SlideShare ist ein Scribd-Unternehmen logo

Security via Java

Als PPT, PDF herunterladen
Bahaa Zaid
Bahaa Zaid

This document provides an introduction to security concepts like cryptography, digital signatures, and Java security. It discusses symmetric and public key cryptography, hash functions, and digital signatures. It also describes Java security APIs for cryptography, access control, and PKI. Examples are given for cryptographic operations in Java like encrypting/decrypting data, signing/verifying signatures, and working with key stores. The document also discusses XML signature standards and implementations.

TechnologieBildung
1 von 37
By Bahaa Zaid bzaid@arxict.com
Agenda  Introduction to Security  Java Security  XML Security  WS-Security
Introduction to Security  Cryptography  Symmetric-Key Cryptography  Public-Key Cryptography  Public Key Infrastructure  Cryptographic Hash Function  Digital Signature
Cryptography  Is the practice and study of hiding information  Encryption is the process of transforming information (plaintext) using an algorithm (cipher) to make it unreadable to anyone (ciphertext) except those possessing special knowledge (key).  Decryption is to make the encrypted information readable again.
Symmetric-Key Cryptography  Symmetric-key cryptography refers to encryption methods in which both the sender and receiver share the same key. This was the only kind of encryption publicly known until June 1976.  Examples are DES, 3DES, Blowfish, RC4…
Symmetric-Key Cryptography Plaintext CiphertextCipher PlaintextCiphertext Cipher
Public-Key Cryptography  Public-Key Cryptography, also known as Asymmetric Cryptography, is a form of cryptography in which the key used to encrypt a message differs from the key used to decrypt it. In public key cryptography, a user has a pair of cryptographic keys—a Public Key and a Private Key.  Examples are RSA and ElGamal.
Public-Key Cryptography  A big random number is used to create a key pair. When the keys have been made the big random number is thrown away. Without knowledge of the random number it should be "impossible" to create the private key from the public key.
Public-Key Cryptography  A message encrypted with a recipient's public key cannot be decrypted by anyone except the recipient possessing the corresponding private key.
Public Key Infrastructure  Public Key Infrastructure (PKI) is an arrangement that binds public keys with respective user identities by means of a Certificate Authority (CA).  CA is an example of Trusted Third Party (TTP).  A CA is an entity which issues Public Key Certificate for use by other parties.
Public Key Infrastructure  The most common certificate standard is the ITU-T X.509.  A Public Key Certificate is an electronic document which incorporates a Digital Signature to bind together a public key with an identity — information such as the name of a person or an organization, their address, and so forth.  A Public Key Certificate is the Public Key of an individual added to it his/her Identity and signed by a CA.  The certificate can be used to verify that a Public Key belongs to an individual .
Public Key Infrastructure  A Certificate Chain is a sequence of certificates, where each certificate in the chain is signed by the subsequent certificate. The last certificate in the chain is normally a self-signed Certificate - a certificate that signs itself (Root Certificate).  It’s an example of Chain Of Trust. CA Cert (Root Cert) signs Company CA signs App Cert signs
Cryptographic Hash Function  A Cryptographic Hash Function is an algorithm that takes an arbitrary block of data and returns a fixed- size bit string, the Hash Value or Message Digest, such that an accidental or intentional change to the data will almost certainly change the Hash Value.  Examples are MD5, SHA-1 and SHA-256.  Applications are Message Integrity Verification, Digital Signatures, …
Cryptographic Hash Function  The ideal hash function has four main properties:  It is easy to compute the hash for any given data,  It is extremely difficult to construct a text that has a given hash,  It is extremely difficult to modify a given text without changing its hash, and  It is extremely unlikely that two different messages will have the same hash.
Digital Signature  For messages sent through an insecure channel, a properly implemented Digital Signature gives the receiver reason to believe the message was sent by the claimed sender.  Digital Signature gives both Authentication and Integrity.
Digital Signature
Java Security  Sun’s website says: “Java security technology includes a large set of APIs, tools, and implementations of commonly used security algorithms, mechanisms, and protocols. The Java security APIs span a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control.”  Platform Security is built-in language security features enforced by the Java compiler and virtual machine for example Bytecode verification, Secure class loading .
Java Security  Access Control is a comprehensive policy and permissions API that allows the developer to create and administer applications requiring fine-grained access to security- sensitive resources.  Java includes APIs for Cryptography , Secure Communications (e.g. TLS) and PKI.  Java Security is Extensible i.e. Java provide the interfaces and the implementation is provided by a Security Provider, JRE has a default provider (SUN provider).
Unlimited Strength Policy Files  By default, JRE is restricted to a particular Encryption Algorithms and Key Lengths (Strong Encryption).  This restriction is in place so that the JRE and Java Applications that use Encryption can be freely imported by countries whose government restrict the use of Cryptography.  There are no restrictions in Egypt. So, you can download the Unlimited Strength Policy Files from Sun’s website and install it to enable unlimited encryption.
