JVM Encryption Boot Camp 0.4.3

2,596 views
2,505 views

Published on

Matthew McCullough's presentation to the Boulder Java Users Group on encryption on the Java Virtual Machine (JVM) platform.

Published in: Education
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,596
On SlideShare
0
From Embeds
0
Number of Embeds
17
Actions
Shares
0
Downloads
0
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

JVM Encryption Boot Camp 0.4.3

  1. 1. TI YP P ON C R AM EN T C B OOurity is th e mi ssion Sec © Matthew McCullough, Ambient Ideas, LLC Sunday, April 25, 2010
  2. 2. SECURITY What’s ON THE J your po VM sition? Sunday, April 25, 2010
  3. 3. HACK ATT EMPTS PE in R the bi llions D AY Sunday, April 25, 2010
  4. 4. G? ot TINbly n YP oba ENCR pr say st atis tics Sunday, April 25, 2010
  5. 5. delicious.com/matthew.mccullough/encryption Sunday, April 25, 2010
  6. 6. Sunday, April 25, 2010
  7. 7. ANCIENT HISTORY Everything old is new again Sunday, April 25, 2010
  8. 8. ANCIENT HISTORY Everything old is new again Sunday, April 25, 2010
  9. 9. Sunday, April 25, 2010
  10. 10. new this oss” over uff b all n st “I’m yptio encr Sunday, April 25, 2010
  11. 11. 44 B.C. Sunday, April 25, 2010
  12. 12. 44 B.C. That’s 2,054 years ago... Sunday, April 25, 2010
  13. 13. Sunday, April 25, 2010
  14. 14. Sunday, April 25, 2010
  15. 15. Julius Caesar Sunday, April 25, 2010
  16. 16. Sunday, April 25, 2010
  17. 17. Sunday, April 25, 2010
  18. 18. Caesar Cipher a.k.a. ROT(2) Shift Cipher A B C D E F G A B C D E F G Sunday, April 25, 2010
  19. 19. Caesar Cipher a.k.a. ROT(2) Shift Cipher A B C D E F G A B C D E F G Sunday, April 25, 2010
  20. 20. Caesar Cipher a.k.a. ROT(2) Shift Cipher A B C D E F G A B C D E F G Sunday, April 25, 2010
  21. 21. Caesar Cipher a.k.a. ROT(2) Shift Cipher Sunday, April 25, 2010
  22. 22. Caesar Cipher Sunday, April 25, 2010
  23. 23. Caesar Cipher Z M S R Sunday, April 25, 2010
  24. 24. Caesar Cipher Z M S R 30s 25s 20s 15s 10s 5s Stop Sunday, April 25, 2010
  25. 25. Caesar Cipher Z M S R Sunday, April 25, 2010
  26. 26. Caesar Cipher Z M S R A N T S if encrypted with ROT(-1) Sunday, April 25, 2010
  27. 27. Caesar Cipher Z M S R A N T S if encrypted with ROT(-1) B O U T if encrypted with ROT(-2) Sunday, April 25, 2010
  28. 28. /** * A naively simple rotation cipher implementation. * USAGE: groovy RotateWord.groovy <yourword> */ public class RotateWord { /** * Rotate one character by the specified amount */ private static char rotateChar(char c, int rotationAmount) { //a == 97, z == 122 int num = (int)c int rotated = num + rotationAmount int adjusted //Handle roll-around wrapping Sunday, April 25, 2010
  29. 29. /** * A naively simple rotation cipher implementation. * USAGE: groovy RotateWord.groovy <yourword> */ public class RotateWord { /** * Rotate one character by the specified amount */ private static char rotateChar(char c, int rotationAmount) { //a == 97, z == 122 int num = (int)c int rotated = num + rotationAmount int adjusted //Handle roll-around wrapping if (rotated > 122) adjusted = rotated - 26 else if (rotated < 97) adjusted = rotated + 26 else adjusted = rotated Sunday, April 25, 2010
  30. 30. public class RotateWord { /** * Rotate one character by the specified amount */ private static char rotateChar(char c, int rotationAmount) { //a == 97, z == 122 int num = (int)c int rotated = num + rotationAmount int adjusted //Handle roll-around wrapping if (rotated > 122) adjusted = rotated - 26 else if (rotated < 97) adjusted = rotated + 26 else adjusted = rotated char adjustedChar = (char)adjusted return adjustedChar } /** Sunday, April 25, 2010
  31. 31. private static char rotateChar(char c, int rotationAmount) { //a == 97, z == 122 int num = (int)c int rotated = num + rotationAmount int adjusted //Handle roll-around wrapping if (rotated > 122) adjusted = rotated - 26 else if (rotated < 97) adjusted = rotated + 26 else adjusted = rotated char adjustedChar = (char)adjusted return adjustedChar } /** * Rotate the entire String by the specified rotation amount. */ public static String rotateAllChars(String plainText, int rotationAmount) { String encodedMessage = "" Sunday, April 25, 2010
  32. 32. adjusted = rotated + 26 else adjusted = rotated char adjustedChar = (char)adjusted return adjustedChar } /** * Rotate the entire String by the specified rotation amount. */ public static String rotateAllChars(String plainText, int rotationAmount) { String encodedMessage = "" //Loop through each character in the plaintext for (int i = 0; i < plainText.length(); i++) { //TODO: Improve to handle upper and lower case letters char c = plainText.toLowerCase().charAt(i) encodedMessage += rotateChar(c, rotationAmount) } return encodedMessage } Sunday, April 25, 2010
