• Save

Loading…

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

Like this presentation? Why not share!

Advanced Encryption on the JVM v0.2.8

on

  • 2,826 views

Matthew McCullough's delivery of Advanced Encryption on the JVM.

Matthew McCullough's delivery of Advanced Encryption on the JVM.

Statistics

Views

Total Views
2,826
Views on SlideShare
2,824
Embed Views
2

Actions

Likes
4
Downloads
0
Comments
0

2 Embeds 2

http://www.linkedin.com 1
https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

CC Attribution License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Advanced Encryption on the JVM v0.2.8 Advanced Encryption on the JVM v0.2.8 Presentation Transcript

    • PTI ON ED EN C RY ANC NCEPTS l World AD V C O in Th e Rea ity ecur Digital s © Matthew McCullough, Ambient Ideas, LLC
    • This Talk Research Books News Events Costs Laws Deeper JVM Encryption Encoding Hashing Salting Keytool SSL, TLS Elliptic Curve Cryptography Other Techniques Steganography Higher Level Libraries
    • RESEARCH
    • CRYPTO BOOKS Deeper resources
    • CRYPTO BOOKS Deeper resources
    • 1997
    • 19981.2 Java 11& .
    • 2004 Java 14 .
    • 2005 Java 5
    • 2008
    • PERFORMANCE TEST
    • PERFORMANCE TEST
    • Bit Strength ! Performance not directly proportional to bit strength increases ! Compare 512, 1024, 2048, 4096 bit RSA
    • RSA Bit Strength Demo
    • IN THE NEWS
    • IN THE NEWS
    • Cracks in the News ! Thomas Jefferson letter
    • Cracks in the News ! Pacemakers
    • Cracks in the News ! Iraq drone video feeds
    • orm of enc ryption! At least u se some f
    • Cracks in the News ! London Tube Oyster cards
    • Microscope-wielding boffins crack Tube smartcard The keys to London Underground, and plenty more By Dan Goodin in San Francisco • Get more from this author Posted in ID, 12th March 2008 05:02 GMT Free whitepaper – Protecting personally identifiable information Security researchers say they've found a way to crack the encryption used to protect a widely- used smartcard in a matter of minutes, making it possible for them to quickly and cheaply clone the cards that are used to secure office buildings and automate the collection of mass transportation fares. The attack works against the Mifare Classic, a wireless card made by Netherlands-based NXP Semiconductors. It is used by transit operators in London, Boston and the Netherlands and by organizations in the public and private sectors to control access to sensitive areas, according to Karsten Nohl, a PhD candidate at the University of Virginia and one of the cryptographers who discovered the weakness. NXP says it's sold 1 billion to 2 billion of the cards. The wireless devices are growing in popularity because of their low cost - about 50 cents apiece - and they offer many of the advantages of radio frequency identification (RFID) technology. Specifically, smartcards don't require contact with the mechanical readers used by transit agencies, which lowers operators' costs and are quicker and more convenient for users. The research team was able to obtain the card's proprietary encryption scheme by physically dissecting its chip and examining it under a microscope. They then photographed various levels of its circuitry and used optical recognition software to produce a 3D representation of the entire chip. By examining the logic gates in great detail, they were able to deduce the proprietary algorithm, which NXP dubs Crypto1.
