Your SlideShare is downloading. ×
Advanced Encryption on the JVM v0.2.8
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Advanced Encryption on the JVM v0.2.8

2,668
views

Published on

Matthew McCullough's delivery of Advanced Encryption on the JVM.

Matthew McCullough's delivery of Advanced Encryption on the JVM.

Published in: Education

0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,668
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
4
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. ADVANCED ENCRYPTION CONCEPTS Digital security in The Real World ©MatthewMcCullough,AmbientIdeas,LLC
  • 2. This Talk ★ Research ★ Books ★ News Events ★ Costs ★ Laws ★ Deeper JVM Encryption ★ Encoding ★ Hashing ★ Salting ★ Keytool ★ SSL, TLS ★ Elliptic Curve Cryptography ★ Other Techniques ★ Steganography ★ Higher Level Libraries
  • 3. RESEARCH
  • 4. CRYPTO BOOKS Deeper resources
  • 5. CRYPTO BOOKS Deeper resources
  • 6. 1997
  • 7. 1998Java1.1&1.2
  • 8. 2004Java1.4
  • 9. 2005Java5
  • 10. 2008
  • 11. PERFORMANCE TEST
  • 12. PERFORMANCE TEST
  • 13. Bit Strength ! Performance not directly proportional to bit strength increases ! Compare 512, 1024, 2048, 4096 bit RSA
  • 14. RSA Bit Strength Demo
  • 15. IN THE NEWS
  • 16. IN THE NEWS
  • 17. Cracks in the News ! Thomas Jefferson letter
  • 18. Cracks in the News ! Pacemakers
  • 19. Cracks in the News ! Iraq drone video feeds
  • 20. At least use some form of encryption!
  • 21. Cracks in the News ! London Tube Oyster cards
  • 22. Microscope-wielding boffins crack Tube smartcard The keys to London Underground, and plenty more By Dan Goodin in San Francisco • Get more from this author Posted in ID, 12th March 2008 05:02 GMT Free whitepaper – Protecting personally identifiable information Security researchers say they've found a way to crack the encryption used to protect a widely- used smartcard in a matter of minutes, making it possible for them to quickly and cheaply clone the cards that are used to secure office buildings and automate the collection of mass transportation fares. The attack works against the Mifare Classic, a wireless card made by Netherlands-based NXP Semiconductors. It is used by transit operators in London, Boston and the Netherlands and by organizations in the public and private sectors to control access to sensitive areas, according to Karsten Nohl, a PhD candidate at the University of Virginia and one of the cryptographers who discovered the weakness. NXP says it's sold 1 billion to 2 billion of the cards. The wireless devices are growing in popularity because of their low cost - about 50 cents apiece - and they offer many of the advantages of radio frequency identification (RFID) technology. Specifically, smartcards don't require contact with the mechanical readers used by transit agencies, which lowers operators' costs and are quicker and more convenient for users. The research team was able to obtain the card's proprietary encryption scheme by physically dissecting its chip and examining it under a microscope. They then photographed various levels of its circuitry and used optical recognition software to produce a 3D representation of the entire chip. By examining the logic gates in great detail, they were able to deduce the proprietary algorithm, which NXP dubs Crypto1.
  • 23. Microscope-wielding boffins crack Tube smartcard The keys to London Underground, and plenty more By Dan Goodin in San Francisco • Get more from this author Posted in ID, 12th March 2008 05:02 GMT Free whitepaper – Protecting personally identifiable information Security researchers say they've found a way to crack the encryption used to protect a widely- used smartcard in a matter of minutes, making it possible for them to quickly and cheaply clone the cards that are used to secure office buildings and automate the collection of mass transportation fares. The attack works against the Mifare Classic, a wireless card made by Netherlands-based NXP Semiconductors. It is used by transit operators in London, Boston and the Netherlands and by organizations in the public and private sectors to control access to sensitive areas, according to Karsten Nohl, a PhD candidate at the University of Virginia and one of the cryptographers who discovered the weakness. NXP says it's sold 1 billion to 2 billion of the cards. The wireless devices are growing in popularity because of their low cost - about 50 cents apiece - and they offer many of the advantages of radio frequency identification (RFID) technology. Specifically, smartcards don't require contact with the mechanical readers used by transit agencies, which lowers operators' costs and are quicker and more convenient for users. The research team was able to obtain the card's proprietary encryption scheme by physically dissecting its chip and examining it under a microscope. They then photographed various levels of its circuitry and used optical recognition software to produce a 3D representation of the entire chip. By examining the logic gates in great detail, they were able to deduce the proprietary algorithm, which NXP dubs Crypto1.
