Presentation is loading. Please wait.

Presentation is loading. Please wait.

MT311 Java Application Development and Programming Languages Li Tak Sing ( 李德成 )

Published byKelley Hood Modified over 8 years ago

Similar presentations

Presentation on theme: "MT311 Java Application Development and Programming Languages Li Tak Sing ( 李德成 )"— Presentation transcript:

1 MT311 Java Application Development and Programming Languages Li Tak Sing ( 李德成 )

2 Security For Java applications, there are two main areas of security issues: 1 system security 2 information security.

3 System security System security refers to the safety and stability of the computing environment. The safety and stability can be breached in a number of ways. When a malicious application (such as a virus) executes itself, it can cause damage to the system — for example, by deleting some critical files and rendering the computer inoperable.

4 Information security Or, the malicious application can intentionally or unintentionally consume too many resources, such as computing time, disk space, or network bandwidth, thereby causing the system to perform improperly.

5 Information security Information security, however, refers to the secrecy and integrity of data. For example, when you send an email, how do you ensure that only the targeted recipients can read the message? When you receive an email, how do you ensure that the message has not been tampered with and that it is from the supposed sender?

6 System security In the security policy model, resources can be granted or denied different types of access independently. For example, a file can be a resource, and the read action can be differentiated from the write action. So, you can easily grant read-only access to a particular file. You can do the same with objects, allowing you to create security policies for runtime objects as well.

7 System security Java makes things even more interesting by allowing different policies to apply to different applications, or to different invocations of the same application.

8 Security policy As you know by now, applets are small applications that can be embedded in webpages. When Java was first introduced, applets were sensational because they provided a cross-platform solution for making a webpage more interesting. To safeguard users from malicious applets, applets are run in a sandbox, which imposes rather stringent restrictions on what the applets can do.

9 Applet security If you run an applet through a browser and then the applet tries to read a local file, an error message would appear. You can try the following link: http://plbpc001.ouhk.edu.hk/~mt311f/2005- mt311f/lecture/test/build/classes/test.html

10 Allowing an applet to access a local file To remove the restriction, we need to specify a different policy. The format of the policy file is quite simple, and you can create one using a text editor. For example, below is a simple file that grants rights for applets from plbpc001.ouhk.edu.hk ‘.java.policy’:

11 Changing the policy grant codeBase "http://plbpc001.ouhk.edu.hk/-" { permission java.security.AllPermission; }; You should put this file in the "My Documents" directory. As this would grant permission to applets from the host to do everything, you should remove this file after testing it.

12 Cryptography Information security is save guarded by cryptography.

13 Cryptography Cryptography has four main objectives: – Confidentiality — the information cannot be understood by anyone for whom it was not intended. – Integrity — the information cannot be altered in storage or transit between sender and intended receiver without the alteration being detected.

14 Cryptography – Non-repudiation — the creator/sender of the information cannot deny at a later stage his or her intentions in the creation or transmission of the information. – Authentication — the sender and receiver can confirm each other’s identity and the origin/destination of the information.

15 Secret Key method In the secret key method, the sender and the receiver share the same secret key. Then, the sender first encrypts the message with the key and sends the encrypted message to the receiver who decrypts the message with the same key.

16 Secret key message encrypted message encrypted message key send over an unsafe channel

17 Java secret key APIs Java’s cryptographic APIs are defined in the java.security and javax.crypto packages. For a basic encryption, we need a secret key and a cryptographic algorithm. The Java classes for those are: – SecretKey — this class encapsulates the secret key for use in encryption and decryption – Cipher — this class provides cryptographic APIs for encryption and decryption.

