Internet Security for Java

9/23/2003 http://www.emrt.com

Steve Kapp

Chief Technologist, EMRT Consultantsskapp@emrt.com

9/23/2003EMRT Consultants

http://www.emrt.com 2

Agenda

Internet Security Basics What is it? What are the building blocks? JCA/JCE

Protocols SSL/TLS JSSE

Authentication JAAS

What is Internet Security?

A set of network services for: Safely transmitting data across the

network Establishing trust relationships

Each product must determine what security threats exist for that product Network protocols Customer deployment environment Value of data

Why Secure at All?

Due diligence during design Reduces potential failure modes Reduces access

Threat mitigationMarketing device

Misuse Cases

Use case for actor with hostile intentTwo goals: Elicit security requirements Plan mitigation strategy

Set invalidtime

Rogue NTP server @stratum 1

NTP server @ stratum

Set system clock

Synchronize w/

lower stratum

Authenticatelower stratum

Threatens

Includes

Mitigates

IP Reference Model

Physical 1

Data Link

Network

Transport

Session

Presentation

Application

Internet

Transport

Application

Packet

Segment

Message

Physical

OSI StackIP Stack

Where is Security???

Traditionally left to application layers

Not dealt with at all

The Risks: Poor Passwords

User name: jsmithPassword: sunset

The Risks: Open Ports

Any open port is a risk Most notably telnet, FTP, NetBIOS, or

one of the well-known port numbers Exploit buffer overruns

Block any ports not absolutely needed

The Risks: Buffer Overrun“An attack in which a malicious user exploits an unchecked

buffer in a program and overwrites the program code with their own data. If the program code is overwritten with new executable code, the effect is to change the programs operation as dictated by the attacker. If overwritten with other data, the likely effect is to cause the program to crash.“ - from Microsoft’s web site

Len = 300;Buffer[0] = 10;Buffer[1] = 20;Buffer[2] = 30;Buffer[3] = 40;

The Risks: Eavesdropping

Passive attack

The Risks: Masquerade

“DEF”

“ABC”

Active attack

The Risks: Replay

“ABC”

The Risks: Denial of Service

DistributedDOS

Think Bad Guys Don’t Exist?…

204.210.11.26 - - [18/Jun/2002:07:05:06 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 284

204.210.11.26 - - [18/Jun/2002:07:05:08 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 282

204.210.11.26 - - [18/Jun/2002:07:05:10 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292

204.210.11.26 - - [18/Jun/2002:07:05:12 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292

204.210.11.26 - - [18/Jun/2002:07:05:14 -0400] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306

204.210.11.26 - - [18/Jun/2002:07:05:16 -0400] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323

204.210.11.26 - - [18/Jun/2002:07:05:18 -0400] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323

204.210.11.26 - - [18/Jun/2002:07:05:22 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305

204.210.11.26 - - [18/Jun/2002:07:05:25 -0400] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305

204.210.11.26 - - [18/Jun/2002:07:05:27 -0400] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305

from the access log of my personal web server

McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 212.205.240.117. The remote port was 1030 [ephemeral]. The local port on your PC was 137 [NetBIOS]. The network adapter for the traffic was "3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)". The binary data contained in the packet was "00 06 5b d4 c3 84 08 00 3e 19 30 e5 08 00 45 00 00 4e bd 70 00 00 6e 11 a3 42 d4 cd f0 75 18 5d 0e 4c 04 06 00 89 00 3a cf b5 01 00 00 10 00 01 00 00 00 00 00 00 20 43 4b 41 41 41 41 41 41 41 ".

from the access log of McAfee Firewall

Trust Pyramid

Integrity Authentication

Non-Repudiation

Confidentiality

AuthorizationIncreasing

Level ofTrust

Building Blocks

Encryption algorithms (ciphers)Random number generationMessage digestsDigital signaturesPublic-key infrastructureCertificates

Encryption

Guarantees confidentiality of data sent over the wireProvide protection against passive attacksPlaintext -> ciphertext -> plaintextSymmetric encryption Nodes share secret key

Asymmetric encryption (e.g. public-key) Nodes do not share a secret key

Symmetric Encryption

Original Information

EncryptionAlgorithm

DecryptionAlgorithm

Ciphertext

Shared Secret Key

PlaintextPlaintext

Symmetric Encryption (2)

DES, 3DES, AES, RC4Advantages Generally much faster than

asymmetric encryption Conceptually simple

Disadvantages Key distribution!!!

