By Bahaa Zaid [email protected] 2009-01-13. Agenda Introduction to Security Java Security XML...
-
Upload
kerry-ford -
Category
Documents
-
view
216 -
download
0
Transcript of By Bahaa Zaid [email protected] 2009-01-13. Agenda Introduction to Security Java Security XML...
![Page 2: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/2.jpg)
AgendaIntroduction to SecurityJava SecurityXML SecurityWS-Security
![Page 3: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/3.jpg)
Introduction to SecurityCryptography
Symmetric-Key Cryptography Public-Key Cryptography
Public Key Infrastructure Cryptographic Hash Function Digital Signature
![Page 4: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/4.jpg)
CryptographyIs the practice and study of hiding informationEncryption is the process of transforming information
(plaintext) using an algorithm (cipher) to make it unreadable to anyone (ciphertext) except those possessing special knowledge (key).
Decryption is to make the encrypted information readable again.
![Page 5: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/5.jpg)
Symmetric-Key CryptographySymmetric-key cryptography refers to encryption
methods in which both the sender and receiver share the same key. This was the only kind of encryption publicly known until June 1976.
Examples are DES, 3DES, Blowfish, RC4…
![Page 6: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/6.jpg)
Symmetric-Key CryptographyPlaintext CiphertextCipher
PlaintextCiphertext Cipher
![Page 7: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/7.jpg)
Public-Key CryptographyPublic-Key Cryptography, also known as Asymmetric
Cryptography, is a form of cryptography in which the key used to encrypt a message differs from the key used to decrypt it. In public key cryptography, a user has a pair of cryptographic keys—a Public Key and a Private Key.
Examples are RSA and ElGamal.
![Page 8: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/8.jpg)
Public-Key CryptographyA big random number is
used to create a key pair. When the keys have been made the big random number is thrown away. Without knowledge of the random number it should be "impossible" to create the private key from the public key.
![Page 9: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/9.jpg)
Public-Key Cryptography A message encrypted
with a recipient's public key cannot be decrypted by anyone except the recipient possessing the corresponding private key.
![Page 10: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/10.jpg)
Public Key Infrastructure Public Key Infrastructure (PKI) is an arrangement that
binds public keys with respective user identities by means of a Certificate Authority (CA).
CA is an example of Trusted Third Party (TTP).A CA is an entity which issues Public Key Certificate for
use by other parties.
![Page 11: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/11.jpg)
Public Key Infrastructure The most common certificate standard is the ITU-
T X.509. A Public Key Certificate is an electronic document which
incorporates a Digital Signature to bind together a public key with an identity — information such as the name of a person or an organization, their address, and so forth.
A Public Key Certificate is the Public Key of an individual added to it his/her Identity and signed by a CA.
The certificate can be used to verify that a Public Key belongs to an individual .
![Page 12: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/12.jpg)
Public Key Infrastructure A Certificate Chain is a sequence of certificates, where
each certificate in the chain is signed by the subsequent certificate. The last certificate in the chain is normally a self-signed Certificate - a certificate that signs itself (Root Certificate).
It’s an example of Chain Of Trust.
CA Cert(Root Cert)
signs
Company CA
signs App Certsigns
![Page 13: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/13.jpg)
Cryptographic Hash FunctionA Cryptographic Hash Function is an algorithm that takes
an arbitrary block of data and returns a fixed-size bit string, the Hash Value or Message Digest, such that an accidental or intentional change to the data will almost certainly change the Hash Value.
Examples are MD5, SHA-1 and SHA-256.Applications are Message Integrity Verification, Digital
Signatures, …
![Page 14: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/14.jpg)
Cryptographic Hash FunctionThe ideal hash function has four main properties:
It is easy to compute the hash for any given data,It is extremely difficult to construct a text that has a given
hash,It is extremely difficult to modify a given text without
changing its hash, andIt is extremely unlikely that two different messages will
have the same hash.
![Page 15: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/15.jpg)
Digital SignatureFor messages sent through an insecure channel, a
properly implemented Digital Signature gives the receiver reason to believe the message was sent by the claimed sender.
Digital Signature gives both Authentication and Integrity.
![Page 16: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/16.jpg)
Digital Signature
![Page 17: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/17.jpg)
Java SecuritySun’s website says:
“Java security technology includes a large set of APIs, tools, and implementations of commonly used security algorithms, mechanisms, and protocols. The Java security APIs span a wide range of areas, including cryptography, public key infrastructure, secure communication, authentication, and access control.”
