Presentation is loading. Please wait.

Presentation is loading. Please wait.

Java and Security in Distributed Systems. v1.3Java in Distributed Systems2 What is Java? Structured programming language Object oriented programming language.

Published byErik Gibson Modified over 9 years ago

Similar presentations

Presentation on theme: "Java and Security in Distributed Systems. v1.3Java in Distributed Systems2 What is Java? Structured programming language Object oriented programming language."— Presentation transcript:

1 Java and Security in Distributed Systems

2 v1.3Java in Distributed Systems2 What is Java? Structured programming language Object oriented programming language Popular language for internet based applications Java Applets - interpreted scripting language plugs into web browsers Byte code and the Java Virtual Machine (JVM) encourages portability

3 v1.3Java in Distributed Systems3 Why is Java so Sucessful? Its free Its simpler than C++ Widely deployed Open development

4 v1.3Java in Distributed Systems4 Observations The Java language has no inherent support for communication or distributed systems Java does have extensive packages (libraries) for user interfaces, communication and distributed systems Java provides a platform for global development

5 v1.3Java in Distributed Systems5 Remote Method Invocation Jini JavaSpaces Java Management Extensions (JMX) Interaction with CORBA

6 v1.3Java in Distributed Systems6 Java Web Services Builds on existing standards and services Java servlets deliver dynamic content Java Server Pages (JSP) XML Simple Object Access Protocol

7 v1.3Java in Distributed Systems7 Enterprise Java Sandbox security model Java Cryptography Extensions (JCE) Java Secure Socket Extensions (JSSE) Java Authentication and Authorization Services (JAAS)

8 v1.3Java in Distributed Systems8 JavaBeans Component Model A Java Bean is a reuseable software component A component assembler allows components to the linked together e.g. Sun Microsystems Forte The component assembler needs to know the detail of service components provided rather than the implementation details

9 v1.3Java in Distributed Systems9 JavaBeans Component Model (2) Implementation of the serializable interface means that a JavaBean can be customised, saved and reused. JavaBeans are normally stored in Java Archive files (JAR) which in turn contain a manifest file that describes the components in the jar file. When a jar file containing a bean is loaded the manifest is read, allowing the IDE to display the classes visually.

10 v1.3Java in Distributed Systems10 JavaBeans Component Model (3) Certain method naming conventions are used to enable properties to be implicit e.g. public void setProperty1 (int value) { … } public int getProperty1( ) { … } Alternatively the BeanInfo class can be used to describe to the builder how the features should be presented to the programmer.

11 v1.3Java in Distributed Systems11 Security Privacy Integrity Authentication Authorization Nonrepudiation

12 v1.3Java in Distributed Systems12 Privacy Ensuring that information passed over the Internet has not been captured or passed on to a third party

13 v1.3Java in Distributed Systems13 Integrity Ensuring the information sent has not been compromised or altered

14 v1.3Java in Distributed Systems14 Authentication How do the sender and receiver prove their identities to each other

15 v1.3Java in Distributed Systems15 Authorization Ensuring users only get access to resources they have rights to

16 v1.3Java in Distributed Systems16 Nonrepudiation Providing proof that a message was sent or received

17 v1.3Java in Distributed Systems17 Cryptography (1) Cryptography - Transforms data by using a cipher or cryptosystem (typically a mathematical algorithm) The key, a string of alphanumeric characters that act as a password, is input to the cipher. The cipher uses the key to make the data incomprehensible to all but the sender and intended receivers

18 v1.3Java in Distributed Systems18 Cryptography (2) ciphertext – encrypted data plaintext – unencrypted data Different keys result in different ciphertext.

19 v1.3Java in Distributed Systems19 Cryptography (3) Substitution ciphers –every given letter is replaced by a different letter e.g. if every letter is replaced by the letter three positions on (caesar cipher) security becomes vhfxulwb Transposition ciphers –Modify the order of the letters e.g. split one word into 2, odd ordered letters into the first word and even into the second: security becomes scrt euiy

20 v1.3Java in Distributed Systems20 Cryptography (4) Traditional encryption relied on the algorithm being memorised and kept secret. Modern encryption relies on the keys being kept secret as the algorithms are in the public domain.

21 v1.3Java in Distributed Systems21 Cryptography (5) Modern cryptosystems are digital and are based on bits or groups of bits (blocks). Encryption and decryption keys are binary strings with a given key length e.g. 128 bits The longer the key length the more difficult the key is to crack.

