270 likes | 414 Views
GS: Chapter 3 Encryption, Authentication and Java Cryptography. Cryptography & Java. Encryption Authentication Java Cryptography. Encryption. Encryption Basics: An algorithm ( or cipher) and a key are required in order to encrypt or decrypt messages. Example: the Caesar cipher (p.34)
E N D
GS: Chapter 3Encryption, Authentication and Java Cryptography csci5931 Web Security
Cryptography & Java • Encryption • Authentication • Java Cryptography csci5931 Web Security
Encryption • Encryption Basics: • An algorithm (or cipher) and a key are required in order to encrypt or decrypt messages. • Example: the Caesar cipher (p.34) • A symmetric, stream cipher • Exercise: Encrypt “DDAY” using Caesar cipher (5). • Answer: “IIFD”. • Q: What is the algorithm? • Q: What is the key? • Q: How would the cipher be decrypted? csci5931 Web Security
Encryption • Symmetric Encryptions: • Both the encrypter and the decrypter share the same key. • Key space: The set of possible keys that work with a cipher; determined by the number of bits used in the cipher. • The larger the key space is, the more secure the encryption will be. • Each additional bit added to the key length doubles its security. csci5931 Web Security
Encryption • Symmetric Encryptions: • Two types of symmetric ciphers: block ciphers and stream ciphers. • Examples of symmetric encryptions: • DES (Data Encryption Standard) & TripleDES: block ciphers • Blowfish: a faster and more secure replacement of DES • RC4 (Rivest’s Code 4): a stream cipher • AES (Advanced Encryption Standard): a block cipher csci5931 Web Security
Encryption • Limitations of Symmetric Encryptions: • Key distribution can be a vulnerability. • If the key is exposed, the encrypted message and all future communication using the same key will suffer the eavesdropping attack. • Key management problems: distribution, update, revoking csci5931 Web Security
Encryption • Asymmetric Encryptions: • Also known as ‘public key encryption’ • Messages encrypted with the public key can only be decrypted by the corresponding private key. • The public key can be made known to the public, but the private key is kept as secret and only known to the owner of the key. • Examples of asymmetric encryption algorithms: • Merkel Hellman Knapsacks • RSA: Rivest, Shamir, Adleman • El Gamal csci5931 Web Security
Encryption • Limitations of asymmetric Encryptions: • Asymmetric encryption requires much larger keys than symmetric encryption. • A 1024-bit asymmetric key ~= a 128-bit symmetric key • Why? • Asymmetric encryption is much slower (~ 1000 times slower) than symmetric encryption. • It is subject to man-in-the-middle attack. Solution? Digital certificates (Ch. 6) csci5931 Web Security
Encryption • Session-key Encryption • A session-key is a symmetric key that is used to encrypt the plaintext message. The session key itself is encrypted using a public key. • Sender: C = Spub ( S ) + Sencrypt (message) Recipient • Recipient: Spriv ( Spub (S) ) S Sdecrypt (Sencrypt (message)) message • Alternatively, the session key may be assigned an expiration time and be used over several sessions. csci5931 Web Security
Encryption • Examples of Session-key Encryption • PGP (Pretty Good Privacy): Originally (1991) used to encrypt e-mail using session-key encryption Supports RSA, TripleDES, etc. http://www.pgp.com/ • S/MIME (Secure/MIME): Invented by RSA to secure e-mail Backed by Microsoft, RSA, and AOL • SSL/TLS (Secure Socket Layer/Transport Layer Security): Ch. 9 Originally an attempt to secure TCP/IP traffic using encryptions csci5931 Web Security
Encryption • Key Agreement Algorithm • A key agreement algorithm takes the private and the public keys of two distinct parties (Apriv + Bpub or Apub + Bpriv) and generates a common shared secret key, which is then used to generate a session key. See the diagram on p.41. • Diffie-Hellman Key Agreement Algorithm: The first ever public key encryption • Allows two parties to independently generate the shared key; The session key is never transmitted. • References: See http://www.apocalypse.org/pub/u/seven/diffie.html IETF RFC2631: http://www.ietf.org/rfc/rfc2631.txt csci5931 Web Security
Encryption • Strength of Encryption Algorithms • Two factors: The algorithm used + The size of the key space • See the tables comparing symmetric ciphers (p.42) and asymmetric ciphers (p.43) csci5931 Web Security
Alternative Data-hiding Methods • Steganography: hiding messages inside another message or in a picture. See “Steganography: Hidden Data”. By Deborah Radcliff. ComputerWorld. June 10, 2002. • Elliptic Curve Cryptography (ECC): based on the elliptic curve logarithm problem; a more efficient public key encryption (faster, smaller key size) An intro: http://world.std.com/~dpj/elliptic.html • Codes, one-time pads, etc. csci5931 Web Security
Authentication • The process of determining the authenticity of a message or user. • Methods: • Message Digest • a check value generated from a document, usually generated by a hash function • to prove that the data in the document has not been tampered with. • Commonly used for password authentication (i.e., one-way authentication) • Examples: MD4, MD5, SHA (secure hash algorithm) • Any problem? Man-in-the-middle attack Why? csci5931 Web Security