Example: Computing The Hash of a byte[] MessageDigest msgDigest = MessageDigest.getInstance("MD5"); msgDigest.update(plainText); //byte[] byte[] digest = msgDigest.digest();
Example: Private Key Crypto KeyGenerator keyGen = KeyGenerator.getInstance("DES"); keyGen.init(56); Key key = keyGen.generateKey(); … Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, key); byte[] cipherText = cipher.doFinal(plainText); … cipher.init(Cipher.DECRYPT_MODE, key); byte[] newPlainText = cipher.doFinal(cipherText);
Example: Public Key Crypto KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); keyGen.initialize(1024); KeyPair key = keyGen.generateKeyPair(); … Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(Cipher.ENCRYPT_MODE, key.getPublic()); byte[] cipherText = cipher.doFinal(plainText); … cipher.init(Cipher.DECRYPT_MODE, key.getPrivate()); byte[] newPlainText = cipher.doFinal(cipherText);
Example: Digital Signature KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); keyGen.initialize(1024); KeyPair key = keyGen.generateKeyPair(); … Signature sig = Signature.getInstance("MD5WithRSA"); sig.initSign(key.getPrivate()); sig.update(plainText); byte[] signature = sig.sign(); … sig.initVerify(key.getPublic()); sig.update(plainText); if (sig.verify(signature)) {…}
Example: Accessing Key Stores // Creating new one KeyStore keyStore = KeyStore.getInstance("PKCS12"); keyStore.load(null, null); … // Opening Existing one KeyStore keyStore = KeyStore.getInstance("PKCS12"); keyStore.load(new FileInputStream(filename), "password".toCharArray()); … // Adding Entry keyStore.setKeyEntry( "somealias",privateKey, "password".toCharArray(), new Certificate[] {myCert, caCert}); …
Example: Accessing Key Stores // Get entries X509Certificate cert = (X509Certificate) keyStore.getCertificate(“alias"); PrivateKey key = (PrivateKey) keyStore.getKey( “alias", “password".toCharArray()); … // Saving to file keyStore.store(new FileOutputStream(filename), “password”.toCharArray());
Serializing a Key Key key = …; // PrivateKey or PublicKey byte[] encodedKey = key.getEncoded(); … X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encodedKey); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PublicKey theKey = keyFactory.generatePublic(keySpec); // or PrivateKey theKey = keyFactory.generatePrivate(keySpec);
Serializing a Certificate X509Certificate cert = …; byte[] encCert = cert.getEncoded(); … ByteArrayInputStream inputStream = new ByteArrayInputStream(encCert); CertificateFactory factory = CertificateFactory.getInstance("X.509"); X509Certificate theCert = (X509Certificate) factory.generateCertificate(inputStream);
Example: Generating a Certificate  Standard Java does not have an X509Certificate generation API  BouncyCastle has a class for generating X509Certificate instance org.bouncycastle.x509.X509V3CertificateGenerator
Example: Generating a Certificate X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); X500Principal myPrincipal = new X500Principal("CN=Duke, OU=ArxICT, O=Arx, C=EG" ); certGen.setSubjectDN(myPrincipal); certGen.setIssuerDN(myPrincipal); // Self signed certGen.setNotBefore(new Date(…)); certGen.setNotAfter(new Date(…)); certGen.setPublicKey(publicKey); // Cert Public Key certGen.setSignatureAlgorithm("SHA1withRSA"); certGen.setSerialNumber(generateMySerialNumber()); X509Certificate cert = certGen.generateX509Certificate(privateKey);
XML Signature  XML Signature (also called XMLDsig, XML-DSig, XML-Sig) is a W3C recommendation that defines an XML syntax for digital signatures.  An XML signature used to sign a resource outside its containing XML document is called a detached signature;  If it is used to sign some part of its containing document, it is called an enveloped signature;  If it contains the signed data within itself it is called an enveloping signature.
XML Signature XML Resource XML Signature Signed Data XML Resource XML Signature Signed XML Element XML Resource XML Signature 1 Signed XML Element XML Signature 2 Detached Enveloping Enveloped
XML Signature  Implementation:  Apache XML Security (santuario)  Standard XML Digital Signature API (JDK 6), also implemented in Apache XML Security for pre-6 JDKs
XML Signature <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC- xml-c14n-20010315"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa- sha1"/> <Reference URI="#MsgBody"> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>W3aSreOicBECRBLSJnchq448fjU=</DigestValue> </Reference> </SignedInfo> <SignatureValue>hG…=</SignatureValue> <KeyInfo> <SecurityTokenReference xmlns="http://schemas.xmlsoap.org/ws/2002/04/secext"> <Reference URI="X509Token"/> </SecurityTokenReference> </KeyInfo> </Signature>
XML Signature // Init the factory String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI"); XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM“, (Provider)Class.forName(providerName).newInstance()); DOMValidateContext valContext = new DOMValidateContext(new SimpleKeySelector(merchantPublicKey), nodeList.item(0)); XMLSignature signature = fac.unmarshalXMLSignature(valContext); boolean coreValidity = signature.validate(valContext);
XML Signature class SimpleKeySelector extends KeySelector { private PublicKey publicKey; public SimpleKeySelector(PublicKey publicKey) { this.publicKey = publicKey; } public KeySelectorResult select(KeyInfo keyInfo, Purpose purpose, AlgorithmMethod method, XMLCryptoContext context) throws KeySelectorException { return new SimpleKeySelectorResult(publicKey); } private static class SimpleKeySelectorResult implements KeySelectorResult { private PublicKey publicKey; SimpleKeySelectorResult(PublicKey pk) { this.publicKey = pk; } public Key getKey() { return publicKey; } } }
References  http://www.wikipedia.org  http://java.sun.com/javase/technologies/security/  http://java.sun.com/security/reference/docs/index.html
More Resources  http://www.ibm.com/developerworks/edu/j-dw- javasec1-i.html  http://www.ibm.com/developerworks/edu/j-dw- javasec2-i.html

