Encryption Boot Camp on the JVM

OT CA MP
TI ON BO sion
P is your mis
CRYrity
EN ecu
s

SECURITY
What’s ON THE J
your po VM
sition?

RYPTI NG? not
ENC say probably
s
sta tistic

WO RRI ED?
s houl d be
You

Matthew McCullough

@matthewmccull
#EncryptBC

http://speakerrate.com/matthew.mccullough

ANCIENT HISTORY
Everything old is new again

ht
Sig
ain
Pl

Sensitive
Data

Recipient
or
Storage

ht
Sig
ain
Pl

Sensitive
Data

Recipient
or
Storage

ht
Sig ur ed

ain ts
O
b sc

Pl C
o nt
en

Sensitive
Data

ll over
’m a ew
“I n
thisryption
nc boss”
e ff
stu

44 B.C.
That’s 2,054 years ago...

Caesar Cipher
a.k.a.
ROT(2)
Shift Cipher

A B C D E F G

A B C D E F G

Caesar Cipher

Rotation
= Integer

Rot(x)

Caesar Cipher

Z M S R
A N T S if encrypted with ROT(-1)

Caesar Cipher

Z M S R

B O U T if encrypted with ROT(-2)

/**
* A naively simple rotation cipher implementation.
* USAGE: groovy RotateWord.groovy <yourword>
*/
public class RotateWord {

/**
* Rotate one character by the specified amount
*/
private static char rotateChar(char c, int rotationAmount) {
//a == 97, z == 122
int num = (int)c
int rotated = num + rotationAmount
int adjusted

//Handle roll-around wrapping

/**
*/

/**
*/
//a == 97, z == 122
int num = (int)c
int adjusted

if (rotated > 122)
adjusted = rotated - 26
else if (rotated < 97)
adjusted = rotated + 26
else
adjusted = rotated

*/

/**
*/
//a == 97, z == 122
int num = (int)c
int adjusted

if (rotated > 122)
else
adjusted = rotated

char adjustedChar = (char)adjusted
return adjustedChar
}

/**

*/
//a == 97, z == 122
int num = (int)c
int adjusted

if (rotated > 122)
else
adjusted = rotated

return adjustedChar
}

/**
* Rotate the entire String by the specified rotation amount.
*/
public static String rotateAllChars(String plainText, int rotationAmount) {
String encodedMessage = ""

else
adjusted = rotated

return adjustedChar
}

/**
*/

//Loop through each character in the plaintext
for (int i = 0; i < plainText.length(); i++) {
//TODO: Improve to handle upper and lower case letters
char c = plainText.toLowerCase().charAt(i)
encodedMessage += rotateChar(c, rotationAmount)
}

return encodedMessage
}

return adjustedChar
}

/**
*/

}

return encodedMessage
}

public static void main (String[] args) {
String originalword = args[0]
println "Rot(-3) Word: " + rotateAllChars(originalword, -3)

}

public static void main (String[] args) {
String originalword = args[0]
println "Original Word: ${originalword}"
println "Rot(1) Word: " + rotateAllChars(originalword, 1)
}
}

> groovy RotateWord.groovy ants

Rot(-3) Word: xkqp
Rot(-2) Word: ylrq
Rot(-1) Word: zmsr

Original Word: ants

Rot(1) Word: bout
Rot(2) Word: cpvu
Rot(3) Word: dqwv

BROKEN
Perfectly safe data is a myth

Compromised
! Every algorithm is
vulnerable
! crack by brute force

! Crack by rainbow tables

! Function of time + money
+ hardware

$2000

Whic
h wo
uld
you
$500 hit?

$10,000

Now
whic
h wo
uld
you
$50 hit?

JCE PRIMER
The world of Java crypto

Java Cryptography Extension

known as JCE


known as JCE
included in all JREs Since Java 1.2


known as JCE
Pluggable provider architecture


known as JCE
JCE extends Java Cryptography
Architecture (JCA)

JCE Providers

! Default Sun JRE providers
! SUN
! SunJCE
! SunJSSE
! SunRsaSign
! Bouncycastle provider
! Adds AES capabilities

Registering a Provider

! Static
! <java-home>/lib/security/java.security
! security.provider.n=masterClassName


! Dynamic
! java.security.Security class
! addProvider()
! insertProviderAt()
! not persistent across VM instances

EnCryption & the
Law
country borders stop bits

JCE Strength

! Jurisdiction Policy Files
! “Strong”
! “Unlimited”