18 Creating a secret key The following code would create a secret key: // the key itself as a byte array byte[] key = new byte[] {'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h'}; // create a KeySpec specifically for DES for our key DESKeySpec spec = new DESKeySpec(key); // retrieve a DES SecretKeyFactory SecretKeyFactory factory = SecretKeyFactory.getInstance("DES"); // generate the actual SecretKey object SecretKey secret = factory.generateSecret(spec);

19 Creating a cipher To create a DES cipher, you first need to find a DES algorithm provider using Cipher.getInstance: Cipher c = Cipher.getInstance("DES"); The same Cipher object can be used for either encryption or decryption, depending on how you initialize the object: – Encryption: c.init(Cipher.ENCRYPT_MODE, secret); – Decryption c.init(Cipher.DECRYPT_MODE, secret);

20 To encrypt or decrypt a message Now, with Cipher object, you can encrypt or decrypt any bytes easily with: c.update(byte[] buf); You can invoke update as many times as necessary to encrypt or decrypt the entire message. To retrieve the encrypted or decrypted result, you invoke the doFinal method: byte[] inEncrypted = c.doFinal();

21 Overall algorithm To create a secret key To create a cipher Invoke the update method continuously until the end of data Invoke the doFinal method to get the final result.

22 Conversion to or from byte[] You should notice that all the cryptography APIs work on byte[]. So no method what is the format of your original message, you must convert it to byte[].

23 Conversion to or from byte[] To convert a String to byte[], you can use the following method of String: public byte[] getBytes() To convert a byte[] to a String, you can use the following constructor of String: public String(byte[] bytes)

24 Encryption The following method would encrypt a message: static byte[] encrypt(String st, Cipher c) { c.update(st.getBytes()); return c.doFinal(); }

25 Decryption The following method would decrypt a message: public static String decrypt(byte[] message, Cipher c) { c.update(message); byte[] result=c.doFinal(); return new String(result); }

26 Message digest The above method would only be able to protect the confidentiality of the message. It cannot protect the integrity of the message because the receiver would not know whether the message has been altered in any way. To protect the integrity, we need the message digest.

27 Hash function A message digest, typically of fixed length, is generated using a special mathematical transformation called a hash function. A hash function is basically a transformation that takes any arbitrary input and produces an output in a finite space.

28 Hash function For message digests, we need a hash function that has two properties: – It must be extremely difficult to produce the same message digest from two different messages, i.e. the hash must be one-to-one. – It must be extremely difficult to produce the original message from a given message digest, i.e. the hash must be irreversible.

29 Message digest Message digest alone cannot be used to protect the integrity of message. This is because anyone can use the same hash function to protect a message digest of an altered message. So the secret key method must be used together with the message digest.

30 Secret key method with message digest message message digest encrypted message sent over unsafe channel compare produce key

31 Message digest The creation of a MessageDigest is similar to that of Cipher, using getInstance: MessageDigest md = MessageDigest.getInstance("MD5"); Once you have a MessageDigest object, you can feed data to it using the update method: md.update(inbuf); Finally, you can retrieve the final hash using the digest method: md.digest();

32 Message digest The following method generate the message digest of a String: public static byte[] md(String st) { MessageDigest md = MessageDigest.getInstance("MD5"); md.update(st.getBytes()); return md.digest(); }

33 Compare two byte[] Since message digests are in the format of byte[], we need to compare two byte[]'s. you should use a for loop to compare two byte[]'s.

Download ppt "MT311 Java Application Development and Programming Languages Li Tak Sing ( 李德成 )"

Similar presentations

Copyright © 2005 David M. Wheeler, All Rights Reserved Desert Code Camp: Introduction to Cryptography David M. Wheeler May 6 th 2006 Phoenix, Arizona.

Copyright © 2005 David M. Wheeler, All Rights Reserved Desert Code Camp: Introduction to Cryptography David M. Wheeler May 6 th 2006 Phoenix, Arizona.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas

Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptographic Technologies

Cryptographic Technologies
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.

CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.

E- Business Digital Signature Varna Free University Prof. Teodora Bakardjieva.
Linux Cryptography overview and How-to’s using OpenSSL

Linux Cryptography overview and How-to’s using OpenSSL
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.

Cryptographic Security Cryptographic Mechanisms 1Mesbah Islam– Operating Systems.
Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.

Encryption. Introduction Computer security is the prevention of or protection against –access to information by unauthorized recipients –intentional but.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.
Digital Signature Xiaoyan Guo/102587 Xiaohang Luo/104446.

Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···

Sorting Out Digital Certificates Bill blog.codingoutloud.com ··· Boston Azure ··· 13·Dec·2012 ···

Similar presentations

Ads by Google