  • 24. Cracks in the News ! GSM Phones, A5/1 cipher
  • 25. Cracks in the News ! WiFi Connections ! Databases ! Passwords ! Credit Card Numbers
  • 26. Only 25% of enterprises responding to the Ponemon 2009 survey even had encryption on their “priority” list
  • 27. Cracks in the News ! Zune
  • 28. 85% of respondents to the Ponemon 2009 survey had a detected a data breach in the last 12 months
  • 29. THE LAW
  • 30. THE LAW
  • 31. Encryption&TheLaw ★ Encryption considered a munition under international law ★ 1999 relaxation of US rules
  • 32. It was just ~200 lines of an RSA implementation
  • 33. /****************************************************************************** * * Copyright (c) 1998,99 by Mindbright Technology AB, Stockholm, Sweden. * www.mindbright.se, info@mindbright.se * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * ***************************************************************************** * $Author: nallen $ * $Date: 2001/11/12 16:31:16 $ * $Name: $ *****************************************************************************/ /* * !!! Author's comment: The contents of this file is heavily based * upon Tatu Ylonen's c-code in the ssh1.2.26 package, which in turn * is a standard implementation of the RSA algorithm, the code is * rather trivial (though the math behind it is not :-). I don't know * whom are responsible for the original optimization using the * Chinese remainder theorem which I guess is the only non-trivial * part of this implementation. Please note that RSA can't be used * without proper licensing in the United States. * * Below is some references to useful information about RSA: * * Bruce Schneier: Applied Cryptography 2nd ed., John Wiley & Sons, 1996 * Arto Salomaa: Public-Key Cryptography 2nd ed., Springer-Verlag, 1996 * Man Young Rhee: Cryptography and Secure Data Comm., McGraw-Hill, 1994 * R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic Communications
  • 34. break; if(i == strip.length) throw new IOException("Invalid strip-data"); val = new byte[strip.length - i]; System.arraycopy(strip, i, val, 0, val.length); return new BigInteger(val); } public static BigInteger doPad(BigInteger input, int padLen, SecureRandom rand) throws IOException { BigInteger result; BigInteger rndInt; int inByteLen = (input.bitLength() + 7) / 8; int padByteLen = (padLen + 7) / 8; if(inByteLen > padByteLen - 3) throw new IOException("rsaPad: Input too long to pad"); // !!! byte[] ranBytes = new byte[(padByteLen - inByteLen - 3) + 1]; byte[] ranBytes = new byte[(padByteLen - inByteLen - 3) + 1]; rand.nextBytes(ranBytes); ranBytes[0] = 0; for(int i = 1; i < (padByteLen - inByteLen - 3 + 1); i++) if(ranBytes[i] == 0) ranBytes[i] = 0x17; rndInt = new BigInteger(ranBytes); rndInt = rndInt.shiftLeft((inByteLen + 1) * 8); result = new BigInteger("2"); result = result.shiftLeft((padByteLen - 2) * 8); result = result.or(rndInt); result = result.or(input); return result; } }
  • 35. The Jobs ★ National Security Agency (NSA) ★ Single largest employer of mathematicians in the world