JCE Strength

! Strong strength included in all
JREs

! Unlimited strength is a separate
download available based on US export
rules

Worldwide Policy
// File: default_local.policy
// Some countries have import limits on crypto strength.
// This policy file is worldwide importable.
grant {
permission javax.crypto.CryptoPermission "DES", 64;
permission javax.crypto.CryptoPermission "DESede", *;
permission javax.crypto.CryptoPermission "RC2", 128,
"javax.crypto.spec.RC2ParameterSpec", 128;
permission javax.crypto.CryptoPermission "RC4", 128;
"javax.crypto.spec.RC5ParameterSpec", *, 12, *;
permission javax.crypto.CryptoPermission "RSA", 2048;
permission javax.crypto.CryptoPermission *, 128;
};

Max Key Sizes
Algorithm Max Key Size
DES 64
DESede 168
3des

RC2 128
RC4 128
RC5 128
RSA 2048
Others 128

Key Size & Security
160 bit DES

Symmetric
Key Size

Key Size & Security

1024 bit RSA
Asymmetric
Key Size
160 bit DES

Symmetric
Key Size

Key Size & Security

1024 bit RSA
Asymmetric
Key Size
160 bit DES

Symmetric
Key Size
112 bits

Security

Key Size & Security

1024 bit RSA
Asymmetric
Key Size
160 bit DES

Symmetric
Key Size
112 bits

128 bits
Security Security

Random
Numbers
Seed the machine

SecureRandom

! java.security.SecureRandom
! Cryptographically strong random
number generator (RNG)
! “Unable to distinguish from a true
random source”

package com.ambientideas;

import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;

/**
* Use the SecureRandom java security class to generate
* a more expensive, but cryptographically secure random number.
*/
public class SecureRandomNumber
{
public static void main( String[] args ) throws
NoSuchAlgorithmException
{
//Do the expensive one time setup of the
// random number generator instance


/**
*/
{
{
SecureRandom prng = SecureRandom.getInstance("SHA1PRNG");

//Get the next random number
String randomNum = new Integer( prng.nextInt() ).toString();

System.out.println("Random number: " + randomNum);
}
}

*/
{
{


}
}

Result

Random number: 1633471380

Digests &
Hashes
One way functions

What is a Digest?

! Small set of bytes representing a
large message
! Small change in message = large
change in digest
! Integrity check for large data
! Password storage mechanism

MessageDigest

! java.security.MessageDigest
! Multiple algorithms available
! MD5 (128 bit)
! SHA-1 (160 bit)

MessageDigest

!
!
MD5
U. S. Department of Homeland
Security said MD5
"considered cryptographically broken
and unsuitable for further use"

System.out.println("Message1 SHA1 digest: "
+ shaAndBase64Encode(message1));
}

/**
* Helper function to both SHA-1 hash and
* base64 encode the resulting bytes to a String
*/
public static String shaAndBase64Encode(String message)
throws NoSuchAlgorithmException {
MessageDigest sha = MessageDigest.getInstance("SHA-1");

//Salt could be applied here
//Integer salt = <some random number generator>
//sha.update(salt.getBytes());

byte[] digest = sha.digest(message.getBytes());
return new sun.misc.BASE64Encoder().encode(digest);
}
}

*
* Demonstrate that very similar messages
* have radically different hashes.
*/
public class MessageDigestSHA
{
public static void main( String[] args )
throws NoSuchAlgorithmException
{
//Set up the message to be encoded
String message1 = "Four score and seven years ago";
String message2 = "Four score and seven tears ago";

}

/**
*/

Input

Result
Message1 SHA1 digest: DmCJIg4Bq/xpGIxVXxo3IB0vo38=
Message2 SHA1 digest: oaLHt8tr31ttngCDjyYuWowF5Mc=

JDK Keytool
Key generation, storage & management

Keytool
! Creates
! Keystore
! Truststore
! Functions
! -genkey
! -list
! -import
! -export
! -certreq

Creating a keystore
keytool -genkeypair -keyalg RSA -keysize 2048 -
keystore myapp.keystore
Enter keystore password: ********
Re-enter new password: ********
What is your first and last name?
[Unknown]: Matthew McCullough
What is the name of your organizational unit?
[Unknown]: Consulting
What is the name of your organization?
[Unknown]: Ambient Ideas, LLC
What is the name of your City or Locality?
[Unknown]: Denver
What is the name of your State or Province?
[Unknown]: Colorado
What is the two-letter country code for this unit?
[Unknown]: US


Creating a keystore
[Unknown]: Denver
[Unknown]: Colorado
[Unknown]: US
Is CN=Matthew McCullough, OU=Consulting, O="Ambient
Ideas, LLC", L=Denver, ST=Colorado, C=US correct?
[no]: yes
Enter key password for <mykey>
! (RETURN if same as keystore password):

