This document provides an overview of using the Java Secure Socket Extension (JSSE) to enable secure socket communication in Java applications. It discusses key topics like the Java Cryptography Architecture (JCA), public-key cryptography, certificates, and the SSL/TLS handshake protocol. The goal of the tutorial is to provide instructions for configuring and using JSSE to encrypt client-server applications.
International Journal of Engineering and Science Invention (IJESI)inventionjournals
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online
Mediated certificateless cryptosystem for the security of data in public cloudeSAT Journals
Abstract Security is a serious issue in cloud computing. Encryption is the solution for the security in cloud. There are many encryption techniques. Each one has its own merits and demerits. In the case of identity based encryption it is free from security mediator, predefined keys are there, and have the problem of key escrow and certificate revocation. Then the arrival of mediated certificateless scheme eliminates the key escrow problem, and certificate revocation problem. In certificateless encryption scheme, key generation process is divided in between the user and the cloud. In our system data owner encrypt the data using its secret key. Then the data owner encrypt the secret key twice. Hence formed intermediate keys. Then send this encrypted data and intermediate keys to cloud. The cloud partially decrypt the intermediate key and send partially decrypted data and encrypted data to required user. The user decrypt the partialy decrypted data. Then the user will get the required key for decryption. so the user can decrypt it completly.The main advantage of our system is, the data owner can send same data to multiple clients with minimum cost. Keywords: Cloud computing, Certificateless cryptography, Key escrow, Certificate revocation.
A study of SAAS of cloud computing securing methodology against Poodle Attack†are taken for discussion. Cloud –It’s a resource centric technology. So secure it’s a main concern like POODLE (Padding Oracle on Downgraded Legacy Encryption) attack will affect SSL based connection system between client and server which is a serious cost. POODLE will disconnect the SSL connections. In Cloud it’s a open connectivity, over the network we can access the resources for user requirement. Connection Setup, recently everywhere used SSL. So far, Strong Authentication in connection setup, Server side authentication should be in Cloud. For sever side Keystone which is in OPENSTACK, for sever side authentication. So in this paper for mainly for SAAS (Secure As A Service) model for Cloud Environment.
This document provides an introduction to cryptography basics and key terms. It defines important concepts like plaintext, ciphertext, encryption, decryption, and cryptanalysis. It also discusses the goals of cryptography, including providing confidentiality, authentication, non-repudiation, and integrity. Cryptography relies on mathematical algorithms and functions to encrypt and decrypt messages securely.
Security Issues related with cloud computingIJERA Editor
The term CLOUD means Common Location Independent Online Utility on Demand. It‟s an emerging technology in IT industries. Cloud technologies are improving day by day and now it become a need for all small and large scale industries. Companies like Google, Amazon, Microsoft etc. is providing virtualized environment for user by which it omits the need for physical storage and others. But as the advantage of cloud computing is increasing day by day the issues are also threatening the IT industries. These issues related with the security of the data. The basic idea of this review paper is to elaborate the security issues related with cloud computing and what methods are implemented to improve these security. Certain algorithms like RSA, DES, and Ceaser Cipher etc. implemented to improve the security issues. In this paper we have implemented Identity based mRSA algorithm in this paper for improving security of data.
This document is a master's thesis that examines DOM-based cross-site scripting (DOMXSS) attacks. It provides background on DOMXSS, including classifications of sources and sinks. It presents case studies of DOMXSS attacks on real websites. It also discusses prevention and defense against DOMXSS, such as function flow analysis, proper use of filters, and related penetration testing tools. The goal of the thesis is to propose categorizations and a meta-model of DOMXSS, demonstrate case studies, and suggest best practices to address this web application security issue.
International Journal of Engineering and Science Invention (IJESI)inventionjournals
International Journal of Engineering and Science Invention (IJESI) is an international journal intended for professionals and researchers in all fields of computer science and electronics. IJESI publishes research articles and reviews within the whole field Engineering Science and Technology, new teaching methods, assessment, validation and the impact of new technologies and it will continue to provide information on the latest trends and developments in this ever-expanding subject. The publications of papers are selected through double peer reviewed to ensure originality, relevance, and readability. The articles published in our journal can be accessed online
Mediated certificateless cryptosystem for the security of data in public cloudeSAT Journals
Abstract Security is a serious issue in cloud computing. Encryption is the solution for the security in cloud. There are many encryption techniques. Each one has its own merits and demerits. In the case of identity based encryption it is free from security mediator, predefined keys are there, and have the problem of key escrow and certificate revocation. Then the arrival of mediated certificateless scheme eliminates the key escrow problem, and certificate revocation problem. In certificateless encryption scheme, key generation process is divided in between the user and the cloud. In our system data owner encrypt the data using its secret key. Then the data owner encrypt the secret key twice. Hence formed intermediate keys. Then send this encrypted data and intermediate keys to cloud. The cloud partially decrypt the intermediate key and send partially decrypted data and encrypted data to required user. The user decrypt the partialy decrypted data. Then the user will get the required key for decryption. so the user can decrypt it completly.The main advantage of our system is, the data owner can send same data to multiple clients with minimum cost. Keywords: Cloud computing, Certificateless cryptography, Key escrow, Certificate revocation.
A study of SAAS of cloud computing securing methodology against Poodle Attack†are taken for discussion. Cloud –It’s a resource centric technology. So secure it’s a main concern like POODLE (Padding Oracle on Downgraded Legacy Encryption) attack will affect SSL based connection system between client and server which is a serious cost. POODLE will disconnect the SSL connections. In Cloud it’s a open connectivity, over the network we can access the resources for user requirement. Connection Setup, recently everywhere used SSL. So far, Strong Authentication in connection setup, Server side authentication should be in Cloud. For sever side Keystone which is in OPENSTACK, for sever side authentication. So in this paper for mainly for SAAS (Secure As A Service) model for Cloud Environment.
This document provides an introduction to cryptography basics and key terms. It defines important concepts like plaintext, ciphertext, encryption, decryption, and cryptanalysis. It also discusses the goals of cryptography, including providing confidentiality, authentication, non-repudiation, and integrity. Cryptography relies on mathematical algorithms and functions to encrypt and decrypt messages securely.
Security Issues related with cloud computingIJERA Editor
The term CLOUD means Common Location Independent Online Utility on Demand. It‟s an emerging technology in IT industries. Cloud technologies are improving day by day and now it become a need for all small and large scale industries. Companies like Google, Amazon, Microsoft etc. is providing virtualized environment for user by which it omits the need for physical storage and others. But as the advantage of cloud computing is increasing day by day the issues are also threatening the IT industries. These issues related with the security of the data. The basic idea of this review paper is to elaborate the security issues related with cloud computing and what methods are implemented to improve these security. Certain algorithms like RSA, DES, and Ceaser Cipher etc. implemented to improve the security issues. In this paper we have implemented Identity based mRSA algorithm in this paper for improving security of data.
This document is a master's thesis that examines DOM-based cross-site scripting (DOMXSS) attacks. It provides background on DOMXSS, including classifications of sources and sinks. It presents case studies of DOMXSS attacks on real websites. It also discusses prevention and defense against DOMXSS, such as function flow analysis, proper use of filters, and related penetration testing tools. The goal of the thesis is to propose categorizations and a meta-model of DOMXSS, demonstrate case studies, and suggest best practices to address this web application security issue.
In November 2012 High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Novell GroupWise 2012. Details of the vulnerabilities were disclosed in April 2013. This paper demonstrates vulnerability exploitation to execute arbitrary code on the vulnerable system.
Link to publication: https://www.htbridge.com/publications/novell_groupwise_untrusted_pointer_dereference_exploitation.html
This document provides guidance on securing backend applications developed in Java. It discusses SQL injection and other common attacks. It presents vulnerable code examples and explains how to protect against these attacks through the use of prepared statements with parameterized queries, input validation, output encoding, and adopting other secure coding practices. The document is intended to help developers, administrators and testers understand backend security.
This document provides an overview of security in the Java platform, covering topics like the Java language's security features, bytecode verification, the basic security architecture including security providers and file locations, cryptography, public key infrastructure (PKI), authentication, secure communication techniques, access control including permissions and policy, and built-in security providers. It describes the key principles of implementation independence, interoperability, and extensibility that the Java security APIs are designed around.
The document discusses various security issues and mistakes made by users, developers, and organizations. It covers topics like weak security practices, implementation flaws, trusting the wrong things, disclosure of too much information, and the challenges of social engineering. Specific examples are provided around password hashing, encryption, sessions, randomness, and log files to illustrate common mistakes. The overall message is that security is difficult and mistakes are often made due to a lack of understanding, convenience prioritized over security, and misplaced trust. Holistic security involving people, process and technology is advocated for along with constant awareness and mitigation of risks.
KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING IN CLOUDNaseem nisar
1. EASiER proposes an encryption-based access control architecture for social networks that uses attribute-based encryption. It introduces a minimally trusted proxy to enable efficient revocation without reissuing keys.
2. Multi-authority attribute based encryption schemes allow multiple authorities to issue secret keys for attributes. This is useful in applications with attributes managed by different authorities.
3. Existing social network privacy architectures focus on encryption-based access control but do not address efficient revocation of users or attributes. EASiER addresses this issue.
Key aggregate cryptosystem for scalable data sharing in cloud storageMugesh Mukkandan
This document proposes a key-aggregate cryptosystem (KAC) to securely and efficiently share data in cloud storage. KAC allows data owners to generate constant-sized decryption keys that delegate access to any subset of encrypted files, without increasing key size. It describes the existing approaches that encrypt data before uploading but have increasing costs as more decryption keys are shared. The proposed KAC system uses a special public-key encryption technique that produces constant-sized aggregate decryption keys that can decrypt any ciphertext associated with attribute classes contained in the key. It outlines the authentication, encryption, sharing, and decryption modules and concludes that KAC provides a more flexible delegation method compared to hierarchical key assignment.