Empfohlen

Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Michel Schudel
 
Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Michel Schudel
 
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Michel Schudel
 
Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Torsten Lodderstedt
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security RecommendationsNextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security RecommendationsTorsten Lodderstedt
 
Using JSON Web Tokens for REST Authentication
Using JSON Web Tokens for REST Authentication Using JSON Web Tokens for REST Authentication
Using JSON Web Tokens for REST Authentication Mediacurrent
 
Blockchain a-new-disruption-in-financial-servies - IBM
Blockchain a-new-disruption-in-financial-servies - IBMBlockchain a-new-disruption-in-financial-servies - IBM
Blockchain a-new-disruption-in-financial-servies - IBMDiego Alberto Tamayo
 
Rich Authorization Requests
Rich Authorization RequestsRich Authorization Requests
Rich Authorization RequestsTorsten Lodderstedt
 

Empfohlen

Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Cryptography 101 for Java Developers - Devoxx 2019
Cryptography 101 for Java Developers - Devoxx 2019Michel Schudel
 
Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Cryptography 101 for_java_developers, Fall 2019
Cryptography 101 for_java_developers, Fall 2019Michel Schudel
 
Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Cryptography 101 for Java Developers - JavaZone2019
Cryptography 101 for Java Developers - JavaZone2019Michel Schudel
 
Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Comprehensive overview FAPI 1 and FAPI 2
Comprehensive overview FAPI 1 and FAPI 2Torsten Lodderstedt
 
NextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security RecommendationsNextGenPSD2 OAuth SCA Mode Security Recommendations
NextGenPSD2 OAuth SCA Mode Security RecommendationsTorsten Lodderstedt
 
Using JSON Web Tokens for REST Authentication
Using JSON Web Tokens for REST Authentication Using JSON Web Tokens for REST Authentication
Using JSON Web Tokens for REST Authentication Mediacurrent
 
Blockchain a-new-disruption-in-financial-servies - IBM
Blockchain a-new-disruption-in-financial-servies - IBMBlockchain a-new-disruption-in-financial-servies - IBM
Blockchain a-new-disruption-in-financial-servies - IBMDiego Alberto Tamayo
 
Rich Authorization Requests
Rich Authorization RequestsRich Authorization Requests
Rich Authorization RequestsTorsten Lodderstedt
 
CIS14: Developing with OAuth and OIDC Connect
CIS14: Developing with OAuth and OIDC ConnectCIS14: Developing with OAuth and OIDC Connect
CIS14: Developing with OAuth and OIDC ConnectCloudIDSummit
 
Pushed Authorization Requests
Pushed Authorization RequestsPushed Authorization Requests
Pushed Authorization RequestsTorsten Lodderstedt
 
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan GeorgeHyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan GeorgeSSIMeetup
 
Cordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + CordaCordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + CordaVasiliy Suvorov
 
Cargo Cult Security at OpenWest
Cargo Cult Security at OpenWestCargo Cult Security at OpenWest
Cargo Cult Security at OpenWestDerrick Isaacson
 
DDS-Security Interoperability Demo - March 2018
DDS-Security Interoperability Demo - March 2018DDS-Security Interoperability Demo - March 2018
DDS-Security Interoperability Demo - March 2018Gerardo Pardo-Castellote
 
Blockchain Introduction
Blockchain IntroductionBlockchain Introduction
Blockchain IntroductionNur Aini Rakhmawati Gunawan
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in BangladeshBangladesh Network Operators Group
 
Javascript Object Signing & Encryption
Javascript Object Signing & EncryptionJavascript Object Signing & Encryption
Javascript Object Signing & EncryptionAaron Zauner
 
Crypography in c#
Crypography in c#Crypography in c#
Crypography in c#Manu Cohen-Yashar
 
FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2
FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2
FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2FIWARE
 
Bruno Lowagie (iText) #cfoconferenz
Bruno Lowagie (iText) #cfoconferenzBruno Lowagie (iText) #cfoconferenz
Bruno Lowagie (iText) #cfoconferenzFDMagazine
 
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenOAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenCodemotion
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewInformation Security Awareness Group
 
