    Generate

    MAC

    test

    MAC

    x

    x, MAC

    x, {true | false}

    B

    A

    asymmetric authentication (signature system)

    s = private key (sign)

    Key

    generator

    t = public key (verify)

    Text with signatur

    + testresult

    text

    Text with signature

    sign

    verify

    x

    x, sig(x)

    x,sig(x),

    {true | false}

    B

    A


    3 java security concept applets
    3 Java: Security Concept & Applets

    and how it looks like

    How an applet works

    • Java 1.0 Security Model

      • “Sandbox Model“ : no permission to access local resources (client)

    • Java 1.1 Security Model

      • signed applets introduced : full access to local resources

      • unsigned applets run in the sandbox

    • Java 1.2 Security Model

    A security manager in the JVM controls access

    Trouble: there are differencec between appletviewer , Netscape, Microsoft IE in Java 1.1 and Java 1.2





    4 java cryptographic architecture jca java cryptographic extension jce
    4 Java Cryptographic Architecture (JCA) & Java Cryptographic Extension (JCE)

    • Design principle: Provider - Algorithm - Concept

    • Classes:

    SUN MD5 MessageDigest

    SHA1

    X RSA Signature

    DSA

    Identity

    Signer

    MessageDigest

    Signature

    Key

    KeyPair

    KeyPairGenerator

    KeyGenerator

    SecureRamdom

    KeyStore

    Certificate

    X509Certificate

    Cipher


    5 an example what students have to do
    5 An example: what students have to do ...

    • Task description for students

    • steps:

      • give applet rights to write a file belegis.dat on client

      • generate a keypair and a self signed certificate (X.509) ; store the keypair in a keystore file and export certificate to a file

      • write a Java-application that produces a MD5-Message Digest of file belegis.dat

      • write another Java-application that reads and signs the Java source code of step 3, concatenate the source with the signature and encrypt the result (symmetric cryptography). Deserialize a session key for this purpose.

    • Store in a directory for verification:

      • file belegis.dat

      • the self signed certificate

      • the message digest

      • the chiffretext


    Solution
    Solution

    Solution‘s Verification

    • If no permissions are given to applet

    • give file permissions by policytool

    • applet writes belegis.dat now

    • generate a keystore file & a key pair by keytool, export certificate (step 2)

    • java source code (step 3)

    • java source code (step 4)

    • register verification time

    • import certificate

    • read keystore file

    • verify message digest

    • desrialize session key

    • decrypt chiffretext and store temporary

    • extract certificate

    • proof validity of certificate

    • prepare for verifying signature

    • read signature

    • verify signature

    Response to Solution


    import java.security.*;

    import java.security.cert.*;

    import java.io.*;

    public class Beleg01Loes3{

    public static void main(String args []){

    try {

    FileInputStream fi = new FileInputStream("mykeystore");

    KeyStore ks = KeyStore.getInstance("JKS","SUN");

    char [] passwd1 = {'r','p','l','a','c','d','1'};

    ks.load(fi,passwd1);

    char [] passwd2 = {'r','p','l','a','c','a','1'};

    Key priv = ks.getKey("is_beleg",passwd2);

    MessageDigest md = MessageDigest.getInstance("MD5");

    FileInputStream fi2 =

    new FileInputStream("c:/temp/belegis.dat");

    byte xx =(byte)fi2.read();

    while(xx != -1){

    md.update(xx);

    xx =(byte)fi2.read();

    }

    fi2.close();

    System.out.println("------- Datei gelesen -------");


    byte [] medi = md.digest();

    FileOutputStream mdf = new FileOutputStream("belegis_MD5.dat");

    mdf.write(medi);

    mdf.close();

    System.out.println("---- MD5 geschrieben ----");

    System.out.println("---------- ende ----------");

    }

    catch(Exception e){

    System.out.println("error:"+e);

    }

    }

    }


    import java.io.*;

    import java.security.*;

    import java.security.spec.*;

    import java.security.interfaces.*;

    import java.security.cert.*;

    import javax.crypto.*;

    import javax.crypto.spec.*;

    import javax.crypto.interfaces.*;

    public class Beleg01Loes4{

    public static void main(String args[]){

    try{

    Provider sunJCE = new com.sun.crypto.provider.SunJCE();