  • 36. !"#$%&'()*+,*-,$./0)'+,*1,2*3)"#.*45,6+.71)'+,*8#$9.')/:*;9,$)'+,( 8##*5,().9$)'+,*8"##) <=**>+#(*/+9.*0.+29$)*0#.6+.7*?$./0)+@.10"/?A*+.*+)"#.B'(#*$+,)1',*1,/*01.)(*+. $+70+,#,)(*)"1)*1.#*$101C&#*+6*0#.6+.7',@*1,/*+6*)"#*6+&&+B',@*?',6+.71)'+, (#$9.')/?*69,$)'+,(D* EF1.%*B')"*1,*?G?*1&&*)"1)*100&/H 1= #,$./0)'+, C=* 2#$./0)'+,*+,&/*E,+*#,$./0)'+,H $= %#/*71,1@#7#,)*I*09C&'$*%#/*',6.1().9$)9.#*EJK5H 2= 19)"#,)'$1)'+,*E#=@=A*01((B+.2*0.+)#$)'+,A*2'@')1&*('@,1)9.#(H #=* $+0/*0.+)#$)'+, 6=* 1,)'LM'.9(*0.+)#$)'+, @=** +)"#.**E0&#1(#*#N0&1',H*O*PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP "=** Q3Q-*I*Q3R*SJJT5!SUT- V=**;+.*')#7(*B')"*#,$./0)'+,A*2#$./0)'+,*1,2I+.*%#/*71,1@#7#,)*69,$)'+,(*E<=1A <=CA*<=$*1C+M#HO 1=***W"1)*(/77#).'$*1&@+.')"7(*1,2*%#/*&#,@)"(*E#=@=A*XYLC')*>-8A*<<V*I <YZLC')*R.'0&#L>-8A*<VZ*I*VXYLC')*S-8*I*[',21#&H*1.#*'70&#7#,)#2*+. (900+.)#2D C=**W"1)*1(/77#).'$*1&@+.')"7(*1,2*%#/*&#,@)"(*E#=@=A*X<VLC')*[8S*I >'66'#L]#&&71,A*<^V_*I*V^_ZLC')*[8S*I*>'66'#L]#&&71,H*1.#*'70&#7#,)#2*+. (900+.)#2D $=**W"1)*#,$./0)'+,*0.+)+$+&(*E#=@=A*88TA*88]A*5J8-!*+.*JK!8*()1,21.2(H*1.# '70&#7#,)#2*+.*(900+.)#2D 2=**W"1)*)/0#*+6*21)1*'(*#,$./0)#2D `=**;+.*0.+29$)(*)"1)*$+,)1',*1,*?#,$./0)'+,*$+70+,#,)?A*$1,*)"'(*#,$./0)'+, $+70+,#,)*C#*#1('&/*9(#2*C/*1,+)"#.*0.+29$)A*+.*#&(#*1$$#((#2*I*.#L).1,(6#..#2*C/ )"#*#,2L9(#.*6+.*$./0)+@.10"'$*9(#D
  • 37. DEEPER JVM ENCRYPTION
  • 38. ENCODING makes data transport easy
  • 39. ENCODING makes data transport easy
  • 40. Base64 ★ Means of making data safe for transport ★ Email ★ Query string ★ XML ★ JSON ★ Removes need for escapes sequences
  • 41. HASHING reversal is a risk
  • 42. HASHING reversal is a risk
  • 43. Hashes ★ All passwords should be hashed ★ Never store in any recoverable form ★ Reduce risk
  • 44. Hashes ★ Hall of shame for plaintext passwords ★ http://www.nist.org/nist_plugins/content/content.php?content.54
  • 45. Hash Algorithms ★ MD5 ★ vulnerable ★ keyless ★ SHA1 ★ stronger ★ keyless
  • 46. MACS password based hashes
  • 47. MACS password based hashes
  • 48. MACs ★ MAC ★ Message Authentication Code ★ Arbitrary implementation (conceptual) ★ HMAC ★ Hash plus Message Authentication Code ★ Hash (like SHA-1) plus a Key (like RSA)
  • 49. MACs ★ Verifies both the data integrity and the authenticity of a message
  • 50. HMAC Demo
  • 51. SALTING makes everything safer
  • 52. SALTING makes everything safer
  • 53. Salt approaches ★ Random number ★ Stored in the clear next to the hash ★ Email address hash ★ Not (required to be) stored ★ Literally append to password hash
  • 54. Salt Goals ★ Stops use of rainbow tables of hashes ★ Requires each password be cracked individually ★ Cracks become impractically slow
  • 55. Rainbow Table Password Hash 1234 7S9TT1U john X54EJK11 password U99=3DK1 ihatemyjob L4OI192W puppy Q82B3NW letmein H99Z1M9 1968-10-19 A7fb92E
  • 56. Database Username Password Hash matthewm 7S9TT1U johnt X54EJK11 ellingsonb U99=3DK1 s.brin L4OI192W n.ford Q82B3NW tomf H99Z1M9 johnl A7fb92E
  • 57. Database rname Password Hash thewm 7S9TT1U hnt X54EJK11 gsonb U99=3DK1 brin L4OI192W ord Q82B3NW omf H99Z1M9 hnl A7fb92E Hash Pass 7S9TT1U 12 X54EJK11 jo U99=3DK1 pass L4OI192W ihate Q82B3NW pu H99Z1M9 let A7fb92E 1968
  • 58. Salt Demo
  • 59. JDK KEYTOOL makes data transport easy
  • 60. JDK KEYTOOL makes data transport easy
  • 61. Keytool ★ Manages ★ Keystores ★ Truststores ★ Functions ★ -genkey ★ -list ★ -import ★ -export