Using a keystore
java -Djavax.net.ssl.keyStore=keystore
-Djavax.net.ssl.keyStorePassword=y3$1t1s
ServerApp

Using a Truststore
java -Djavax.net.ssl.trustStore=truststore
-Djavax.net.ssl.trustStorePassword=tru$tM3
ClientApp

JSSE
Network communications security

JSSE
! Java Secure Socket Extension
! Built on top of JCE
! Specific to networking
! Standard as of JRE 1.4
! Implementations of
! Secure Sockets Layer (SSL) 2.0 and 3.0
! Transport Layer Security (TLS) 1.0

JAAS
Authentication and Authorization

JAAS

! Java Authentication and
Authorization Service
! Single sign on helper
! Supports biometric, smartcard
devices
! Adds “user” control
(above code control)

Why Symmetric?

! Fast
! Bulk data
! Controlled environment
! Never decrypted at remote end

Symmetric Problems

! Keys vulnerable to capture

Symmetric Problems

! Eavesdropping on future
communications after key
compromise
! Key distribution challenges
! Triangular number key growth

Symmetric Problems

DES & 3DES

! Block cipher
! DES is known to be broken
! 3DES and DESede
! basically three passes of DES
! Reasonably strong

Blowfish

! Secure replacement for DES
! Faster than DES
! Block cipher

RC4

! Rivest’s code 4
! Stream cipher

AES
! Advanced Encryption Standard
! Government standard
! Rijndael algorithm
(Joan Daemen, Vincent Rijmen)
! 4 years of evaluation
! Final in December 2000
! Very Secure
! block cipher

import java.security.InvalidKeyException;
import java.security.NoSuchProviderException;

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.KeyGenerator;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;

import sun.misc.BASE64Encoder;

/**
*/
public class SymmetricEncrypt
{
throws NoSuchAlgorithmException, NoSuchProviderException,
NoSuchPaddingException, InvalidKeyException,
IllegalBlockSizeException, BadPaddingException
{
final String message1 = "Four score and seven years ago";


/**
*/
{
{

//Build a new encryption key
final KeyGenerator keyGen = KeyGenerator.getInstance("DESede");
keyGen.init(168);
final SecretKey desKey = keyGen.generateKey();

//Set up the cipher
final Cipher desCipher = Cipher.getInstance("DESede/ECB/PKCS5Padding");

//////////////////////////////////////
//Put the cipher in encryption mode
desCipher.init(Cipher.ENCRYPT_MODE, desKey);

//Encrypt and output the base64 data
byte[] clearText = message1.getBytes();
byte[] encryptedBytes = desCipher.doFinal(clearText);
BASE64Encoder b64e = new sun.misc.BASE64Encoder();

{

keyGen.init(168);

//Set up the cipher

//////////////////////////////////////

String base64Encrypted = b64e.encode(encryptedBytes);
System.out.println("Encrypted text: " + base64Encrypted);

//////////////////////////////////////
//Put the cipher in decryption mode
desCipher.init(Cipher.DECRYPT_MODE, desKey);

//Decrypt and output the original string
byte[] decryptedBytes = desCipher.doFinal(encryptedBytes);
String decryptedText = new String(decryptedBytes);
System.out.println("Decrypted text: " + decryptedText);
}
}

//Set up the cipher

//////////////////////////////////////


//////////////////////////////////////

}
}

Input

Result
Encrypted text: P0FT6N3XXrohtsz7OLh3FGYY0wErkPIur1DP6Csbj4g=
Decrypted text: Four score and seven years ago

Encrypted isn’t enough?

http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation

ASYMMETRIC
Throwing away keys
faster than an intern locksmith

Diffie-Hellman
! Key Agreement Protocol
! Alice & Bob independently
generate the shared (session) key
! asymmetric Key handshake
! 1970s
! Vulnerable to MITM attack
! Fixed by
! PKI
! signing the agreed key

RSA

! Ron Rivest, Adi Shamir, Leonard
Adleman
! Published in 1978
! M.I.T. Patented in 1983
! Patent Expired in 2000

import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;



/**
* a more expensive, but cryptographically secure random
number.