    Security.addProvider(sunJCE);

    System.out.println("Provider eingetragen");

    File f1;

    File f2;

    if(args.length < 3) {

    System.out.println("Usage: java JCEChiffrierung c"+

    " <plaintext file> <chiffretext file> ");

    System.exit(8);

    }

    f1 = new File(args[1]);

    f2 = new File(args[2]);


    FileInputStream fis;

    FileOutputStream fos;

    FileInputStream kfis;

    FileOutputStream kfos;

    fis = new FileInputStream(f1);

    fos = new FileOutputStream(f2);

    CipherInputStream cis;

    Cipher desciph = Cipher.getInstance("DES");

    System.out.println("Cipher-Objekt erzeugt");

    cis = new CipherInputStream(fis, desciph);

    SecretKey desKey;

    // Lesen und Signieren

    FileInputStream fi = new FileInputStream("mykeystore");

    KeyStore ks = KeyStore.getInstance("JKS","SUN");

    char [] passwd1 = {'r','p','l','a','c','d','1'};

    ks.load(fi,passwd1);

    char [] passwd2 = {'r','p','l','a','c','a','1'};

    Key priv = ks.getKey("bel",passwd2);

    Signature dsa = Signature.getInstance("DSA","SUN");

    dsa.initSign((PrivateKey)priv);


    FileOutputStream mdfo = new FileOutputStream("beleg01_sig.dat");

    int siz = (int) f1.length();

    int z = 0;

    byte x =(byte)fis.read();

    while(z < siz){

    dsa.update(x);

    mdfo.write(x);

    z++;

    x =(byte)fis.read();

    }

    byte [] sig = dsa.sign();

    fis.close();

    System.out.println("------- Datei gelesen und signiert -------");

    mdfo.write((byte)'S');

    mdfo.write((byte)'I');

    mdfo.write((byte)'G');

    System.out.println("------- SIG geschrieben -------");

    mdfo.write(sig);

    mdfo.close();

    System.out.println("------- signierte Datei geschrieben -------");


    f1 = new File("beleg01_sig.dat");

    fis = new FileInputStream(f1);

    cis = new CipherInputStream(fis, desciph);

    kfis = new FileInputStream(

    "i:/prakt/fritzsch/Sicherheit/chiffkey.dat");

    ObjectInputStream keyin =

    new ObjectInputStream(kfis);

    desKey = (SecretKey)keyin.readObject();

    System.out.println("Key deserialisiert");

    desciph.init(Cipher.ENCRYPT_MODE,desKey);

    byte [] b = new byte [8];

    int i = cis.read(b);

    while(i != -1){

    fos.write(b,0,i);

    i = cis.read(b);

    }

    fos.close();

    System.out.println("Dateien lesen/schreiben beendet");

    }

    catch(Exception e){

    System.err.println("Error:"+ e);

    }

    }

    }


    import java.security.*;

    import java.security.cert.*;

    import java.io.*;

    import java.util.*;

    import javax.crypto.*;

    public class Beleg01PruefS{

    public static void main(String args []){

    // Arbeitsverzeichnis: htw4711

    // Aufruf: java Beleg01PruefS htw4711

    try {

    // Zeitpunkt der Ueberpruefung registrieren -------------

    System.out.println("Beleg geprueft:");

    System.out.println((new Date()).toLocaleString());

    // Provider SunJCE eintragen ----------------------------

    Provider sunJCE = new com.sun.crypto.provider.SunJCE();

    Security.addProvider(sunJCE);


    // Certificate löschen (auch wenn nicht vorhanden )----------

    String command1 = "keytool -delete " +

    " -alias " + args[0] +

    " -keystore i:/Prakt/fritzsch/Sicherheit/mykeystore“ +

    " -storepass rplacd1";

    System.out.println("-- invoke: ");

    System.out.println(" " + command1);

    Runtime rt1 = Runtime.getRuntime();

    Process p1 = rt1.exec(command1);

    p1.waitFor();

    System.out.println(" ... beendet mit RC="+ p1.exitValue());


    // Certificate importieren -----------------------------------

    System.out.println("-- Zertifikat importieren ");

