Secure & Authentication  of communication Lai Trung Hieu Collaboration Team
Introduction
DNS Spoofing
 
Website security indicators https://www.google.com/support/chrome/bin/answer.py?answer=95617&hl=en-US
Agenda <ul><li>Secure & Authentication </li></ul><ul><li>Digital certificate & PKI </li></ul><ul><li>An example conversati...
Secure & Authentication
SSL story SSL  was invented by  Netscape Communications  in 1994. May 1996,  Internet Engineering Task Force   (IETF) star...
TLS/SSL fundamental Based on  public key cryptography
Applications <ul><li>Web browsing  </li></ul><ul><li>Electronic mail  </li></ul><ul><li>Internet faxing </li></ul><ul><li>...
Digital certificate & PKI
Copyright 2010 eXo Platform SAS Digital certificate Electronic document which uses a  digital signature  to bind a  public...
<ul><li>C onfidence </li></ul><ul><li>I ntegrity </li></ul><ul><li>A uthenticate </li></ul><ul><li>To identify who is who ...
Public key infrastructure Public & private key concept
 
An example conversation
Introduction {Some thing}  information to be exchanged {Something}key  information encrypted by key Digest[Something]  mak...
Digital signature Nobita : Hi, Are you Doraemon? Doraemon : Nobita, It’s me Doraemon! {digest[ Nobita, It’s me Doraemon! !...
Exchange keys Nobita : Hi, Are you Doraemon? Doraemon : Nobita, It’s me Doraemon! Here is my public key. Nobita : Show me ...
Digital certificate Nobita : Hi, Are you Doraemon? Doraemon : Nobita, It’s me Doraemon! Here is my  digital certificate . ...
Nobita : Hi, Are you Doraemon? Xeko : Nobita, It’s me Doraemon! Here is my  digital certificate . Nobita : Show me your  e...
Exchange secret key(session key) Nobita : Hi, Are you Doraemon? Doraemon : Nobita, It’s me Doraemon! Here is my  digital c...
Java security architecture overview
Copyright 2010 eXo Platform SAS <ul><li>A set of APIs spanning major security areas: </li></ul><ul><ul><li>Cryptography </...
Copyright 2010 eXo Platform SAS
Cryptography •  Message digest algorithms •  Digital signature algorithms •  Symmetric bulk encryption  •  Symmetric strea...
Public Key Infrastructure <ul><li>Key and Certificate Storage </li></ul><ul><li>PKI Tools </li></ul><ul><ul><li>Keytool </l...
Authentication <ul><li>LoginContext & LoginModule </li></ul><ul><li>Krb5LoginModule  for authentication using Kerberos pro...
Secure Communication <ul><li>SSL/TLS </li></ul><ul><ul><li>javax.net.ssl.SSLSocket </li></ul></ul><ul><ul><li>javax.net.ss...
Access Control <ul><li>Permissions </li></ul><ul><li>Policy </li></ul><ul><li>Access Control Enforcement </li></ul>
eXo platform implementation
<ul><li>User certificates management </li></ul><ul><li>OpenPGP/ SMIME support </li></ul><ul><li>Reply a topic by mail </li...
Q & A
Thank you!
Upcoming SlideShare
Loading in...5
×

Secure & authentication By Lai HIEU - eXo SEA

755

Published on

This presentation comes from eXo Platform SEA by Lai Trung Hieu

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
755
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Secure & authentication By Lai HIEU - eXo SEA