The document discusses a presentation given by Andrew Kozma on using BackTrack Linux and other tools for penetration testing. It begins by introducing Kozma and his interests in infosec, BackTrack, and Bruce Lee. It then outlines the phases of a penetration test including reconnaissance, vulnerability analysis, exploitation, and reporting. The presentation demonstrates using tools like Recon-ng and the Social Engineering Toolkit to gather intelligence on a target and conduct client-side attacks using malicious websites and Java applets to gain remote access. It discusses using Metasploit payloads and maintaining persistence on compromised systems. The presentation emphasizes the importance of security awareness and defense.
Penetration Testing is the Art of the ManipulationJongWon Kim
This document outlines steps to attack a NASA web server and DNS server as part of a penetration test. It begins with reconnaissance of the web server to identify services, OS, and vulnerabilities. SQL injection is used to extract password hashes from the database. Privilege escalation exploits a file inclusion vulnerability to gain root access. Additional access is maintained through backdoors. The second target, a DNS server, is pivoted to after uploading a Metasploit payload to connect back to the attacker's machine. Information gathering and brute force attacks are then performed.
Key aggregate cryptosystem for scalable data sharing in cloud storage using pairng based cryptography. We used JPBC tool to implement Key Aggregate cryptosystem.
IRJET - A Comprehensive Review on Security Issues and Challenges in Lightweig...IRJET Journal
This document discusses security issues and challenges with lightweight container communication. It begins with an introduction to containers and microservice architecture. It then examines four use cases: 1) defending containers from semi-honest or malicious hosts, 2) protecting containers from applications, 3) protecting the host from containers, and 4) inter-container protection. For each use case, it identifies potential attacks and discusses directions for future research to enhance container security. The key challenges discussed are exploitation of the shared kernel, denial of service attacks, container breakouts, poisoned images, and compromising secrets. The document concludes that containers will be important for cloud computing but security issues need to be addressed.
key aggregate cryptosystem for scalable data sharing in cloudSravan Narra
The document proposes a new key-aggregate cryptosystem (KAC) for secure and efficient data sharing in cloud storage. KAC allows encrypting data under a public key and identifier, and extracting an aggregate secret key from a master secret key. The aggregate key is compact yet provides decryption power for any subset of ciphertexts. This allows flexible delegation of decryption rights by sending a constant-sized aggregate key for sharing encrypted data on cloud storage. Formal security analysis is provided for the cryptosystem in the standard model.
Key aggregate searchable encryption (kase) for group data sharing via cloud s...Pvrtechnologies Nellore
This document describes a proposed cryptosystem for secure and efficient data sharing in cloud storage. It allows a user to encrypt files with different public keys but send a receiver a single constant-size decryption key that gives decryption rights to any set of ciphertexts. This allows flexible sharing of encrypted data while keeping decryption keys compact. The proposed system aims to address disadvantages of existing approaches like unexpected privilege escalation exposing all data or inefficient key sizes. It provides security based on number-theoretic assumptions without relying on servers for access control.
The document proposes a secure client-side deduplication scheme called KeyD that uses identity-based broadcast encryption instead of independent key management to effectively manage convergent keys for deduplication. KeyD ensures data confidentiality and convergent key security while providing ownership privacy. Experimental results show that KeyD achieves better tradeoffs between storage costs, communication overhead, and computation overhead compared to traditional deduplication schemes.
key aggregate cryptosystem for scalable data sharing in cloud storage abstractSanjana Yemajala
This document proposes a key-aggregate cryptosystem (KAC) for securely and flexibly sharing encrypted data in cloud storage. KAC allows a data owner to encrypt files under different class identifiers and generate a single aggregate key encompassing decryption power for any chosen ciphertext class set. This aggregate key can be sent through limited secure channels like email, addressing disadvantages of traditional approaches that require sending many distinct secret keys. The proposed solution could help Alice securely share specific encrypted files on Dropbox with Bob by sending him a single aggregate key.
ENHANCED INTEGRITY AUDITING FOR DYNAMIC AND SECURE GROUP SHARING IN PUBLIC CLOUDIAEME Publication
The challenge faced in public cloud computing is to provide privacy and security to the data shared among the group members. In this paper, an enhanced secure group sharing framework has been proposed. As the cloud has a semi-trust relationship it is in need of a security model so that no classified information is being presented to cloud suppliers and aggressors. Another critical variable in giving protection and security is a periodical evacuation of undesirable records which if not done consistently then, might turn into a piece of enthusiasm for assailants and can be abused. By applying the proxy signature procedure, the grouping pioneer can adequately concede the benefit of grouping administration to one or more grouped individuals.
Key-Aggregate Searchable Encryption (KASE) for Group Data Sharing via Cloud S...1crore projects
IEEE PROJECTS 2015
1 crore projects is a leading Guide for ieee Projects and real time projects Works Provider.
It has been provided Lot of Guidance for Thousands of Students & made them more beneficial in all Technology Training.
Dot Net
DOTNET Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
Java Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
ECE IEEE Projects 2015
1. Matlab project
2. Ns2 project
3. Embedded project
4. Robotics project
Eligibility
Final Year students of
1. BSc (C.S)
2. BCA/B.E(C.S)
3. B.Tech IT
4. BE (C.S)
5. MSc (C.S)
6. MSc (IT)
7. MCA
8. MS (IT)
9. ME(ALL)
10. BE(ECE)(EEE)(E&I)
TECHNOLOGY USED AND FOR TRAINING IN
1. DOT NET
2. C sharp
3. ASP
4. VB
5. SQL SERVER
6. JAVA
7. J2EE
8. STRINGS
9. ORACLE
10. VB dotNET
11. EMBEDDED
12. MAT LAB
13. LAB VIEW
14. Multi Sim
CONTACT US
1 CRORE PROJECTS
Door No: 214/215,2nd Floor,
No. 172, Raahat Plaza, (Shopping Mall) ,Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536
This document summarizes a research paper that proposes a system to detect Distributed Denial of Service (DDoS) attacks on OpenStack cloud servers using XenServer virtualization and select appropriate countermeasures. The system uses Snort for intrusion detection on target virtual machines. When an attack is detected, algorithms generate an ID and select the most severe alert. Another algorithm then chooses the best countermeasure based on the attack type. The full paper provides details on implementation using tools like XenServer, OpenStack, Snort and Metasploit, as well as descriptions of the proposed detection and countermeasure selection algorithms.
Identity based Encryption Utilizing Revocable Capacity of Distributed Computi...ijtsrd
The most versatile and ideal path for sharing the data is delivered by Cloud figuring. Distributed computing consequently brings numerous advantages for the users. However, an issue exists when a user wants to redistribute the important data in cloud. Essentially, it is imperative to put cryptographically expanded admittance control on such data. In this way, empowering crypto graphical crude is expected to fabricate a sensible data sharing framework, i.e., Identity based encryption. The entrance control in this Identity based encryption isnt fixed. For the safety purpose, a component must be actualized where a user is taken out from the framework when his her approval is ended. Subsequently, the user which is taken out cant get to the mutual data any longer. Therefore, the regressive forward unidentified of the ciphertext ought to be given by a methodology which is recognized as revocable storage identity based encryption RS IBE . This methodology familiarizes the utilities of user disavowal and ciphertext update simultaneously. Also, we stretch a fact by fact assembly of RS IBE, which affirms its unknown in the represented security model. The practical and economically perception plan of data distribution is proficient through this RS IBE conspire which takes gigantic compensations of operability and capability. Unquestionably, we stretch implementation outcome of this suggested strategy to decide its opportunity. Midhun Madhu | Feon Jaison "Identity based Encryption Utilizing Revocable Capacity of Distributed Computing in Secure Information" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd35712.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-security/35712/identity-based-encryption-utilizing-revocable-capacity-of-distributed-computing-in-secure-information/midhun-madhu
SSL is an acronym for Secure Sockets Layer. It is a protocol used for authenticating and encrypting web traffic. For web traffic to be authenticated means that your browser is able to verify the identity of the remote server.
In November 2012 High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in Novell GroupWise 2012. Details of the vulnerabilities were disclosed in April 2013. This paper demonstrates vulnerability exploitation to execute arbitrary code on the vulnerable system.
Link to publication: https://www.htbridge.com/publications/novell_groupwise_untrusted_pointer_dereference_exploitation.html
This document provides guidance on securing backend applications developed in Java. It discusses SQL injection and other common attacks. It presents vulnerable code examples and explains how to protect against these attacks through the use of prepared statements with parameterized queries, input validation, output encoding, and adopting other secure coding practices. The document is intended to help developers, administrators and testers understand backend security.
This document provides an overview of security in the Java platform, covering topics like the Java language's security features, bytecode verification, the basic security architecture including security providers and file locations, cryptography, public key infrastructure (PKI), authentication, secure communication techniques, access control including permissions and policy, and built-in security providers. It describes the key principles of implementation independence, interoperability, and extensibility that the Java security APIs are designed around.
The document discusses various security issues and mistakes made by users, developers, and organizations. It covers topics like weak security practices, implementation flaws, trusting the wrong things, disclosure of too much information, and the challenges of social engineering. Specific examples are provided around password hashing, encryption, sessions, randomness, and log files to illustrate common mistakes. The overall message is that security is difficult and mistakes are often made due to a lack of understanding, convenience prioritized over security, and misplaced trust. Holistic security involving people, process and technology is advocated for along with constant awareness and mitigation of risks.
KEY AGGREGATE CRYPTOSYSTEM FOR SCALABLE DATA SHARING IN CLOUDNaseem nisar
1. EASiER proposes an encryption-based access control architecture for social networks that uses attribute-based encryption. It introduces a minimally trusted proxy to enable efficient revocation without reissuing keys.
2. Multi-authority attribute based encryption schemes allow multiple authorities to issue secret keys for attributes. This is useful in applications with attributes managed by different authorities.