    • Microscope-wielding boffins crack Tube smartcard The keys to London Underground, and plenty more By Dan Goodin in San Francisco • Get more from this author Posted in ID, 12th March 2008 05:02 GMT Free whitepaper – Protecting personally identifiable information Security researchers say they've found a way to crack the encryption used to protect a widely- used smartcard in a matter of minutes, making it possible for them to quickly and cheaply clone the cards that are used to secure office buildings and automate the collection of mass transportation fares. The attack works against the Mifare Classic, a wireless card made by Netherlands-based NXP Semiconductors. It is used by transit operators in London, Boston and the Netherlands and by organizations in the public and private sectors to control access to sensitive areas, according to Karsten Nohl, a PhD candidate at the University of Virginia and one of the cryptographers who discovered the weakness. NXP says it's sold 1 billion to 2 billion of the cards. The wireless devices are growing in popularity because of their low cost - about 50 cents apiece - and they offer many of the advantages of radio frequency identification (RFID) technology. Specifically, smartcards don't require contact with the mechanical readers used by transit agencies, which lowers operators' costs and are quicker and more convenient for users. The research team was able to obtain the card's proprietary encryption scheme by physically dissecting its chip and examining it under a microscope. They then photographed various levels of its circuitry and used optical recognition software to produce a 3D representation of the entire chip. By examining the logic gates in great detail, they were able to deduce the proprietary algorithm, which NXP dubs Crypto1.
    • Cracks in the News ! GSM Phones, A5/1 cipher
    • Cracks in the News ! WiFi Connections ! Databases ! Passwords ! Credit Card Numbers
    • rises Only 25% of e nterp emon 2009 ng to t he Pon res pondi ncryp tion on y even had e surve y” list their “ priorit
    • Cracks in the News ! Zune
    • to the P onemon ndents 85% of respo etecte d a data breach survey had a d 2009 last 12 months in the
    • THE LAW
    • THE LAW
    • Encryption & The Law Encryption considered a munition under international law 1999 relaxation of US rules
    • A implementation ines of an RS It was j ust ~200 l
    • /****************************************************************************** * * Copyright (c) 1998,99 by Mindbright Technology AB, Stockholm, Sweden. * www.mindbright.se, info@mindbright.se * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * ***************************************************************************** * $Author: nallen $ * $Date: 2001/11/12 16:31:16 $ * $Name: $ *****************************************************************************/ /* * !!! Author's comment: The contents of this file is heavily based * upon Tatu Ylonen's c-code in the ssh1.2.26 package, which in turn * is a standard implementation of the RSA algorithm, the code is * rather trivial (though the math behind it is not :-). I don't know * whom are responsible for the original optimization using the * Chinese remainder theorem which I guess is the only non-trivial * part of this implementation. Please note that RSA can't be used * without proper licensing in the United States. * * Below is some references to useful information about RSA: * * Bruce Schneier: Applied Cryptography 2nd ed., John Wiley & Sons, 1996 * Arto Salomaa: Public-Key Cryptography 2nd ed., Springer-Verlag, 1996 * Man Young Rhee: Cryptography and Secure Data Comm., McGraw-Hill, 1994 * R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic Communications
