Upload
sabin
View
17
Download
1
Embed Size (px)
DESCRIPTION
Signing, Sealing, and Guarding Java TM Objects. Li Gong and Roland Schemers Javasoft, Sun Microsystems, Inc. - PowerPoint PPT Presentation
Citation preview
Signing, Sealing, and Guarding JavaTM Objects
Li Gong and Roland Schemers
Javasoft, Sun Microsystems, Inc.
“In This Paper, We Describe a Few New Constructs for Signing, Sealing, and Guarding Java Objects. These Constructs Enrich the Existing Java Security APIs So That a Wide Range of Security-aware Application Can Be Significantly Easier to Build.”
Presented by Yongqiang Li
A Tutorial of Three Java Security Classes:
• java.security.SignedObject• java.security.GuardedObject• javax.crypto.SealedObject
Outline Introduction Signing Java Objects Sealing Java Objects Guarding Java Objects Conclusion Questions
Introduction Java language is widely used to build applications
– JDK: JVM, javac, APIs, simplicity “…the base platform provides a consistent security model that supports…”
– policy based– configurable– extensible– fine-grained access control
Protection provided by the underlying object orientation– Data encapsulation– Object name space partition– Type safety
Distributed Java application– “…protect the state of an object for integrity and confidentiality”
• Runtime system• Transit• Stored externally
Introduction 2 java.security.SignedObject java.security.GuardedObject Javax.crypto.SealedObject
} JDK1.2
- JCE1.2
Signing Java Objects 1 Protect object integrity A serializable object - original object SignedObject
– Signed Object• Deep copy of original• In serialized form
– Signature• Sign algorithm
– DSA(Digital Signature Algorithm) (NIST FIPS 186) – SHA-1(RFC 1321) message digest algorithm– MD5(NIST FIPS 180-1) message digest algorithm
– Immutable
signature
Original object SignedObject
What is the difference between object signing and code signing ?
Signing Java Objects 2 Potential applications of a SignObject
– as an unforgeable authorization token in any Java runtime
– “…transmitted across JVMs and authenticity an still be verified”
– “… to sign and serialize an object for storage outside the java runtime”
– “A series of nested SignedObject can be used to construct a logical sequence of signatures”
Signing Java Objects 3 API Design
– Class SignedObject• public SignedObject(Serializable object, PrivateKey signingKey, Signature signingEngine)
• public final void sign(PrivateKey signingKey, Signature signingEngine);
• public final Object getContent();• public final byte[] getSignature();• public final String getAlgorithm();• public final boolean verify(PublicKey verificationKey, Signature verificationEngine);
Examples– Signing
Signature signingEngine = Signature.getInstance(algorithm, provider);
SignedObject so = new SignedObject(myobject, privatekey, signingEngine);
Signing Java Objects 4
– VerifyingSignature verificationEngine = Signature.getInstance(algorithm, provider);
if(so.verify(publicKey, verificationEngine))try {
Object myobj = so.getContent();} catch (ClassNotFoundException e) {};
Signing Java Objects 5 Performance
Object size
(bytes)
Serialization
(ms)
512-bit SHA-1/DSA 1024-bit SHA-1/DSA
Signing
(ms)
Verification
(ms)
Signing
(ms)
Verification
(ms)
10 0 25 43 80 151
100 0 26 44 83 157
10K 1 134 153 189 260
100K 9 1119 1138 1168 1237
-JDK1.2beta , 166MHZ Sun Sparc Ultra-1 ,Solaris 2.5.1, 1000 rounds
Sealing Java Objects 1 Protect object confidentiality A serializable object A cryptographic algorithm
– A bulk(symmetric key) encryption algorithm -DES, IDEA, RC4
Encryption Decryption Deserialization
cipher text
Original object
SealedObject
Sealing Java Objects 2
cipher text
Original object
SignedObject andSealedObject
Using both SignedObject and SealedObject provides integrity and confidentiality– First create SignedObject
– Then create SealedObject
Signature
Why is blindly signing encrypted data sometimes dangerous?
Sealing Java Objects 3
– DecryptionCipher.init(Cipher.DECRYPT_MODE), desKey);
try {String s =
(String)so.getContent(cipher);
} catch (ClassNotFoundException e) {};
Examples– Encryption
KenGenerator keyGen = KeyGenerator.getInstance(“DES”);SecretKey desKey = keyGen.generateKey();Cipher cipher = Cipher.getInstance(“DES”);Cipher.init(Cipher.ENCRYPT_MODE, desKey);String s = new String(“Greeting”);SealedObject so = new SealedObject(s, cipher);
API design– Class SealedObject
• public SealedObject(Serializable object, Cipher c);• public final Object getContent(Cipher c);
Guarding Java Objects 1
IBM Compatible
IBM Compatible
IBM Compatible
IBM CompatibleRequest object
return object
return guardedObject
Request object
Check permissionReturn object
Check permission
Provider
Consumer
Consumer
Provider
•Don’t know what information needed by provider
•Don’t want a dialog for each request
•Information too security sensitive
•“… too much information to pass on”
Guarding Java Objects 2 What is the GuardedObject
– “A GuardedObject is an object that is used to protect access to another object”
requester
Protected object
GuardedObject
Guard object
1.Request access go.getObjedct()
2. Check guardg.checkGuard() 3. Return reference
Guarding Java Objects 3 Benefits of using GuardedObject
– “… access to a protected object is guaranteed to occur in a context where the protection mechanism would allow it”
– Simplify sever programs– Replace access control lists with object stores– “A guarded object class itself does not need to know its
own protection semantics”– “…encapsulate protection mechanisms for an object,
which can differ for its different method invocations, all inside a guard.”
Guarding Java Objects 4 API design
– Interface Guard• public abstract void checkGuard(Object object);
– Class GuardedObject• public GuardedObject(Object object, Guard guard);• public Object getObject();
Guarding Java Objects 5 Examples
– Encapulate an objects protection semeantics inside a guardFileInputStream fis = new FileInputStream(“/a/b/c”);
– Provider sidePublic abstract Permission implements Guard{
…Public void checkGuard{
AccessController.checkPermission(this);}
}FileInputStream fis = new FileInputStream(“/a/b/c”);FilePermission = new FilePermission(“/a/b/c”, “read”);GuardedObject g = new GuardedObject(fis,p);
– Consumer sideFileInputStream fis = (FileInputStream)g.getObject();
Conclusion “The constructs enrich the existing Java
security APIs so that security-aware application can be much easier to build.”
“The constructs are practical and usable in commercial products.”
Question?