Authentication Methods • MAC (Message Authentication Codes) • A message digest created with a key • Typically used for data verification in a context where a secure connection is already available. • Example: SSL uses MACs to verify the data received, using a secret key that is exchanged at the beginning of the session. • Example MACs: • HmacMD5 (Hashing MAC using MD5) • HmacSHA1 (Hashing MAC using SHA-1) csci5931 Web Security
Authentication Methods • Digital Signatures • Based on public key encryption • Computed with a person’s private key and verified with the person’s public key • An example of creating a digital signature: p.48 • The sender applies a message digest algorithm to get a message digest (md) out of the message to be sent. • The message digest is then encrypted by the person’s private key. The ciphertext is the digital signature (ds). • To check the digital signature: • The recipient applies the digest algorithm to get a message digest (md-2). • The recipient decrypts the ds using the sender’s public key. • The output from step 2 is verified against md-2. csci5931 Web Security
Authentication Methods • Digital Certificates • Purpose: To authenticate a person’s public key • “Vouching”: one party certifies that another party’s identity is authentic. e.g., passport, id cards • A digital certificate for A is A’s public key plus some identifying information, signed by the private key of a certification authority (CA) verifying A’s identity. • Other example usage of certificates: • To authenticate a host/server (e.g., SSL certificates) • To sign and encrypt e-mail csci5931 Web Security
Authentication Methods • Digital Certificates (Cont.) • Certificates are often chained. That is, a CA may be authenticated by a root CA. • The top CA of a certificate chain must be self-signed. • Verisign has been accepted as the top CA. • Example of certificate chaining: Both Internet Explorer and Netscape Communicator include certificates from Verisign in their install. So when the browser makes an SSL connection to a server, if the server presents a certificate that is signed by Verisign, the server’s certificate will be automatically accepted. csci5931 Web Security
Cryptanalysis • The practice of analyzing and breaking cryptography • Mehtods: • Brute force attack versus the key space • Common cryptanalytic tools: Frequency distribution, Digram/trigram study, IC, Repeated patterns, Probable letters • 4 cryptanalytic cases: • Ciphertext only Ciphertext-only attack • Full or partial plaintext • Known plaintext attack • Probable plaintext analysis • Ciphertext of any plaintext Chosen plaintext attack • Algorithm + Ciphertext Chosen ciphertext attack csci5931 Web Security
Key Management (storage) • A dilemma: Keys must be securely stored while allowing users easy access when necessary. • A typical solution is to encrypt the stored keys with passwords and then protect the storage with the OS access control. • A key storage is an attractive target for attack. • The smart card solution: A smart card stores a private key and a certificate, which can be used to encrypt and/or decrypt information. • An example of smart card solution: See Protection of Keys (RSA vs nCipher) csci5931 Web Security
Cryptographical Protocols • Cryptographical protocols determine the exact order and way in which each algorithm must be used in order to maximize security. • Examples of protocols: • Distribution of keys, • Certificates, Digital signatures, • Key escrow, • Mental poker, • Electronic voting, • oblivious transfer, contract signing, • certified mail csci5931 Web Security
JCA/JCE • Java Cryptography Architecture (JCA) is part of the Java 2 run-time environment. java.security.* • JCE (Java Cryptography Extension), on the other hand, is an extension to the JCA. JCE adds encryption and decryption APIs to the JCA. java.crypto.* • Major classes defined in JCA: MessageDigest, Signature, KeyPairGenerator, KeyFactory, CertificateFactory, KeyStore, AlgorithmParameters, AlgorithmParameterGenerator, SecureRandom, … csci5931 Web Security
JCA/JCE • A cryptographic service provider implements various cryptographic algorithms. • See page 54 for a list of algorithms implemented in the SUN provider (sun.security.provider.Sun), Java 2 (v1.2). • A second provider, the RSAJCA provider (com.sun.rsajca.Provider) is shipped with JDK v1.3, to provide RSA-specific cryptos. csci5931 Web Security
JCA • An example of using MessageDigest in the JCA: • Get an instance of a message digest. MessageDigest myMessageDigest = MessageDigest.getInstance (“MD5”); Or MessageDigest myMessageDigest = MessageDigest.getInstance (“MD5”,”Sun”); • Add data to be digested. myMessageDigest.update (myData); • Get the digest. byte [ ] signatureBytes = myMessageDigest.digest ( ); csci5931 Web Security
JCE • Major JCE classes: Cipher, KeyAgreement, KeyGenerator, MAC, SecretKey, SecretKeyFactory • JCE needs to be separately downloaded and installed if you have JDK older than v1.4. For JDK1.4 or higher, JCE is an integrated component. • See http://java.sun.com/products/jce/index-14.html for more details. csci5931 Web Security
JCE • Installation of JCE security provider • Sample programs: http://nas.cl.uh.edu/yang/teaching/csci5931webSecurity/JCE%20provider.htm • Visit http://sce.cl.uh.edu/yang/teaching/proJavaSecurityCode.html and download all the sample programs from the book. csci5931 Web Security
Next • Symmetric Encryption (GS: 4) • Asymmetric Encryption (GS: 5) csci5931 Web Security