3. Existing social network privacy architectures focus on encryption-based access control but do not address efficient revocation of users or attributes. EASiER addresses this issue.
Key aggregate cryptosystem for scalable data sharing in cloud storageMugesh Mukkandan
This document proposes a key-aggregate cryptosystem (KAC) to securely and efficiently share data in cloud storage. KAC allows data owners to generate constant-sized decryption keys that delegate access to any subset of encrypted files, without increasing key size. It describes the existing approaches that encrypt data before uploading but have increasing costs as more decryption keys are shared. The proposed KAC system uses a special public-key encryption technique that produces constant-sized aggregate decryption keys that can decrypt any ciphertext associated with attribute classes contained in the key. It outlines the authentication, encryption, sharing, and decryption modules and concludes that KAC provides a more flexible delegation method compared to hierarchical key assignment.
The document discusses a presentation given by Andrew Kozma on using BackTrack Linux and other tools for penetration testing. It begins by introducing Kozma and his interests in infosec, BackTrack, and Bruce Lee. It then outlines the phases of a penetration test including reconnaissance, vulnerability analysis, exploitation, and reporting. The presentation demonstrates using tools like Recon-ng and the Social Engineering Toolkit to gather intelligence on a target and conduct client-side attacks using malicious websites and Java applets to gain remote access. It discusses using Metasploit payloads and maintaining persistence on compromised systems. The presentation emphasizes the importance of security awareness and defense.
Penetration Testing is the Art of the ManipulationJongWon Kim
This document outlines steps to attack a NASA web server and DNS server as part of a penetration test. It begins with reconnaissance of the web server to identify services, OS, and vulnerabilities. SQL injection is used to extract password hashes from the database. Privilege escalation exploits a file inclusion vulnerability to gain root access. Additional access is maintained through backdoors. The second target, a DNS server, is pivoted to after uploading a Metasploit payload to connect back to the attacker's machine. Information gathering and brute force attacks are then performed.
Key aggregate cryptosystem for scalable data sharing in cloud storage using pairng based cryptography. We used JPBC tool to implement Key Aggregate cryptosystem.
IRJET - A Comprehensive Review on Security Issues and Challenges in Lightweig...IRJET Journal
This document discusses security issues and challenges with lightweight container communication. It begins with an introduction to containers and microservice architecture. It then examines four use cases: 1) defending containers from semi-honest or malicious hosts, 2) protecting containers from applications, 3) protecting the host from containers, and 4) inter-container protection. For each use case, it identifies potential attacks and discusses directions for future research to enhance container security. The key challenges discussed are exploitation of the shared kernel, denial of service attacks, container breakouts, poisoned images, and compromising secrets. The document concludes that containers will be important for cloud computing but security issues need to be addressed.
key aggregate cryptosystem for scalable data sharing in cloudSravan Narra
The document proposes a new key-aggregate cryptosystem (KAC) for secure and efficient data sharing in cloud storage. KAC allows encrypting data under a public key and identifier, and extracting an aggregate secret key from a master secret key. The aggregate key is compact yet provides decryption power for any subset of ciphertexts. This allows flexible delegation of decryption rights by sending a constant-sized aggregate key for sharing encrypted data on cloud storage. Formal security analysis is provided for the cryptosystem in the standard model.
Key aggregate searchable encryption (kase) for group data sharing via cloud s...Pvrtechnologies Nellore
This document describes a proposed cryptosystem for secure and efficient data sharing in cloud storage. It allows a user to encrypt files with different public keys but send a receiver a single constant-size decryption key that gives decryption rights to any set of ciphertexts. This allows flexible sharing of encrypted data while keeping decryption keys compact. The proposed system aims to address disadvantages of existing approaches like unexpected privilege escalation exposing all data or inefficient key sizes. It provides security based on number-theoretic assumptions without relying on servers for access control.
The document proposes a secure client-side deduplication scheme called KeyD that uses identity-based broadcast encryption instead of independent key management to effectively manage convergent keys for deduplication. KeyD ensures data confidentiality and convergent key security while providing ownership privacy. Experimental results show that KeyD achieves better tradeoffs between storage costs, communication overhead, and computation overhead compared to traditional deduplication schemes.
key aggregate cryptosystem for scalable data sharing in cloud storage abstractSanjana Yemajala
This document proposes a key-aggregate cryptosystem (KAC) for securely and flexibly sharing encrypted data in cloud storage. KAC allows a data owner to encrypt files under different class identifiers and generate a single aggregate key encompassing decryption power for any chosen ciphertext class set. This aggregate key can be sent through limited secure channels like email, addressing disadvantages of traditional approaches that require sending many distinct secret keys. The proposed solution could help Alice securely share specific encrypted files on Dropbox with Bob by sending him a single aggregate key.
ENHANCED INTEGRITY AUDITING FOR DYNAMIC AND SECURE GROUP SHARING IN PUBLIC CLOUDIAEME Publication
The challenge faced in public cloud computing is to provide privacy and security to the data shared among the group members. In this paper, an enhanced secure group sharing framework has been proposed. As the cloud has a semi-trust relationship it is in need of a security model so that no classified information is being presented to cloud suppliers and aggressors. Another critical variable in giving protection and security is a periodical evacuation of undesirable records which if not done consistently then, might turn into a piece of enthusiasm for assailants and can be abused. By applying the proxy signature procedure, the grouping pioneer can adequately concede the benefit of grouping administration to one or more grouped individuals.
Key-Aggregate Searchable Encryption (KASE) for Group Data Sharing via Cloud S...1crore projects
IEEE PROJECTS 2015
1 crore projects is a leading Guide for ieee Projects and real time projects Works Provider.
It has been provided Lot of Guidance for Thousands of Students & made them more beneficial in all Technology Training.
Dot Net
DOTNET Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
Java Project Domain list 2015
1. IEEE based on datamining and knowledge engineering
2. IEEE based on mobile computing
3. IEEE based on networking
4. IEEE based on Image processing
5. IEEE based on Multimedia
6. IEEE based on Network security
7. IEEE based on parallel and distributed systems
ECE IEEE Projects 2015
1. Matlab project
2. Ns2 project
3. Embedded project
4. Robotics project
Eligibility
Final Year students of
1. BSc (C.S)
2. BCA/B.E(C.S)
3. B.Tech IT
4. BE (C.S)
5. MSc (C.S)
6. MSc (IT)
7. MCA
8. MS (IT)
9. ME(ALL)
10. BE(ECE)(EEE)(E&I)
TECHNOLOGY USED AND FOR TRAINING IN
1. DOT NET
2. C sharp
3. ASP
4. VB
5. SQL SERVER
6. JAVA
7. J2EE
8. STRINGS
9. ORACLE
10. VB dotNET
11. EMBEDDED
12. MAT LAB
13. LAB VIEW
14. Multi Sim
CONTACT US
1 CRORE PROJECTS
Door No: 214/215,2nd Floor,
No. 172, Raahat Plaza, (Shopping Mall) ,Arcot Road, Vadapalani, Chennai,
Tamin Nadu, INDIA - 600 026
Email id: 1croreprojects@gmail.com
website:1croreprojects.com
Phone : +91 97518 00789 / +91 72999 51536
This document summarizes a research paper that proposes a system to detect Distributed Denial of Service (DDoS) attacks on OpenStack cloud servers using XenServer virtualization and select appropriate countermeasures. The system uses Snort for intrusion detection on target virtual machines. When an attack is detected, algorithms generate an ID and select the most severe alert. Another algorithm then chooses the best countermeasure based on the attack type. The full paper provides details on implementation using tools like XenServer, OpenStack, Snort and Metasploit, as well as descriptions of the proposed detection and countermeasure selection algorithms.
Identity based Encryption Utilizing Revocable Capacity of Distributed Computi...ijtsrd
The most versatile and ideal path for sharing the data is delivered by Cloud figuring. Distributed computing consequently brings numerous advantages for the users. However, an issue exists when a user wants to redistribute the important data in cloud. Essentially, it is imperative to put cryptographically expanded admittance control on such data. In this way, empowering crypto graphical crude is expected to fabricate a sensible data sharing framework, i.e., Identity based encryption. The entrance control in this Identity based encryption isnt fixed. For the safety purpose, a component must be actualized where a user is taken out from the framework when his her approval is ended. Subsequently, the user which is taken out cant get to the mutual data any longer. Therefore, the regressive forward unidentified of the ciphertext ought to be given by a methodology which is recognized as revocable storage identity based encryption RS IBE . This methodology familiarizes the utilities of user disavowal and ciphertext update simultaneously. Also, we stretch a fact by fact assembly of RS IBE, which affirms its unknown in the represented security model. The practical and economically perception plan of data distribution is proficient through this RS IBE conspire which takes gigantic compensations of operability and capability. Unquestionably, we stretch implementation outcome of this suggested strategy to decide its opportunity. Midhun Madhu | Feon Jaison "Identity based Encryption Utilizing Revocable Capacity of Distributed Computing in Secure Information" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd35712.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-security/35712/identity-based-encryption-utilizing-revocable-capacity-of-distributed-computing-in-secure-information/midhun-madhu
SSL is an acronym for Secure Sockets Layer. It is a protocol used for authenticating and encrypting web traffic. For web traffic to be authenticated means that your browser is able to verify the identity of the remote server.
5 string bluegrass banjo photo album slidesharefenderleo2
Taylor Faulring documented the process of completing a 5-string banjo from start to finish over several photos. The photos show laying out the banjo parts, constructing the pot, applying stain to the neck, installing hardware like the tuners and resonator, drilling nut holes, mounting the neck, and finally setting up the completed banjo.
El documento describe la distribución binomial. Explica que 1) en cada prueba de un experimento sólo hay dos resultados posibles, el éxito o el fracaso, 2) el resultado de cada prueba es independiente de los demás, y 3) la distribución binomial se representa por B(n, p), donde n es el número de pruebas y p la probabilidad de éxito.