{
NoSuchAlgorithmException, NoSuchProviderException,
IOException, NoSuchPaddingException, InvalidKeyException,
{

// Generate the Key Pair
final KeyPairGenerator keyGen =
KeyPairGenerator.getInstance("RSA");

final SecureRandom random =
SecureRandom.getInstance("SHA1PRNG", "SUN");
keyGen.initialize(1024, random);

KeyPair pair = keyGen.generateKeyPair();

final PrivateKey privKey = pair.getPrivate();
final PublicKey pubKey = pair.getPublic();

//Encrypt using the private key
Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding");
rsa.init(Cipher.ENCRYPT_MODE, privKey);
byte[] encryptedBytes = rsa.doFinal(message1.getBytes());





//Decrypt using the private key
rsa.init(Cipher.DECRYPT_MODE, pubKey);
byte[] decryptedBytes = rsa.doFinal(encryptedBytes);
}
}



}
}

Input

Result
Encrypted text: A8Is+4r7sDn28fD6IQvZiR5JxPs/vh7UnXrF38acJt6R/
ARisj/zLtC7Xn6iJgNQPhc16wkVZhCF
em7oNoim+ooTUDDZQ+E3qP6y/
DZJGkLBoZuZVLeLAW1LUtHSzduRUOg1uMynJz14wxzwfV8wfRwf
atpySkOhGqWS63bPNRs=

OTHER FRAMEWORKS
and alternative JCE providers

Bouncy Castle
! JCE Provider
! Many more encryption and digest
algorithms than the Sun provider
(AES)

Jasypt
Frictionless Java encryption

WIFI Algorithms

!WEP
!WPA
!WPA2

WIFI Algorithms

!WEP
!WPA
!WPA2 TKIP
AES

WIFI Algorithms

!WEP
!WPA
TKIP
!WPA2 AES

TJ Maxx

! $1 billon USD final cost
! 45 million credit card
numbers stolen

riticized the
s have c

“
Many secur
strength o
ity expert
f WEP enc
2
ry
m
ption. WEP
ost recent
001, and st month
cracked in archers la
w
ly
as initially
broken by

G erman rese
ord inary
usin g an three
top in under
lap
seconds et UK
— Tom Espiner, ZDN
”

WIFI Interception

! Hey Look! A MyFreeWIFI SSID...
! Tempting
! Ridiculously unsafe

Tools of the Trade

! AirCrack
! AirSnort

! WireShark

! Silent Proxies

WEP Cracking
! Listen for packets
! Slow
! Untraceable
! Inject bad packets
! Listen for reply
! Faster
! leaves a footprint

Upside-Down-Ternet
Demo

PRINTED MATERIALS
Dead tree propagation of security

ENCRYPTION B O O T C AM P
ted
sion comple
security mis

ENCRYPTION B O O T C AM P
ted
sion comple
security mis
@matthewmccull
#EncryptBC

matthewm@ambientideas.com
http://ambientideas.com/blog

References

! Sun docs
! http://java.sun.com/javase/6/docs/technotes/
guides/security/crypto/CryptoSpec.html
! http://java.sun.com/javase/technologies/security/
guides/security/jsse/JSSERefGuide.html
! http://java.sun.com/javase/6/docs/api/java/
security/Security.html
! BouncyCastle JCE Provider
! http://www.bouncycastle.org/documentation.html

References

! Sample Code
! http://github.com/matthewmccullough/
encryption-jvm-bootcamp
! Miscellaneous
! http://www.ietf.org/rfc/rfc3852.txt
! http://en.wikipedia.org/wiki/
Abstract_Syntax_Notation_One

Acronyms

! CMS
! Cryptographic Message Syntax (CMS)
objects
! RFC 3852
! PKCS#7 (formerly RFC 2630, 3369)

! ASN.1
! Abstract Syntax Notation One
! 1984 X.409, 1988 X.208, 1995 X.680,
2002
! http://www.asn1.org/

! http://www.ambientideasphotography.com
! http://stockfootageforfree.com/
! http://xkcd.com/538/
! http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
! http://matdonline.free.fr/RSA-Diffie-Hellman-explained-in-5-
minutes.htm
! http://www.isg.rhul.ac.uk/node/329
! http://www.isg.rhul.ac.uk/files/IMG_9819.JPG
! http://www.usc.edu/dept/molecular-science/pictures/RSA-2003.jpg
! All others, iStockPhoto.com

Steganography

! Data in pictures
! Not necessarily encrypted

! Merely hidden in
pedestrian files

Steganography

! MP3
! JPEG
! DIVX
! TCP Retry Packets
! Email Headers

Steganography

! High signal to noise
ratio
! Slow
but
! Inconspicuous

Cracks in the News
! Thomas Jefferson letter
! London Tube Oyster cards
! GSM
! Iraq drone video feeds
! Pacemakers
! Zune
! WPA
! Blue-ray
! DVD
! Skype
! Windows Vista BitLocker

Encryption & The Law

! Encryption considered a
munition under
international law
! 1999 Relaxation of
rules

Digital Signatures

! Hash with Private Key
! Public Private Key Systems
! Public Key Infrastructure (PKI)

