Advanced Encryption on the JVM v0.2.8

3,122 views

Published on

Matthew McCullough's delivery of Advanced Encryption on the JVM.

Published in: Education

Advanced Encryption on the JVM v0.2.8

  1. 1. ADVANCED ENCRYPTION CONCEPTS Digital security in The Real World ©MatthewMcCullough,AmbientIdeas,LLC
  2. 2. This Talk ★ Research ★ Books ★ News Events ★ Costs ★ Laws ★ Deeper JVM Encryption ★ Encoding ★ Hashing ★ Salting ★ Keytool ★ SSL, TLS ★ Elliptic Curve Cryptography ★ Other Techniques ★ Steganography ★ Higher Level Libraries
  3. 3. RESEARCH
  4. 4. CRYPTO BOOKS Deeper resources
  5. 5. CRYPTO BOOKS Deeper resources
  6. 6. 1997
  7. 7. 1998Java1.1&1.2
  8. 8. 2004Java1.4
  9. 9. 2005Java5
  10. 10. 2008
  11. 11. PERFORMANCE TEST
  12. 12. PERFORMANCE TEST
  13. 13. Bit Strength ! Performance not directly proportional to bit strength increases ! Compare 512, 1024, 2048, 4096 bit RSA
  14. 14. RSA Bit Strength Demo
  15. 15. IN THE NEWS
  16. 16. IN THE NEWS
  17. 17. Cracks in the News ! Thomas Jefferson letter
  18. 18. Cracks in the News ! Pacemakers
  19. 19. Cracks in the News ! Iraq drone video feeds
  20. 20. At least use some form of encryption!
  21. 21. Cracks in the News ! London Tube Oyster cards
  22. 22. Microscope-wielding boffins crack Tube smartcard The keys to London Underground, and plenty more By Dan Goodin in San Francisco • Get more from this author Posted in ID, 12th March 2008 05:02 GMT Free whitepaper – Protecting personally identifiable information Security researchers say they've found a way to crack the encryption used to protect a widely- used smartcard in a matter of minutes, making it possible for them to quickly and cheaply clone the cards that are used to secure office buildings and automate the collection of mass transportation fares. The attack works against the Mifare Classic, a wireless card made by Netherlands-based NXP Semiconductors. It is used by transit operators in London, Boston and the Netherlands and by organizations in the public and private sectors to control access to sensitive areas, according to Karsten Nohl, a PhD candidate at the University of Virginia and one of the cryptographers who discovered the weakness. NXP says it's sold 1 billion to 2 billion of the cards. The wireless devices are growing in popularity because of their low cost - about 50 cents apiece - and they offer many of the advantages of radio frequency identification (RFID) technology. Specifically, smartcards don't require contact with the mechanical readers used by transit agencies, which lowers operators' costs and are quicker and more convenient for users. The research team was able to obtain the card's proprietary encryption scheme by physically dissecting its chip and examining it under a microscope. They then photographed various levels of its circuitry and used optical recognition software to produce a 3D representation of the entire chip. By examining the logic gates in great detail, they were able to deduce the proprietary algorithm, which NXP dubs Crypto1.
  23. 23. Microscope-wielding boffins crack Tube smartcard The keys to London Underground, and plenty more By Dan Goodin in San Francisco • Get more from this author Posted in ID, 12th March 2008 05:02 GMT Free whitepaper – Protecting personally identifiable information Security researchers say they've found a way to crack the encryption used to protect a widely- used smartcard in a matter of minutes, making it possible for them to quickly and cheaply clone the cards that are used to secure office buildings and automate the collection of mass transportation fares. The attack works against the Mifare Classic, a wireless card made by Netherlands-based NXP Semiconductors. It is used by transit operators in London, Boston and the Netherlands and by organizations in the public and private sectors to control access to sensitive areas, according to Karsten Nohl, a PhD candidate at the University of Virginia and one of the cryptographers who discovered the weakness. NXP says it's sold 1 billion to 2 billion of the cards. The wireless devices are growing in popularity because of their low cost - about 50 cents apiece - and they offer many of the advantages of radio frequency identification (RFID) technology. Specifically, smartcards don't require contact with the mechanical readers used by transit agencies, which lowers operators' costs and are quicker and more convenient for users. The research team was able to obtain the card's proprietary encryption scheme by physically dissecting its chip and examining it under a microscope. They then photographed various levels of its circuitry and used optical recognition software to produce a 3D representation of the entire chip. By examining the logic gates in great detail, they were able to deduce the proprietary algorithm, which NXP dubs Crypto1.