22 v1.3Java in Distributed Systems22 Secret-key Cryptography (1) aka symmetric cryptography A secret key is shared by both the sender and receiver. The same key is used to encode and decode the message. Secure way to share the key is needed e.g. courier delivery A different key is needed for every receiver

23 v1.3Java in Distributed Systems23 Secret-key Cryptography (2)

24 v1.3Java in Distributed Systems24 Secret-key Cryptography (3) A key distribution center (kdc) may be used to solve the key distribution problem. The kdc shares a key with every user on the system. The kdc generates a new key for every session and sends it to the sender and receiver, encrypted by their respective keys. The sender and receiver de-crypt the session key with the key shared with the kdc.

25 v1.3Java in Distributed Systems25 Secret-key Cryptography (4)

26 v1.3Java in Distributed Systems26 Secret-key Cryptography (5) Data Encryption Standard (DES) is the most common symmetric encryption algorithms: –Developed in the 1970’s –Key length 56 bits –Encrypts data in 64 bit blocks (block cipher) –No longer considered secure and can be cracked in a few hours using late 1990’s technology –Triple DES (3 DES encryptions in series with 3 different keys) replaced the original DES.

27 v1.3Java in Distributed Systems27 Secret-key Cryptography (6) Advanced Encryption Standard (AES) is now being used as a replacement for DES: –Key and block sizes of 128, 192 and 256 bits –Chosen over four other algorithms –See csrc.nist.gov/encryption/aes

28 v1.3Java in Distributed Systems28 Public Key Cryptography (1) Initially developed at Stanford by Whitfield Diffie and Martin Hellman in 1976 Solves the problem of exchanging keys securely. Asymmetric – uses two inversely related keys: a public key and a private key

29 v1.3Java in Distributed Systems29 Public Key Cryptography (2) The sender uses the public key to encrypt a message and the receiver uses the secret private key to de-crypt the messages. The public key can be freely distributed. It is computationally infeasible to deduce the private key from the public key. The two keys are mathematically related but to derive one from the other would take enormous resources.

30 v1.3Java in Distributed Systems30 Public Key Cryptography (3)

31 v1.3Java in Distributed Systems31 Public Key Cryptography (4) Either the public key or the private key can be used to encrypt or decrypt a message. If the encryption key is the senders private key, and the receiver decodes it using the senders public key. Then the receiver has authenticated the sender.

32 v1.3Java in Distributed Systems32 Public Key Cryptography (5) To provide two way authentication: –Sender encodes message using receivers public key –Then the sender encodes the (encoded) message using its own private key, and sends the message –The receiver decodes the message first using the senders public key (verifying the sender) –Then decodes the message using its private key (which no one else has)

33 v1.3Java in Distributed Systems33 Public Key Cryptography (6)

34 v1.3Java in Distributed Systems34 Public Key Cryptography (6) RSA (Rivest, Shamir and Adleman, MIT) is the most commonly used public key algorithm commercially. –it is widely used in web browsers, e-commerce and email systems. PGP (Pretty Good Privacy, Zimmermann) is widely used to encrypt email message and files

35 v1.3Java in Distributed Systems35 Java Cryptography Extension (JCE) JCE provides: –Secret key encryption e.g. 3DES –Public key algorithms e.g. Diffie-Hellman, RSA –Use of multiple encryption algorithms and key sizes –Support for adding new algorithms –Digital signatures –Support for Public Key Infrastructure

36 v1.3Java in Distributed Systems36 Java Cryptography Extension (JCE) Java packages: java.security.* java.security.spec.* javax.crypto.* java.crypto.spec.*

37 v1.3Java in Distributed Systems37 Java Cryptography Extension (JCE) Support for: –Secret key: DES AES –Public key Diffie-Hellman RSA

38 v1.3Java in Distributed Systems38 Digital Signatures (1) Based on public key cryptography Authenticates the senders identity Senders plain text message is used to create a hash value e.g. SHA-1 produces a 160 bit hash value. Sender uses its private key to encrypt the hash value (aka message digest) The sender then encrypts the message with the receivers public key The receiver de-crypts the message with its private key. Applies the same hash function and compares it with the message digest decrypted by the senders public key.

39 v1.3Java in Distributed Systems39 Digital Signatures (2) An independent time stamping service may be used to sign and date a message as proof that a message was sent at a certain time. US Government has passed legislation that makes digital signatures as legally binding as written ones

40 v1.3Java in Distributed Systems40 Public Key Infrastructure (1) One problem with public-key cryptography is that anyone with a set of keys can assume another persons identity. How does a customer know that a web site belongs to a particular merchant and not to someone masquerading as the site to steal credit card numbers?