    • break; if(i == strip.length) throw new IOException("Invalid strip-data"); val = new byte[strip.length - i]; System.arraycopy(strip, i, val, 0, val.length); return new BigInteger(val); } public static BigInteger doPad(BigInteger input, int padLen, SecureRandom rand) throws IOException { BigInteger result; BigInteger rndInt; int inByteLen = (input.bitLength() + 7) / 8; int padByteLen = (padLen + 7) / 8; if(inByteLen > padByteLen - 3) throw new IOException("rsaPad: Input too long to pad"); // !!! byte[] ranBytes = new byte[(padByteLen - inByteLen - 3) + 1]; byte[] ranBytes = new byte[(padByteLen - inByteLen - 3) + 1]; rand.nextBytes(ranBytes); ranBytes[0] = 0; for(int i = 1; i < (padByteLen - inByteLen - 3 + 1); i++) if(ranBytes[i] == 0) ranBytes[i] = 0x17; rndInt = new BigInteger(ranBytes); rndInt = rndInt.shiftLeft((inByteLen + 1) * 8); result = new BigInteger("2"); result = result.shiftLeft((padByteLen - 2) * 8); result = result.or(rndInt); result = result.or(input); return result; } }
    • The Jobs National Security Agency (NSA) Single largest employer of mathematicians in the world
    • !"#$%&'()*+,*-,$./0)'+,*1,2*3)"#.*45,6+.71)'+,*8#$9.')/:*;9,$)'+,( 8##*5,().9$)'+,*8"##) <=**>+#(*/+9.*0.+29$)*0#.6+.7*?$./0)+@.10"/?A*+.*+)"#.B'(#*$+,)1',*1,/*01.)(*+. $+70+,#,)(*)"1)*1.#*$101C&#*+6*0#.6+.7',@*1,/*+6*)"#*6+&&+B',@*?',6+.71)'+, (#$9.')/?*69,$)'+,(D* EF1.%*B')"*1,*?G?*1&&*)"1)*100&/H 1= #,$./0)'+, C=* 2#$./0)'+,*+,&/*E,+*#,$./0)'+,H $= %#/*71,1@#7#,)*I*09C&'$*%#/*',6.1().9$)9.#*EJK5H 2= 19)"#,)'$1)'+,*E#=@=A*01((B+.2*0.+)#$)'+,A*2'@')1&*('@,1)9.#(H #=* $+0/*0.+)#$)'+, 6=* 1,)'LM'.9(*0.+)#$)'+, @=** +)"#.**E0&#1(#*#N0&1',H*O*PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP "=** Q3Q-*I*Q3R*SJJT5!SUT- V=**;+.*')#7(*B')"*#,$./0)'+,A*2#$./0)'+,*1,2I+.*%#/*71,1@#7#,)*69,$)'+,(*E<=1A <=CA*<=$*1C+M#HO 1=***W"1)*(/77#).'$*1&@+.')"7(*1,2*%#/*&#,@)"(*E#=@=A*XYLC')*>-8A*<<V*I <YZLC')*R.'0&#L>-8A*<VZ*I*VXYLC')*S-8*I*[',21#&H*1.#*'70&#7#,)#2*+. (900+.)#2D C=**W"1)*1(/77#).'$*1&@+.')"7(*1,2*%#/*&#,@)"(*E#=@=A*X<VLC')*[8S*I >'66'#L]#&&71,A*<^V_*I*V^_ZLC')*[8S*I*>'66'#L]#&&71,H*1.#*'70&#7#,)#2*+. (900+.)#2D $=**W"1)*#,$./0)'+,*0.+)+$+&(*E#=@=A*88TA*88]A*5J8-!*+.*JK!8*()1,21.2(H*1.# '70&#7#,)#2*+.*(900+.)#2D 2=**W"1)*)/0#*+6*21)1*'(*#,$./0)#2D `=**;+.*0.+29$)(*)"1)*$+,)1',*1,*?#,$./0)'+,*$+70+,#,)?A*$1,*)"'(*#,$./0)'+, $+70+,#,)*C#*#1('&/*9(#2*C/*1,+)"#.*0.+29$)A*+.*#&(#*1$$#((#2*I*.#L).1,(6#..#2*C/ )"#*#,2L9(#.*6+.*$./0)+@.10"'$*9(#D
    • DEEPER JVM ENCRYPTION
    • ENCODING makes data transport easy
    • ENCODING makes data transport easy
    • Base64 Means of making data safe for transport Email Query string XML JSON Removes need for escapes sequences
    • HASHING reversal is a risk
    • HASHING reversal is a risk
    • Hashes All passwords should be hashed Never store in any recoverable form Reduce risk
    • Hashes Hall of shame for plaintext passwords http://www.nist.org/nist_plugins/content/content.php?content.54
    • Hash Algorithms MD5 vulnerable keyless SHA1 stronger keyless
    • MACS password based hashes
    • MACS password based hashes
    • MACs MAC Message Authentication Code Arbitrary implementation (conceptual) HMAC Hash plus Message Authentication Code Hash (like SHA-1) plus a Key (like RSA)
    • MACs Verifies both the data integrity and the authenticity of a message
    • HMAC Demo
    • SALTING makes everything safer
    • SALTING makes everything safer
    • Salt approaches Random number Stored in the clear next to the hash Email address hash Not (required to be) stored Literally append to password hash
    • Salt Goals Stops use of rainbow tables of hashes Requires each password be cracked individually Cracks become impractically slow