  24. 24. Cracks in the News ! GSM Phones, A5/1 cipher
  25. 25. Cracks in the News ! WiFi Connections ! Databases ! Passwords ! Credit Card Numbers
  26. 26. Only 25% of enterprises responding to the Ponemon 2009 survey even had encryption on their “priority” list
  27. 27. Cracks in the News ! Zune
  28. 28. 85% of respondents to the Ponemon 2009 survey had a detected a data breach in the last 12 months
  29. 29. THE LAW
  30. 30. THE LAW
  31. 31. Encryption&TheLaw ★ Encryption considered a munition under international law ★ 1999 relaxation of US rules
  32. 32. It was just ~200 lines of an RSA implementation
  33. 33. /****************************************************************************** * * Copyright (c) 1998,99 by Mindbright Technology AB, Stockholm, Sweden. * www.mindbright.se, info@mindbright.se * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * ***************************************************************************** * $Author: nallen $ * $Date: 2001/11/12 16:31:16 $ * $Name: $ *****************************************************************************/ /* * !!! Author's comment: The contents of this file is heavily based * upon Tatu Ylonen's c-code in the ssh1.2.26 package, which in turn * is a standard implementation of the RSA algorithm, the code is * rather trivial (though the math behind it is not :-). I don't know * whom are responsible for the original optimization using the * Chinese remainder theorem which I guess is the only non-trivial * part of this implementation. Please note that RSA can't be used * without proper licensing in the United States. * * Below is some references to useful information about RSA: * * Bruce Schneier: Applied Cryptography 2nd ed., John Wiley & Sons, 1996 * Arto Salomaa: Public-Key Cryptography 2nd ed., Springer-Verlag, 1996 * Man Young Rhee: Cryptography and Secure Data Comm., McGraw-Hill, 1994 * R. Rivest, A. Shamir, and L. M. Adleman: Cryptographic Communications
  34. 34. break; if(i == strip.length) throw new IOException("Invalid strip-data"); val = new byte[strip.length - i]; System.arraycopy(strip, i, val, 0, val.length); return new BigInteger(val); } public static BigInteger doPad(BigInteger input, int padLen, SecureRandom rand) throws IOException { BigInteger result; BigInteger rndInt; int inByteLen = (input.bitLength() + 7) / 8; int padByteLen = (padLen + 7) / 8; if(inByteLen > padByteLen - 3) throw new IOException("rsaPad: Input too long to pad"); // !!! byte[] ranBytes = new byte[(padByteLen - inByteLen - 3) + 1]; byte[] ranBytes = new byte[(padByteLen - inByteLen - 3) + 1]; rand.nextBytes(ranBytes); ranBytes[0] = 0; for(int i = 1; i < (padByteLen - inByteLen - 3 + 1); i++) if(ranBytes[i] == 0) ranBytes[i] = 0x17; rndInt = new BigInteger(ranBytes); rndInt = rndInt.shiftLeft((inByteLen + 1) * 8); result = new BigInteger("2"); result = result.shiftLeft((padByteLen - 2) * 8); result = result.or(rndInt); result = result.or(input); return result; } }
  35. 35. The Jobs ★ National Security Agency (NSA) ★ Single largest employer of mathematicians in the world
