0
GS: Chapter 6 Using Java Cryptography for Authentication
Topics <ul><li>Message digest (MD) </li></ul><ul><li>Password authentication for MD </li></ul><ul><li>Message Authenticati...
Dependencies <ul><li>Review example programs and discussions in Chapter 3. </li></ul>
Message Digests <ul><li>message digest: a fingerprint of a piece of data </li></ul><ul><li>goal: data integrity (stored da...
Message Digests in Java <ul><li>java.security  Class MessageDigest </li></ul><ul><li>Message digests are secure one-way ha...
Message Digests in Java <ul><li>byte[]  digest   ()   Completes the hash computation by performing final operations such a...
Message Digests in Java <ul><li>Computing a message digest on a file:  DigestFile .java </li></ul><ul><li>Size of the outp...
Message Digests in Java <ul><li>Alternative classes for computing a message digest on a file:  DigestInputStream  and  Dig...
Message Digests in Java <ul><li>DigestOutputStream </li></ul><ul><ul><li>A transparent stream that updates the associated ...
Message Digests in Java <ul><li>Another application of MD: Using message digests to store and authenticate passwords </li>...
Message Digests in Java <ul><li>Storing the password </li></ul>
Message Digests in Java <ul><li>Authenticate a password using the stored password </li></ul>
Message Authentication Codes <ul><li>A  keyed  message digest </li></ul><ul><li>Often used for authenticating data sent ov...
Using MAC in Java <ul><li>HMAC (Hashed MAC) </li></ul><ul><li>HMAC functions supported by JCE:  </li></ul><ul><ul><li>Hmac...
Digital Signatures <ul><li>Associates an individual with a particular piece of data, like a signed contract or an e-mail <...
Digital Signature Algorithm (DSA) <ul><li>works similarly to RSA signing, but lack an encryption capability </li></ul><ul>...
DSA and RSA <ul><li>The signature algorithm can be, among others, DSA and SHA-1. The DSA algorithm using the SHA-1 message...
Digital Signatures in Java <ul><li>java.security  Class Signature </li></ul><ul><li>refers to the object used to create an...
Digital Signatures in Java <ul><li>There are three phases to the use of a Signature object:  </li></ul><ul><li>Initializat...
Digital Signatures in Java <ul><li>Sample program:  SignatureExample .java </li></ul>
Authenticating Identity using DS <ul><li>Authenticating a user’s identity by using his digital signature </li></ul><ul><li...
Authenticating Identity using DS <ul><li>Sample programs: </li></ul><ul><ul><li>SignatureAuthenticationClient .java   </li...
Authenticating Identity using DS <ul><li>c.f., Server-initiated authentication </li></ul><ul><ul><li>The server encrypts s...
Next <ul><li>Digital certificates, X.509, certificate chaining </li></ul><ul><li>Keystores </li></ul><ul><li>Public Key In...
Upcoming SlideShare
Loading in...5
×

Java Md Ds

911

Published on

Published in: Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
911
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Java Md Ds"