Breakthroughs

! IBM
! Statistics on encrypted data
! No compromise on security or
anonymity

Keys

! Clickers/Tokens
! One Time Pads (paper)

Misc

! Message Digests == Hash?
! Certificates (x509 v3)
! Digital signatures
! Just means hashing a message, then signing
the hash with the private key
! Later verified by decrypting the hash with
the public key, then re-running the hash
and comparing the two hashes.
! Block vs Stream ciphers

Cryptographic
Message Syntax
Sign / Digest / Auth / Encrypt

Session Keys

! symmetric key exchanged securely
by a private/public key initial
transaction

Elliptic Curve

! Faster than standard public key
encryption
! ECC
! Based on elliptic curve logarithm
problem

B OOT C AM P
Y PTIiONour mission
NCRurity s y
E ec
s

© Matthew McCullough, Ambient Ideas, LLC

Friday, January 15, 2010 1

SECURITY
What’s ON THE J
your po VM
sition?


HACK ATT
EMPTS PE
R >3 00,00 D AY
0


TING? not
ENCRayP robably
ss
Y
p
ic
statist


?
RIEDbe
WOR
You should


Matthew McCullough

@matthewmccull
#EncryptBC



ANCIENT HISTORY
Everything old is new again


Recipient
or
Storage

ht
Sig ur
ed

ain
c
bs
O
ts

Pl
en
o nt
C

Sensitive
Data

Craziest idea ever! Everyone knows you need to keep secret
information hidden in a body cavity and physically transport it to the
recipient. All the movies do that.

er
ll ov
“I’m a ew
n
thisryption
enc ff boss”
stu


Even though we make minor adjustments, they are often seeded by our
predecessors.
Even encryption is over old with a fresh coat of paint

44 B.C.
That’s 2,054 years ago...


Julius Caesar


And even the Egyptians before him were trying math for encryption.
http://www.amazon.com/Code-Book-Science-Secrecy-Cryptography/
dp/0385495323/ref=sr_1_7?
ie=UTF8&s=books&qid=1263535206&sr=8-7

Caesar Cipher
a.k.a.
ROT(2)
Shift Cipher

A B C D E F G

A B C D E F G


Caesar Cipher

Rotation
= Integer

Rot(x)

Caesar Cipher

Encrypted Word

Z M S R
B O U T if encrypted with ROT(-2)
30s 25s 20s 15s 10s 5s Stop


This is not an eye test at your optometrist
English dictionary attack would be a good approach.
ANTS and BOUT are solutions [ROT(+1) and ROT(+2)]

/**
*/

/**
*/
//a == 97, z == 122
int num = (int)c
int adjusted

Friday, January=>rotated - 26
if (rotated 122)
adjusted
15, 2010 15
Look at how much effort it is to write even the simplest cipher (Caesar)
else
implementation ourselves.adjusted = rotated

return adjustedChar
}

/**
*/

}

> groovy RotateWord.groovy ants

Rot(-3) Word: xkqp
Rot(-2) Word: ylrq
Rot(-1) Word: zmsr

Original Word: ants

Rot(1) Word: bout
Rot(2) Word: cpvu
Rot(3) Word: dqwv


Think about the combinatoric and steganographic possibilities.

BROKEN
Perfectly safe data is a myth


Compromised
! Every algorithm is
vulnerable
! crack by brute force

! Crack by rainbow tables

! Function of time + money
+ hardware


$2000

Whic
h wo
uld
0 you
$50 hit?


Go into a jewelry store.
Two possible storage containers to hit. Your informant has told you
how much is in each.
4X as much in the safe as in the wooden box.

$10,000

Now
whic
h wo
uld
0 you
$5 hit?


Now the jewelry box contains 1/200th what the safe does. Would you
still hit the wooden box?

JCE PRIMER
The world of Java crypto



known as JCE
JCE extends Java Cryptography
Architecture (JCA)


JCE Providers

! Default Sun JRE providers
! SUN
! SunJCE
! SunJSSE
! SunRsaSign
! Bouncycastle provider
! Adds AES capabilities



! Static
! <java-home>/lib/security/java.security
! security.provider.n=masterClassName



! Dynamic
! java.security.Security class
! addProvider()
! insertProviderAt()
! not persistent across VM instances


Can only be done by "trusted" programs with the appropriate privilege

EnCryption & the
Law
country borders stop bits


JCE Strength

! Jurisdiction Policy Files
! “Strong”
! “Unlimited”


