Your SlideShare is downloading. ×
Secure & authentication By Lai HIEU - eXo SEA
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

Secure & authentication By Lai HIEU - eXo SEA

707
views

Published on

This presentation comes from eXo Platform SEA by Lai Trung Hieu

This presentation comes from eXo Platform SEA by Lai Trung Hieu

Published in: Technology, Education

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
707
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Secure & Authentication of communication Lai Trung Hieu Collaboration Team
  • 2. Introduction
  • 3. DNS Spoofing
  • 4.  
  • 5. Website security indicators https://www.google.com/support/chrome/bin/answer.py?answer=95617&hl=en-US
  • 6. Agenda
    • Secure & Authentication
    • Digital certificate & PKI
    • An example conversation
    • Java security architecture overview
    • eXo platform implementation
  • 7. Secure & Authentication
  • 8. SSL story SSL was invented by Netscape Communications in 1994. May 1996, Internet Engineering Task Force (IETF) start to research TLS to be standardize SSL protocol. TLS then became an IETF standards track protocol . January 1999 TLS, 1.0 (SSL 3.1) first published in RFC 2246 1999 to be update version for SSL 3.0. April 2006, TLS 1.1 (SSL 3.2) August 2008 TLS 1.2 (SSL 3.3)
  • 9. TLS/SSL fundamental Based on public key cryptography
  • 10. Applications
    • Web browsing
    • Electronic mail
    • Internet faxing
    • Instant messaging
    • Voice-over-IP
  • 11. Digital certificate & PKI
  • 12. Copyright 2010 eXo Platform SAS Digital certificate Electronic document which uses a digital signature to bind a public key with an identity
  • 13.
    • C onfidence
    • I ntegrity
    • A uthenticate
    • To identify who is who on the Internet?
        • Issuer’s name
        • Entity name
        • public key
        • Expired date
        • Usages
  • 14. Public key infrastructure Public & private key concept
  • 15.  
  • 16. An example conversation
  • 17. Introduction {Some thing} information to be exchanged {Something}key information encrypted by key Digest[Something] make a digest for information
  • 18. Digital signature Nobita : Hi, Are you Doraemon? Doraemon : Nobita, It’s me Doraemon! {digest[ Nobita, It’s me Doraemon! !]}Doraemon’private key
  • 19. Exchange keys Nobita : Hi, Are you Doraemon? Doraemon : Nobita, It’s me Doraemon! Here is my public key. Nobita : Show me your evidence! Doraemon: Nobita, It’s me Doraemon! digest[ Nobita, It’s me Doraemon! !]}Doraemon’private key
  • 20. Digital certificate Nobita : Hi, Are you Doraemon? Doraemon : Nobita, It’s me Doraemon! Here is my digital certificate . Nobita : Show me your evidence! Doraemon: Nobita, It’s me Doraemon! digest[ Nobita, It’s me Doraemon! !]}Doraemon’private key
  • 21. Nobita : Hi, Are you Doraemon? Xeko : Nobita, It’s me Doraemon! Here is my digital certificate . Nobita : Show me your evidence! Xeko : ???
  • 22. Exchange secret key(session key) Nobita : Hi, Are you Doraemon? Doraemon : Nobita, It’s me Doraemon! Here is my digital certificate . Nobita : Show me your evidence! Doraemon: Nobita, It’s me Doraemon! digest[ Nobita, It’s me Doraemon! !]}Doraemon’private key Nobita : Ok, Doreamon. Here is{secret key}Doraemon’s public key Doraemon : {blah blah}secret-key Nobita: {blah hihi}secret-key
  • 23. Java security architecture overview
  • 24. Copyright 2010 eXo Platform SAS
    • A set of APIs spanning major security areas:
      • Cryptography
      • Public key Infrastructure
      • Authentication
      • Secure communication
      • Access control
    Basic Security Architecture
  • 25. Copyright 2010 eXo Platform SAS
  • 26. Cryptography • Message digest algorithms • Digital signature algorithms • Symmetric bulk encryption • Symmetric stream encryption • Asymmetric encryption • Password-based encryption (PBE) • Elliptic Curve Cryptography (ECC) • Key agreement algorithms • Key generators • Message Authentication Codes (MACs) • (Pseudo-)random number generator java.security java.crypto
    • RSA and DSA signature algorithms
    • DES, AES, and ARCFOUR encryption algorithms
    • MD5 and SHA-1 message digest algorithms
    • Diffie-Hellman key agreement algorithm
  • 27. Public Key Infrastructure
    • Key and Certificate Storage
    • PKI Tools
      • Keytool
      • Jarsignertool
  • 28. Authentication
    • LoginContext & LoginModule
    • Krb5LoginModule for authentication using Kerberos protocols
    • JndiLoginModule for username/password authentication using LDAP or NIS databases
    • KeyStoreLoginModule for logging into any type of key store, including a PKCS#11 token key store
  • 29. Secure Communication
    • SSL/TLS
      • javax.net.ssl.SSLSocket
      • javax.net.ssl.SSLEngine
    • Simple Authentication and Security Layer (SASL)
    • GSS-API and Kerberos
  • 30. Access Control
    • Permissions
    • Policy
    • Access Control Enforcement
  • 31. eXo platform implementation
  • 32.
    • User certificates management
    • OpenPGP/ SMIME support
    • Reply a topic by mail
    • And more….
  • 33. Q & A
  • 34. Thank you!