Presentation is loading. Please wait.

Presentation is loading. Please wait.

Csci5233 Computer Security1 GS: Chapter 5 Asymmetric Encryption in Java.

Published byBeverly Rich Modified over 8 years ago

Similar presentations

Presentation on theme: "Csci5233 Computer Security1 GS: Chapter 5 Asymmetric Encryption in Java."— Presentation transcript:

1 csci5233 Computer Security1 GS: Chapter 5 Asymmetric Encryption in Java

2 csci5233 Computer Security2 Topics A. Ciphers, modes and padding B. Asymmetric encryption in Java C. Session key encryption D. File encryption/decryption using RSA E. Key agreement

3 csci5233 Computer Security3 Ciphers, Modes and Padding  The ECB (Electronic Code Book) mode encrypts the plaintext a block at a time.  Asymmetric ciphers are almost always used in ECB mode. Why?  The block size is usually almost equal to the size of the key. Example: 1024-bit RSA ~= data block of 117 bytes

4 csci5233 Computer Security4 Ciphers, Modes and Padding  When the size of the data is less than the size of the block, padding is needed.  RSA uses two forms of padding: PKCS#1 – the standard form of padding in RSA; insecure when used for encrypting plaintext with obvious patterns in it (like English text) OAEP (Optimal Asymmetric Encryption Padding) – an improvement on PKCS#1.

5 csci5233 Computer Security5 Asymmetric encryption in Java  The steps of using asymmetric encryption in Java is similar to using symmetric encryption: 1. Create a key; 2. Create and initialize a cipher using the key; 3. Use the cipher to encrypt or decrypt, by specifying appropriate mode.  The main difference is that an asymmetric cipher requires a key pair: a public and a private key.

6 csci5233 Computer Security6 Major Java Classes for Key Pairs 1. java.security.KeyPair public final class KeyPair extends ObjectObject implements SerializableSerializable 2. java.security.PublicKey public interface PublicKey extends KeyKey This interface contains no methods or constants. It merely serves to group (and provide type safety for) all public key interfaces. Note: The specialized public key interfaces extend this interface. See, for example, the DSAPublicKey interface in java.security.interfaces.

7 csci5233 Computer Security7 3. java.security.PrivateKey Similar to the PublicKey interface, except that it is for the private key 4. java.security.KeyPairGenerator public abstract class KeyPairGenerator extends KeyPairGeneratorSpiKeyPairGeneratorSpi  The KeyPairGenerator class is used to generate pairs of public and private keys.  Key pair generators are constructed using the getInstance factory methods. Major Java Classes for Key Pairs

8 csci5233 Computer Security8 Session key encryption  Oddly enough, the greatest value in using asymmetric encryption is in encrypting symmetric keys. Why? (discussed earlier in Chapter 2)  Exercise: Explain how session key encryption works.  SimpleRSAExample.java (or find it at http://sce.cl.uh.edu/yang/teaching/proJavaSecurityCode. html) SimpleRSAExample.java http://sce.cl.uh.edu/yang/teaching/proJavaSecurityCode. html

9 csci5233 Computer Security9 File encrypt/decrypt using RSA  Steps: 1) Use an AES session key to encrypt the file. (Note: Each file is encrypted by a different session key.) 2) Use RSA to encrypt the session key. 3) Store the encrypted session key inside the file.  Source code: FileEncryptorRSA.java FileEncryptorRSA.java

10 csci5233 Computer Security10 File encrypt/decrypt using RSA  FileEncryptor is started with one of three options: -c:create key pair and write it to 2 files -e:encrypt a file, given as an argument -d: decrypt a file, given as an argument

11 csci5233 Computer Security11 File encrypt/decrypt using RSA  Format of the encrypted file

12 csci5233 Computer Security12 File encrypt/decrypt using RSA  The decryption steps

13 csci5233 Computer Security13 Key agreement  javax.crypto Class KeyAgreement This class provides the functionality of a key agreement (or key exchange) protocol. For each of the correspondents in the key exchange, doPhase needs to be called. For example, if this key exchange is with one other party, doPhase needs to be called once, with the lastPhase flag set to true.

14 csci5233 Computer Security14 Key agreement KeyKey doPhase (Key key, boolean lastPhase) Executes the next phase of this key agreement with the given key that was received from one of the other parties involved in this key agreement.doPhaseKey

15 csci5233 Computer Security15 Key agreement  If this key exchange is with two other parties, doPhase needs to be called twice, the first time setting the lastPhase flag to false, and the second time setting it to true. There may be any number of parties involved in a key exchange.  With the doPhase method, Diffie-Hellman allows any number of public keys to be added to perform a key agreement.

16 csci5233 Computer Security16 Key agreement  Once all the keys have been passed in with doPhase( ), a call to generateSecret( ) will perform the actual key agreement and return a byte array that is the shared secret. byte[] generateSecret() Generates the shared secret and returns it in a new buffer.generateSecret int generateSecret (byte[] sharedSecret, int offset) Generates the shared secret, and places it into the buffer sharedSecret, beginning at offset inclusive.generateSecret SecretKey generateSecret (String algorithm) Creates the shared secret and returns it as a SecretKey object of the specified algorithm.SecretKeygenerateSecretString

17 csci5233 Computer Security17

18 csci5233 Computer Security18 Key agreement for a Chat Application  The sample application  KeyAgreementClient.java KeyAgreementClient.java  KeyAgreementServer.java KeyAgreementServer.java

19 csci5233 Computer Security19 Next  Message digest, Digital signatures & Certificates (GS: 6)

Download ppt "Csci5233 Computer Security1 GS: Chapter 5 Asymmetric Encryption in Java."

Similar presentations

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
IS 302: Information Security and Trust Week 4: Asymmetric Encryption

IS 302: Information Security and Trust Week 4: Asymmetric Encryption
XML Encryption Prabath Siriwardena Director, Security Architecture.

XML Encryption Prabath Siriwardena Director, Security Architecture.
Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.

Topic 7: Using cryptography in mobile computing. Cryptography basics: symmetric, public-key, hash function and digital signature Cryptography, describing.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.

Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Web Security for Network and System Administrators1 Chapter 4 Encryption.

Web Security for Network and System Administrators1 Chapter 4 Encryption.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
20-751 ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.

ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS Cryptographic Security.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden

Henric Johnson1 Chapter3 Public-Key Cryptography and Message Authentication Henric Johnson Blekinge Institute of Technology, Sweden
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
August 6, 2003 Security Systems for Distributed Models in Ptolemy II Rakesh Reddy Carnegie Mellon University Motivation.

August 6, 2003 Security Systems for Distributed Models in Ptolemy II Rakesh Reddy Carnegie Mellon University Motivation.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.

Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Feb 19, 2002Mårten Trolin1 Previous lecture Practical things about the course. Example of cryptosystem — substitution cipher. Symmetric vs. asymmetric.

Feb 19, 2002Mårten Trolin1 Previous lecture Practical things about the course. Example of cryptosystem — substitution cipher. Symmetric vs. asymmetric.
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.

Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Public-Key Cryptography and RSA CSE 651: Introduction to Network Security.

Public-Key Cryptography and RSA CSE 651: Introduction to Network Security.

Similar presentations

Ads by Google