JCE Strength

! Strong strength included in all
JREs

! Unlimited strength is a separate
download available based on US export
rules


Worldwide Policy
// File: default_local.policy
// Some countries have import limits on crypto strength.
// This policy file is worldwide importable.
grant {
permission javax.crypto.CryptoPermission "DES", 64;
permission javax.crypto.CryptoPermission "DESede", *;
"javax.crypto.spec.RC2ParameterSpec", 128;
permission javax.crypto.CryptoPermission "RC4", 128;
"javax.crypto.spec.RC5ParameterSpec", *, 12, *;
permission javax.crypto.CryptoPermission "RSA", 2048;
permission javax.crypto.CryptoPermission *, 128;
};


Max Key Sizes
Algorithm Max Key Size
DES 64
DESede 168
3des

RC2 128
RC4 128
RC5 128
RSA 2048
Others 128


http://java.sun.com/j2se/1.4.2/docs/guide/security/jce/
JCERefGuide.html#AppE

Key Size & Security

1024 bit RSA
Asymmetric
Key Size

160 bit DES
Symmetric
Key Size

112 bits

128 bits
Security Security


Speed is 1000x slower on asymmetric

Random
Numbers
Seed the machine


SecureRandom

! java.security.SecureRandom
! Cryptographically strong random
number generator (RNG)
! “Unable to distinguish from a true
random source”


A cryptographically strong random number generator passes all statistical tests
that run in polynomial time asymptotically. It will pass any statistical test for
randomness that does not require an exponentially increasing to inﬁnite amount
of time to run. All such polynomial time statistical tests will be unable to
distinguish the random number generator from a true random source.
http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#Concepts
http://java.sun.com/javase/6/docs/api/java/security/SecureRandom.html
http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html#AppA

package com.ambientideas;


/**
*/
{
{
Friday, January 15, 2010 = SecureRandom.getInstance("SHA1PRNG");
SecureRandom prng 36

}
}


/**
*/
{
{


}
}


*/
{
{


}
}


Result

Random number: 1633471380


Digests &
Hashes
One way functions


What is a Digest?

! Small set of bytes representing a
large message
! Small change in message = large
change in digest
! Integrity check for large data
! Password storage mechanism


OWASP says passwords should never be stored in plaintext
http://www.owasp.org/index.php/Hashing_Java

MessageDigest

! java.security.MessageDigest
! Multiple algorithms available
! MD5 (128 bit)
! SHA-1 (160 bit)


MessageDigest

!
!
MD5
U. S. Department of Homeland
Security said MD5
"considered cryptographically broken
and unsuitable for further use"


http://en.wikipedia.org/wiki/MD5

http://xkcd.com/538/


$5 wrench XKCD: http://xkcd.com/538/
Missy Elliott XKCD: http://xkcd.com/153/

}

/**
*/


}
}


* Digest a string message via SHA1.
*
* Demonstrate that very similar messages
* have radically different hashes.
*/
public class MessageDigestSHA
{
throws NoSuchAlgorithmException
{
//Set up the message to be encoded

}

/**
*/

}
}

Input

Result
Message1 SHA1 digest: DmCJIg4Bq/xpGIxVXxo3IB0vo38=
Message2 SHA1 digest: oaLHt8tr31ttngCDjyYuWowF5Mc=


JDK Keytool
Key generation, storage & management


Keytool
! Creates
! Keystore
! Truststore
! Functions
! -genkey
! -list
! -import
! -export
! -certreq


Creating a keystore
[Unknown]: Denver
[Unknown]: Colorado
[Unknown]: US
Friday, January 15, L=Denver, ST=Colorado, C=US correct?
Ideas, LLC", 2010 50
[no]: yes


Creating a keystore
[Unknown]: Denver
[Unknown]: Colorado
[Unknown]: US
Ideas, LLC", L=Denver, ST=Colorado, C=US correct?
[no]: yes


Using a keystore
java -Djavax.net.ssl.keyStore=keystore
-Djavax.net.ssl.keyStorePassword=y3$1t1s
ServerApp

Using a Truststore
java -Djavax.net.ssl.trustStore=truststore
-Djavax.net.ssl.trustStorePassword=tru$tM3
ClientApp


JSSE
Network communications security


JSSE
! Java Secure Socket Extension
! Built on top of JCE
! Specific to networking
! Standard as of JRE 1.4
! Implementations of
! Secure Sockets Layer (SSL) 2.0 and 3.0
! Transport Layer Security (TLS) 1.0


http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html
Previously an optional add on up through JRE 1.3

http://en.wikipedia.org/wiki/Transport_Layer_Security
TLS 1.0 in 1999. Improvements to SSL 3.0 (1996)

JAAS
Authentication and Authorization


JAAS

! Java Authentication and
Authorization Service
! Single sign on helper
! Supports biometric, smartcard
devices
! Adds “user” control
(above code control)


SYMMETRIC
My key is your key


Why Symmetric?