  36. 36. !"#$%&'()*+,*-,$./0)'+,*1,2*3)"#.*45,6+.71)'+,*8#$9.')/:*;9,$)'+,( 8##*5,().9$)'+,*8"##) <=**>+#(*/+9.*0.+29$)*0#.6+.7*?$./0)+@.10"/?A*+.*+)"#.B'(#*$+,)1',*1,/*01.)(*+. $+70+,#,)(*)"1)*1.#*$101C&#*+6*0#.6+.7',@*1,/*+6*)"#*6+&&+B',@*?',6+.71)'+, (#$9.')/?*69,$)'+,(D* EF1.%*B')"*1,*?G?*1&&*)"1)*100&/H 1= #,$./0)'+, C=* 2#$./0)'+,*+,&/*E,+*#,$./0)'+,H $= %#/*71,1@#7#,)*I*09C&'$*%#/*',6.1().9$)9.#*EJK5H 2= 19)"#,)'$1)'+,*E#=@=A*01((B+.2*0.+)#$)'+,A*2'@')1&*('@,1)9.#(H #=* $+0/*0.+)#$)'+, 6=* 1,)'LM'.9(*0.+)#$)'+, @=** +)"#.**E0&#1(#*#N0&1',H*O*PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP "=** Q3Q-*I*Q3R*SJJT5!SUT- V=**;+.*')#7(*B')"*#,$./0)'+,A*2#$./0)'+,*1,2I+.*%#/*71,1@#7#,)*69,$)'+,(*E<=1A <=CA*<=$*1C+M#HO 1=***W"1)*(/77#).'$*1&@+.')"7(*1,2*%#/*&#,@)"(*E#=@=A*XYLC')*>-8A*<<V*I <YZLC')*R.'0&#L>-8A*<VZ*I*VXYLC')*S-8*I*[',21#&H*1.#*'70&#7#,)#2*+. (900+.)#2D C=**W"1)*1(/77#).'$*1&@+.')"7(*1,2*%#/*&#,@)"(*E#=@=A*X<VLC')*[8S*I >'66'#L]#&&71,A*<^V_*I*V^_ZLC')*[8S*I*>'66'#L]#&&71,H*1.#*'70&#7#,)#2*+. (900+.)#2D $=**W"1)*#,$./0)'+,*0.+)+$+&(*E#=@=A*88TA*88]A*5J8-!*+.*JK!8*()1,21.2(H*1.# '70&#7#,)#2*+.*(900+.)#2D 2=**W"1)*)/0#*+6*21)1*'(*#,$./0)#2D `=**;+.*0.+29$)(*)"1)*$+,)1',*1,*?#,$./0)'+,*$+70+,#,)?A*$1,*)"'(*#,$./0)'+, $+70+,#,)*C#*#1('&/*9(#2*C/*1,+)"#.*0.+29$)A*+.*#&(#*1$$#((#2*I*.#L).1,(6#..#2*C/ )"#*#,2L9(#.*6+.*$./0)+@.10"'$*9(#D
  37. 37. DEEPER JVM ENCRYPTION
  38. 38. ENCODING makes data transport easy
  39. 39. ENCODING makes data transport easy
  40. 40. Base64 ★ Means of making data safe for transport ★ Email ★ Query string ★ XML ★ JSON ★ Removes need for escapes sequences
  41. 41. HASHING reversal is a risk
  42. 42. HASHING reversal is a risk
  43. 43. Hashes ★ All passwords should be hashed ★ Never store in any recoverable form ★ Reduce risk
  44. 44. Hashes ★ Hall of shame for plaintext passwords ★ http://www.nist.org/nist_plugins/content/content.php?content.54
  45. 45. Hash Algorithms ★ MD5 ★ vulnerable ★ keyless ★ SHA1 ★ stronger ★ keyless
  46. 46. MACS password based hashes
  47. 47. MACS password based hashes
  48. 48. MACs ★ MAC ★ Message Authentication Code ★ Arbitrary implementation (conceptual) ★ HMAC ★ Hash plus Message Authentication Code ★ Hash (like SHA-1) plus a Key (like RSA)
  49. 49. MACs ★ Verifies both the data integrity and the authenticity of a message
  50. 50. HMAC Demo
  51. 51. SALTING makes everything safer
  52. 52. SALTING makes everything safer
  53. 53. Salt approaches ★ Random number ★ Stored in the clear next to the hash ★ Email address hash ★ Not (required to be) stored ★ Literally append to password hash
  54. 54. Salt Goals ★ Stops use of rainbow tables of hashes ★ Requires each password be cracked individually ★ Cracks become impractically slow
  55. 55. Rainbow Table Password Hash 1234 7S9TT1U john X54EJK11 password U99=3DK1 ihatemyjob L4OI192W puppy Q82B3NW letmein H99Z1M9 1968-10-19 A7fb92E
  56. 56. Database Username Password Hash matthewm 7S9TT1U johnt X54EJK11 ellingsonb U99=3DK1 s.brin L4OI192W n.ford Q82B3NW tomf H99Z1M9 johnl A7fb92E
  57. 57. Database rname Password Hash thewm 7S9TT1U hnt X54EJK11 gsonb U99=3DK1 brin L4OI192W ord Q82B3NW omf H99Z1M9 hnl A7fb92E Hash Pass 7S9TT1U 12 X54EJK11 jo U99=3DK1 pass L4OI192W ihate Q82B3NW pu H99Z1M9 let A7fb92E 1968
  58. 58. Salt Demo
  59. 59. JDK KEYTOOL makes data transport easy
  60. 60. JDK KEYTOOL makes data transport easy
  61. 61. Keytool ★ Manages ★ Keystores ★ Truststores ★ Functions ★ -genkey ★ -list ★ -import ★ -export