Blockchain Fundamentals
Blockchain FundamentalsBlockchain Fundamentals
Blockchain FundamentalsBruno Lowagie
 
Module 21 (cryptography)
Module 21 (cryptography)Module 21 (cryptography)
Module 21 (cryptography)Wail Hassan
 
The JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteThe JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteTwobo Technologies
 
Data Modeling with NGSI, NGSI-LD
Data Modeling with NGSI, NGSI-LDData Modeling with NGSI, NGSI-LD
Data Modeling with NGSI, NGSI-LDFernando Lopez Aguilar
 
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsWeb Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsSecuRing
 
Pki and OpenSSL
Pki and OpenSSLPki and OpenSSL
Pki and OpenSSLTony Fabeen
 
Deep dive into Java security architecture
Deep dive into Java security architectureDeep dive into Java security architecture
Deep dive into Java security architecturePrabath Siriwardena
 
Java Security Manager Reloaded - Devoxx 2014
Java Security Manager Reloaded - Devoxx 2014Java Security Manager Reloaded - Devoxx 2014
Java Security Manager Reloaded - Devoxx 2014Josef Cacek
 

Weitere ähnliche Inhalte

Was ist angesagt?

CIS14: Developing with OAuth and OIDC Connect
CIS14: Developing with OAuth and OIDC ConnectCIS14: Developing with OAuth and OIDC Connect
CIS14: Developing with OAuth and OIDC ConnectCloudIDSummit
 
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan GeorgeHyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan GeorgeSSIMeetup
 
Cordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + CordaCordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + CordaVasiliy Suvorov
 
Cargo Cult Security at OpenWest
Cargo Cult Security at OpenWestCargo Cult Security at OpenWest
Cargo Cult Security at OpenWestDerrick Isaacson
 
DDS-Security Interoperability Demo - March 2018
DDS-Security Interoperability Demo - March 2018DDS-Security Interoperability Demo - March 2018
DDS-Security Interoperability Demo - March 2018Gerardo Pardo-Castellote
 
Javascript Object Signing & Encryption
Javascript Object Signing & EncryptionJavascript Object Signing & Encryption
Javascript Object Signing & EncryptionAaron Zauner
 
FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2
FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2
FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2FIWARE
 
Bruno Lowagie (iText) #cfoconferenz
Bruno Lowagie (iText) #cfoconferenzBruno Lowagie (iText) #cfoconferenz
Bruno Lowagie (iText) #cfoconferenzFDMagazine
 
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenOAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenCodemotion
 
Blockchain Fundamentals
Blockchain FundamentalsBlockchain Fundamentals
Blockchain FundamentalsBruno Lowagie
 
Module 21 (cryptography)
Module 21 (cryptography)Module 21 (cryptography)
Module 21 (cryptography)Wail Hassan
 
The JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteThe JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteTwobo Technologies
 
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsWeb Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsSecuRing
 

Was ist angesagt? (20)

CIS14: Developing with OAuth and OIDC Connect
CIS14: Developing with OAuth and OIDC ConnectCIS14: Developing with OAuth and OIDC Connect
CIS14: Developing with OAuth and OIDC Connect
 
Pushed Authorization Requests
Pushed Authorization RequestsPushed Authorization Requests
Pushed Authorization Requests
 
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan GeorgeHyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
Hyperledger Aries: Open Source Interoperable Identity Solution – Nathan George
 
Cordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + CordaCordacon 2018 - Cordentity - Hyperledger Indy + Corda
Cordacon 2018 - Cordentity - Hyperledger Indy + Corda
 
Cargo Cult Security at OpenWest
Cargo Cult Security at OpenWestCargo Cult Security at OpenWest
Cargo Cult Security at OpenWest
 
DDS-Security Interoperability Demo - March 2018
DDS-Security Interoperability Demo - March 2018DDS-Security Interoperability Demo - March 2018
DDS-Security Interoperability Demo - March 2018
 
Blockchain Introduction
Blockchain IntroductionBlockchain Introduction
Blockchain Introduction
 
PKI Industry growth in Bangladesh
PKI Industry growth in BangladeshPKI Industry growth in Bangladesh
PKI Industry growth in Bangladesh
 
Javascript Object Signing & Encryption
Javascript Object Signing & EncryptionJavascript Object Signing & Encryption
Javascript Object Signing & Encryption
 
Crypography in c#
Crypography in c#Crypography in c#
Crypography in c#
 
FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2
FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2
FIWARE Global Summit - NGSI-LD – an Evolution from NGSIv2
 
Bruno Lowagie (iText) #cfoconferenz
Bruno Lowagie (iText) #cfoconferenzBruno Lowagie (iText) #cfoconferenz
Bruno Lowagie (iText) #cfoconferenz
 
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenOAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
 
Marco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overviewMarco Casassa Mont: Pki overview
Marco Casassa Mont: Pki overview
 
Blockchain Fundamentals
Blockchain FundamentalsBlockchain Fundamentals
Blockchain Fundamentals
 