    String command = "keytool -import "+

    " -alias " + args[0] +

    " -file "+ args[0] + ".cer"+

    //" -keystore c:/workstation/IS/mykeystore"+

    " -keystore i:/Prakt/fritzsch/Sicherheit/mykeystore"+

    " -storepass rplacd1";

    System.out.println("-- invoke: ");

    System.out.println(" " + command);

    Runtime rt = Runtime.getRuntime();

    Process p = rt.exec(command);

    String ss = "y\n";

    p.getOutputStream().write(ss.getBytes());

    p.getOutputStream().close();

    p.waitFor();

    System.out.println(" ... beendet mit RC="+ p.exitValue());

    // Keystore-Datei lesen ------------------------------------

    KeyStore ks = KeyStore.getInstance("JKS","SUN");

    char [] passwd1 = {'r','p','l','a','c','d','1'};

    FileInputStream fi =

    new FileInputStream(

    "i:/Prakt/fritzsch/Sicherheit/mykeystore");

    ks.load(fi,passwd1);


    // Message-Digest prüfen -----------------------------------

    MessageDigest md = MessageDigest.getInstance("MD5");

    FileInputStream fius =

    new FileInputStream("belegis.dat");

    byte [] org = {1,1,1,1,5,1,1,1,1,5,1,1,1,1,5,1,1,1,1,5,

    1,1,1,1,5,1,1,1,1,5,1,1,1,1,5,1,1,1,1,5,

    1,1,1,1,5,1,1,1,1,5,1,1,1,1,5,1,1,1,1,5,

    1,1,1,1,5,1,1,1,1,5,1,1,1,1,5,1,1,1,1,5,

    1,1,1,1,5,1,1,1,1,5,1,1,1,1,5,1,1,1,1,5,1};

    int i = 0;

    org[i]=(byte)fius.read();

    while (org[i]!=-1){

    md.update(org[i]);

    i=i+1;

    org[i]=(byte)fius.read();

    }

    fius.close();

    FileInputStream fimd = new FileInputStream("belegis_MD5.dat");

    byte [] dig = {1,1,1,1,5,1,1,1,1,5,1,1,1,1,5,1,0};

    int j = 0;

    dig[j] = (byte)fimd.read();

    while (j<15){

    j=j+1;

    dig[j] = (byte)fimd.read();

    }

    fimd.close();


    byte [] medi =md.digest(); -----------------------------------

    boolean vergleich=true;

    for (int k = 0; k<16; k++)

    if(dig[k]!=medi[k])

    vergleich=false;

    System.out.println("-- Vergleich Message Digest:" + vergleich);

    // Sitzungsschlüssel deserialisieren ------------------------

    FileInputStream kfis = new FileInputStream(

    "i:/Prakt/fritzsch/Sicherheit/chiffkey.dat");

    ObjectInputStream keyin = new ObjectInputStream(kfis);

    SecretKey desKey=(SecretKey)keyin.readObject();

    System.out.println("-- Sitzungsschluessel deserialisiert");


    // Datei chiffretext.dat dechiffrieren und -----------------

    // in belegis_zwi.dat ablegen

    FileInputStream fis = new FileInputStream("chiffretext.dat");

    FileOutputStream fos =

    new FileOutputStream("belegis_zwi.dat");

    CipherInputStream cis;

    Cipher desciph = Cipher.getInstance("DES/ECB/PKCS5Padding");

    cis = new CipherInputStream(fis,desciph);

    desciph.init(Cipher.DECRYPT_MODE,desKey);

    byte [] ba = new byte [1];

    int iii = cis.read(ba);

    while (iii != -1){

    fos.write(ba,0,iii);

    iii = cis.read(ba);

    }

    fos.close();

    fis.close();

    System.out.println("-- Dechiffrierung erfolgreich");

    // öffentlichen Schlüssel aus Certif. extrahieren -----------

    java.security.cert.X509Certificate cl =

    (java.security.cert.X509Certificate) ks.getCertificate(args[0]);

    PublicKey pub = cl.getPublicKey();

    System.out.println("-- oeffentlicher Schluessel extrahiert");


    // Gültigkeitsdauer des Zertifikates überprüfen --------------

    Date bef = cl.getNotBefore();

    Date aft = cl.getNotAfter();

    System.out.println("-- Zertifikat ist gueltig");

    System.out.println(" vom: " + bef.toLocaleString());