  33. 33. return adjustedChar } /** * Rotate the entire String by the specified rotation amount. */ public static String rotateAllChars(String plainText, int rotationAmount) { String encodedMessage = "" //Loop through each character in the plaintext for (int i = 0; i < plainText.length(); i++) { //TODO: Improve to handle upper and lower case letters char c = plainText.toLowerCase().charAt(i) encodedMessage += rotateChar(c, rotationAmount) } return encodedMessage } public static void main (String[] args) { String originalword = args[0] println "Rot(-3) Word: " + rotateAllChars(originalword, -3) Sunday, April 25, 2010
  34. 34. public static void main (String[] args) { String originalword = args[0] println "Rot(-3) Word: " + rotateAllChars(originalword, -3) println "Rot(-2) Word: " + rotateAllChars(originalword, -2) println "Rot(-1) Word: " + rotateAllChars(originalword, -1) println "Original Word: ${originalword}" println "Rot(1) Word: " + rotateAllChars(originalword, 1) println "Rot(2) Word: " + rotateAllChars(originalword, 2) } } Sunday, April 25, 2010
  35. 35. BROKEN Perfectly safe data is a myth Sunday, April 25, 2010
  36. 36. BROKEN Perfectly safe data is a myth Sunday, April 25, 2010
  37. 37. Compromised Sunday, April 25, 2010
  38. 38. Compromised ! Every algorithm is vulnerable Sunday, April 25, 2010
  39. 39. Compromised ! Every algorithm is vulnerable ! Crack by brute force Sunday, April 25, 2010
  40. 40. Compromised ! Every algorithm is vulnerable ! Crack by brute force ! Crack by rainbow tables Sunday, April 25, 2010
  41. 41. Compromised ! Every algorithm is vulnerable ! Crack by brute force ! Crack by rainbow tables ! Function of time + money + hardware Sunday, April 25, 2010
  42. 42. Sunday, April 25, 2010
  43. 43. $2000 $ 50 Sunday, April 25, 2010
  44. 44. $2000 Whic h wo uld y ou hit $ 50 ? Sunday, April 25, 2010
  45. 45. JCE PRIMER The world of Java crypto Sunday, April 25, 2010
  46. 46. JCE PRIMER The world of Java crypto Sunday, April 25, 2010
  47. 47. Java Cryptography Extension Known as JCE Included in all JREs Since Java 1.2 Pluggable provider architecture JCE extends Java Cryptography Architecture (JCA) Sunday, April 25, 2010
  48. 48. JCE Providers Default Sun JRE Providers SUN SunJCE SunJSSE SunRsaSign BouncyCastle Provider Adds AES capabilities Sunday, April 25, 2010
  49. 49. Registering a Provider Static <java-home>/lib/security/java.security security.provider.n=masterClassName Sunday, April 25, 2010
  50. 50. Registering a Provider Dynamic ! java.security.Security class addProvider() insertProviderAt() ! Not persistent across VM instances Sunday, April 25, 2010
  51. 51. Encryption & the Law country borders stop bits Sunday, April 25, 2010
  52. 52. JCE Strength ! Jurisdiction Policy Files ! Two variants ! Algorithm strength differences Sunday, April 25, 2010
  53. 53. Unlimite d Sunday, April 25, 2010
  54. 54. Unlimite d Sunday, April 25, 2010
  55. 55. Strong Sunday, April 25, 2010
  56. 56. Strong Sunday, April 25, 2010
  57. 57. JCE Strength Sunday, April 25, 2010
  58. 58. JCE Strength Strong strength included in all JREs Sunday, April 25, 2010
  59. 59. JCE Strength Strong strength included in all JREs Unlimited strength is a separate download available based on US export rules Sunday, April 25, 2010
  60. 60. Sunday, April 25, 2010
  61. 61. Sunday, April 25, 2010
  62. 62. Sunday, April 25, 2010
  63. 63. Worldwide Policy // File: default_local.policy // Some countries have import limits on crypto strength. // This policy file is worldwide importable. grant { permission javax.crypto.CryptoPermission "DES", 64; permission javax.crypto.CryptoPermission "DESede", *; permission javax.crypto.CryptoPermission "RC2", 128, "javax.crypto.spec.RC2ParameterSpec", 128; permission javax.crypto.CryptoPermission "RC4", 128; permission javax.crypto.CryptoPermission "RC5", 128, "javax.crypto.spec.RC5ParameterSpec", *, 12, *; permission javax.crypto.CryptoPermission "RSA", 2048; permission javax.crypto.CryptoPermission *, 128; }; Sunday, April 25, 2010
  64. 64. Max Key Sizes Algorithm Max Key Size DES 64 DESede 168 3des RC2 128 RC4 128 RC5 128 RSA 2048 Others 128 Sunday, April 25, 2010
  65. 65. Digests & Hashes One way functions Sunday, April 25, 2010