  62. 62. Creatingakeystore keytool -genkeypair -keyalg RSA -keysize 2048 - keystore myapp.keystore Enter keystore password: ******** Re-enter new password: ******** What is your first and last name? [Unknown]: Matthew McCullough What is the name of your organizational unit? [Unknown]: Consulting What is the name of your organization? [Unknown]: Ambient Ideas, LLC What is the name of your City or Locality? [Unknown]: Denver What is the name of your State or Province? [Unknown]: Colorado What is the two-letter country code for this unit? [Unknown]: US
  63. 63. Creatingakeystore keytool -genkeypair -keyalg RSA -keysize 2048 - keystore myapp.keystore Enter keystore password: ******** Re-enter new password: ******** What is your first and last name? [Unknown]: Matthew McCullough What is the name of your organizational unit? [Unknown]: Consulting What is the name of your organization? [Unknown]: Ambient Ideas, LLC What is the name of your City or Locality? [Unknown]: Denver What is the name of your State or Province? [Unknown]: Colorado What is the two-letter country code for this unit? [Unknown]: US Is CN=Matthew McCullough, OU=Consulting, O="Ambient Ideas, LLC", L=Denver, ST=Colorado, C=US correct? [no]: yes Enter key password for <mykey> ! (RETURN if same as keystore password):
  64. 64. Base 64 Demo
  65. 65. TRANSPORT LEVEL ENCRYPTION abstracted from the data
  66. 66. TRANSPORT LEVEL ENCRYPTION abstracted from the data
  67. 67. Implementations ★ Web ★ SSL 1.0, 2.0 ★ TLS
  68. 68. Server sends X509 certificate (public key) Client "hello" CA Client validates certificate or allows override approval Client generates random symmetric key Signs it with server public key Encrypted communication
  69. 69. TLS Demo
  70. 70. Tomcat and SSL ★ Usually fronted, handled by Apache ★ But if you really want it, offered via Tomcat ★ http://tomcat.apache.org/tomcat-6.0-doc/ ssl-howto.html
  71. 71. ELLIPTIC CURVE AES speed meets RSA keys
  72. 72. ELLIPTIC CURVE AES speed meets RSA keys
  73. 73. The concept ★ Elliptic Curve Cryptography (ECC) ★ Premise ★ “elliptic curve logarithm” ★ Getting the discrete logarithm of an elliptic curve node is infeasible ★ Difficulty of finding A from B ★ Ease of finding B given A
  74. 74. The Goals ★ Reduces storage, footprint ★ Increases speed over standard public key encryption ★ Aiming to beat RSA
  75. 75. The Risk ★ No mathematical proof yet ★ Patent encumbrances
  76. 76. The Endorsement ★ NSA ★ Approved for Top Secret ★ Open Source Implementations ★ BouncyCastle ★ OpenSSL
  77. 77. Java 7
  78. 78. STEGANOGRAPHY not just 3d-pictures from the newspaper
  79. 79. STEGANOGRAPHY not just 3d-pictures from the newspaper
  80. 80. Steganography ! Hidden data in visible data ! Not usually encrypted ! Pedestrian files ! Quantity of files creates confusion
  81. 81. Steganography ★ High signal to noise ratio (SNR) ★ Slow compared to encryption ★ but Inconspicuous
  82. 82. Steganography ★ Invisible? ★ Techniques ★ Luminosity ★ Hue ★ Compression ★ Metadata
  83. 83. Stego Demo
  84. 84. HIGHER LEVEL LIBRARIES making encryption with Java easier
  85. 85. HIGHER LEVEL LIBRARIES making encryption with Java easier
  86. 86. KeyCzar ★ Highest level abstraction ★ Custom key format ★ Authored by Google Security Team ★ Intelligent encryption defaults
  87. 87. KeyczarTool create --location=/path/to/keyset --name=testkeyring --purpose=sign
  88. 88. Encrypter.Encrypt(dataB64String) Crypter.Decrypt(ciphertextB64String) Signer.Sign(dataB64String) Verifier.Verify(dataB64String)
  89. 89. Bouncy Castle ★ JCE Provider ★ Many more encryption and digest algorithms than the Sun provider (AES)