Public-Key Encryption

EncryptionAlgorithm

DecryptionAlgorithm

Ciphertext

Alice’sPrivate

PlaintextPlaintext

Alice’sPublic

KeyBob Alice

Public-Key Encryption (2)

RSA, ECCAdvantages Partially solves the key distribution problem

Disadvantages Introduces other key management issues Much slower than symmetric key

encryption Generally combined with symmetric encryption

Random number generation is used to produce unguessable keys Keys must be unguessable!!!

Strength of cipher depends upon: Secrecy of key Length of key Cipher algorithm

Message Digests

Guarantees integrity of data sent over the wireProvide protection against active attacksUsed to calculate MACs Secure version of a checksum Secret key included in one-way function

SHA-1, MD5

Authentication via MACs

MACAlgorithm

PlaintextPlaintext

Bob Alice

Shared Secret Key

Original Data + MAC

EncryptionAlgorithm

DecryptionAlgorithm

Original Data + Signature

Bob’sPublic

PlaintextPlaintext

Bob’sPrivate

KeyBob Alice

Key Exchange

How do Alice and Bob share a secret key?Static or dynamic methodsDiffie-Hellman key agreement

Alice Bob

X (= gA mod n) where A is random

Y (= gB mod n) where B is random

a priori agreement on n and g, such that g is primitive root mod n

K = YX mod n

K’ = XY mod n

where K = K’ = gAB mod n

Certificate authorities (CA) validate identity of public-key holder This involves money changing hands

Certificate authorities issue certificates Certificates are digitally signed by the CA X.509 used by TLS, IPSec, S/MIME Certificates have a lifetime

Trust relationship is a tree model

Root CA

VersionSerial NumberSignature AlgorithmIssuer NamePeriod of ValiditySubject NameSubject Public KeyIssuer Unique IDSubject Unique IDExtensionsSignature

YourDevice

providescertificate

NetworkNode

vouches for

CA CAvouches for vouches for

………

trusts

signed by

X.509 Certificate

PKI Limitations

Updating trusted root authoritiesCertificate distribution LDAP is frequently used

Certificate verification Certificate revocation lists (CRLs) Online Certificate Status Protocol (OCSP)

Shifts burden to a separate server

Key archival

Java Cryptography Architecture Framework for accessing, developing, and plugging in cryptographic services Encryption Key generation and agreement Digital signatures Message digests and MACs Secure streams Sealed objects

Provider Encapsulates a service provider Provides cryptographic services

Security Maintains lists of Provider objects

Adds or removes Providers List is in preference order

Manages system-wide security properties

Default “SUN” Provider class Message digests with MD5, SHA1 Digital signatures with DSA Certificate support (X.509) Key management Random number generation via SHA-1

Java Cryptography ExtensionSeparated because of export restrictionsNew services for: Encryption Key generation and agreement MACs Secure streams Sealed objects

JCE (2)

DES, 3DES, AES, BlowfishPassword-based encryption with DES/3DESDiffie-Hellman amongst multiple partiesHMAC with MD5, SHA1

But no public-key encryption

Cryptix Library

Many more algorithms RSA!! RC4, RC5, RC6

No export restrictions

Questions

SSL/TLS

Secure Sockets Layer (v. 2.0, 3.0)Transport Layer Security (v. 3.1)Provides transport layer security for applicationsMust run over reliable protocol (e.g. TCP)Features include

Algorithm negotiation Encryption/decryption MACs Key exchange

SSL / TLS

UDPTCP

HTTP SMTP Application Protocol

TLS Communication Scenario

Internet

Client C

Server

Client A

Client B

TLS WorkflowApplication Data

1. Fragment

2. Compress

3. Add MAC

4. Encrypt

5. Add Header

Client Server

TLS Session Initiation with RSA

Client Hello (version, random numbers, supported MAC/compression/cipher suite)1.