    System.out.println(" bis: " + aft.toLocaleString());

    // Signatur-Objekt zum Prüfen initialisieren -----------------

    Signature dsa = Signature.getInstance("DSA");

    dsa.initVerify(pub);


    // Zwischendatei belegis_zwi.dat lesen -----------------------

    File gesamtFile = new File("belegis_zwi.dat");

    int sizef = (int)gesamtFile.length();

    fis = new FileInputStream(gesamtFile);

    byte b = (byte)fis.read();

    sizef--;

    byte c = (byte)fis.read();

    sizef--;

    byte d = (byte)fis.read();

    while ((d != -1)&&((b !='S')||(c != 'I')||(d !='G'))){

    sizef--;

    dsa.update(b);

    b=c;

    c=d;

    d=(byte)fis.read();

    }

    sizef--;


    // Signatur lesen ------------------------------------------

    System.out.println("Laenge der Signatur: "+sizef);

    byte [] sig = new byte[sizef];

    int ii = 0;

    byte s = (byte)fis.read();

    while (ii < sizef){

    sig[ii] = s;

    ii++;

    s = (byte)fis.read();

    }

    fis.close();

    System.out.println("-- Signatur gelesen");

    // Signatur pruefen -----------------------------------------

    boolean verifies = dsa.verify(sig);

    System.out.println("-- Signatur verifiziert:"+verifies);

    System.out.println("-- Ende");

    }

    catch(Exception e){

    System.out.println("error:"+e);

    }

    }

    }


    Preparation
    Preparation ------------------------------------------

    • Make available - applet BelegIS.java - HTML page BelegIS.html containing this applet

    • generate & make available (serialize) secure session key

    • generate keystore file c:\workstation\IS\mykeystore to include certificates of students


    import java.applet.Applet; ------------------------------------------

    import java.awt.*;

    import java.awt.event.*;

    import java.io.*;

    import javax.swing.*;

    import List;

    public class HanoiVisual extends JApplet implements ActionListener{

    JPanel jPanel0= new JPanel();

    JPanel jPanel1= new JPanel();

    JPanel jPanel2 = new JPanel();

    JPanel jPanel3 = new JPanel();

    JPanel jPanel4 = new JPanel();

    JButton popbutton = new JButton("pop");

    JButton pushbutton = new JButton("push");

    JButton emptybutton = new JButton("emptyStack");

    JButton runbutton = new JButton("run");

    JButton stopbutton = new JButton("stop");

    JPanel buttonPanel = new JPanel();

    VisObject vo1 = new VisObject(0, jPanel1);

    VisObject vo2 = new VisObject(0, jPanel2);

    VisObject vo3 = new VisObject(0, jPanel3);


    public void init(){ ------------------------------------------

    try{

    UIManager.setLookAndFeel(

    UIManager.getCrossPlatformLookAndFeelClassName());

    Container contentPane= getContentPane();

    contentPane.setBackground(Color.white);

    jPanel0.setBorder(BorderFactory.createEtchedBorder());

    jPanel0.setLayout(new GridLayout(1,3,5,10));//3 Spalten

    jPanel1.setBorder(BorderFactory.createEtchedBorder());

    jPanel1.setLayout(new GridLayout(10,1,5,0));//10 Zeilen

    for (int j=0;j<10;j++){

    jPanel4= (JPanel)jPanel1.add(new MyJPanelInit(),j);

    }

    jPanel2.setBorder(BorderFactory.createEtchedBorder());

    jPanel2.setLayout(new GridLayout(10,1,5,0));//10 Zeilen

    for (int j=0;j<10;j++){

    jPanel4= (JPanel)jPanel2.add(new MyJPanelInit(),j);

    }


    jPanel3.setBorder(BorderFactory.createEtchedBorder()); ------------------------------------------

    jPanel3.setLayout(new GridLayout(10,1,5,0));//10 Zeilen

    for (int j=0;j<10;j++){

    jPanel4= (JPanel)jPanel3.add(new MyJPanelInit(),j);