Platform Security is built-in language security features enforced by the Java compiler and virtual machine for example Bytecode verification, Secure class loading .
![Page 18: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/18.jpg)
Java SecurityAccess Control is a comprehensive policy and
permissions API that allows the developer to create and administer applications requiring fine-grained access to security-sensitive resources.
Java includes APIs for Cryptography , Secure Communications (e.g. TLS) and PKI.
Java Security is Extensible i.e. Java provide the interfaces and the implementation is provided by a Security Provider, JRE has a default provider (SUN provider).
![Page 19: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/19.jpg)
Unlimited Strength Policy FilesBy default, JRE is restricted to a particular Encryption
Algorithms and Key Lengths (Strong Encryption).This restriction is in place so that the JRE and Java
Applications that use Encryption can be freely imported by countries whose government restrict the use of Cryptography.
There are no restrictions in Egypt. So, you can download the Unlimited Strength Policy Files from Sun’s website and install it to enable unlimited encryption.
![Page 20: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/20.jpg)
Example: Computing The Hash of a byte[]MessageDigest msgDigest = MessageDigest.getInstance("MD5");
msgDigest.update(plainText); //byte[]
byte[] digest = msgDigest.digest();
![Page 21: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/21.jpg)
Example: Private Key CryptoKeyGenerator keyGen = KeyGenerator.getInstance("DES");
keyGen.init(56);Key key = keyGen.generateKey();…Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
cipher.init(Cipher.ENCRYPT_MODE, key);byte[] cipherText = cipher.doFinal(plainText);…cipher.init(Cipher.DECRYPT_MODE, key);byte[] newPlainText = cipher.doFinal(cipherText);
![Page 22: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/22.jpg)
Example: Public Key CryptoKeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(1024);KeyPair key = keyGen.generateKeyPair();…Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.ENCRYPT_MODE, key.getPublic());byte[] cipherText = cipher.doFinal(plainText);…cipher.init(Cipher.DECRYPT_MODE, key.getPrivate());byte[] newPlainText = cipher.doFinal(cipherText);
![Page 23: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/23.jpg)
Example: Digital Signature
![Page 24: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/24.jpg)
Example: Accessing Key Stores
![Page 25: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/25.jpg)
Example: Accessing Key Stores
![Page 26: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/26.jpg)
Serializing a Key
![Page 27: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/27.jpg)
Serializing a Certificate
![Page 28: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/28.jpg)
Example: Generating a CertificateStandard Java does not have an X509Certificate
generation APIBouncyCastle has a class for generating X509Certificate
instance org.bouncycastle.x509.X509V3CertificateGenerator
![Page 29: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/29.jpg)
Example: Generating a Certificate
![Page 30: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/30.jpg)
XML SignatureXML Signature (also called XMLDsig, XML-DSig, XML-Sig)
is a W3C recommendation that defines an XML syntax for digital signatures.
An XML signature used to sign a resource outside its containing XML document is called a detached signature;
If it is used to sign some part of its containing document, it is called an enveloped signature;
If it contains the signed data within itself it is called an enveloping signature.
![Page 31: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/31.jpg)
XML SignatureXML Resource
XML SignatureXML Signature
Signed Data
XML Resource
XML SignatureXML Signature
Signed XML Element
XML Resource
XML Signature 1
XML Signature 1
Signed XML Element
XML Signature 2
XML Signature 2
Detached Enveloping Enveloped
![Page 32: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/32.jpg)
XML SignatureImplementation:
Apache XML Security (santuario)Standard XML Digital Signature API (JDK 6), also
implemented in Apache XML Security for pre-6 JDKs
![Page 33: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/33.jpg)
XML Signature
![Page 34: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/34.jpg)
XML Signature
![Page 35: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/35.jpg)
XML Signature
![Page 36: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/36.jpg)
Referenceshttp://www.wikipedia.orghttp://java.sun.com/javase/technologies/security/ http://java.sun.com/security/reference/docs/index.html
![Page 37: By Bahaa Zaid bzaid@arxict.com 2009-01-13. Agenda Introduction to Security Java Security XML Security WS-Security.](https://reader036.fdocuments.in/reader036/viewer/2022062421/56649d975503460f94a815b0/html5/thumbnails/37.jpg)
More Resourceshttp://www.ibm.com/developerworks/edu/j-dw-
javasec1-i.html http://www.ibm.com/developerworks/edu/j-dw-
javasec2-i.html