This slide deck examines new product releases from credit card carriers in our Credit Card Monitor coverage group.
Inside, we provide a rundown of the new products introduced on the firm’s websites during the 2014 year, and highlight their key features.
We are meeting at Erin United Church's Fellowship Room to send a message about climate change and faith. While governments have agreed to limit global warming to 2 degrees Celsius, current trajectories have us on a path to warm by 4 degrees. The meeting highlights solutions like using one hour of sunlight, which equals the Earth's annual energy needs, and biomimicry projects in Zimbabwe. The timing is good as important climate announcements were made just this week. The document encourages letting dreams be bigger than fears, actions louder than words, and faith stronger than feelings, noting that faith involves taking the first step even when the entire path isn't visible.
Two important Iron Age civilizations were the Greeks and Romans. Greek civilization made major contributions to philosophy with thinkers like Socrates, Plato, and Aristotle. They also advanced mathematics, medicine, theatre, history, and sculpture. Roman civilization began along the river Tiber in Italy and was defined by constant war and agriculture. The Romans contributed greatly to art, literature, architecture by building roads, bridges, and aqueducts to transport water across basins. Urban life expanded as trade and artisans became important in Roman cities.
Earthquakes occur when energy stored in the earth is released from a focus point. This energy travels as waves that cause tremors and destruction on the surface. The point where tremors are strongest on the surface is called the epicenter. Scientists use seismographs to measure the magnitude of earthquakes on the Richter scale. The 2001 Bhuj earthquake in Gujarat, India, measured 7.7 on the Richter scale and caused over 13,000 deaths through widespread damage across western Kutch and the destruction of the town of Batchua.
This document discusses the importance of fiber for digestive health. It notes that most Americans do not consume the recommended daily amount of fiber of 25-35 grams. Fiber is found in whole grains, fruits, vegetables, legumes and nuts. One Fiber Advantage Bar contains 8 grams of fiber and can help promote regularity and digestive health. The bar has no artificial ingredients and contains a blend of grains, fruits and vegetables to provide fiber in a tasty and convenient format.
Anderson University will launch a new College of Health Professions in June that will include schools of nursing, human performance, allied health, and physical therapy. The college aims to train competent healthcare professionals to meet regional needs. It will combine related health fields under one college so students can learn from each other. A new physical therapy school is planned for 2018 to address South Carolina's shortage of physical therapists.
MongoDB is a cross-platform document-oriented database that uses JSON-like documents with dynamic schemas, making it easier and faster to integrate data compared to traditional relational databases. It is developed by MongoDB Inc. and is open-source. MongoDB supports features like ad hoc queries, indexing, replication for high availability, automatic load balancing, and horizontal scalability. It is a popular choice for storing large datasets and powering modern applications.
This document provides an overview of tutorials for getting started with the QuizMaker software. It lists 13 tutorial topics that cover publishing quizzes to the web, iSpring Online, and learning management systems, adding different types of questions, and customizing quiz settings and player features. The tutorials range from 1 to 3 minutes in length to guide users through the basics of creating and distributing quizzes with QuizMaker.
This document outlines an agenda and presentation for a session on "Guerilla Learning" at the mlearncon conference in June 2014. The presentation introduces mYouTime, a mobile learning platform that delivers brief multimedia lessons optimized for smartphones and tablets. Examples of how mYouTime has been used in various educational settings are provided. The presentation also discusses concepts like microlearning and argues that learning should be available anywhere, anytime without constraints.
The document introduces an innovative work titled "Innovation 2014" presented by Surumi K. of the Natural Science department. It discusses introducing new ideas, devices, or processes to establish something better and new. The work aims to explain concepts like creativity, imagination, and thinking skills to students in grades 8 and 9 through interactive exhibits and demonstrations to help foster their development.
We aim to exceed expectations through loyalty schemes, expertise in reservations systems, and support in 7 languages. Centrecom offers booking and reservations for airlines, hotels, cars, and packages, with experienced staff providing instant assistance and opportunities to cross-sell and up-sell other products. For more information, contact Centrecom at info@centrecom.eu or +356 2364 4098.
This document is a project submission sheet for a cloud security project completed by students Gaurav Lakhani and Jitendra Kumar Sharma for their M.Sc in Cloud Computing program. It details their approach to securing a hybrid cloud infrastructure consisting of a VMware private cloud and an Amazon Web Services public cloud. Their security implementation involved securing the hypervisor, guest operating systems, network, and public cloud components. They used the AS/NZS 4360 risk management standard and performed various tests using tools like Nmap and Nikto to evaluate the security of the infrastructure and identify any vulnerabilities. Their outcome was a conclusion that both built-in platform security features and third-party tools are needed to fully secure a cloud environment.
The document discusses certificates and alternatives to the hierarchical trust model used for SSL certificates. It describes how SSL works using certificates authorities (CAs) to validate website certificates. Problems are discussed with this approach, including vulnerabilities of the CA system. Alternatives presented include PGP's web of trust model, where users decide who to trust, and the Perspectives browser add-on, which keeps a record of certificate changes to detect attacks. The document advocates for a decentralized trust model rather than relying solely on CAs.
This document discusses security in Java, focusing on cryptography APIs. It provides an overview of security services in Java like the Java Virtual Machine, security manager, and cryptography APIs. It then discusses the Java Cryptography Architecture (JCA) and Java Cryptography Extension (JCE) in more detail, comparing their roles and describing the provider architecture and engine classes. The document also provides code examples demonstrating secret key encryption using the Data Encryption Standard (DES) algorithm.
The document discusses securing symmetric key distribution in a network through implementing identity-based cryptography. It proposes a new security scheme that overcomes limitations of public- and symmetric-key protocols by using a one-way hash function for data authenticity between nodes and a mix of symmetric and public key cryptography for data confidentiality. The scheme guarantees secure communication between in-network nodes using symmetric keys, and secure data delivery between source and sink nodes using public keys. Testing shows the scheme is scalable and provides strong security while maintaining efficiency.
This document discusses SSL/TLS protocols and how to set up your own certificate authority (CA) or use Let's Encrypt for free SSL certificates.
It provides a brief history of SSL and TLS protocols, outlines the key differences between versions, and lists common TLS implementations like OpenSSL. It then explains how to set up your own CA by generating root and intermediate certificates and signing server/client certificates.
Finally, it introduces Let's Encrypt as a free and automated CA that aims to promote SSL security. It explains how Let's Encrypt validates domain ownership and issues certificates to ensure communications are private, integrity is maintained, and parties can be trusted.
White paper - Full SSL automation with OneClickSSLGlobalSign
SSL Automation from application to installation
GlobalSign has designed, developed and patented OneClickSSL™, a revolutionary technology that simplifies the process from SSL application to installation with levels of automation previously considered impossible – eliminating support fees and minimizing time spent supporting customers.
Learn how the OneClickSSL technology works, the deployment options and use cases and how to generate new revenues with OneClickSSL.
This document provides an overview of cryptography and related concepts across 11 pages. It discusses cryptography techniques like symmetric and asymmetric encryption, hashing algorithms, and digital certificates. It also covers public key infrastructure (PKI) components like certificate authorities (CAs), digital signatures, and revocation. Common applications of cryptography like IPsec, SSL, and PGP are also summarized. The document aims to explain fundamental cryptography concepts and how they are applied in various technologies and situations.
This document is a thesis submitted by Thivya Devaraj to the University of Limerick for the degree of Master of Engineering in Information and Network Security. The thesis focuses on Password Authenticated Key Exchange (PAKE) protocols. It includes chapters on literature review of existing PAKE protocols, algorithms used such as RSA, AES, and hashing, an overview of the Encrypted Key Exchange protocol, implementation of a PAKE protocol using Java, results, and conclusions. The document provides background on PAKE protocols and evaluates existing approaches before proposing an implementation.
A NETWORK CODING AND DES BASED DYNAMIC ENCRYPTION SCHEME FOR MOVING TARGET DE...Akhil Kumar Pappula
Data Encryption Standard (DES) was the set up plan of the standard symmetric-key encryption designs. By and by it has
been well ordered supplanted by the triple DES or AES so that the encoder has a greater key space.
The Challenge of Integrating Security Solutions with CI.pdfSavinder Puri
Informational article which will discuss the issues with code signing solutions as they relate to ci/cd workflows (including DIY and HSM solutions).
Targeted Persona: mostly technical decision makers and operational champions (devops/devsecops).
This document discusses using encryption to securely store data in the cloud. It focuses on implementing the Advanced Encryption Standard (AES) algorithm to encrypt data before uploading it to a cloud server. AES is a strong encryption standard that has not been practically cracked. The project aims to create a website that allows users to register, upload encrypted files to the cloud, download and decrypt files using a password, and perform basic calculations on data files. Administrators can view users and files. By encrypting data with AES before storage, the project aims to address security and privacy concerns of cloud computing.
Case Studies and Lessons Learned from SSL/TLS Certificate Verification Vulner...JPCERT Coordination Center
Recently we’ve seen many vulnerabilities related to improper certificate validation. Those vulnerabilities come from developers’ ignorance or misunderstanding of basic knowledge of certificate validation or insufficient testing of validation code. This presentation starts with the basics of the certificate validation process, surveys several vulnerabilities in the real world, and concludes with lessons learned from real-world vulnerabilities.
This is presented on JavaOne2015.
Certificate Pinning in Mobile ApplicationsLuca Bongiorni
The document discusses certificate pinning and provides information on implementing it for Android, iOS, and Windows platforms. It describes certificate pinning as associating a host with an expected certificate or public key to prevent man-in-the-middle attacks. The document outlines pros and cons of certificate pinning, and provides code examples and links to resources for implementing pinning on different mobile platforms.