  66. 66. What is a Digest? Small set of bytes representing a large message Small change in message = large change in digest Integrity check for large data Password storage mechanism Sunday, April 25, 2010
  67. 67. MessageDigest Sunday, April 25, 2010
  68. 68. MessageDigest ! java.security.MessageDigest Sunday, April 25, 2010
  69. 69. MessageDigest ! java.security.MessageDigest ! Multiple algorithms available Sunday, April 25, 2010
  70. 70. MessageDigest ! java.security.MessageDigest ! Multiple algorithms available ! MD5 (128 bit) Sunday, April 25, 2010
  71. 71. MessageDigest ! java.security.MessageDigest ! Multiple algorithms available ! MD5 (128 bit) ! SHA-1 (160 bit) Sunday, April 25, 2010
  72. 72. MessageDigest Sunday, April 25, 2010
  73. 73. MessageDigest Sunday, April 25, 2010
  74. 74. MessageDigest ! MD5 ! U. S. Department of Homeland Security said MD5 "considered cryptographically broken and unsuitable for further use" Sunday, April 25, 2010
  75. 75. System.out.println("Message1 SHA1 digest: " + shaAndBase64Encode(message1)); System.out.println("Message2 SHA1 digest: " + shaAndBase64Encode(message2)); } /** * Helper function to both SHA-1 hash and * base64 encode the resulting bytes to a String */ public static String shaAndBase64Encode(String message) throws NoSuchAlgorithmException { MessageDigest sha = MessageDigest.getInstance("SHA-1"); //Salt could be applied here //Integer salt = <some random number generator> //sha.update(salt.getBytes()); byte[] digest = sha.digest(message.getBytes()); return new sun.misc.BASE64Encoder().encode(digest); } } Sunday, April 25, 2010
  76. 76. * * Demonstrate that very similar messages * have radically different hashes. */ public class MessageDigestSHA { public static void main( String[] args ) throws NoSuchAlgorithmException { //Set up the message to be encoded String message1 = "Four score and seven years ago"; String message2 = "Four score and seven tears ago"; System.out.println("Message1 SHA1 digest: " + shaAndBase64Encode(message1)); System.out.println("Message2 SHA1 digest: " + shaAndBase64Encode(message2)); } /** * Helper function to both SHA-1 hash and * base64 encode the resulting bytes to a String */ public static String shaAndBase64Encode(String message) throws NoSuchAlgorithmException { MessageDigest sha = MessageDigest.getInstance("SHA-1"); Sunday, April 25, 2010
  77. 77. Input String message1 = "Four score and seven years ago"; String message2 = "Four score and seven tears ago"; Result Message1 SHA1 digest: DmCJIg4Bq/xpGIxVXxo3IB0vo38= Message2 SHA1 digest: oaLHt8tr31ttngCDjyYuWowF5Mc= Sunday, April 25, 2010
  78. 78. SYMMETRIC My key is your key Sunday, April 25, 2010
  79. 79. SYMMETRIC My key is your key Sunday, April 25, 2010
  80. 80. Sunday, April 25, 2010
  81. 81. Sensitive Data Sunday, April 25, 2010
  82. 82. ht Sig ain Pl Sensitive Data Sunday, April 25, 2010
  83. 83. Recipient or Storage ht Sig ain Pl Sensitive Data Sunday, April 25, 2010
  84. 84. Recipient or Storage ht Sig r ed cu ain ts O b s Pl C on te n Sensitive Data Sunday, April 25, 2010
  85. 85. Why Symmetric? Sunday, April 25, 2010
  86. 86. Why Symmetric? ! Fast Sunday, April 25, 2010
  87. 87. Why Symmetric? ! Fast ! Well suited for bulk data Sunday, April 25, 2010
  88. 88. Using Symmetric Sunday, April 25, 2010
  89. 89. Using Symmetric Secure network for passing keys or Sunday, April 25, 2010
  90. 90. Using Symmetric Secure network for passing keys or Never decrypted at remote end Sunday, April 25, 2010
  91. 91. Symmetric Problems Sunday, April 25, 2010
  92. 92. Symmetric Problems Keys vulnerable to capture Sunday, April 25, 2010
  93. 93. Symmetric Problems Keys vulnerable to capture Eavesdropping on future communications after key compromise Sunday, April 25, 2010
  94. 94. Symmetric Problems Keys vulnerable to capture Eavesdropping on future communications after key compromise Key distribution challenges Sunday, April 25, 2010
  95. 95. Symmetric Problems Keys vulnerable to capture Eavesdropping on future communications after key compromise Key distribution challenges Triangular number key growth Sunday, April 25, 2010
  96. 96. Symmetric Problems ! Triangular number key growth Sunday, April 25, 2010
  97. 97. Symmetric A B Sunday, April 25, 2010
  98. 98. Symmetric A Message/File B Sunday, April 25, 2010
  99. 99. Symmetric A’s 256 bit symmetric key A Message/File B Sunday, April 25, 2010