  • 62. Creatingakeystore keytool -genkeypair -keyalg RSA -keysize 2048 - keystore myapp.keystore Enter keystore password: ******** Re-enter new password: ******** What is your first and last name? [Unknown]: Matthew McCullough What is the name of your organizational unit? [Unknown]: Consulting What is the name of your organization? [Unknown]: Ambient Ideas, LLC What is the name of your City or Locality? [Unknown]: Denver What is the name of your State or Province? [Unknown]: Colorado What is the two-letter country code for this unit? [Unknown]: US
  • 63. Creatingakeystore keytool -genkeypair -keyalg RSA -keysize 2048 - keystore myapp.keystore Enter keystore password: ******** Re-enter new password: ******** What is your first and last name? [Unknown]: Matthew McCullough What is the name of your organizational unit? [Unknown]: Consulting What is the name of your organization? [Unknown]: Ambient Ideas, LLC What is the name of your City or Locality? [Unknown]: Denver What is the name of your State or Province? [Unknown]: Colorado What is the two-letter country code for this unit? [Unknown]: US Is CN=Matthew McCullough, OU=Consulting, O="Ambient Ideas, LLC", L=Denver, ST=Colorado, C=US correct? [no]: yes Enter key password for <mykey> ! (RETURN if same as keystore password):
  • 64. Base 64 Demo
  • 65. TRANSPORT LEVEL ENCRYPTION abstracted from the data
  • 66. TRANSPORT LEVEL ENCRYPTION abstracted from the data
  • 67. Implementations ★ Web ★ SSL 1.0, 2.0 ★ TLS
  • 68. Server sends X509 certificate (public key) Client "hello" CA Client validates certificate or allows override approval Client generates random symmetric key Signs it with server public key Encrypted communication
  • 69. TLS Demo
  • 70. Tomcat and SSL ★ Usually fronted, handled by Apache ★ But if you really want it, offered via Tomcat ★ http://tomcat.apache.org/tomcat-6.0-doc/ ssl-howto.html
  • 71. ELLIPTIC CURVE AES speed meets RSA keys
  • 72. ELLIPTIC CURVE AES speed meets RSA keys
  • 73. The concept ★ Elliptic Curve Cryptography (ECC) ★ Premise ★ “elliptic curve logarithm” ★ Getting the discrete logarithm of an elliptic curve node is infeasible ★ Difficulty of finding A from B ★ Ease of finding B given A
  • 74. The Goals ★ Reduces storage, footprint ★ Increases speed over standard public key encryption ★ Aiming to beat RSA
  • 75. The Risk ★ No mathematical proof yet ★ Patent encumbrances
  • 76. The Endorsement ★ NSA ★ Approved for Top Secret ★ Open Source Implementations ★ BouncyCastle ★ OpenSSL
  • 77. Java 7
  • 78. STEGANOGRAPHY not just 3d-pictures from the newspaper
  • 79. STEGANOGRAPHY not just 3d-pictures from the newspaper
  • 80. Steganography ! Hidden data in visible data ! Not usually encrypted ! Pedestrian files ! Quantity of files creates confusion
  • 81. Steganography ★ High signal to noise ratio (SNR) ★ Slow compared to encryption ★ but Inconspicuous
  • 82. Steganography ★ Invisible? ★ Techniques ★ Luminosity ★ Hue ★ Compression ★ Metadata
  • 83. Stego Demo
  • 84. HIGHER LEVEL LIBRARIES making encryption with Java easier
  • 85. HIGHER LEVEL LIBRARIES making encryption with Java easier
  • 86. KeyCzar ★ Highest level abstraction ★ Custom key format ★ Authored by Google Security Team ★ Intelligent encryption defaults
  • 87. KeyczarTool create --location=/path/to/keyset --name=testkeyring --purpose=sign
  • 88. Encrypter.Encrypt(dataB64String) Crypter.Decrypt(ciphertextB64String) Signer.Sign(dataB64String) Verifier.Verify(dataB64String)