Module 21 (cryptography)
Module 21 (cryptography)Module 21 (cryptography)
Module 21 (cryptography)
 
The JSON-based Identity Protocol Suite
The JSON-based Identity Protocol SuiteThe JSON-based Identity Protocol Suite
The JSON-based Identity Protocol Suite
 
Data Modeling with NGSI, NGSI-LD
Data Modeling with NGSI, NGSI-LDData Modeling with NGSI, NGSI-LD
Data Modeling with NGSI, NGSI-LD
 
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsWeb Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
 
Pki and OpenSSL
Pki and OpenSSLPki and OpenSSL
Pki and OpenSSL
 

Andere mochten auch

Deep dive into Java security architecture
Deep dive into Java security architectureDeep dive into Java security architecture
Deep dive into Java security architecturePrabath Siriwardena
 
Java Security Manager Reloaded - Devoxx 2014
Java Security Manager Reloaded - Devoxx 2014Java Security Manager Reloaded - Devoxx 2014
Java Security Manager Reloaded - Devoxx 2014Josef Cacek
 
Java security in the real world (Ryan Sciampacone)
Java security in the real world (Ryan Sciampacone)Java security in the real world (Ryan Sciampacone)
Java security in the real world (Ryan Sciampacone)Chris Bailey
 
Página web y blog
Página web y blogPágina web y blog
Página web y blogKaroll Cruz
 
3. planning in situational calculas
3. planning in situational calculas3. planning in situational calculas
3. planning in situational calculasAnkush Kumar
 
Rest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.jsRest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.jsCarol McDonald
 
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)Martin Toshev
 
Bio-metric Security System
Bio-metric Security System Bio-metric Security System
Bio-metric Security System Sadan Khan
 
Spring Security
Spring SecuritySpring Security
Spring SecurityBoy Tech
 
Bio-Metric Technology
Bio-Metric TechnologyBio-Metric Technology
Bio-Metric Technologyshyampariyar
 
The Present Future of OAuth
The Present Future of OAuthThe Present Future of OAuth
The Present Future of OAuthMichael Bleigh
 
AADHAAR (BIO METRIC IDENTIFICATION NUMBER ) BASED VEHICLE LICENSE PLATE
AADHAAR (BIO METRIC IDENTIFICATION NUMBER ) BASED VEHICLE LICENSE PLATEAADHAAR (BIO METRIC IDENTIFICATION NUMBER ) BASED VEHICLE LICENSE PLATE
AADHAAR (BIO METRIC IDENTIFICATION NUMBER ) BASED VEHICLE LICENSE PLATETUSHAR GUHA
 
Java Security Manager Reloaded - jOpenSpace Lightning Talk
Java Security Manager Reloaded - jOpenSpace Lightning TalkJava Security Manager Reloaded - jOpenSpace Lightning Talk
Java Security Manager Reloaded - jOpenSpace Lightning TalkJosef Cacek
 

Andere mochten auch (20)

Deep dive into Java security architecture
Deep dive into Java security architectureDeep dive into Java security architecture
Deep dive into Java security architecture
 
Java Security Manager Reloaded - Devoxx 2014
Java Security Manager Reloaded - Devoxx 2014Java Security Manager Reloaded - Devoxx 2014
Java Security Manager Reloaded - Devoxx 2014
 
Java security
Java securityJava security
Java security
 
Java security in the real world (Ryan Sciampacone)
Java security in the real world (Ryan Sciampacone)Java security in the real world (Ryan Sciampacone)
Java security in the real world (Ryan Sciampacone)
 
Java Security
Java SecurityJava Security
Java Security
 
Página web y blog
Página web y blogPágina web y blog
Página web y blog
 
3. planning in situational calculas
3. planning in situational calculas3. planning in situational calculas
3. planning in situational calculas
 
415212 415212
415212 415212415212 415212
415212 415212
 
Rest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.jsRest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.js
 
Bn1005 demo ppt core java
Bn1005 demo ppt core javaBn1005 demo ppt core java
Bn1005 demo ppt core java
 
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
Security Architecture of the Java Platform (BG OUG, Plovdiv, 13.06.2015)
 
Fingerprint Biometrics
Fingerprint BiometricsFingerprint Biometrics
Fingerprint Biometrics
 
Bio-metric Security System
Bio-metric Security System Bio-metric Security System
Bio-metric Security System
 
Spring Security
Spring SecuritySpring Security
Spring Security
 
Bio-Metric Technology
Bio-Metric TechnologyBio-Metric Technology
Bio-Metric Technology
 
The Present Future of OAuth
The Present Future of OAuthThe Present Future of OAuth
The Present Future of OAuth
 
Spring Security 3
Spring Security 3Spring Security 3
Spring Security 3
 
AADHAAR (BIO METRIC IDENTIFICATION NUMBER ) BASED VEHICLE LICENSE PLATE
AADHAAR (BIO METRIC IDENTIFICATION NUMBER ) BASED VEHICLE LICENSE PLATEAADHAAR (BIO METRIC IDENTIFICATION NUMBER ) BASED VEHICLE LICENSE PLATE
AADHAAR (BIO METRIC IDENTIFICATION NUMBER ) BASED VEHICLE LICENSE PLATE
 