  100. 100. Symmetric Encrypted with 256 bit symmetric key A’s 256 bit symmetric key A Message/File B Sunday, April 25, 2010
  101. 101. Symmetric Encrypted with 256 bit symmetric key A’s 256 bit symmetric key A Message/File B Sunday, April 25, 2010
  102. 102. Symmetric A’s 256 bit symmetric key A Message/File B Sunday, April 25, 2010
  103. 103. Symmetric A’s 256 bit symmetric key A Message/File B Sunday, April 25, 2010
  104. 104. SYMMETRIC Block versus Stream Algorithms Sunday, April 25, 2010
  105. 105. Stream vs. Block Sunday, April 25, 2010
  106. 106. Stream vs. Block Specific algorithms for each Sunday, April 25, 2010
  107. 107. SYMMETRIC (BLOCK) Sunday, April 25, 2010
  108. 108. Block Sunday, April 25, 2010
  109. 109. Block Predefined content length Sunday, April 25, 2010
  110. 110. Block Predefined content length Well-known end to the content Sunday, April 25, 2010
  111. 111. Block Predefined content length Well-known end to the content Files on disk Sunday, April 25, 2010
  112. 112. Block Predefined content length Well-known end to the content Files on disk Inefficient when padding Sunday, April 25, 2010
  113. 113. DES Data Encryption Standard Block cipher Banking industry DES is known to be broken Sunday, April 25, 2010
  114. 114. 3DES Data Encryption Standard Block cipher a.k.a DESede Basically three passes of DES Reasonably strong Sunday, April 25, 2010
  115. 115. Blowfish Block cipher Unpatented (intentionally) Secure replacement for DES Faster than DES 32 to 448 bit keys Overshadowed by AES Sunday, April 25, 2010
  116. 116. AES Advanced Encryption Standard Block cipher Government standard Rijndael algorithm (Joan Daemen, Vincent Rijmen) 4 years of evaluation Final in December 2000 Very Secure Sunday, April 25, 2010
  117. 117. SYMMETRIC (STREAM) Sunday, April 25, 2010
  118. 118. Stream Sunday, April 25, 2010
  119. 119. Stream Unknown content length Sunday, April 25, 2010
  120. 120. Stream Unknown content length Streaming video Sunday, April 25, 2010
  121. 121. Stream Unknown content length Streaming video Streaming voice Sunday, April 25, 2010
  122. 122. Stream Unknown content length Streaming video Streaming voice Similar to One-Time Pads Sunday, April 25, 2010
  123. 123. RC4 Sunday, April 25, 2010
  124. 124. RC4 Rivest’s Code 4 Sunday, April 25, 2010
  125. 125. RC4 Rivest’s Code 4 Stream cipher Sunday, April 25, 2010
  126. 126. RC4 Rivest’s Code 4 Stream cipher Trademarked (name, but not algorithm) Sunday, April 25, 2010
  127. 127. RC4 Rivest’s Code 4 Stream cipher Trademarked (name, but not algorithm) Used by Sunday, April 25, 2010
  128. 128. RC4 Rivest’s Code 4 Stream cipher Trademarked (name, but not algorithm) Used by Browsers in SSL, TLS Sunday, April 25, 2010
  129. 129. RC4 Rivest’s Code 4 Stream cipher Trademarked (name, but not algorithm) Used by Browsers in SSL, TLS WiFi in WEP WPA , Sunday, April 25, 2010
  130. 130. RC4 Rivest’s Code 4 Stream cipher Trademarked (name, but not algorithm) Used by Browsers in SSL, TLS WiFi in WEP WPA , BitTorrent Sunday, April 25, 2010
  131. 131. RC4 Rivest’s Code 4 Stream cipher Trademarked (name, but not algorithm) Used by Browsers in SSL, TLS WiFi in WEP WPA , BitTorrent ssh Sunday, April 25, 2010
  132. 132. RC4 Rivest’s Code 4 Stream cipher Trademarked (name, but not algorithm) Used by Browsers in SSL, TLS WiFi in WEP WPA , BitTorrent ssh Microsoft RDP Sunday, April 25, 2010
  133. 133. RC4 Rivest’s Code 4 Stream cipher Trademarked (name, but not algorithm) Used by Browsers in SSL, TLS WiFi in WEP WPA , BitTorrent ssh Microsoft RDP PDF Sunday, April 25, 2010
  134. 134. A5/1 Sunday, April 25, 2010
  135. 135. A5/1 A5/1 Sunday, April 25, 2010
  136. 136. A5/1 A5/1 Secret, unpublished Sunday, April 25, 2010
  137. 137. A5/1 A5/1 Secret, unpublished Reverse engineered Sunday, April 25, 2010
  138. 138. A5/1 A5/1 Secret, unpublished Reverse engineered Used by GSM phones Sunday, April 25, 2010
  139. 139. import java.security.InvalidKeyException; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.KeyGenerator; import javax.crypto.NoSuchPaddingException; import javax.crypto.SecretKey; import sun.misc.BASE64Encoder; /** * Use the SecureRandom java security class to generate * a more expensive, but cryptographically secure random number. */ public class SymmetricEncrypt { public static void main( String[] args ) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { final String message1 = "Four score and seven years ago"; Sunday, April 25, 2010