  • 89. Bouncy Castle ★ JCE Provider ★ Many more encryption and digest algorithms than the Sun provider (AES)
  • 90. Bouncy Castle <java_home>/lib/security/java.security security.provider.1=sun.security.provider.Sun security.provider.2=com.sun.net.ssl.internal.ssl.Provider security.provider.3=com.sun.rsajca.Provider ... security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider
  • 91. Jasypt
  • 92. Jasypt Frictionless Java encryption
  • 93. ConfigurablePasswordEncryptor pe = new ConfigurablePasswordEncryptor(); pe.setAlgorithm("SHA-512"); pe.setPlainDigest(false); pe.setStringOutputType("base64"); String encryptedPassword = pe.encryptPassword(TEXT_TO_ENCRYPT);
  • 94. Hibernate
  • 95. Hibernate Encryption in the ORM/DB world
  • 96. <hibernate-mapping package="myapp"> ... <typedef name="encryptedString" class="org.jasypt.hibernate.type.EncryptedStringType"> <param name="algorithm">PBEWithMD5AndTripleDES</ param> <param name="password">mypass</param> <param name="keyObtentionIterations">1000</param> </typedef> <class name="UserData" table="USER_DATA"> ... <property name="address" column="ADDRESS" type="encryptedString" /> <class> <hibernate-mapping>
  • 97. Spring Framework
  • 98. Spring Framework Securing data and configurations
  • 99. <bean id="passwordEncoder" class="org.jasypt.spring.security3.PasswordEncoder"> <property name="stringDigester"> <ref bean="jasyptStringDigester" /> </property> </bean> <bean id="jasyptStringDigester" class="org.jasypt.digest.StandardStringDigester" > <property name="algorithm" value="SHA-1" /> <property name="iterations" value="100000" /> </bean>
  • 100. Gnu
  • 101. Gnu Open source library
  • 102. GNU ★ Non JCE implementations ★ Hundreds of algorithms ★ Legacy algorithms
  • 103. In Summary ★ Laws ★ Know the rules for import and export ★ Get the appropriate approvals ★ Hashing ★ Proper bit strength (algorithm) ★ Salt is a modern requirement ★ Encrypting ★ Know the performance of your algorithm ★ Choose a future-proof bit size key
  • 104. ADVANCED JVM ENCRYPTION Digital security in Practice Email Twitter Blog Matthew McCullough matthewm@ambientideas.com @matthewmccull http://ambientideas.com/blog
  • 105. REFERENCES
  • 106. ★ http://delicious.com/matthew.mccullough/ encryption ★ http://www.bouncycastle.org/java.html ★ http://code.google.com/p/keyczar/wiki/ KeyczarPhilosophy ★ http://crypto.stanford.edu/sjcl/ ★ http://www.gnu.org/software/gnu-crypto/ ★ http://www.jasypt.org/download.html References
  • 107. ★ Sample Code ★ http://github.com/matthewmccullough/ encryption-jvm-bootcamp ★ Miscellaneous ★ http://www.ietf.org/rfc/rfc3852.txt ★ http://en.wikipedia.org/wiki/ Abstract_Syntax_Notation_One References
  • 108. • http://download.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html • http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136007.html • http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html • http://download.oracle.com/javase/6/docs/api/java/security/Security.html References
  • 109. ★ CMS ★ Cryptographic Message Syntax (CMS) objects ★ RFC 3852 ★ PKCS#7 (formerly RFC 2630, 3369) ★ http://www.ietf.org/rfc/rfc3852.txt ★ ASN.1 ★ Abstract Syntax Notation One ★ 1984 X.409, 1988 X.208, 1995 X.680, 2002 ★ http://www.asn1.org/ Acronyms
  • 110. ★ http://www.ambientideasphotography.com ★ http://stockfootageforfree.com/ ★ All others, iStockPhoto.com Credits

×