    }

    jPanel0.add(jPanel1);

    jPanel0.add(jPanel2);

    jPanel0.add(jPanel3);

    contentPane.add("Center",jPanel0);

    pushbutton.addActionListener(this);

    buttonPanel.add(pushbutton);

    popbutton.addActionListener(this);

    buttonPanel.add(popbutton);

    emptybutton.addActionListener(this);

    buttonPanel.add(emptybutton);

    runbutton.addActionListener(this);

    buttonPanel.add(runbutton);

    stopbutton.addActionListener(this);

    buttonPanel.add(stopbutton);

    contentPane.add("South",buttonPanel);

    validate();

    }catch(Exception e){ }

    }


    public void actionPerformed(ActionEvent evt){ ------------------------------------------

    if(evt.getActionCommand().equals("pop")){

    MyJPanel y = popvis(vo1);

    }

    if(evt.getActionCommand().equals("push")){

    pushvis(vo1,new MyJPanel(vo1.i+1));

    }

    if(evt.getActionCommand().equals("emptyStack")){

    vo1.i=0;

    jPanel1.removeAll();

    for (int j=0;j<10;j++){

    jPanel4= (JPanel)jPanel1.add(new MyJPanelInit(),j);

    }

    vo2.i=0;

    jPanel2.removeAll();

    for (int j=0;j<10;j++){

    jPanel4= (JPanel)jPanel2.add(new MyJPanelInit(),j);

    }

    vo3.i=0;

    jPanel3.removeAll();

    for (int j=0;j<10;j++){

    jPanel4= (JPanel)jPanel3.add(new MyJPanelInit(),j);

    }

    paint(getGraphics());

    }


    if(evt.getActionCommand().equals("run")){ ------------------------------------------

    hanoiinit();

    validate();

    }

    if(evt.getActionCommand().equals("stop")){

    stop();

    init();

    }

    }

    public void pushvis(VisObject p,MyJPanel x){

    p.i++;

    p.jP.remove(10-p.i);

    jPanel4= (JPanel)p.jP.add(x,10-p.i);

    validate();

    paint(getGraphics());

    }

    public MyJPanel popvis(VisObject p){

    MyJPanel x = (MyJPanel)p.jP.getComponent(10-p.i);

    p.jP.remove(10-p.i);

    jPanel4= (JPanel)p.jP.add(new MyJPanelInit(),10-p.i);

    validate();

    paint(getGraphics());

    p.i--;

    return x;

    }


    public void hanoiinit(){ ------------------------------------------

    List a = new List();

    a = a.cons(vo1);

    for (int j=0;j<vo1.i;j++)

    a= a.cons(new Integer(vo1.i-j));

    a=a.reverse();

    a.princ();

    List b = new List();

    b = b.cons(vo2);

    b.princ();

    List c = new List();

    c = c.cons(vo3);

    c.princ();

    hanoi(a,b,c);

    }

    public void hanoi(List a, List b, List c){

    if (a.cdr().cdr().nullp())

    move(a, b);

    else {

    hanoi(a.cdr().cdr().cons(a.car()),c,b);

    validate();

    move(a, b);

    validate();

    hanoi(c.append(a.cdr().cdr()),b,(new List()).cons(a.car()));

    validate();

    }

    }


    public void move(List a, List b){ ------------------------------------------

    MyJPanel x = popvis((VisObject)a.car());

    validate();

    pushvis((VisObject)b.car(),x);

    validate();

    try{

    Thread.currentThread().sleep(1200);

    validate();

    }

    catch(InterruptedException e){

    }

    }

    public void paint(Graphics g){

    getContentPane().paintAll(g);

    }

    }

    class MyJPanel extends JPanel{

    public MyJPanel(int i){

    super();

    this.setBackground(Color.black); // cyan

    this.add(new Scheibe(i));

    }

    }


    class Scheibe extends JPanel{ ------------------------------------------

    public Scheibe(int i){

    super();

    int x = this.getWidth();

    this.setBorder(BorderFactory.createEmptyBorder(

    0,x+93-10*i,0,x+93-10*i));

    this.setBackground(Color.yellow);

    this.add(new JLabel(String.valueOf(i)));

    }

    }

    class MyJPanelInit extends JPanel{

    public MyJPanelInit(){

    super();

    this.setBackground(Color.black);

    }

    }

    class VisObject {

    public int i;

    public JPanel jP;

    public VisObject(int n, JPanel p){

    i=n;

    jP=p;

    }

    }


    ad