  140. 140. import sun.misc.BASE64Encoder; /** * Use the SecureRandom java security class to generate * a more expensive, but cryptographically secure random number. */ public class SymmetricEncrypt { public static void main( String[] args ) throws NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { final String message1 = "Four score and seven years ago"; //Build a new encryption key final KeyGenerator keyGen = KeyGenerator.getInstance("DESede"); keyGen.init(168); final SecretKey desKey = keyGen.generateKey(); //Set up the cipher final Cipher desCipher = Cipher.getInstance("DESede/ECB/PKCS5Padding"); ////////////////////////////////////// //Put the cipher in encryption mode desCipher.init(Cipher.ENCRYPT_MODE, desKey); //Encrypt and output the base64 data byte[] clearText = message1.getBytes(); byte[] encryptedBytes = desCipher.doFinal(clearText); BASE64Encoder b64e = new sun.misc.BASE64Encoder(); Sunday, April 25, 2010
  141. 141. final String message1 = "Four score and seven years ago"; //Build a new encryption key final KeyGenerator keyGen = KeyGenerator.getInstance("DESede"); keyGen.init(168); final SecretKey desKey = keyGen.generateKey(); //Set up the cipher final Cipher desCipher = Cipher.getInstance("DESede/ECB/PKCS5Padding"); ////////////////////////////////////// //Put the cipher in encryption mode desCipher.init(Cipher.ENCRYPT_MODE, desKey); //Encrypt and output the base64 data byte[] clearText = message1.getBytes(); byte[] encryptedBytes = desCipher.doFinal(clearText); BASE64Encoder b64e = new sun.misc.BASE64Encoder(); String base64Encrypted = b64e.encode(encryptedBytes); System.out.println("Encrypted text: " + base64Encrypted); ////////////////////////////////////// //Put the cipher in decryption mode desCipher.init(Cipher.DECRYPT_MODE, desKey); //Decrypt and output the original string byte[] decryptedBytes = desCipher.doFinal(encryptedBytes); String decryptedText = new String(decryptedBytes); System.out.println("Decrypted text: " + decryptedText); } } Sunday, April 25, 2010
  142. 142. //Set up the cipher final Cipher desCipher = Cipher.getInstance("DESede/ECB/PKCS5Padding"); ////////////////////////////////////// //Put the cipher in encryption mode desCipher.init(Cipher.ENCRYPT_MODE, desKey); //Encrypt and output the base64 data byte[] clearText = message1.getBytes(); byte[] encryptedBytes = desCipher.doFinal(clearText); BASE64Encoder b64e = new sun.misc.BASE64Encoder(); String base64Encrypted = b64e.encode(encryptedBytes); System.out.println("Encrypted text: " + base64Encrypted); ////////////////////////////////////// //Put the cipher in decryption mode desCipher.init(Cipher.DECRYPT_MODE, desKey); //Decrypt and output the original string byte[] decryptedBytes = desCipher.doFinal(encryptedBytes); String decryptedText = new String(decryptedBytes); System.out.println("Decrypted text: " + decryptedText); } } Sunday, April 25, 2010
  143. 143. Input String message1 = "Four score and seven years ago"; Result Encrypted text: P0FT6N3XXrohtsz7OLh3FGYY0wErkPIur1DP6Csbj4g= Decrypted text: Four score and seven years ago Sunday, April 25, 2010
  144. 144. ENCRYPTED = SAFE, RIGHT? information leakage from encrypted data Sunday, April 25, 2010
  145. 145. ENCRYPTED = SAFE, RIGHT? information leakage from encrypted data Sunday, April 25, 2010
  146. 146. Encrypted isn’t enough? http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation Sunday, April 25, 2010
  147. 147. SECURE KEY EXCHANGE securely swapping symmetric keys Sunday, April 25, 2010
  148. 148. SECURE KEY EXCHANGE securely swapping symmetric keys Sunday, April 25, 2010
  149. 149. Sunday, April 25, 2010
  150. 150. Sunday, April 25, 2010
  151. 151. Diffie-Hellman Sunday, April 25, 2010
  152. 152. Diffie-Hellman Key Agreement Protocol Sunday, April 25, 2010
  153. 153. Diffie-Hellman Key Agreement Protocol Alice & Bob independently generate the shared (session) key Sunday, April 25, 2010
  154. 154. Diffie-Hellman Key Agreement Protocol Alice & Bob independently generate the shared (session) key Published 1976, but invented earlier Sunday, April 25, 2010
  155. 155. Diffie-Hellman Key Agreement Protocol Alice & Bob independently generate the shared (session) key Published 1976, but invented earlier Vulnerable to MITM attack Sunday, April 25, 2010
  156. 156. Diffie-Hellman Key Agreement Protocol Alice & Bob independently generate the shared (session) key Published 1976, but invented earlier Vulnerable to MITM attack Fixed by PKI Sunday, April 25, 2010