IRJET - A Novel Approach Implementing Deduplication using Message Locked Encr...IRJET Journal
This document proposes a novel approach to implementing data deduplication on the cloud using message locked encryption. It aims to overcome limitations of existing deduplication techniques like convergent encryption by using erasure code technology, encryption algorithms like DES and MD5 hashing, and tokenization to securely store and protect client data on the cloud. The proposed system gives clients proof of ownership of their data by allowing them to choose who can access their files and see any changes made over time. The system architecture involves a client uploading encrypted data to the cloud, and recipients selected by the client being able to access and retrieve encrypted pieces of the data.
SSL Implementation - IBM MQ - Secure Communications nishchal29
Presenting the basics of SSL/TLS , usage of SSL protocol to secure the IBM MQ channels. Secure Communications between two Queue Managers and various test cases , between an application and Queue Manager , Errors , Certificate Renewal ..
This document provides a high-level summary of a course on secure programming. It discusses whether secure programming is more of an art or a science, and describes different software engineering maturity levels. It also briefly outlines several topics that will be covered in the course, including secure design principles, security requirements, software development processes, and the role of cryptography.
The document provides an overview of the Secure Sockets Layer (SSL) protocol. It discusses SSL's goals of providing confidentiality, integrity, and authentication for network communications. It describes the SSL handshake process, where the client and server authenticate each other and negotiate encryption parameters before transmitting application data. It also discusses SSL applications like securing web traffic and online payments. The document concludes that SSL is vital for web security and ensures user confidentiality and integrity.
Azure Key Vault with a PaaS Architecture and ARM Template DeploymentRoy Kim
This is a presentation I held at a local Azure user group. The session abstract: Azure Key Vault is a tool for securely storing and accessing secrets. We will go through a popular Azure PaaS Architecture pattern using Key Vault to store a password. I will demo and walk through the general configuration of a dedicated Azure Function app, Azure SQL and Key Vault that was deployed with automation. I will then go through fairly advanced techniques and best practices on how to deploy Azure Key Vault and a password secret with ARM templates. Finally, a very brief look at my Azure DevOps Pipeline to deploy the ARM template. You will come away with an understanding of an applied use case of leveraging Azure Key vault for a PaaS solution in better managing a password secret.
A Review on Key-Aggregate Cryptosystem for Climbable Knowledge Sharing in Clo...Editor IJCATR
The Data sharing is an important functionality in cloud storage. In this article, we show how to securely, efficiently, and
flexibly share data with others in cloud storage. We describe new public-key cryptosystems which produce constant-size ciphertexts
such that efficient delegation of decryption rights for any set of ciphertexts are possible. The novelty is that one can aggregate any set
of secret keys and make them as compact as a single key, but encompassing the power of all the keys being aggregated. In other
words, the secret key holder can release a constant-size aggregate key for flexible choices of ciphertext set in cloud storage, but the
other encrypted files outside the set remain confidential. This compact aggregate key can be conveniently sent to others or be stored in
a smart card with very limited secure storage. We provide formal security analysis of our schemes in the standard model. We also
describe other application of our schemes. In particular, our schemes give the first public-key patient controlled encryption for flexible
hierarchy, which was yet to be known.
The document discusses how to programmatically make URL requests in Java. It covers using the URL and URLConnection classes to (1) parse URLs, (2) retrieve URL contents by opening connections or streams, and (3) get header information. It also provides examples of how to fake GET and POST form submissions by encoding parameters and sending requests via URLConnection.
Servlets are Java programs that run on a web server and generate dynamic web page content. Servlets receive HTTP requests and return HTTP responses. They provide an interface between web clients and web servers. Key points:
- Servlets run on web servers like Tomcat and handle HTTP requests/responses dynamically.
- They extend the HttpServlet class and implement doGet() and/or doPost() methods to process requests.
- Servlets can access request parameters, headers, cookies and generate HTML responses by setting headers and writing to the response.
- Servlets are configured in the web server and mapped to URLs to handle requests for those URLs dynamically.
Cookies allow servers to store and retrieve information on the client side. Servers send cookies in HTTP responses and browsers send the cookie back with subsequent requests. There are two main methods for managing sessions between clients and servers - using session cookies or URL rewriting. With session cookies, the server embeds a session ID in a cookie it sends to the client, and the client sends the cookie back on future requests to identify the session. With URL rewriting, the server encodes the session ID directly into the URLs of links and redirects. The session data itself is stored server-side and associated with the client via the session ID.
The document discusses cryptography functions like secret key encryption, public key encryption, and message digests. It also discusses security services like privacy, authentication, and integrity. Cryptography algorithms are used to provide these security services. Secret key encryption uses a single key for encryption and decryption while public key encryption uses separate public and private keys. Message digests are used to verify integrity through cryptographic checksums.
Remote Method Invocation (RMI) allows programmers to execute remote functions and calls using the same semantics as local function calls. RMI uses stubs and skeletons, where the stub acts as a proxy for the remote object on the client side and the skeleton receives the calls on the server side. To use RMI, an interface must be defined and implemented on the server, stub and skeleton classes are generated, the remote object is registered with an RMI registry, and then clients can look up and invoke methods on the remote object.
The document discusses Java Database Connectivity (JDBC) and how it allows Java code to execute SQL statements inside relational databases. It covers the JDBC API and how it provides a standard interface to different databases. It also discusses the JDBC-ODBC bridge which allows Java code to access databases via ODBC. The document provides an example of JDBC code to connect to a database, execute a query, and access the result set. It discusses using connection pooling and JNDI lookups in J2EE applications to connect to databases.
The JavaMail API allows Java applications to send and receive email. It includes core classes like Session, Message, Transport, and Store. A Session represents a mail session with an email server. Messages can be composed and sent using Transport, and email can be retrieved from mailboxes using Store and Folder classes. The API supports authentication, sending attachments, and receiving notifications about mail events.
TCP sockets allow for communication between applications over the internet. A server creates a ServerSocket to listen for incoming connections on a specific port. When a client connects, the server accepts the connection to get a Socket. Both client and server then obtain input and output streams from the Socket to send and receive data. The connection is closed once communication is complete. Multithreading allows servers to handle multiple clients concurrently by spawning a new thread for each connection.
1. TCP provides connection-oriented and reliable byte-stream communication between applications over IP networks. It uses flow control and congestion control to ensure reliable data delivery.
2. A TCP connection is established through a 3-way handshake where the client and server exchange SYN and ACK packets to synchronize sequence numbers and establish the connection.
3. Data is transferred in segments containing sequence numbers. ACKs confirm received segments and allow out-of-order delivery. Buffers store unacknowledged data.
4. Connections close through an orderly shutdown with FIN packets from each end acknowledging the other's end of data, followed by a TIME_WAIT state to detect lost ACKs.
The document discusses Java UDP sockets and networking. It explains how to use the InetAddress class to represent IP addresses, and the DatagramSocket and DatagramPacket classes to send and receive UDP datagrams. It provides code examples for both client and server implementations of UDP networking in Java using these classes.
Java Server Faces (JSF) is a Java web development framework that provides reusable UI components and a component-based MVC architecture. Key aspects of JSF include:
- Clean separation of behavior and presentation using a component-based MVC model.
- Standard UI components and events tied to server-side code.
- Typical JSF applications include JavaBeans for state/behavior, event-driven development, and JSP view pages that reference a component tree.
The example JSF calculator application demonstrates:
1) Configuring the Faces servlet and managed beans.
2) Developing a model class and controller to mediate between the view and model.
3) Creating
Beans are commonly used to represent HTML form data. A bean class defines properties that correspond to form fields and get/set methods to access these properties. When a form is submitted, a bean is instantiated and its properties are set from the form data using setProperty. The bean properties can then be accessed as needed, such as to perform calculations or display the data on a response page. This follows the MVC pattern with the bean representing the model, the JSP pages representing the view, and a controller handling form submission and forwarding requests.
The document provides an overview of the Java Persistence API (JPA). It describes JPA as an API for managing Plain Old Java Objects (POJOs) and mapping their state and relationships to a relational database. It discusses key JPA concepts like entities, the entity manager, queries, object-relational mapping, and common annotations.
This document provides examples and explanations of different types of Enterprise JavaBeans (EJBs), including stateless session beans, stateful session beans, entity beans, and container-managed persistence. It describes the home and remote interfaces, bean classes, required bean methods, and example client code for each EJB type. It also discusses entity bean mappings, characteristics, and how they represent persistent data stored in a database. Finally, it briefly outlines the multitiered J2EE application model and database connection pooling techniques.
CORBA allows for cross-platform communication between software components. It uses an Object Request Broker (ORB) to connect client objects to server objects across a network. Interfaces are defined using the Interface Definition Language (IDL) and compiled to generate stubs and skeletons in various programming languages. Clients locate objects by querying a naming service, then call methods on remote objects using the stubs.
This document provides an introduction to AJAX and guides the reader through four steps to make a basic AJAX request: 1) Create an XMLHttpRequest object to make HTTP requests, 2) Set up the request and handle the response, 3) Make a simple request to an HTML file and display the response, 4) Make a request to an XML file and parse the response using DOM methods.
Enterprise JavaBeans (EJBs) are reusable software components that can represent either data (entity beans) or business logic (session beans). EJBs provide benefits like transaction management, security, and the ability to be deployed on application servers. There are different types of session beans, including stateful and stateless, and entity beans can use either bean-managed or container-managed persistence to access a database. To use an EJB, a client first locates its home interface using JNDI and then calls methods on the home interface to access the bean.
1. Using JSSE for secure socket
communication
Presented by developerWorks, your source for great tutorials
ibm.com/developerWorks
Table of Contents
If you're viewing this document online, you can click any of the topics below to link directly to that section.
1. About this tutorial....................................................... 2
2. The Java Cryptography Architecture................................ 4
3. Whiteboard: An example application................................ 7
4. Key management ...................................................... 11
5. Using JSSE sockets ................................................... 15
6. Wrapup and resources ................................................ 20
Using JSSE for secure socket communication Page 1 of 22
2. ibm.com/developerWorks Presented by developerWorks, your source for great tutorials
Section 1. About this tutorial
What is this tutorial about?