Java Security Manager Reloaded - jOpenSpace Lightning Talk
Java Security Manager Reloaded - jOpenSpace Lightning TalkJava Security Manager Reloaded - jOpenSpace Lightning Talk
Java Security Manager Reloaded - jOpenSpace Lightning Talk
 
Spring Security
Spring SecuritySpring Security
Spring Security
 

Ähnlich wie Security via Java

SSL Implementation - IBM MQ - Secure Communications
SSL Implementation - IBM MQ - Secure Communications SSL Implementation - IBM MQ - Secure Communications
SSL Implementation - IBM MQ - Secure Communications nishchal29
 
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSecure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSylvain Maret
 
Basic Cryptography unit 4 CSS
Basic Cryptography unit 4 CSSBasic Cryptography unit 4 CSS
Basic Cryptography unit 4 CSSSURBHI SAROHA
 
The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...Kimberly Thomas
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructurevimal kumar
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vandaVanda KANY
 
Chapter 08
Chapter 08Chapter 08
Chapter 08cclay3
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Mukesh Chinta
 
Certificates and Web of Trust
Certificates and Web of TrustCertificates and Web of Trust
Certificates and Web of TrustYousof Alsatom
 
DEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menace
DEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menaceDEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menace
DEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menaceFelipe Prado
 
15 intro to ssl certificate &amp; pki concept
15 intro to ssl certificate &amp; pki concept15 intro to ssl certificate &amp; pki concept
15 intro to ssl certificate &amp; pki conceptMostafa El Lathy
 
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génératione-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere générationSylvain Maret
 
Java Cert Pki
Java Cert PkiJava Cert Pki
Java Cert Pkiphanleson
 
Grid security seminar mohit modi
Grid security seminar mohit modiGrid security seminar mohit modi
Grid security seminar mohit modiMohit Modi
 

Ähnlich wie Security via Java (20)

SSL Implementation - IBM MQ - Secure Communications
SSL Implementation - IBM MQ - Secure Communications SSL Implementation - IBM MQ - Secure Communications
SSL Implementation - IBM MQ - Secure Communications
 
Encryption in Cryptography
Encryption in CryptographyEncryption in Cryptography
Encryption in Cryptography
 
Jdbc 6
Jdbc 6Jdbc 6
Jdbc 6
 
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSecure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
 
Basic Cryptography unit 4 CSS
Basic Cryptography unit 4 CSSBasic Cryptography unit 4 CSS
Basic Cryptography unit 4 CSS
 
The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...The Time-Consuming Task Of Preparing A Data Set For...
The Time-Consuming Task Of Preparing A Data Set For...
 
public key infrastructure
public key infrastructurepublic key infrastructure
public key infrastructure
 
Secure 3 kany-vanda
Secure 3 kany-vandaSecure 3 kany-vanda
Secure 3 kany-vanda
 
Chapter 08
Chapter 08Chapter 08
Chapter 08
 
Java Crypto
Java CryptoJava Crypto
Java Crypto
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
 
Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5Cisco cybersecurity essentials chapter -5
Cisco cybersecurity essentials chapter -5
 
Certificates and Web of Trust
Certificates and Web of TrustCertificates and Web of Trust
Certificates and Web of Trust
 
DEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menace
DEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menaceDEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menace
DEF CON 27 - ALVARO MUNOZ / OLEKSANDR MIROSH - sso wars the token menace
 
15 intro to ssl certificate &amp; pki concept
15 intro to ssl certificate &amp; pki concept15 intro to ssl certificate &amp; pki concept
15 intro to ssl certificate &amp; pki concept
 
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génératione-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
 
Encryption by fastech
Encryption by fastechEncryption by fastech
Encryption by fastech
 
Java Cert Pki
Java Cert PkiJava Cert Pki
Java Cert Pki
 
Web cryptography javascript
Web cryptography javascriptWeb cryptography javascript
Web cryptography javascript
 
Grid security seminar mohit modi
Grid security seminar mohit modiGrid security seminar mohit modi
Grid security seminar mohit modi
 

Kürzlich hochgeladen

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 

Kürzlich hochgeladen (20)

Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 

Security via Java

  • 2. Agenda  Introduction to Security  Java Security  XML Security  WS-Security
  • 3. Introduction to Security  Cryptography  Symmetric-Key Cryptography  Public-Key Cryptography  Public Key Infrastructure  Cryptographic Hash Function  Digital Signature
  • 4. Cryptography  Is the practice and study of hiding information  Encryption is the process of transforming information (plaintext) using an algorithm (cipher) to make it unreadable to anyone (ciphertext) except those possessing special knowledge (key).  Decryption is to make the encrypted information readable again.
  • 5. Symmetric-Key Cryptography  Symmetric-key cryptography refers to encryption methods in which both the sender and receiver share the same key. This was the only kind of encryption publicly known until June 1976.  Examples are DES, 3DES, Blowfish, RC4…
  • 7. Public-Key Cryptography  Public-Key Cryptography, also known as Asymmetric Cryptography, is a form of cryptography in which the key used to encrypt a message differs from the key used to decrypt it. In public key cryptography, a user has a pair of cryptographic keys—a Public Key and a Private Key.  Examples are RSA and ElGamal.
  • 8. Public-Key Cryptography  A big random number is used to create a key pair. When the keys have been made the big random number is thrown away. Without knowledge of the random number it should be "impossible" to create the private key from the public key.
  • 9. Public-Key Cryptography  A message encrypted with a recipient's public key cannot be decrypted by anyone except the recipient possessing the corresponding private key.
  • 10. Public Key Infrastructure  Public Key Infrastructure (PKI) is an arrangement that binds public keys with respective user identities by means of a Certificate Authority (CA).  CA is an example of Trusted Third Party (TTP).  A CA is an entity which issues Public Key Certificate for use by other parties.
  • 11. Public Key Infrastructure  The most common certificate standard is the ITU-T X.509.  A Public Key Certificate is an electronic document which incorporates a Digital Signature to bind together a public key with an identity — information such as the name of a person or an organization, their address, and so forth.  A Public Key Certificate is the Public Key of an individual added to it his/her Identity and signed by a CA.  The certificate can be used to verify that a Public Key belongs to an individual .
  • 12. Public Key Infrastructure  A Certificate Chain is a sequence of certificates, where each certificate in the chain is signed by the subsequent certificate. The last certificate in the chain is normally a self-signed Certificate - a certificate that signs itself (Root Certificate).  It’s an example of Chain Of Trust. CA Cert (Root Cert) signs Company CA signs App Cert signs
  • 13. Cryptographic Hash Function  A Cryptographic Hash Function is an algorithm that takes an arbitrary block of data and returns a fixed- size bit string, the Hash Value or Message Digest, such that an accidental or intentional change to the data will almost certainly change the Hash Value.  Examples are MD5, SHA-1 and SHA-256.  Applications are Message Integrity Verification, Digital Signatures, …
  • 14. Cryptographic Hash Function  The ideal hash function has four main properties:  It is easy to compute the hash for any given data,  It is extremely difficult to construct a text that has a given hash,  It is extremely difficult to modify a given text without changing its hash, and  It is extremely unlikely that two different messages will have the same hash.
  • 15. Digital Signature  For messages sent through an insecure channel, a properly implemented Digital Signature gives the receiver reason to believe the message was sent by the claimed sender.  Digital Signature gives both Authentication and Integrity.
  • 17. Java Security  Sun’s website says: “Java security technology includes a large set of APIs, tools, and implementations of commonly used security algorithms, mechanisms, and protocols. The Java security APIs span a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control.”  Platform Security is built-in language security features enforced by the Java compiler and virtual machine for example Bytecode verification, Secure class loading .
  • 18. Java Security  Access Control is a comprehensive policy and permissions API that allows the developer to create and administer applications requiring fine-grained access to security- sensitive resources.  Java includes APIs for Cryptography , Secure Communications (e.g. TLS) and PKI.  Java Security is Extensible i.e. Java provide the interfaces and the implementation is provided by a Security Provider, JRE has a default provider (SUN provider).
  • 19. Unlimited Strength Policy Files  By default, JRE is restricted to a particular Encryption Algorithms and Key Lengths (Strong Encryption).  This restriction is in place so that the JRE and Java Applications that use Encryption can be freely imported by countries whose government restrict the use of Cryptography.  There are no restrictions in Egypt. So, you can download the Unlimited Strength Policy Files from Sun’s website and install it to enable unlimited encryption.
  • 20. Example: Computing The Hash of a byte[] MessageDigest msgDigest = MessageDigest.getInstance("MD5"); msgDigest.update(plainText); //byte[] byte[] digest = msgDigest.digest();