  1. 1. GS: Chapter 6 Using Java Cryptography for Authentication
  2. 2. Topics <ul><li>Message digest (MD) </li></ul><ul><li>Password authentication for MD </li></ul><ul><li>Message Authentication Code (MAC) </li></ul><ul><li>Digital signatures & Identity authentication </li></ul><ul><li>Digital certificates, X.509, certificate chaining </li></ul><ul><li>Keystores </li></ul><ul><li>Public Key Infrastructure (PKI) </li></ul>
  3. 3. Dependencies <ul><li>Review example programs and discussions in Chapter 3. </li></ul>
  4. 4. Message Digests <ul><li>message digest: a fingerprint of a piece of data </li></ul><ul><li>goal: data integrity (stored data, transmitted data, file copying, …) </li></ul><ul><li>message  hashing algorithm  digest </li></ul><ul><li>Java class: MessageDigest </li></ul><ul><li>Methods: getInstance ( ), update ( ), digest ( ) </li></ul><ul><li>Algorithms: MD5, SHA, SHA-1 </li></ul>
  5. 5. Message Digests in Java <ul><li>java.security Class MessageDigest </li></ul><ul><li>Message digests are secure one-way hash functions that take arbitrary-sized data and output a fixed-length hash value. </li></ul><ul><li>A MessageDigest object starts out initialized. The data is processed through it using the update methods. </li></ul><ul><li>At any point reset can be called to reset the digest. </li></ul><ul><li>Once all the data to be updated has been updated, one of the digest methods should be called to complete the hash computation. </li></ul><ul><li>After digest has been called, the MessageDigest object is reset to its initialized state. </li></ul>
  6. 6. Message Digests in Java <ul><li>byte[] digest () Completes the hash computation by performing final operations such as padding. </li></ul><ul><li>byte[] digest (byte[] input) Performs a final update on the digest using the specified array of bytes, then completes the digest computation. </li></ul><ul><li>int digest (byte[] buf, int offset, int len) Completes the hash computation by performing final operations such as padding. </li></ul>
  7. 7. Message Digests in Java <ul><li>Computing a message digest on a file: DigestFile .java </li></ul><ul><li>Size of the output digest </li></ul><ul><ul><li>SHA-1: 20 bytes </li></ul></ul><ul><ul><li>MD5: 16 bytes </li></ul></ul><ul><li>Exercise: Change the content of the input data file and compare the output digests. </li></ul><ul><li>Project: Write a program that gets a file, the MD algorithm, and the generated digest as the input, and then determine if the file has been corrupted. </li></ul>
  8. 8. Message Digests in Java <ul><li>Alternative classes for computing a message digest on a file: DigestInputStream and DigestOutputStream </li></ul><ul><li>DigestInputStream </li></ul><ul><ul><li>A transparent stream that updates the associated message digest using the bits going through the stream. </li></ul></ul><ul><ul><li>To complete the message digest computation, call one of the digest methods on the associated message digest after your calls to one of this digest input stream's read methods. </li></ul></ul><ul><li>Sample program: DigestStreamExample .java </li></ul>
  9. 9. Message Digests in Java <ul><li>DigestOutputStream </li></ul><ul><ul><li>A transparent stream that updates the associated message digest using the bits going through the stream. </li></ul></ul><ul><ul><li>To complete the message digest computation, call one of the digest methods on the associated message digest after your calls to one of this digest ouput stream's write methods. </li></ul></ul><ul><li>Any advantages over the MessageDigest class? yes, automatic generation of the digest </li></ul><ul><li>Exercise: Rewrite the DigestStreamExample.java program by using DigestOutputStream instead. </li></ul>
  10. 10. Message Digests in Java <ul><li>Another application of MD: Using message digests to store and authenticate passwords </li></ul><ul><li>Sample program: PasswordAuthenticator .java </li></ul><ul><li>Usages: </li></ul><ul><ul><li>-c password Create a password. </li></ul></ul><ul><ul><li>-a password Authenticate the password. </li></ul></ul>
  11. 11. Message Digests in Java <ul><li>Storing the password </li></ul>
  12. 12. Message Digests in Java <ul><li>Authenticate a password using the stored password </li></ul>
  13. 13. Message Authentication Codes <ul><li>A keyed message digest </li></ul><ul><li>Often used for authenticating data sent over an insecure network or stored in an insecure medium </li></ul><ul><ul><li> To prevent man-in-the-middle attack against keyless message digest </li></ul></ul><ul><li>message + key  MA algorithm  MAC </li></ul><ul><li>Verification: </li></ul><ul><ul><li>The same key is used to produce MAC’ , which is compared to MAC to determine if the message has been tampered. </li></ul></ul>