Suggested that first 4 bytes of random value include timestamp

Client Server

TLS Session Initiation with RSA (2)

Client Hello (version, random numbers, supported MAC/compression/cipher suite)

Server Hello (version, random numbers, session ID, MAC/compression/cipher suite)

Server Certificate (X.509, including server’s public key)

Server Hello Done

Client Server

Server Hello Done

Client Key Exchange (encrypted premaster secret)

Change Cipher Spec

Finished

Major Version (1) Minor Version (1) Random (46)

Encrypted with the public key of the server

Encrypted with the client write key, authenticated with client MAC key

Client Server

Server Hello Done

Change Cipher Spec

Finished

Change Cipher Spec

Finished

Write State

Read State

Write State

Encrypted with the server write key, authenticated with server MAC key

Client Server

Server Hello Done

Change Cipher Spec

Finished

Change Cipher Spec

Finished

Application Data

Application Data10.

Client Server

Server Hello Done

Change Cipher Spec

Finished

Change Cipher Spec

Finished

Application Data

Alert (warning, close notify)

Application Data10.

Client Server

TLS with Client Authentication

Certificate Request

Change Cipher Spec

Finished

Change Cipher Spec

Finished

Server Hello Done5.

Client Certificate

Application Data

Alert (warning, close notify)

Application Data12.

Java Secure Sockets ExtensionWrapper around TLS and SSL protocolsRemember: Server always authenticates

Mechanism to update server certificates Client may authenticate

JSSE Client Code

SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();SSLSocket socket = (SSLSocket)factory.createSocket("www.verisign.com", 443);

socket.startHandshake(); // Optional !!!

PrintWriter out = new PrintWriter(new BufferedWriter(new

OutputStreamWriter(socket.getOutputStream())));out.println("GET http://www.verisign.com/index.html HTTP/1.1");out.println(); out.flush();

BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream()));

String inputLine;while ((inputLine = in.readLine()) != null) System.out.println(inputLine);

in.close(); out.close(); socket.close();

* From the javasoft web site

JSSE Server Code

KeyStore ks = KeyStore.getInstance("JKS");char[] passphrase = "passphrase".toCharArray();ks.load(new FileInputStream("testkeys"), passphrase);

KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");kmf.init(ks, passphrase);

SSLContext ctx = SSLContext.getInstance("TLS");KeyManager[] km = kmf.getKeyManagers();ctx.init(km, null, null);

SSLServerSocketFactory ssf = ctx.getServerSocketFactory();SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket(port);

ss.setNeedsClientAuth(true); // Optional

while (true) { SSLSocket client = ss.accept(); MyHandler handlerThread = new MyHandler(client); handlerThread.start();}

Java Authentication & Authorization ServiceWrapper around Pluggable Authentication Module frameworkTwo goals: Authenticate local users Authorization of access to services

Several protocols in SUN provider UNIX, Kerberos, WinNT, Keystore…

Permission Model

JDK1.2 Code-based

Where did it come from? Was it signed? Do we trust the signer?

JAAS Principal based User-, group-, and role-based authorization

JAAS Major Classes

Subject Set of Principal objects (identities) Set of public and private credential

objects

LoginContextLoginModuleCallbackHandlerCallback

Login Code

LoginContext lc;try { lc = new LoginContext("Sample", new Subject(), new MyCallbackHandler()); } catch (LoginException le) {System.exit(-1); } catch (SecurityException se) { System.exit(-1); }

int i; for (i = 0; i < 3; i++) { try { lc.login(); break; } catch (LoginException le) { Thread.currentThread().sleep(3000); }}if (i == 3) { System.exit(-1);}

// Do something;lc.logout();

Works in two phasesControlled by config file

Callback Codeclass MyCallbackHandler implements CallbackHandler { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof TextOutputCallback) { TextOutputCallback toc = (TextOutputCallback)callbacks[i]; System.out.println(toc.getMessage()); } else if (callbacks[i] instanceof NameCallback) { NameCallback nc = (NameCallback)callbacks[i]; System.err.print(nc.getPrompt()); System.err.flush(); nc.setName((new BufferedReader(new InputStreamReader(System.in))).readLine()); } else if (callbacks[i] instanceof PasswordCallback) { PasswordCallback pc = (PasswordCallback)callbacks[i]; System.err.print(pc.getPrompt()); System.err.flush(); pc.setPassword(readPassword(System.in)); } } }}

Authentication Config File

Sample { sample.module.SampleLoginModule required debug=true; };

From jaas.config

• Sufficient• Requisite• Required• Optional

Authorization

Principal-centric, not Subject-centricThree steps required Subject must be authenticated Security policy must be configured for