! Fast
! Bulk data
! Controlled environment
! Never decrypted at remote end


Symmetric Problems

! Eavesdropping on future
communications after key
compromise
! Key distribution challenges


How do you distribute keys?
System-wide number of keys for N nodes to talk securely to any node
is Tn
http://mathworld.wolfram.com/TriangularNumber.html

Symmetric Problems


DES & 3DES

! Block cipher
! DES is known to be broken
! 3DES and DESede
! basically three passes of DES
! Reasonably strong


Blowfish

! Secure replacement for DES
! Faster than DES
! Block cipher


Sounds like a new ﬂavor of Ben and Jerry’s ice cream

RC4

! Rivest’s code 4
! Stream cipher


AES
! Advanced Encryption Standard
! Government standard
! Rijndael algorithm
(Joan Daemen, Vincent Rijmen)
! 4 years of evaluation
! Final in December 2000
! Very Secure
! block cipher



import javax.crypto.KeyGenerator;


/**
*/
{
{
Friday, Januarya15, 2010
//Build new encryption key 65
keyGen.init(168);

//Set up the cipher

//////////////////////////////////////


//////////////////////////////////////

}
}



/**
*/
{
{

keyGen.init(168);

//Set up the cipher

//////////////////////////////////////

Friday, January 15, 2010
System.out.println("Encrypted text: " + base64Encrypted); 66

//////////////////////////////////////

}
}

{

keyGen.init(168);

//Set up the cipher

//////////////////////////////////////


//////////////////////////////////////

}
}

//Set up the cipher

//////////////////////////////////////


//////////////////////////////////////

}
}


Input

Result
Encrypted text: P0FT6N3XXrohtsz7OLh3FGYY0wErkPIur1DP6Csbj4g=


Encrypted isn’t enough?




ASYMMETRIC
Throwing away keys
faster than an intern locksmith



http://www.isg.rhul.ac.uk/node/329
http://www.isg.rhul.ac.uk/ﬁles/IMG_9819.JPG
http://en.wikipedia.org/wiki/Diffie

Diffie-Hellman
! Key Agreement Protocol
! Alice & Bob independently
generate the shared (session) key
! asymmetric Key handshake
! 1970s
! Vulnerable to MITM attack
! Fixed by
! PKI
! signing the agreed key


http://en.wikipedia.org/wiki/Diffie–Hellman_key_exchange

DH Diagrammed


http://matdonline.free.fr/RSA-Diffie-Hellman-explained-in-5-
minutes.htm


RSA
http://www.usc.edu/dept/molecular-science/pictures/RSA-2003.jpg

RSA

! Ron Rivest, Adi Shamir, Leonard
Adleman
! Published in 1978
! M.I.T. Patented in 1983
! Patent Expired in 2000


Not patented in many other countries due to paper published before
patent.
There was later found to be prior art might not have allowed this to get
patented at all.

import java.io.IOException;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;



/**
* a more expensive, but cryptographically secure random
number.
*/
Friday,public class EncryptRSA
January 15, 2010 77
{
{






{
{





Friday, January 15, 2010
System.out.println("Encrypted text: " + base64Encrypted); 78

}
}





}
}


Input

Result
Encrypted text: A8Is+4r7sDn28fD6IQvZiR5JxPs/vh7UnXrF38acJt6R/
ARisj/zLtC7Xn6iJgNQPhc16wkVZhCF
em7oNoim+ooTUDDZQ+E3qP6y/
DZJGkLBoZuZVLeLAW1LUtHSzduRUOg1uMynJz14wxzwfV8wfRwf
atpySkOhGqWS63bPNRs=


OTHER FRAMEWORKS
and alternative JCE providers


Bouncy Castle
! JCE Provider
! Many more encryption and digest
algorithms than the Sun provider
(AES)


http://www.mobileﬁsh.com/developer/bouncycastle/
bouncycastle_quickguide_install.html