  14. 14. Using MAC in Java <ul><li>HMAC (Hashed MAC) </li></ul><ul><li>HMAC functions supported by JCE: </li></ul><ul><ul><li>HmacMD5 and HmacSHA1 </li></ul></ul><ul><li>javax.crypto Class Mac </li></ul><ul><ul><li>Methods: getInstance( ), init( ), update( ), doFinal( ) </li></ul></ul><ul><li>Sample program: MACExample .java </li></ul><ul><li>Drawback of MAC: The need to have a shared secret key </li></ul><ul><ul><li> Solution: Digital signatures </li></ul></ul>
  15. 15. Digital Signatures <ul><li>Associates an individual with a particular piece of data, like a signed contract or an e-mail </li></ul><ul><li>is essentially a message digest signed by someone’s private key  achieves both data integrity and source integrity (i.e., authentication) </li></ul><ul><li>Review diagrams on p.48, as well as on pp.135-136 </li></ul>
  16. 16. Digital Signature Algorithm (DSA) <ul><li>works similarly to RSA signing, but lack an encryption capability </li></ul><ul><li>c.f., RSA </li></ul><ul><ul><li>DSA is faster at generating signatures; RSA is faster at validating signatures </li></ul></ul><ul><ul><li>DSA was supported in older Java (v1.2); RSA is supported by JDK v1.3 and higher </li></ul></ul><ul><ul><li>RSA is generally recommended if you have a choice. </li></ul></ul>
  17. 17. DSA and RSA <ul><li>The signature algorithm can be, among others, DSA and SHA-1. The DSA algorithm using the SHA-1 message digest algorithm can be specified as SHA1withDSA . </li></ul><ul><li>In the case of RSA, there are multiple choices for the message digest algorithm, so the signing algorithm could be specified as, for example, MD2withRSA , MD5withRSA , or SHA1withRSA . </li></ul><ul><li>The algorithm name must be specified, as there is no default. </li></ul>
  18. 18. Digital Signatures in Java <ul><li>java.security Class Signature </li></ul><ul><li>refers to the object used to create and verify DS, but not the signatures, which are manipulated as byte arrays </li></ul><ul><li>Methods: getInstance( ) , initSign( ) , initVerify( ) , update( ) , sign( ) , and verify( ) </li></ul>
  19. 19. Digital Signatures in Java <ul><li>There are three phases to the use of a Signature object: </li></ul><ul><li>Initialization, with either </li></ul><ul><ul><li>a public key, which initializes the signature for verification (see initVerify ( ) ), or </li></ul></ul><ul><ul><li>a private key, which initializes the signature for signing (see initSign ( PrivateKey ) and initSign ( PrivateKey , SecureRandom ) ). </li></ul></ul><ul><li>Updating </li></ul><ul><ul><li>Depending on the type of initialization, this will update the bytes to be signed or verified. See the update( ) methods. </li></ul></ul><ul><li>Signing or Verifying a signature on all updated bytes. See the sign( ) methods and the verify( ) method. </li></ul>
  20. 20. Digital Signatures in Java <ul><li>Sample program: SignatureExample .java </li></ul>
  21. 21. Authenticating Identity using DS <ul><li>Authenticating a user’s identity by using his digital signature </li></ul><ul><li>Application: secure communication between a server and a client (e.g., online bank transaction) </li></ul>
  22. 22. Authenticating Identity using DS <ul><li>Sample programs: </li></ul><ul><ul><li>SignatureAuthenticationClient .java </li></ul></ul><ul><ul><li>SignatureAuthenticationServer .java </li></ul></ul><ul><li>Advantage of this “nonce” approach: </li></ul><ul><ul><li>It allows the server to validate the client’s signature at the beginning of a communication session. </li></ul></ul><ul><li>Drawback? requires secure communication, otherwise may suffer man-in-the-middle attack </li></ul>
  23. 23. Authenticating Identity using DS <ul><li>c.f., Server-initiated authentication </li></ul><ul><ul><li>The server encrypts some random data with the client’s public key and sends the result to the client. If the client can decrypt the ciphertext, his identity is authenticated. Trade-offs? </li></ul></ul><ul><li>c.f., The “full-blown” DS approach , in which the client sign every message. Trade-offs? </li></ul>
  24. 24. Next <ul><li>Digital certificates, X.509, certificate chaining </li></ul><ul><li>Keystores </li></ul><ul><li>Public Key Infrastructure (PKI) </li></ul>
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×