  157. 157. Diffie-Hellman Key Agreement Protocol Alice & Bob independently generate the shared (session) key Published 1976, but invented earlier Vulnerable to MITM attack Fixed by PKI and signing the agreed key Sunday, April 25, 2010
  158. 158. DH Diagrammed A B Sunday, April 25, 2010
  159. 159. DH Diagrammed predetermined and openly shared A B Sunday, April 25, 2010
  160. 160. DH Diagrammed predetermined and openly shared g = random g = 11 A B Sunday, April 25, 2010
  161. 161. DH Diagrammed predetermined and openly shared g = random p = prime g = 11 p = 23 A B Sunday, April 25, 2010
  162. 162. DH Diagrammed predetermined and openly shared g = random p = prime g = 11 p = 23 picks a = 6 picks b = 4 A B Sunday, April 25, 2010
  163. 163. DH Diagrammed predetermined and openly shared g = random p = prime g = 11 p = 23 picks a = 6 picks b = 4 A A= ga mod p B B= gb mod p Sunday, April 25, 2010
  164. 164. DH Diagrammed predetermined and openly shared g = random p = prime g = 11 p = 23 picks a = 6 picks b = 4 A A= ga mod p B B= gb mod p 9=116 mod 23 13=114 mod 23 Sunday, April 25, 2010
  165. 165. DH Diagrammed predetermined and openly shared g = random p = prime g = 11 p = 23 picks a = 6 picks b = 4 A A= ga mod p B B= gb mod p 9=116 mod 23 13=114 mod 23 B=13 A=9 Sunday, April 25, 2010
  166. 166. DH Diagrammed predetermined and openly shared g = random p = prime g = 11 p = 23 picks a = 6 picks b = 4 A A= ga mod p B B= gb mod p 9=116 mod 23 13=114 mod 23 B=13 A=9 K= Ba mod p K= Ab mod p Sunday, April 25, 2010
  167. 167. DH Diagrammed predetermined and openly shared g = random p = prime g = 11 p = 23 picks a = 6 picks b = 4 A A= ga mod p B B= gb mod p 9=116 mod 23 13=114 mod 23 B=13 A=9 K= Ba mod p K= Ab mod p 6= 136 mod 23 6= 94 mod 23 Sunday, April 25, 2010
  168. 168. DH Diagrammed predetermined and openly shared g = random p = prime g = 11 p = 23 picks a = 6 picks b = 4 A A= ga mod p B B= gb mod p 9=116 mod 23 13=114 mod 23 B=13 A=9 K= Ba mod p K= Ab mod p 6= 136 mod 23 6= 94 mod 23 Encryption can begin Sunday, April 25, 2010
  169. 169. RANDOM NUMBERS Seed the machine Sunday, April 25, 2010
  170. 170. RANDOM NUMBERS Seed the machine Sunday, April 25, 2010
  171. 171. SecureRandom java.security.SecureRandom Cryptographically strong random number generator (RNG) “Unable to distinguish from a true random source” Used in combination with many ciphers Sunday, April 25, 2010
  172. 172. package com.ambientideas; import java.security.NoSuchAlgorithmException; import java.security.SecureRandom; /** * Use the SecureRandom java security class to generate * a more expensive, but cryptographically secure random number. */ public class SecureRandomNumber { public static void main( String[] args ) throws NoSuchAlgorithmException { //Do the expensive one time setup of the Sunday, April 25, 2010 // random number generator instance
  173. 173. import java.security.SecureRandom; /** * Use the SecureRandom java security class to generate * a more expensive, but cryptographically secure random number. */ public class SecureRandomNumber { public static void main( String[] args ) throws NoSuchAlgorithmException { //Do the expensive one time setup of the // random number generator instance SecureRandom prng = SecureRandom.getInstance("SHA1PRNG"); //Get the next random number String randomNum = new Integer( prng.nextInt() ).toString(); System.out.println("Random number: " + randomNum); } } Sunday, April 25, 2010
  174. 174. * a more expensive, but cryptographically secure random number. */ public class SecureRandomNumber { public static void main( String[] args ) throws NoSuchAlgorithmException { //Do the expensive one time setup of the // random number generator instance SecureRandom prng = SecureRandom.getInstance("SHA1PRNG"); //Get the next random number String randomNum = new Integer( prng.nextInt() ).toString(); System.out.println("Random number: " + randomNum); } } Sunday, April 25, 2010
  175. 175. Result Random number: 1633471380 Sunday, April 25, 2010
  176. 176. ASYMMETRIC Throwing away keys faster than an intern locksmith Sunday, April 25, 2010
  177. 177. ASYMMETRIC Throwing away keys faster than an intern locksmith Sunday, April 25, 2010
  178. 178. Sunday, April 25, 2010
  179. 179. Sunday, April 25, 2010
  180. 180. RSA Ron Rivest, Adi Shamir, Leonard Adleman Published in 1978 M.I.T. Patented in 1983 Patent Expired in 2000 Sunday, April 25, 2010
  181. 181. http://xkcd.com/538/ Sunday, April 25, 2010
  182. 182. http://xkcd.com/538/ Sunday, April 25, 2010