This tutorial explains the use of the Java Secure Socket Extension (JSSE) packages included
in JDK 1.4. The complexity of using JSSE is not in the communication itself, but rather in the
configuration. Before you can run your client/server software, you must create the keys needed
by the encryption algorithms, and these keys must be properly loaded by your software before
it can create secure sockets.
This tutorial provides cookbook-style instructions for creating and installing JSSE encryption
keys in a client/server application environment. When you have completed this tutorial, you will
know how to easily convert any existing client/server application to use encryption, as well as
how to create a secure application from scratch.
Prerequisites
To follow the discussion in this tutorial, you need to know a few things about the Java
language, starting with the basics of Java programming in a client/server environment (that is,
working with classes, objects, threads, and so on). Because stream and socket communication
is central to our discussion, you need to know how to use streams and sockets. In particular,
you should know what a stream is and what it is used for. You should know how to create a
Socket and a ServerSocket, how to get streams from each, and how to communicate using
those streams. You also should know how to create and compile a .java file using the JDK or
an IDE.
Two developerWorks tutorials, "Java sockets 101" and "Introduction to Java I/O," both
accessible from Resources on page 20 , provide useful background information.
You do not need to know anything about encryption technology to complete this tutorial. While
a comprehensive overview of encryption is beyond the scope of the discussion here, you will
be given the information you need to create secure client/server connections within your
applications.
Installation requirements
To run the examples in this tutorial, you need the following tools and components:
• JDK 1.4 from Sun Microsystems
• A development environment -- either an IDE or a suitable command-shell
• A computer on which you can run an Internet server
See Resources on page 20 to download the JDK 1.4 and complete source files necessary for
the completion of this tutorial.
Page 2 of 22 Using JSSE for secure socket communication
3. Presented by developerWorks, your source for great tutorials ibm.com/developerWorks
About the author
Greg Travis is a freelance programmer living in New York City. His interest in computers can
probably be traced back to that episode of The Bionic Woman where Jamie runs around trying
to escape a building whose lights and doors are controlled by an evil artificial intelligence that
mocks her through loudspeakers. Greg is a devout believer in the idea that, when a computer
program works, it's a complete coincidence. He can be reached at mito@panix.com.
Using JSSE for secure socket communication Page 3 of 22
4. ibm.com/developerWorks Presented by developerWorks, your source for great tutorials
Section 2. The Java Cryptography Architecture
Overview
The Java platform's security and encryption features have grown tremendously over the last
few years. The JDK 1.4 (a.k.a. Merlin) release now comes bundled with many security-related
packages, including the Java Cryptography Extension (JCE), the Java Secure Socket
Extension (JSSE), and the Java Authentication and Authorization Service (JAAS). All of these
components are pieces of the Java Cryptography Architecture (JCA), as illustrated in the figure
below:
In this tutorial we'll mostly be working with the JSSE component of the JCA.
The JCA and JSSE
One of the most important features of JCA is that it doesn't rely on any one particular
encryption algorithm. Each well-known encryption algorithm has its advantages and
disadvantages, and new ones are being developed all the time. The JCA allows new
algorithms to be plugged in as they are developed. It uses the concept of the cryptographic
service provider (CSP), which is something like a security plug-in. A CSP supplies the
implementation of a particular algorithm. JDK 1.4 comes bundled with CSPs, including the
SunJSSE, that provide many standard algorithms; altogether, these are sufficient for most
uses.
JSSE provides secure socket communication for the Java 2 platform. More precisely, it
implements Secure Socket Layer (SSL) and Transport Layer Security (TLS), two standardized
protocols for implementing secure communications over the Internet. Both SSL and TLS rely
on public-key cryptography , which is described in the next panel.
Public-key cryptography
Page 4 of 22 Using JSSE for secure socket communication
5. Presented by developerWorks, your source for great tutorials ibm.com/developerWorks
One problem with many cryptographic algorithms is that they require the distribution of shared
keys. A password is a good example of a shared key. The problem with shared keys is that
they must be shared between communicating entities before secure communication can start.
The sharing process, however, can be vulnerable to eavesdropping, which leads to a
chicken-and-egg problem: before we can exchange data securely, we must first exchange
secret keys securely.
This problem was solved in 1976 by Whitfield Diffie and Martin Hellman, with the creation of
public key cryptography. In the Diffie-Hellman public-key system each communicating party
holds a pair of keys -- one public and one private. The private key is known only to the
communicating party, while the public key can be given to anyone. Data encrypted using one
of the keys can only be decrypted with the other.
Thus, if you want to create a message to be read only by a particular party, you use their
public key to make the encryption, and they then use their private key to decrypt the message.
Likewise, if you encrypt a message with your private key, then anyone who has a copy of your
public key can use it to decrypt the message. This assures the person on the receiving end
that the message came from you and not someone else, since only you have your private key.
A message that you have encrypted in this way bears your digital signature.
Certificates and certificate authority
A certificate is a public key that has been digitally signed by a trusted party in order to prove
that it is a valid public key. This trusted party is called a certification authority (CA). In a sense,
the CA provides a testimonial that the public key really does belong to the person who owns it.
You can use commercial CAs for a fee, or you can create your own -- it all depends on how
much authority you want to wield when proving your identity in the digital realm. If an entity
signs its own public key, it's called a self-signed certificate . We use self-signed certificates
throughout this tutorial.
SSL and TLS
As previously mentioned, the JSSE framework, along with the SunJSSE provider, implements
the SSL and TLS protocol suites -- TLS being really just the newest version of SSL.
SSL uses public-key cryptography to exchange a set of shared keys, and then uses standard
shared-key encryption to exchange data. The shared keys are used both for encrypting the
data (making it unreadable by others) and for authenticating the data (ensuring that it hasn't
come from an impostor).
The SSL handshake protocol
Using JSSE for secure socket communication Page 5 of 22
6. ibm.com/developerWorks Presented by developerWorks, your source for great tutorials
Before data can be sent across an SSL connection, the two ends must negotiate and
exchange key information. This is called the handshake protocol. We won't go into much detail
about the handshake protocol here, because it isn't necessary for our purposes. For our
purposes, you need to know that the handshake involves the following steps:
1. The server sends its certificate to the client and the client verifies the server certificate.
2. The client sends its certificate to the server and the server verifies the client certificate.
3. The client encrypts password information with the server's public key and sends it to the
server. This password information is used by each end of the connection to generate
identical secret keys, which will then be used to transmit data.
Client authentication (Step 2) is optional: the server can request that the client provide its
certificate, but it is not required to make such a request. We will be using client authentication
in our example.
Now that you have a basic understanding of the infrastructure of JCA and JSSE under your
belt, we can move on to the more active part of the tutorial: working with a live example.
Page 6 of 22 Using JSSE for secure socket communication
7. Presented by developerWorks, your source for great tutorials ibm.com/developerWorks
Section 3. Whiteboard: An example application
Overview
To demonstrate how JSSE works in the real world, we're going to employ a simple distributed
whiteboard system. The whiteboard is a program that lets users write text messages onto a
blank canvas. These text messages then appear on the canvases of other users who are
connected to the same whiteboard server. This allows people in different locations to
communicate.
Because we're more interested in the security aspects of this program than in the whiteboard
functionality itself, we'll keep the application very simple. Our whiteboard will allow users to
create text messages, but it will not allow them to delete messages. Mostly, we'll just pay
attention to how the whiteboard implements JSSE, thus ensuring that messages can be
securely sent between users.
In this section we discuss the basic structure of the whiteboard and how it implements JSSE.
In the next section, we'll begin working directly with the code for the whiteboard application.
Using the whiteboard
The figure below illustrates the simple whiteboard we'll be working with. Each client's
messages are shown in a different color.
The distributed whiteboard showing messages sent by different users
In the following two figures, you see two whiteboard client windows. Imagine that each of these
windows is running on a different machine. The first user has clicked somewhere in his window
and typed a message, but he has not yet pressed Return.
Using JSSE for secure socket communication Page 7 of 22
8. ibm.com/developerWorks Presented by developerWorks, your source for great tutorials
The first user is typing a message and has not yet The second user therefore has not received a
pressed return. yet.
Now, imagine the first user presses Return, which causes his message to show up in the
window of the second user. The second user then sends a response, as illustrated in the two
figures below.
The first user has pressed return and sent a message, The second user received the first user's mess
and then received a response from the second user. and then sent a response.
Each user sees his own text in black; other users' text appears in different colors assigned by
the server.
The client/server structure
Page 8 of 22 Using JSSE for secure socket communication
9. Presented by developerWorks, your source for great tutorials ibm.com/developerWorks
On the server side of the whiteboard application, we have a class called Server. This class
listens for incoming connections on a specified port. Each time a connection comes in, the
Server creates a ConnectionProcessor to process the connection. Processing a
connection means receiving text messages and sending them back out to other clients. The
Server gives each client one ConnectionProcessor.
When a client first starts up, it initiates a connection to the server. The client keeps this
connection open throughout the whiteboard session. Each text message is sent along this
connection.
The figure below illustrates the client/server processes for the whiteboard application.
Key files
As we already discussed, the whiteboard uses JSSE, and JSSE implements the SSL and TLS
protocols. These protocols use public-key encryption to ensure the privacy of messages sent
over the Internet. In a public-key encryption system, both clients and server must have a pair
of keys, one public and one private. Before our whiteboard can even begin to mediate
messages between users, we must generate these keys.
Once the keys have been generated, we'll provide the client side a file containing its public and
private keys. It will also have a copy of the server's public key certificate. Keys are stored in a
specially formatted file called a keystore.
The following table describes the keystore files we'll be using.