    • Rainbow Table Password Hash 1234 7S9TT1U john X54EJK11 password U99=3DK1 ihatemyjob L4OI192W puppy Q82B3NW letmein H99Z1M9 1968-10-19 A7fb92E
    • Database Username Password Hash matthewm 7S9TT1U johnt X54EJK11 ellingsonb U99=3DK1 s.brin L4OI192W n.ford Q82B3NW tomf H99Z1M9 johnl A7fb92E
    • Database rname Password Hash Hash Pass thewm 7S9TT1U 7S9TT1U 12 hnt X54EJK11 X54EJK11 jo gsonb U99=3DK1 U99=3DK1 pass brin L4OI192W L4OI192W ihate ord Q82B3NW Q82B3NW pu omf H99Z1M9 H99Z1M9 let hnl A7fb92E A7fb92E 1968
    • Salt Demo
    • JDK KEYTOOL makes data transport easy
    • JDK KEYTOOL makes data transport easy
    • Keytool Manages Keystores Truststores Functions -genkey -list -import -export
    • Creating a keystore keytool -genkeypair -keyalg RSA -keysize 2048 - keystore myapp.keystore Enter keystore password: ******** Re-enter new password: ******** What is your first and last name? [Unknown]: Matthew McCullough What is the name of your organizational unit? [Unknown]: Consulting What is the name of your organization? [Unknown]: Ambient Ideas, LLC What is the name of your City or Locality? [Unknown]: Denver What is the name of your State or Province? [Unknown]: Colorado What is the two-letter country code for this unit? [Unknown]: US
    • keytool -genkeypair -keyalg RSA -keysize 2048 - Creating a keystore keystore myapp.keystore Enter keystore password: ******** Re-enter new password: ******** What is your first and last name? [Unknown]: Matthew McCullough What is the name of your organizational unit? [Unknown]: Consulting What is the name of your organization? [Unknown]: Ambient Ideas, LLC What is the name of your City or Locality? [Unknown]: Denver What is the name of your State or Province? [Unknown]: Colorado What is the two-letter country code for this unit? [Unknown]: US Is CN=Matthew McCullough, OU=Consulting, O="Ambient Ideas, LLC", L=Denver, ST=Colorado, C=US correct? [no]: yes Enter key password for <mykey> ! (RETURN if same as keystore password):
    • Base 64 Demo
    • TRANSPORT LEVEL ENCRYPTION abstracted from the data
    • TRANSPORT LEVEL ENCRYPTION abstracted from the data
    • Implementations Web SSL 1.0, 2.0 TLS
    • Client "hello" Server sends X509 certificate (public key) CA Client validates certificate or allows override approval Client generates random symmetric key Signs it with server public key Encrypted communication
    • TLS Demo
    • Tomcat and SSL Usually fronted, handled by Apache But if you really want it, offered via Tomcat http://tomcat.apache.org/tomcat-6.0-doc/ ssl-howto.html
    • ELLIPTIC CURVE AES speed meets RSA keys
    • ELLIPTIC CURVE AES speed meets RSA keys
    • The concept Elliptic Curve Cryptography (ECC) Premise “elliptic curve logarithm” Getting the discrete logarithm of an elliptic curve node is infeasible Difficulty of finding A from B Ease of finding B given A
    • The Goals Reduces storage, footprint Increases speed over standard public key encryption Aiming to beat RSA
    • The Risk No mathematical proof yet Patent encumbrances
    • The Endorsement NSA Approved for Top Secret Open Source Implementations BouncyCastle OpenSSL
    • Java 7
    • STEGANOGRAPHY not just 3d-pictures from the newspaper
    • STEGANOGRAPHY not just 3d-pictures from the newspaper
    • Steganography ! Hidden data in visible data ! Not usually encrypted ! Pedestrian files ! Quantity of files creates confusion
    • Steganography High signal to noise ratio (SNR) Slow compared to encryption but Inconspicuous
    • Steganography Invisible? Techniques Luminosity Hue Compression Metadata
    • Stego Demo
    • HIGHER LEVEL LIBRARIES making encryption with Java easier