Jasypt
Frictionless Java encryption


Works beautifully with Hibernate and The Spring Framework

Gnu
Open source library


Hundreds of algorithms implemented
http://www.gnu.org/software/gnu-crypto/

WIFI
You are the weakest link


WIFI Algorithms

! WEP
! WPA
! WPA2 TKIP
AES


WEP can be sniffed for keys
WPA2 implements the mandatory elements of 802.11i

TJ Maxx


TJ Maxx

! $1 billon USD final cost
! 45 million credit card
numbers stolen


the
criticized
rts have

“ Ma
s
ny securit
trength of
cracked
y expe
tion. WEP w
as initially
WEP encryp recently broken by
and most
in 2001, last month

ordinary
searchers
German re
u s i n g a nunder three
laptop in
seconds et UK
— Tom Esp
iner, ZDN
”

http://www.zdnetasia.com/news/security/
0,39044215,62011583,00.htm

WIFI Interception

! Hey Look! A MyFreeWIFI SSID...
! Tempting
! Ridiculously unsafe


Tools of the Trade

! AirCrack
! AirSnort

! WireShark

! Silent Proxies


WEP Cracking
! Listen for packets
! Slow
! Untraceable
! Inject bad packets
! Listen for reply
! Faster
! leaves a footprint


WireShark Demo


http://www.wireshark.org/

Upside-Down-Ternet
Demo


http://www.ex-parrot.com/pete/upside-down-ternet.html

PRINTED MATERIALS
Dead tree propagation of security


1997


19981.2
Java 11&
.


2004
Java 14
.


2005
Java 5


2008


ENCRYPTION BOOmpleAedP
TC M
t
n co
security missio


ENC RYPTION BOOmpleAedP
TC M
t
n co
security missio
@matthewmccull
#EncryptBC

matthewm@ambientideas.com
http://ambientideas.com/blog


REFERENCES


References

! Sun docs
guides/security/crypto/CryptoSpec.html
! http://java.sun.com/javase/technologies/security/
guides/security/jsse/JSSERefGuide.html
! http://java.sun.com/javase/6/docs/api/java/
security/Security.html
! BouncyCastle JCE Provider
! http://www.bouncycastle.org/documentation.html


References

! Sample Code
!http://github.com/matthewmccullough/
encryption-jvm-bootcamp
! Miscellaneous
! http://en.wikipedia.org/wiki/
Abstract_Syntax_Notation_One


Acronyms

! CMS
! Cryptographic Message Syntax (CMS)
objects
! RFC 3852
! PKCS#7 (formerly RFC 2630, 3369)

! ASN.1
! Abstract Syntax Notation One
! 1984 X.409, 1988 X.208, 1995 X.680,
2002
! http://www.asn1.org/


CREDITS


! http://www.ambientideasphotography.com
! http://stockfootageforfree.com/
! http://xkcd.com/538/
! http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation
! http://matdonline.free.fr/RSA-Diffie-Hellman-explained-in-5-
minutes.htm
! http://www.isg.rhul.ac.uk/node/329
! http://www.isg.rhul.ac.uk/files/IMG_9819.JPG
! http://www.usc.edu/dept/molecular-science/pictures/RSA-2003.jpg
! All others, iStockPhoto.com


Outtakes


Steganography

! Data in pictures
! Not necessarily encrypted

! Merely hidden in
pedestrian files


Steganography

! MP3
! JPEG
! DIVX
! TCP Retry Packets
! Email Headers


Steganography

! High signal to noise
ratio
! Slow
but
! Inconspicuous


Cracks in the News
! Thomas Jefferson letter
! London Tube Oyster cards
! GSM
! Iraq drone video feeds
! Pacemakers
! Zune
! WPA
! Blue-ray
! DVD
! Skype
! Windows Vista BitLocker


Jefferson: All your liberty are belong to us!
GSM: Yet another reason to switch away from AT&T
Zune: No one cared.

Encryption & The Law

! Encryption considered a
munition under
international law
! 1999 Relaxation of
rules


Digital Signatures

! Hash with Private Key
! Public Private Key Systems
! Public Key Infrastructure (PKI)


Breakthroughs

! IBM
! Statistics on encrypted data
! No compromise on security or
anonymity


http://www.net-security.org/secworld.php?id=7690

Keys

! Clickers/Tokens
! One Time Pads (paper)


Misc

! Message Digests == Hash?
! Certificates (x509 v3)
! Digital signatures
! Just means hashing a message, then signing
the hash with the private key
! Later verified by decrypting the hash with
the public key, then re-running the hash
and comparing the two hashes.
! Block vs Stream ciphers


Cryptographic
Message Syntax
Sign / Digest / Auth / Encrypt


Session Keys

! symmetric key exchanged securely
by a private/public key initial
transaction


Elliptic Curve

! Faster than standard public key
encryption
! ECC
! Based on elliptic curve logarithm
problem


Encryption Boot Camp on the JVM

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Encryption Boot Camp on the JVM

Similar to Encryption Boot Camp on the JVM (20)

More from Matthew McCullough

More from Matthew McCullough (20)

Recently uploaded

Recently uploaded (20)

Encryption Boot Camp on the JVM