Keystore file What it contains Where it goes
client.private The client's public/private key pair Client side
server.public The server's public key certificate Client side
server.private The server's public/private key pair Server side
Using JSSE for secure socket communication Page 9 of 22
10. ibm.com/developerWorks Presented by developerWorks, your source for great tutorials
client.public The client public key certificate Server side
Key protection
The server also has a file containing its own public and private keys, as well as the client's
public key certificate. Recall that public keys can be given out freely -- there's no need to hide
them from any other party.
It is important that each end of the client/server connection has only the key files it needs to
work properly. In particular, it's important that only the server has a copy of its own private key.
In the wrong hands, this key could do much damage, since it would essentially allow a
malicious entity to cloak itself under the server's identity.
Now that you have an idea of how the whiteboard is put together, we can begin working more
directly with each of its components. In the next section, you'll learn how to generate and
manage public/private key pairs in a client/server system.
Page 10 of 22 Using JSSE for secure socket communication
11. Presented by developerWorks, your source for great tutorials ibm.com/developerWorks
Section 4. Key management
Overview
Key generation and manipulation is performed with the keytool program, which is included with
the JSSE packages in JDK 1.4. keytool can be used for a variety of purposes. Here, we'll be
using it to create public/private key pairs, and to extract the public key certificates from these
pairs and place them in their own files.
Generating a key pair
The following keytool command is used to generate a new public/private key pair:
keytool -genkey -keystore [filename]
When you run this command, you will be asked a series of questions. These questions
concern you as an entity (your name, organization, and the like). The information you provide
will be used to create a self-signed certificate that associates the information with a public key
and testifies to the authenticity of the association. You will also be asked to enter passwords
for the keystore and, optionally, passwords for the key pair you are creating.
Working from the command line
Below is a complete command that generates a public/private key pair and specifies all the
required entity information without asking you any questions about your identity; that
information is provided directly on the command line. The table that follows explains each
option in the command.
keytool -genkey -alias clientprivate -keystore client.private
-storetype JKS -keyalg rsa -dname "CN=Your Name, OU=Your
Organizational Unit, O=Your Organization, L=Your City, S=Your State,
C=Your Country" -storepass clientpw -keypass clientpw
Option What it means
-genkey Tells keytool to generate a key pair.
-alias clientprivate Identifies the new key pair within the keystore.
-keystore client.private Uses the file client.private as the keystore.
-storetype JKS Declares the type of the keystore. JKS is the default.
-keyalg rsa Declares the algorithm to be used; we're using the RSA public key
algorithm, which is the default.
-dname "CN=Your Name..." Provides information about the entity owning the key pair.
Using JSSE for secure socket communication Page 11 of 22
12. ibm.com/developerWorks Presented by developerWorks, your source for great tutorials
-storepass clientpw Specifies the password for the entire keystore.
-keypass clientpw Specifies the password for the new key pair.
Client and server key pairs
The first step in the preparation of our algorithm is to generate a public/private key pair for the
client and another pair for the server. The following command will generate the file
client.private, which is the key pair for the client:
keytool -genkey -alias clientprivate -keystore client.private
-storetype JKS -keyalg rsa -dname "CN=Your Name, OU=Your
Organizational Unit, O=Your Organization, L=Your City, S=Your State,
C=Your Country" -storepass clientpw -keypass clientpw
And here is the command to generate the file server.private, which is the key pair for the
server:
keytool -genkey -alias serverprivate -keystore server.private
-storetype JKS -keyalg rsa -dname "CN=Your Name, OU=Your
Organizational Unit, O=Your Organization, L=Your City, S=Your State,
C=Your Country" -storepass serverpw -keypass serverpw
As mentioned in the panel Key files on page 9 , the private client and server key files need to
be installed in specific places. The client.private file is installed on the client side; the
server.private file is installed on the server side.
Extracting public keys
The next step is to extract the public keys so they can be installed with the client and server.
Specifically, the client-side software must have the public key of the server side, and vice
versa.
To get the public keys, we extract them from the client.private and server.private files and
place them in temporary files. Then, we insert them into their own keystores, called
client.public and server.public, respectively.
The temporary key file, temp.key, is used to hold each of the public keys, temporarily, while it
is being copied from the private keystore to the public keystore -- for example, from
client.private to client.public. After completing the export/import procedure, you'll want to
remove the temp.key from the current directory.
Export/import commands
Page 12 of 22 Using JSSE for secure socket communication
13. Presented by developerWorks, your source for great tutorials ibm.com/developerWorks
We'll use the keytool -export command to extract the public key into a file, and then use
the keytool -import command to insert it into a new keystore. Here's the command to
extract the client's public key:
keytool -export -alias clientprivate -keystore client.private -file
temp.key -storepass clientpw
And here's the command to insert the client's private key into its own keystore:
keytool -import -noprompt -alias clientpublic -keystore client.public
-file temp.key -storepass public
We'll also extract and store the server's public key. Here's the command to extract the key:
keytool -export -alias serverprivate -keystore server.private -file
temp.key -storepass serverpw
And here's the command to place it in its own keystore:
keytool -import -noprompt -alias serverpublic -keystore server.public
-file temp.key -storepass public
The script generatekeys.sh (for UNIX) and generatekeys.bat (for DOS or Microsoft Windows)
automatically generates the client and server key files for you and cleans up any temporary
files. See Resources on page 20 to download the script.
Installing the files
Before we move on to the next section, it's important to make sure that the key files are
installed properly on the client and server ends. The following files should be installed on the
client side:
• Client.class
• Client$1.class
• Client$2.class
• Client$ClientCanvas.class
• Posting.class
• client.private
• server.public
And these files should be installed on the server side:
• Server.class
Using JSSE for secure socket communication Page 13 of 22
14. ibm.com/developerWorks Presented by developerWorks, your source for great tutorials
• Posting.class
• ConnectionProcessor.class
• client.public
• server.private
With the public/private key pairs properly installed on our client and server systems, we're
ready to begin using the whiteboard application to exchange messages. In the next section,
we'll examine the code for the whiteboard application itself.
Page 14 of 22 Using JSSE for secure socket communication
15. Presented by developerWorks, your source for great tutorials ibm.com/developerWorks
Section 5. Using JSSE sockets
Overview
Our whiteboard is a client/server application that uses sockets to communicate with the server.
Because we want our communications to be private, we'll be using JSSE secure sockets
instead of regular sockets. Secure sockets are used the same way that regular sockets are,
except that they transparently encrypt any data that passes through them.
Before we get into how JSSE creates and manages secure connections, we should review
how regular, nonsecure connections are initiated and accepted.
Nonsecure sockets: A review
The following code fragment is typical for initiating a socket connection. This example creates
a new Socket connection to port port at the remote computer host:
Socket socket = new Socket( host, port );
Similarly, the following code demonstrates how we listen for incoming connections. This
example creates a ServerSocket listening on port port, and then enters an infinite loop,
accepting and processing incoming connections:
ServerSocket serverSocket = new ServerSocket( port );
while (true) {
Socket socket = serverSocket.accept();
doSomethingWithNewConnection( socket );
}
Secure sockets work in a very similar manner, but before we can implement them for our
example we must complete several steps. We'll go over these steps in the panels that follow.
Connection setup
To initiate a secure socket connection to a remote server, we must carry out the following
steps:
1. Create a SecureRandom, a source of secure random numbers. Secure random numbers
are numbers that are random enough that they will not make the encryption vulnerable to
attack.
2. Create a KeyStore object containing the remote server's public key. This is read from
server.public.
Using JSSE for secure socket communication Page 15 of 22
16. ibm.com/developerWorks Presented by developerWorks, your source for great tutorials
3. Create a KeyStore object containing the client's public/private key pair, including its public
key certificate. This is read from client.private.
4. Create a TrustManagerFactory from the remote server's KeyStore. This is used to
authenticate the remote server.
5. Create a KeyManagerFactory from the client's KeyStore. This is used for encrypting and
decrypting data.
6. Create an SSLContext object, using the KeyManagerFactory, the
TrustManagerFactory, and the SecureRandom.
7. Use the SSLContext to create an SSLSocketFactory.
8. Use the SSLSocketFactory to create an SSLSocket, which acts just like a regular
Socket, except that it is secure.
Listening setup
To listen for incoming connections, we must carry out a similar set of steps:
1. Create a SecureRandom, a source of secure random numbers.
2. Create a KeyStore object containing the remote client's public key. This is read from
client.public.
3. Create a KeyStore object containing the server's public/private key pair, including its public
key certificate. This is read from server.private.
4. Create a TrustManagerFactory from the remote client's KeyStore. This is used to
authenticate the remote client.
5. Create a KeyManagerFactory from the server's KeyStore. This is used for encrypting
and decrypting data.
6. Create an SSLContext object, using the KeyManagerFactory, the
TrustManagerFactory, and the SecureRandom.
7. Use the SSLContext to create an SSLServerSocketFactory.
8. Use the SSLServerSocketFactory to create an SSLServerSocket, which acts just like
Page 16 of 22 Using JSSE for secure socket communication
17. Presented by developerWorks, your source for great tutorials ibm.com/developerWorks
a regular ServerSocket, except that it is secure.
9. Call the accept() method of the SSLServerSocket to wait for an incoming connection.
It's all pretty complicated, but the process is the same each time, so it makes sense to follow
along and see how it all works. In the panels that follow, we'll walk through the code that
carries out these steps. We'll examine only the client-side process in detail, because the
server-side process is nearly the same. Afterwards, we'll note the differences between the two
sides.
Creating a SecureRandom
Creating a SecureRandom object is easy; just use the following lines in your code:
secureRandom = new SecureRandom();
secureRandom.nextInt();
The first line actually creates the SecureRandom. Creating a SecureRandom takes a lot of
computation, and this computation may not be executed until it's actually used. By calling the
nextInt() method here, we get the creation process going and ensure the delay will happen
at the start of the program, not later when it might inconvenience us.