  90. 90. Bouncy Castle <java_home>/lib/security/java.security security.provider.1=sun.security.provider.Sun security.provider.2=com.sun.net.ssl.internal.ssl.Provider security.provider.3=com.sun.rsajca.Provider ... security.provider.6=org.bouncycastle.jce.provider.BouncyCastleProvider
  91. 91. Jasypt
  92. 92. Jasypt Frictionless Java encryption
  93. 93. ConfigurablePasswordEncryptor pe = new ConfigurablePasswordEncryptor(); pe.setAlgorithm("SHA-512"); pe.setPlainDigest(false); pe.setStringOutputType("base64"); String encryptedPassword = pe.encryptPassword(TEXT_TO_ENCRYPT);
  94. 94. Hibernate
  95. 95. Hibernate Encryption in the ORM/DB world
  96. 96. <hibernate-mapping package="myapp"> ... <typedef name="encryptedString" class="org.jasypt.hibernate.type.EncryptedStringType"> <param name="algorithm">PBEWithMD5AndTripleDES</ param> <param name="password">mypass</param> <param name="keyObtentionIterations">1000</param> </typedef> <class name="UserData" table="USER_DATA"> ... <property name="address" column="ADDRESS" type="encryptedString" /> <class> <hibernate-mapping>
  97. 97. Spring Framework
  98. 98. Spring Framework Securing data and configurations
  99. 99. <bean id="passwordEncoder" class="org.jasypt.spring.security3.PasswordEncoder"> <property name="stringDigester"> <ref bean="jasyptStringDigester" /> </property> </bean> <bean id="jasyptStringDigester" class="org.jasypt.digest.StandardStringDigester" > <property name="algorithm" value="SHA-1" /> <property name="iterations" value="100000" /> </bean>
  100. 100. Gnu
  101. 101. Gnu Open source library
  102. 102. GNU ★ Non JCE implementations ★ Hundreds of algorithms ★ Legacy algorithms
  103. 103. In Summary ★ Laws ★ Know the rules for import and export ★ Get the appropriate approvals ★ Hashing ★ Proper bit strength (algorithm) ★ Salt is a modern requirement ★ Encrypting ★ Know the performance of your algorithm ★ Choose a future-proof bit size key
  104. 104. ADVANCED JVM ENCRYPTION Digital security in Practice Email Twitter Blog Matthew McCullough matthewm@ambientideas.com @matthewmccull http://ambientideas.com/blog
  105. 105. REFERENCES
  106. 106. ★ http://delicious.com/matthew.mccullough/ encryption ★ http://www.bouncycastle.org/java.html ★ http://code.google.com/p/keyczar/wiki/ KeyczarPhilosophy ★ http://crypto.stanford.edu/sjcl/ ★ http://www.gnu.org/software/gnu-crypto/ ★ http://www.jasypt.org/download.html References
  107. 107. ★ Sample Code ★ http://github.com/matthewmccullough/ encryption-jvm-bootcamp ★ Miscellaneous ★ http://www.ietf.org/rfc/rfc3852.txt ★ http://en.wikipedia.org/wiki/ Abstract_Syntax_Notation_One References
  108. 108. • http://download.oracle.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html • http://www.oracle.com/technetwork/java/javase/tech/index-jsp-136007.html • http://download.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html • http://download.oracle.com/javase/6/docs/api/java/security/Security.html References
  109. 109. ★ CMS ★ Cryptographic Message Syntax (CMS) objects ★ RFC 3852 ★ PKCS#7 (formerly RFC 2630, 3369) ★ http://www.ietf.org/rfc/rfc3852.txt ★ ASN.1 ★ Abstract Syntax Notation One ★ 1984 X.409, 1988 X.208, 1995 X.680, 2002 ★ http://www.asn1.org/ Acronyms
  110. 110. ★ http://www.ambientideasphotography.com ★ http://stockfootageforfree.com/ ★ All others, iStockPhoto.com Credits

×