Principals Subject must be associated with

AccessControlContext object (perhaps the current one)

Executing Privileged Code// After the Subject has been authenticated.Subject subject = lc.getSubject();Subject.doAs(subject, new LogAction());//AccessControllerContext aContext = AccessController.getContext();//Subject.doAsPrivileged(subject, new LogAction(), aContext);

public class LogAction implements PrivilegedAction { public Object run() { // Do something of interest… return null; }}

Security Policy File

grant codebase "file:./SampleAction.jar", Principal sample.principal.SamplePrincipal "testUser" { permission java.io.FilePermission “logFile.txt", “write"; permission java.io.FilePermission “lastLogFile.txt", “read"; };

ReferencesJava Security Handbook, Jamie Jaworski and Paul J. Perrone, SAMS, 2000Network Security: PRIVATE Communication in a PUBLIC World, 2nd ed., Charlie Kaufmann, Radia Perlman, Mike Speciner, Prentice Hall, 2002Network Security Essentials, Applications and Standard, William Stallings, Prentice Hall, 2000SSL and TLS, Designing and Building Secure Systems, Eric Rescorda, Addison Wesley, 2001HTTP Essentials, Protocols for Secure, Scaleable Web Sites, Stephen Thomas, John Wiley and Sons, 2001Applied Cryptography, Bruce Schneier, John Wiley & Sons, 1996Handbook of Applied Cryptography

http://www.cacr.math.uwaterloo.ca/hac/

“Misuse Cases: Use Cases with Hostile Intent”, Ian Alexander, IEEE Software, January/February 2003

References (2)Java Cryptography Architecture

http://java.sun.com/j2se/1.4.1/docs/guide/security/CryptoSpec.html

Java Cryptography Extensionhttp://java.sun.com/products/jce/index-14.html

Java Secure Sockets Extensionhttp://java.sun.com/products/jsse/index-14.html

Java Authentication and Authorization Servicehttp://java.sun.com/products/jaas/index-14.html

Cryptix Libraryhttp://www.cryptix.org

Wedgetail Libraryhttp://www.wedgetail.com/jcsi/provider/

Official Kerberos Web Sitehttp://web.mit.edu/kerberos/www/

IETF web sitehttp://www.ietf.org

Author’s web sitehttp://www.stevekapp.net/index.html

Questions

Internet Security for Java

Documents

Internet Banking Java Project Report

Java Cryptography & Internet Security 1Goals of Network Security 2Basic Cryptographic Concepts 3Java Security Concepts & Applets 4Java Cryptographic Architecture

Java Security

Java Security Model

Consumer Security Products Performance …...Data Internet Security 2011, Kaspersky Internet Security 2011, AVG Internet Security 9.0, McAfee Internet Security 2010. 24 August 2010

Java and Java Virtual Machine Security - ouah

Cryptography & Java Internet Security 1Goals of Network Security 2Basic Cryptographic Concepts 3Java Security Concepts & Applets 4Java Cryptographic Architecture

CISC 322 - research.cs.queensu.ca€¦ · Internet application security (SSL,PKI) Authentication and Authorization in Java (JAAS) 14 . ICDE Security Requirements Authentication of

Security Developer s Guide - Oracle › en › java › javase › 14 › security › ... · 2020-04-11 · Java Security Overview 1-4 Introduction to Java Security 1-4 Java Language

Java Card Security

Java Unmarshaller Security

Security via Java

Java Security Framework's

Java for the Internet

index-of.esindex-of.es/z0ro-Repository-2/Box/part04.pdf · 2019-03-27 · Java Security. 693. p1vphcp/nhb1 Internet Security Pro Ref 577-7 angela 1-26-96 CH13 LP#3. Java Security

Socket UDP H. Fauconnier 1-1 M2-Internet Java. UDP H. Fauconnier M2-Internet Java 2

Java security: Java security, Part 1: Crypto basics · PDF fileJava security: Java security, Part 1: Crypto basics ... Java security, Part 1: Crypto basics ... Providers add additional

Java Security Web Services Security (Overview)

Internet and java programing

Java Security Nathan Moore CS 665. Overview Survey of Java Inherent Security Properties Java Runtime Environment Java Virtual Machine Java Security Model