  1. 1. Secure & Authentication of communication Lai Trung Hieu Collaboration Team
  2. 2. Introduction
  3. 3. DNS Spoofing
  4. 5. Website security indicators https://www.google.com/support/chrome/bin/answer.py?answer=95617&hl=en-US
  5. 6. Agenda <ul><li>Secure & Authentication </li></ul><ul><li>Digital certificate & PKI </li></ul><ul><li>An example conversation </li></ul><ul><li>Java security architecture overview </li></ul><ul><li>eXo platform implementation </li></ul>
  6. 7. Secure & Authentication
  7. 8. SSL story SSL was invented by Netscape Communications in 1994. May 1996, Internet Engineering Task Force (IETF) start to research TLS to be standardize SSL protocol. TLS then became an IETF standards track protocol . January 1999 TLS, 1.0 (SSL 3.1) first published in RFC 2246 1999 to be update version for SSL 3.0. April 2006, TLS 1.1 (SSL 3.2) August 2008 TLS 1.2 (SSL 3.3)
  8. 9. TLS/SSL fundamental Based on public key cryptography
  9. 10. Applications <ul><li>Web browsing </li></ul><ul><li>Electronic mail </li></ul><ul><li>Internet faxing </li></ul><ul><li>Instant messaging </li></ul><ul><li>Voice-over-IP </li></ul>
  10. 11. Digital certificate & PKI
  11. 12. Copyright 2010 eXo Platform SAS Digital certificate Electronic document which uses a digital signature to bind a public key with an identity
  12. 13. <ul><li>C onfidence </li></ul><ul><li>I ntegrity </li></ul><ul><li>A uthenticate </li></ul><ul><li>To identify who is who on the Internet? </li></ul><ul><ul><ul><li>Issuer’s name </li></ul></ul></ul><ul><ul><ul><li>Entity name </li></ul></ul></ul><ul><ul><ul><li>public key </li></ul></ul></ul><ul><ul><ul><li>Expired date </li></ul></ul></ul><ul><ul><ul><li>Usages </li></ul></ul></ul>
  13. 14. Public key infrastructure Public & private key concept
  14. 16. An example conversation
  15. 17. Introduction {Some thing} information to be exchanged {Something}key information encrypted by key Digest[Something] make a digest for information
  16. 18. Digital signature Nobita : Hi, Are you Doraemon? Doraemon : Nobita, It’s me Doraemon! {digest[ Nobita, It’s me Doraemon! !]}Doraemon’private key
  17. 19. Exchange keys Nobita : Hi, Are you Doraemon? Doraemon : Nobita, It’s me Doraemon! Here is my public key. Nobita : Show me your evidence! Doraemon: Nobita, It’s me Doraemon! digest[ Nobita, It’s me Doraemon! !]}Doraemon’private key
  18. 20. Digital certificate Nobita : Hi, Are you Doraemon? Doraemon : Nobita, It’s me Doraemon! Here is my digital certificate . Nobita : Show me your evidence! Doraemon: Nobita, It’s me Doraemon! digest[ Nobita, It’s me Doraemon! !]}Doraemon’private key
  19. 21. Nobita : Hi, Are you Doraemon? Xeko : Nobita, It’s me Doraemon! Here is my digital certificate . Nobita : Show me your evidence! Xeko : ???
  20. 22. Exchange secret key(session key) Nobita : Hi, Are you Doraemon? Doraemon : Nobita, It’s me Doraemon! Here is my digital certificate . Nobita : Show me your evidence! Doraemon: Nobita, It’s me Doraemon! digest[ Nobita, It’s me Doraemon! !]}Doraemon’private key Nobita : Ok, Doreamon. Here is{secret key}Doraemon’s public key Doraemon : {blah blah}secret-key Nobita: {blah hihi}secret-key
  21. 23. Java security architecture overview
  22. 24. Copyright 2010 eXo Platform SAS <ul><li>A set of APIs spanning major security areas: </li></ul><ul><ul><li>Cryptography </li></ul></ul><ul><ul><li>Public key Infrastructure </li></ul></ul><ul><ul><li>Authentication </li></ul></ul><ul><ul><li>Secure communication </li></ul></ul><ul><ul><li>Access control </li></ul></ul>Basic Security Architecture
  23. 25. Copyright 2010 eXo Platform SAS
  24. 26. Cryptography • Message digest algorithms • Digital signature algorithms • Symmetric bulk encryption • Symmetric stream encryption • Asymmetric encryption • Password-based encryption (PBE) • Elliptic Curve Cryptography (ECC) • Key agreement algorithms • Key generators • Message Authentication Codes (MACs) • (Pseudo-)random number generator java.security java.crypto <ul><li>RSA and DSA signature algorithms </li></ul><ul><li>DES, AES, and ARCFOUR encryption algorithms </li></ul><ul><li>MD5 and SHA-1 message digest algorithms </li></ul><ul><li>Diffie-Hellman key agreement algorithm </li></ul>
  25. 27. Public Key Infrastructure <ul><li>Key and Certificate Storage </li></ul><ul><li>PKI Tools </li></ul><ul><ul><li>Keytool </li></ul></ul><ul><ul><li>Jarsignertool </li></ul></ul>
  26. 28. Authentication <ul><li>LoginContext & LoginModule </li></ul><ul><li>Krb5LoginModule for authentication using Kerberos protocols </li></ul><ul><li>JndiLoginModule for username/password authentication using LDAP or NIS databases </li></ul><ul><li>KeyStoreLoginModule for logging into any type of key store, including a PKCS#11 token key store </li></ul>
  27. 29. Secure Communication <ul><li>SSL/TLS </li></ul><ul><ul><li>javax.net.ssl.SSLSocket </li></ul></ul><ul><ul><li>javax.net.ssl.SSLEngine </li></ul></ul><ul><li>Simple Authentication and Security Layer (SASL) </li></ul><ul><li>GSS-API and Kerberos </li></ul>
  28. 30. Access Control <ul><li>Permissions </li></ul><ul><li>Policy </li></ul><ul><li>Access Control Enforcement </li></ul>
  29. 31. eXo platform implementation
  30. 32. <ul><li>User certificates management </li></ul><ul><li>OpenPGP/ SMIME support </li></ul><ul><li>Reply a topic by mail </li></ul><ul><li>And more…. </li></ul>
  31. 33. Q & A
  32. 34. Thank you!
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×