41 v1.3Java in Distributed Systems41 Public Key Infrastructure (2) PKI integrates: –public-key cryptography –digital certificates –certificate authorities A digital certificate is a digital document that identifies a user and is issued by a certificate authority

42 v1.3Java in Distributed Systems42 Public Key Infrastructure (3) Digital Certificate includes : –name of subject (company or individual) –subjects public key –serial number –expiration date –signature of the trusted authority (e.g. Verisign) –additional information The CA signs the certificate by encrypting the subjects public key using its own private key. CA’s are usually part of a certificate authority hierarchy

43 v1.3Java in Distributed Systems43 Public Key Infrastructure (4) The longer a key pair is used the more vulnerable the keys are to attack and crypto analysis Digital certificates have expiration dates, thus forcing the keys to be updated Revoked or expired keys are placed on a certificate revocation list In US certificates legally bind certificate owners to transactions involving their certificates

44 v1.3Java in Distributed Systems44 Java Keystores and keytool keytool utility –manages and generates keys, certificates and digital signatures –keys are kept in a keystore –the key store is password protected

45 v1.3Java in Distributed Systems45 Java Keystore repository for storing public and private keys modifying stored keys requires use of password default keystore located in home/user/.keystore command line arguments -genkey produces private and public key pair -export export a certificate -import import certificate from trusted source -list list all contents of keystore -alias –identify public and private pair for later use

46 v1.3Java in Distributed Systems46 Java Policy Files (1) Basis of Java security is the Sandbox – the protected environment in which applications and applets run Users must grant an application to access resources outside of the sandbox. Sandbox security model –bytecode verifier –class loader –security manager

47 v1.3Java in Distributed Systems47 Java Policy Files (2) Security policy files are text based and some content is needed to run any applet Examples java.security.AllPermission java.io.FilePermission java.lang.RuntimePermission java.net.SocketPermission java.net.NetPermission

48 v1.3Java in Distributed Systems48

49 v1.3Java in Distributed Systems49 Digital Signatures for Java Code Java applets run under strict security restrictions Java applets run in the sandbox by default Developers who distribute applets with special permissions (e.g. file i/o) must sign the applets with digital signatures keytool allows developers to generate public/private key pairs using RSA

50 v1.3Java in Distributed Systems50 Authentication (1) Authentication is verifying users are who they claim to be Java provides the Java Authentication and Authorization Service (JAAS) JAAS is a plug in framework that supports: –Kerberos –single sign-on

51 v1.3Java in Distributed Systems51 Authentication (2) Kerberos –Open source protocol developed at MIT –Uses secret key cryptography –Each client shares a secret key with Kerberos –On logon Kerberous returns a ticket granting ticket (TGT) encrypted with the secret key shared with the client. –The client decrypts the TGT (authenticating the client) and sends it back to Kerberos –Kerberos then sends a Service Ticket, which authorises the client to certain services –Service tickets expire and have to be renewed

52 v1.3Java in Distributed Systems52 Authentication (3) Single Sign On Allows user to sign on once with a single password and access multiple applications –Workstation logon scripts –Authentication server scripts –Tokens

53 v1.3Java in Distributed Systems53 Secure Sockets Layer (SSL) Most e-businesses use SSL for secure online transactions SSL secures WWW connections and is built into most Web browsers The non-proprietary SSL protocol was developed by Netscape It operated between TCP/IP and the application software

54 v1.3Java in Distributed Systems54 Secure Sockets Layer (2) SSL implement public-key technology using the RSA algorithm and digital certificates to authenticate the server in the transaction and to protect private information that passes from one party to the other SSL does not require authentication of the client – credit card numbers are considered sufficient

55 v1.3Java in Distributed Systems55 Secure Sockets Layer (3) The client sends a message to the server The server responds and sends its digital certificate to the client for authentication The client and server negotiate a secret session key to continue the transaction Message that follow are broken into blocks, compressed and encrypted Note that data stored on the server may be at risk if it is not secure!

56 v1.3Java in Distributed Systems56 Secure Sockets Layer (4) Java provides support for SSL through the Java Secure Socket Extension (JSSE)

Download ppt "Java and Security in Distributed Systems. v1.3Java in Distributed Systems2 What is Java? Structured programming language Object oriented programming language."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
CP3397 ECommerce.

CP3397 ECommerce.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.

Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.

Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)

Java Security Model Lab#1 I. Omaima Al-Matrafi. Safety features built into the JVM Type-safe reference casting Structured memory access (no pointer arithmetic)
LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.

LAB#2 JAVA SECURITY OVERVIEW Prepared by: I.Raniah Alghamdi.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Similar presentations

Ads by Google