Creating keystores
Next, we need to create some KeyStore objects. We create an empty KeyStore using the
static method KeyStore.getInstance(), and initialize it using its load() method, as
illustrated below:
private void setupServerKeystore()
throws GeneralSecurityException, IOException {
serverKeyStore = KeyStore.getInstance( "JKS" );
serverKeyStore.load( new FileInputStream( "server.public" ),
passphrase.toCharArray() );
}
Note that we've created a KeyStore of type "JKS"; this is the standard keystore format used
in JCA.
Reading keystores
In the previous panel, we read the key information from server.public, which contains the
server side's public key. We also need to read the client key pair from client.private, as shown
here:
Using JSSE for secure socket communication Page 17 of 22
18. ibm.com/developerWorks Presented by developerWorks, your source for great tutorials
private void setupClientKeyStore()
throws GeneralSecurityException, IOException {
clientKeyStore = KeyStore.getInstance( "JKS" );
clientKeyStore.load( new FileInputStream( "client.private" ),
"public".toCharArray() );
}
Setting up factories
The next step is to use the KeyStore objects we've created to initialize key and trust manager
factories. We'll create a TrustManagerFactory from the server keystore; this will be used to
authenticate (that is, begin to trust) the remote server:
TrustManagerFactory tmf = TrustManagerFactory.getInstance( "SunX509" );
tmf.init( serverKeyStore );
Note that the TrustManagerFactory is of type "SunX509"; 509 is the name of the
certification protocol we're using throughout this program. In the second code line, the
TrustManagerFactory is loaded with the server's keystore.
We must also create a KeyManagerFactory from the client's KeyStore, as shown below:
KeyManagerFactory kmf = KeyManagerFactory.getInstance( "SunX509" );
kmf.init( clientKeyStore, passphrase.toCharArray() );
Creating an SSLContext
We're getting close to finalizing our secure socket setup, so stay with me! The next step is to
create an SSLContext. An SSLContext contains all the key and certificate information we've
mentioned so far, and is used to create an SSLSocketFactory, which in turn creates secure
sockets.
Once you've created an SSLContext at the start of an application, you can use it for each
connection you need to make, as long as each connection uses the same keys.
To create an SSLContext, we use our factories and the SecureRandom, as shown here:
sslContext = SSLContext.getInstance( "TLS" );
sslContext.init( kmf.getKeyManagers(),
tmf.getTrustManagers(),
secureRandom );
Note that we've created an SSLContext of type "TLS". As you suspect, this stands for
Transport Layer Security, which is the new name for the Secure Sockets Layer, or SSL. We
then initialize it with the TrustManagerFactory and KeyManagerFactory objects we
Page 18 of 22 Using JSSE for secure socket communication
19. Presented by developerWorks, your source for great tutorials ibm.com/developerWorks
created a few steps back.
Establishing a connection
We're at the last step. All the work we've done so far has given us an SSLContext, which
we're going to use to make a connection to a remote machine, as shown in the code sample
below:
SSLSocketFactory sf = sslContext.getSocketFactory();
SSLSocket socket = (SSLSocket)sf.createSocket( host, port );
We've just made a secure connection to port port on the machine host.
Server-side setup
Setting up the server side is more or less the same as setting up the client side, so we won't go
over it in detail. Of course, the server reads its key information from client.public and
server.private, rather than from server.public and client.private.
In addition, the code to carry out the final step (establishing a connection) is a little different for
the server side, as shown here:
SSLServerSocketFactory sf = sslContext.getServerSocketFactory();
SSLServerSocket ss = (SSLServerSocket)sf.createServerSocket( port );
ss.setNeedClientAuth( true );
Note that we called SSLServerSocket.setNeedClientAuth(). This is the server call
indicating that the client should authenticate itself. Client applications do not authenticate
themselves by default, so you must make this call if you want client authentication to be part of
the handshaking process.
Using JSSE for secure socket communication Page 19 of 22
20. ibm.com/developerWorks Presented by developerWorks, your source for great tutorials
Section 6. Wrapup and resources
Tying it all together
In this tutorial we've focused on the most complex aspect of using JSSE: properly configuring
and installing the client and server key pairs. We talked briefly about the new Java
Cryptography Architecture, but mostly focused on the use of key pairs for secure encryption,
as implemented by JSSE. We used a very simple whiteboard example to make the discussion
in the tutorial more concrete, going over each step necessary to generate key pairs, properly
install them, and initiate a secure, socket-based client/server connection.
You can find the complete code source for the whiteboard example in Resources on page 20 .
Build on what you've learned here by studying that code source and paying close attention to
the steps outlined in the previous section. You may also want to practice what you've learned,
and expand upon it, with the suggested exercise in the next panel. Whatever you do, be sure
to use what you've learned here when it comes time to develop your next secure socket-based
application.
Further exercises: Using a CA
In our whiteboard example, we've assumed that you have control over both the client-side and
server-side installations. In other configurations, this isn't the case. For example, Web servers
can be used with just about any Web browser, and the people who install the Web server
software have nothing to do with those who install browser software. For this reason, Web
servers and other public-protocol servers use third-party certification authorities to provide key
certificates.
Instruction for using these systems is beyond the scope of this tutorial, but each one generally
provides its own detailed instructions. In many cases, you can request a free certificate which
can be used for testing purposes -- this lets you "try before you buy." See Resources on page 20
for links to third-party certification authorities.
Resources
• Download jsse-source.zip, the code source for the examples and scripts used in this tutorial.
• Download the JDK 1.4 (http://java.sun.com/j2se/1.4/download.html) from Sun Microsystems.
• Read the installation instructions for JSSE 1.0.2
(http://java.sun.com/products/jsse/INSTALL.html), an extension to the Java 2 platform.
• The Sans Institute offers a good introduction to the history of public-key (Diffie-Hellman)
cryptography (http://rr.sans.org/encryption/diffie.php).
Page 20 of 22 Using JSSE for secure socket communication
21. Presented by developerWorks, your source for great tutorials ibm.com/developerWorks
• The IEEE maintains a page documenting specifications for public-key cryptography
(http://grouper.ieee.org/groups/1363/).
• Verisign, an IBM affiliate, is a major third-party provider of SSL certificates
(http://www.verisign.com/products/site/index.html).
• Thawte, another major provider of SSL certificates, will let you try before you buy
(http://www.thawte.com/).
• Sun Microsystems's Security enhancements for the Java 2 SDK, Standard Edition v1.4
(http://java.sun.com/j2se/1.4/docs/guide/security/) describes the security features included in
JDK 1.4.
• Read Sun's guide to the Java Cryptography Extension (http://java.sun.com/products/jce/) to
find out more about JCE.
• The Java Secure Socket Extension (JSSE) Reference Guide
(http://java.sun.com/j2se/1.4/docs/guide/security/jsse/JSSERefGuide.html) provides a
comprehensive guide to JSSE.
• For more hands-on learning about sockets programming for the Java platform, take the
"Java sockets 101" tutorial by Roy Miller and Adam Williams (developerWorks, August 2001,
http://www-106.ibm.com/developerworks/education/r-jsock.html).
• For details on streams, check out the tutorial Introduction to Java I/O by IBM Learning
Services (developerWorks, April 2000,
http://www-106.ibm.com/developerworks/education/r-jio.html). Note that this tutorial is not
based on Java 1.4.
• The JDK 1.4 tutorial, also by Greg Travis, includes a chapter on JSSE (Manning
Publications, May 2002,
http://www.amazon.com/exec/obidos/ASIN/1930110456/103-2127487-6951840).
• To learn more about socket programming, read Java Network Programming : A Complete
Guide to Networking, Streams, and Distributed Computing, by Merlin Hughes, Michael
Shoffner, Derek Hamner, and Conrad Hughes (Manning Publications, 1999,
http://www.amazon.com/exec/obidos/ASIN/188477749X/qid=1016060142/sr=8-1/
ref=sr_8_71_1/103-2127487-6951840).
• Another good resource for learning about socket programming and security is Java Network
Programming, by Elliotte Rusty Harold (O'Reilly and Associates, 2000,
http://www.amazon.com/exec/obidos/ASIN/1565928709/103-2127487-6951840).
Using JSSE for secure socket communication Page 21 of 22
22. ibm.com/developerWorks Presented by developerWorks, your source for great tutorials
• If you need to learn more about security on the Java 2 platform, see Professional Java
Security, by Jess Garms and Daniel Somerfield (Wrox Press, 2001,
http://www.amazon.com/exec/obidos/ASIN/1861004257/103-2127487-6951840).
• The whitepaper "Security in a Web services world" (developerWorks, April 2002,
http://www-106.ibm.com/developerworks/library/ws-secmap/) discusses the new joint
IBM-Microsoft proposal for integrated, standardized security on Web services architectures;
the proposal includes a provision for the use of public-key technology.
• The IBM Zurich Research Lab (http://www.zurich.ibm.com/csc/infosec/) has a long history in
the study and implementation of security systems, especially in the area of cryptography.
Feedback
Please let us know whether this tutorial was helpful to you and how we could make it better.
We'd also like to hear about other tutorial topics you'd like to see covered. Thanks!
Colophon
This tutorial was written entirely in XML, using the developerWorks Toot-O-Matic tutorial
generator. The open source Toot-O-Matic tool is an XSLT stylesheet and several XSLT
extension functions that convert an XML file into a number of HTML pages, a zip file, JPEG
heading graphics, and two PDF files. Our ability to generate multiple text and binary formats
from a single source file illustrates the power and flexibility of XML. (It also saves our
production team a great deal of time and effort.)
You can get the source code for the Toot-O-Matic at
www6.software.ibm.com/dl/devworks/dw-tootomatic-p. The tutorial Building tutorials with the
Toot-O-Matic demonstrates how to use the Toot-O-Matic to create your own tutorials.
developerWorks also hosts a forum devoted to the Toot-O-Matic; it's available at
www-105.ibm.com/developerworks/xml_df.nsf/AllViewTemplate?OpenForm&RestrictToCategory=11.
We'd love to know what you think about the tool.
Page 22 of 22 Using JSSE for secure socket communication