  183. 183. RSA A B Sunday, April 25, 2010
  184. 184. RSA A Message/File B Sunday, April 25, 2010
  185. 185. RSA B’s 2048 bit public key A Message/File B Sunday, April 25, 2010
  186. 186. RSA Encrypted with 2048 bit RSA key A Message/File B Sunday, April 25, 2010
  187. 187. RSA Encrypted with 2048 bit RSA key B’s 2048 bit private key A Message/File B Sunday, April 25, 2010
  188. 188. RSA A Message/File B Sunday, April 25, 2010
  189. 189. RSA A Message/File B Sunday, April 25, 2010
  190. 190. import java.io.IOException; import java.security.InvalidKeyException; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.PrivateKey; import java.security.PublicKey; import java.security.SecureRandom; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; import javax.crypto.NoSuchPaddingException; import sun.misc.BASE64Encoder; /** * Use the SecureRandom java security class to generate * a more expensive, but cryptographically secure random number. Sunday, April 25, 2010
  191. 191. public static void main( String[] args ) throws NoSuchAlgorithmException, NoSuchProviderException, IOException, NoSuchPaddingException, InvalidKeyException, IllegalBlockSizeException, BadPaddingException { final String message1 = "Four score and seven years ago"; // Generate the Key Pair final KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); final SecureRandom random = SecureRandom.getInstance("SHA1PRNG", "SUN"); keyGen.initialize(1024, random); KeyPair pair = keyGen.generateKeyPair(); final PrivateKey privKey = pair.getPrivate(); final PublicKey pubKey = pair.getPublic(); //Encrypt using the private key Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding"); rsa.init(Cipher.ENCRYPT_MODE, privKey); byte[] encryptedBytes = rsa.doFinal(message1.getBytes()); BASE64Encoder b64e = new sun.misc.BASE64Encoder(); Sunday, April 25, 2010
  192. 192. KeyPair pair = keyGen.generateKeyPair(); final PrivateKey privKey = pair.getPrivate(); final PublicKey pubKey = pair.getPublic(); //Encrypt using the private key Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding"); rsa.init(Cipher.ENCRYPT_MODE, privKey); byte[] encryptedBytes = rsa.doFinal(message1.getBytes()); BASE64Encoder b64e = new sun.misc.BASE64Encoder(); String base64Encrypted = b64e.encode(encryptedBytes); System.out.println("Encrypted text: " + base64Encrypted); //Decrypt using the private key rsa.init(Cipher.DECRYPT_MODE, pubKey); byte[] decryptedBytes = rsa.doFinal(encryptedBytes); String decryptedText = new String(decryptedBytes); System.out.println("Decrypted text: " + decryptedText); } } Sunday, April 25, 2010
  193. 193. final PublicKey pubKey = pair.getPublic(); //Encrypt using the private key Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding"); rsa.init(Cipher.ENCRYPT_MODE, privKey); byte[] encryptedBytes = rsa.doFinal(message1.getBytes()); BASE64Encoder b64e = new sun.misc.BASE64Encoder(); String base64Encrypted = b64e.encode(encryptedBytes); System.out.println("Encrypted text: " + base64Encrypted); //Decrypt using the private key rsa.init(Cipher.DECRYPT_MODE, pubKey); byte[] decryptedBytes = rsa.doFinal(encryptedBytes); String decryptedText = new String(decryptedBytes); System.out.println("Decrypted text: " + decryptedText); } } Sunday, April 25, 2010
  194. 194. Input String message1 = "Four score and seven years ago"; Result Encrypted text: A8Is+4r7sDn28fD6IQvZiR5JxPs/vh7UnXrF38acJt6R/ ARisj/zLtC7Xn6iJgNQPhc16wkVZhCF em7oNoim+ooTUDDZQ+E3qP6y/ DZJGkLBoZuZVLeLAW1LUtHSzduRUOg1uMynJz14wxzwfV8wfRwf atpySkOhGqWS63bPNRs= Decrypted text: Four score and seven years ago Sunday, April 25, 2010
  195. 195. BLENDED symmetric with a twist of asymmetric Sunday, April 25, 2010
  196. 196. BLENDED symmetric with a twist of asymmetric Sunday, April 25, 2010
  197. 197. Key Size & Security Sunday, April 25, 2010
  198. 198. Key Size & Security 160 bit DES Symmetric Key Size Sunday, April 25, 2010
  199. 199. Key Size & Security 1024 bit RSA Asymmetric Key Size 160 bit DES Symmetric Key Size Sunday, April 25, 2010
  200. 200. Key Size & Security 1024 bit RSA Asymmetric Key Size 160 bit DES Symmetric Key Size 112 bits Security Sunday, April 25, 2010
  201. 201. Key Size & Security 1024 bit RSA Asymmetric Key Size 160 bit DES Symmetric Key Size 112 bits 128 bits Security Security Sunday, April 25, 2010
  202. 202. Encryption Speed asymmetric can be 1000x slower than symmetric Sunday, April 25, 2010
  203. 203. PGP A B Sunday, April 25, 2010
  204. 204. PGP A B Message/File Sunday, April 25, 2010