    • HIGHER LEVEL LIBRARIES making encryption with Java easier
    • KeyCzar Highest level abstraction Custom key format Authored by Google Security Team Intelligent encryption defaults
    • KeyczarTool create --location=/path/to/keyset --name=testkeyring --purpose=sign
    • Encrypter.Encrypt(dataB64String) Crypter.Decrypt(ciphertextB64String) Signer.Sign(dataB64String) Verifier.Verify(dataB64String)
    • Bouncy Castle JCE Provider Many more encryption and digest algorithms than the Sun provider (AES)
    • Bouncy Castle <java_home>/lib/security/java.security security.provider.1=sun.security.provider.Sun security.provider.2=com.sun.net.ssl.internal.ssl.Provider security.provider.3=com.sun.rsajca.Provider ... security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider
    • Jasypt
    • Jasypt Frictionless Java encryption
    • ConfigurablePasswordEncryptor pe = new ConfigurablePasswordEncryptor(); pe.setAlgorithm("SHA-512"); pe.setPlainDigest(false); pe.setStringOutputType("base64"); String encryptedPassword = pe.encryptPassword(TEXT_TO_ENCRYPT);
    • Hibernate
    • Hibernate Encryption in the ORM/DB world
    • <hibernate-mapping package="myapp"> ... <typedef name="encryptedString" class="org.jasypt.hibernate.type.EncryptedStringType"> <param name="algorithm">PBEWithMD5AndTripleDES</ param> <param name="password">mypass</param> <param name="keyObtentionIterations">1000</param> </typedef> <class name="UserData" table="USER_DATA"> ... <property name="address" column="ADDRESS" type="encryptedString" /> <class> <hibernate-mapping>
    • Spring Framework
    • Spring Framework Securing data and configurations
    • <bean id="jasyptStringDigester" class="org.jasypt.digest.StandardStringDigester" > <property name="algorithm" value="SHA-1" /> <property name="iterations" value="100000" /> </bean> <bean id="passwordEncoder" class="org.jasypt.spring.security3.PasswordEncoder"> <property name="stringDigester"> <ref bean="jasyptStringDigester" /> </property> </bean>
    • Gnu
    • Gnu Open source library
    • GNU Non JCE implementations Hundreds of algorithms Legacy algorithms
    • In Summary Laws Know the rules for import and export Get the appropriate approvals Hashing Proper bit strength (algorithm) Salt is a modern requirement Encrypting Know the performance of your algorithm Choose a future-proof bit size key
    • PTI ON C RY ENractice JVM CED ecurity in P A D VAN l s D igita Matthew McCullough Email matthewm@ambientideas.com Twitter @matthewmccull Blog http://ambientideas.com/blog
    • REFERENCES
    • References http://delicious.com/matthew.mccullough/ encryption http://www.bouncycastle.org/java.html http://code.google.com/p/keyczar/wiki/ KeyczarPhilosophy http://crypto.stanford.edu/sjcl/ http://www.gnu.org/software/gnu-crypto/ http://www.jasypt.org/download.html
    • References Sample Code http://github.com/matthewmccullough/ encryption-jvm-bootcamp Miscellaneous http://www.ietf.org/rfc/rfc3852.txt http://en.wikipedia.org/wiki/ Abstract_Syntax_Notation_One
    • References • http://download.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html • http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136007.html • http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html • http://download.oracle.com/javase/6/docs/api/java/security/Security.html
    • Acronyms CMS Cryptographic Message Syntax (CMS) objects RFC 3852 PKCS#7 (formerly RFC 2630, 3369) http://www.ietf.org/rfc/rfc3852.txt ASN.1 Abstract Syntax Notation One 1984 X.409, 1988 X.208, 1995 X.680, 2002 http://www.asn1.org/
    • Credits http://www.ambientideasphotography.com http://stockfootageforfree.com/ All others, iStockPhoto.com