  • 21. Example: Private Key Crypto KeyGenerator keyGen = KeyGenerator.getInstance("DES"); keyGen.init(56); Key key = keyGen.generateKey(); … Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding"); cipher.init(Cipher.ENCRYPT_MODE, key); byte[] cipherText = cipher.doFinal(plainText); … cipher.init(Cipher.DECRYPT_MODE, key); byte[] newPlainText = cipher.doFinal(cipherText);
  • 22. Example: Public Key Crypto KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); keyGen.initialize(1024); KeyPair key = keyGen.generateKeyPair(); … Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(Cipher.ENCRYPT_MODE, key.getPublic()); byte[] cipherText = cipher.doFinal(plainText); … cipher.init(Cipher.DECRYPT_MODE, key.getPrivate()); byte[] newPlainText = cipher.doFinal(cipherText);
  • 23. Example: Digital Signature KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); keyGen.initialize(1024); KeyPair key = keyGen.generateKeyPair(); … Signature sig = Signature.getInstance("MD5WithRSA"); sig.initSign(key.getPrivate()); sig.update(plainText); byte[] signature = sig.sign(); … sig.initVerify(key.getPublic()); sig.update(plainText); if (sig.verify(signature)) {…}
  • 24. Example: Accessing Key Stores // Creating new one KeyStore keyStore = KeyStore.getInstance("PKCS12"); keyStore.load(null, null); … // Opening Existing one KeyStore keyStore = KeyStore.getInstance("PKCS12"); keyStore.load(new FileInputStream(filename), "password".toCharArray()); … // Adding Entry keyStore.setKeyEntry( "somealias",privateKey, "password".toCharArray(), new Certificate[] {myCert, caCert}); …
  • 25. Example: Accessing Key Stores // Get entries X509Certificate cert = (X509Certificate) keyStore.getCertificate(“alias"); PrivateKey key = (PrivateKey) keyStore.getKey( “alias", “password".toCharArray()); … // Saving to file keyStore.store(new FileOutputStream(filename), “password”.toCharArray());
  • 26. Serializing a Key Key key = …; // PrivateKey or PublicKey byte[] encodedKey = key.getEncoded(); … X509EncodedKeySpec keySpec = new X509EncodedKeySpec(encodedKey); KeyFactory keyFactory = KeyFactory.getInstance("RSA"); PublicKey theKey = keyFactory.generatePublic(keySpec); // or PrivateKey theKey = keyFactory.generatePrivate(keySpec);
  • 27. Serializing a Certificate X509Certificate cert = …; byte[] encCert = cert.getEncoded(); … ByteArrayInputStream inputStream = new ByteArrayInputStream(encCert); CertificateFactory factory = CertificateFactory.getInstance("X.509"); X509Certificate theCert = (X509Certificate) factory.generateCertificate(inputStream);
  • 28. Example: Generating a Certificate  Standard Java does not have an X509Certificate generation API  BouncyCastle has a class for generating X509Certificate instance org.bouncycastle.x509.X509V3CertificateGenerator
  • 29. Example: Generating a Certificate X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); X500Principal myPrincipal = new X500Principal("CN=Duke, OU=ArxICT, O=Arx, C=EG" ); certGen.setSubjectDN(myPrincipal); certGen.setIssuerDN(myPrincipal); // Self signed certGen.setNotBefore(new Date(…)); certGen.setNotAfter(new Date(…)); certGen.setPublicKey(publicKey); // Cert Public Key certGen.setSignatureAlgorithm("SHA1withRSA"); certGen.setSerialNumber(generateMySerialNumber()); X509Certificate cert = certGen.generateX509Certificate(privateKey);
  • 30. XML Signature  XML Signature (also called XMLDsig, XML-DSig, XML-Sig) is a W3C recommendation that defines an XML syntax for digital signatures.  An XML signature used to sign a resource outside its containing XML document is called a detached signature;  If it is used to sign some part of its containing document, it is called an enveloped signature;  If it contains the signed data within itself it is called an enveloping signature.
  • 31. XML Signature XML Resource XML Signature Signed Data XML Resource XML Signature Signed XML Element XML Resource XML Signature 1 Signed XML Element XML Signature 2 Detached Enveloping Enveloped
  • 32. XML Signature  Implementation:  Apache XML Security (santuario)  Standard XML Digital Signature API (JDK 6), also implemented in Apache XML Security for pre-6 JDKs
  • 33. XML Signature <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC- xml-c14n-20010315"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa- sha1"/> <Reference URI="#MsgBody"> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>W3aSreOicBECRBLSJnchq448fjU=</DigestValue> </Reference> </SignedInfo> <SignatureValue>hG…=</SignatureValue> <KeyInfo> <SecurityTokenReference xmlns="http://schemas.xmlsoap.org/ws/2002/04/secext"> <Reference URI="X509Token"/> </SecurityTokenReference> </KeyInfo> </Signature>
  • 34. XML Signature // Init the factory String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI"); XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM“, (Provider)Class.forName(providerName).newInstance()); DOMValidateContext valContext = new DOMValidateContext(new SimpleKeySelector(merchantPublicKey), nodeList.item(0)); XMLSignature signature = fac.unmarshalXMLSignature(valContext); boolean coreValidity = signature.validate(valContext);
  • 35. XML Signature class SimpleKeySelector extends KeySelector { private PublicKey publicKey; public SimpleKeySelector(PublicKey publicKey) { this.publicKey = publicKey; } public KeySelectorResult select(KeyInfo keyInfo, Purpose purpose, AlgorithmMethod method, XMLCryptoContext context) throws KeySelectorException { return new SimpleKeySelectorResult(publicKey); } private static class SimpleKeySelectorResult implements KeySelectorResult { private PublicKey publicKey; SimpleKeySelectorResult(PublicKey pk) { this.publicKey = pk; } public Key getKey() { return publicKey; } } }
  • 37. More Resources  http://www.ibm.com/developerworks/edu/j-dw- javasec1-i.html  http://www.ibm.com/developerworks/edu/j-dw- javasec2-i.html