  205. 205. PGP Random generated 256 bit symmetric key A B Message/File Sunday, April 25, 2010
  206. 206. PGP Random generated 256 bit symmetric key Encrypted with 256 bit symmetric key A B Message/File Sunday, April 25, 2010
  207. 207. PGP B’s 2048 bit public key Random generated 256 bit symmetric key Encrypted with 256 bit symmetric key A B Message/File Sunday, April 25, 2010
  208. 208. PGP Encrypted with 2048 bit RSA key Random generated 256 bit symmetric key Encrypted with 256 bit symmetric key A B Message/File Sunday, April 25, 2010
  209. 209. PGP Encrypted with 2048 bit RSA key Random generated 256 bit symmetric key Encrypted with 256 bit symmetric key A B Message/File Sunday, April 25, 2010
  210. 210. PGP Encrypted with 2048 bit RSA key B’s 2048 bit Random generated private key 256 bit symmetric key Encrypted with 256 bit symmetric key A B Message/File Sunday, April 25, 2010
  211. 211. PGP Random generated 256 bit symmetric key Encrypted with 256 bit symmetric key A B Message/File Sunday, April 25, 2010
  212. 212. PGP A B Message/File Sunday, April 25, 2010
  213. 213. PGP A B Message/File Sunday, April 25, 2010
  214. 214. OTHER FRAMEWORKS and alternative JCE providers Sunday, April 25, 2010
  215. 215. OTHER FRAMEWORKS and alternative JCE providers Sunday, April 25, 2010
  216. 216. Bouncy Castle JCE Provider Many more encryption and digest algorithms than the Sun provider (AES) Sunday, April 25, 2010
  217. 217. Jasypt Frictionless Java encryption Sunday, April 25, 2010
  218. 218. Gnu Open source library Sunday, April 25, 2010
  219. 219. In Summary Encrypted does not guarantee security ECB can be leaky Hash vs. Encrypt Know when to apply each Know your algorithm Key strength Symmetric versus asymmetric High Level Libraries More productive than pure JCE Sunday, April 25, 2010
  220. 220. Th anks in advanc e for yo ur com pleted evals! Sunday, April 25, 2010
  221. 221. OT CA MP TI ON BOission RYPrity is the M ENC cu Se Matthew McCullough Email matthewm@ambientideas.com Twitter @matthewmccull Blog http://ambientideas.com/blog Sunday, April 25, 2010
  222. 222. REFERENCES Sunday, April 25, 2010
  223. 223. References Sun docs http://java.sun.com/javase/6/docs/technotes/ guides/security/crypto/CryptoSpec.html http://java.sun.com/javase/technologies/security/ http://java.sun.com/javase/6/docs/technotes/ guides/security/jsse/JSSERefGuide.html http://java.sun.com/javase/6/docs/api/java/ security/Security.html BouncyCastle JCE Provider http://www.bouncycastle.org/documentation.html Sunday, April 25, 2010
  224. 224. References Sample Code http://github.com/matthewmccullough/ encryption-jvm-bootcamp Miscellaneous http://www.ietf.org/rfc/rfc3852.txt http://en.wikipedia.org/wiki/ Abstract_Syntax_Notation_One Sunday, April 25, 2010
  225. 225. Acronyms CMS Cryptographic Message Syntax (CMS) objects RFC 3852 PKCS#7 (formerly RFC 2630, 3369) http://www.ietf.org/rfc/rfc3852.txt ASN.1 Abstract Syntax Notation One 1984 X.409, 1988 X.208, 1995 X.680, 2002 http://www.asn1.org/ Sunday, April 25, 2010
  226. 226. CREDITS Sunday, April 25, 2010
  227. 227. http://www.ambientideasphotography.com http://stockfootageforfree.com/ http://xkcd.com/538/ http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation http://matdonline.free.fr/RSA-Diffie-Hellman-explained-in-5-minutes.htm http://www.isg.rhul.ac.uk/node/329 http://www.isg.rhul.ac.uk/files/IMG_9819.JPG http://www.usc.edu/dept/molecular-science/pictures/RSA-2003.jpg All others, iStockPhoto.com Sunday, April 25, 2010
  228. 228. STUDY NOTES Sunday, April 25, 2010
  229. 229. Major Encryption Types Pre-agreed Phrases (Concept) Simplest form of symmetric encryption. Have to meet in person to pass keys around DHM Key Exchange (Concept, Algorithm) Requires both parties to be online This is a drawback RSA (Algorithm) Added asynchronous behavior with pub priv keys Keys are permanent (not generated each time) PGP (Concept, Algorithm) Added speed to RSA by encrypting the payload Sunday, April 25, 2010
  230. 230. Data Integrity Checksums needed Harder to maintain with encryption? Block versus stream cipher Block: XOR all previous nodes Stream: XOR some “forward” packets Recovery once one packet is lost? Sunday, April 25, 2010
  231. 231. Replay Attacks Consider vulnerability to replay Problem: ECB (block) mode Same packet encrypted next time looks the same Hardening: XOR to protect Still vulnerable to entire stream replay Entire stream hard to capture Sunday, April 25, 2010

×