Java Security

1
Java Security

• Shamsi Moussavi

2
Topics

• JDK 1.0 Security Model
• JDK 1.1 Security Model
• JDK 1.2 Security Model
• Some example codes

3
JDK 1.0

• Original security model, sandbox
• Very restricted environment
• All incoming code is considered untrusted
• Access to limited resources inside the sandbox
• Local code is trusted
• Full access to system resources
• Security manager determines the access limit

4
JDK 1.0
5
JDK 1.1

• New concept Signed applet
• Digitally signed applet is treated like local
  code
• Packaged in a JAR file along with the signature
• Full access
• Unsigned applets go through sandbox

6
JDK 1.1
7
Check Points

• Compiler and bytecode verifier
• Allow only legitimate Java bytecode
• Classloader
• Defines a local name space for the code to ensure
  its execution doesnt interfere with other
  programs
• Security manager
• Apply access restriction to untrusted code

8
Check Points
Applet
Byte code verifier
Class Loader
Execute
Security Manager
A flaw in any of these subsystems may cause a
security hole
9
Bytecode Verifier

• Bytecode Compilation of class file in a
  platform-independent form
• The applet bytecode is verified statically to
  verify the bytecode format
• Begins with right magic number
• attribute of all java class files
• Is not truncated or have extra bytes appended
• Contains recognized attributes of proper length
• Do not contain any unrecognized info

10
Bytecode Verifier

• Static type checking is difficult to implement
• Hostile compilers can create instructions that
  processor can execute but java compiler can not
  generate
• How should bytecode verifier detect non-standard
  bytecode?
• Flaws can be exploited

11
Class loader

• Ensure that fundamental Java classes are not
  replaced by other classes referenced by applets
• i.e. replace the security manager and skip the
  security checks
• Class tag indicates which class loader has
  installed it
• Determine the privilege level

12
Class Loader

• Built-in classes have a special class loader
• Applet Class Loader creates its own namespace
• Classes in one namespace can not reference
  classes in another namespace
• Predefined path for finding classes
• The built-in classes
• Applets own namespace classes

13
Security Manager

• Provides dynamic security checks
• All access requests are sent to security manager
• Based on the classs privileges, the request is
  denied or honored
• Security managers are customizable
• Good or bad?

14
JDK 1.1 - JCA

• Introduced Java Cryptography Architecture (JCA)
• Allows multiple and interoperable cryptography
  implementations
• Cryptographic Service Provider (CSP) or provider
• Packages including concrete implementation of
  subset of cryptography aspects of JDK security

15
JDK 1.1 - JCA

• A provider implementation can contain one or more
• Digital signature algorithms
• Message digest algorithms
• Key generation algorithms

16
JDK 1.2

• New concept Security policy
• Applies to all code
• Defines the permissions for the code
• Configurable by system administrator and user
• Each permission allows access to specific
  resource
• i.e. connection to specific port or read/write
  access to a particular file

17
JDK 1.2
18
JDK 1.2

• Local or remote codes classes are organized into
  domains
• Each domain has a specific permission
• Instances of the classes in the same domain have
  the same permission
• Very restricted domains can be configured
• Applications run unrestricted
• But the policy can be modified to put some
  restrictions

19
JDK 1.2
Security policy
a.class b.class c.class d.class
permissions
Domain A
permissions
Domain B
Classes in Java runtime
20
JDK 1.2 - JCA

• In addition to JCA1.1 features, it provides
• Keystore key creation and management
• Algorithm parameter generation
• Algorithm parameter management
• Key factory support
• Certificate factory support (generation and
  revocation)

21
JDK 1.2 - JCA

• Enables providers with a random-number generation
  (RNG) algorithm
• Includes a default provider (SUN)
• DSA (Digital Signature Algorithm)
• MD5 and SHA-1
• Certificate factory for x509 certificates

22
Cryptography Architecture Extensions (JCE)

• An separate extension to JDK
• In accordance with US export control laws
• Includes API for
• Encryption
• Key exchange
• MAC Message Authentication Code

23
JCA modules
24
Engine Classes

• A class that defines API methods to access
  specific type of cryptographic service
• Abstract, no concrete implementation
• Applications use an instance of Signature engine
  class and the actual implementation is in
  Signaturespi class that, for instance, implements
  SHA-1 with RSA

25
Java 1.2 security API

• java.security
• General classes
• java.security.interface
• Interfaces for RSA and DSA
• java.security.spec
• Interfaces and classes for key/algorithm
  specifications
• java.security.cert
• Classes for managing certificates
• java.security.acl
• Classes for managing access control lists

26
Key Generation (public key)

• Using RSA algorithm,1024 bit key pair

KeyPairGenerator kgen KeyPairGenerator.getInstan
ce(RSA) //prefer java.security.SecureRandom()
to java.util.Random kgen.initialize(1024, new
SecureRandom()) Keypair myPair
kgen.generateKeyPair()
27
Encryption

• Encrypt using public key

String plainText byte cipherText Cipher
encrypt Cipher.getInstance(RSA/ECB/PKCS1Padding
) encrypt.init(Cipher.ENCRYPT_MODE,
myPair.getPublic()) int i for (i0
iltplainText.length-1 i1) cipherTexti
encrypt.update(plainTexti.getBytes()) ciphe
rTexti encrypt.doFinal(plainTexti.getBytes()
)
28
Decryption

• Decrypt using private key

Cipher decrypt Cipher.getInstance(RSA/ECB/PKCS1
Padding) decrypt.init(Cipher.DECRYPT_MODE,
myPair.getPrivate()) int i byte
decrypted for (i0 iltcipherText.length-1 i1)
decrypted decrypt.update(cipherTexti)
decrypt decrypt.doFinal(cipherTexti)
29
Message Digest

• Java.security.MessageDigest
• The message digest object is automatically reset
  after this call

MessageDigest md MessageDigest.getInstance(SHA-
1) //supply input md.update(byteArray) //create
message digest Byte mdcode md.digest()
30
Digital Signing

• Sender signs with private key

Signature rsa Signature.getInstance(RSA) //in
itialize with private key PrivateKey privateKey
myKeyPair.getPrivate() rsa.initSign(privateKey)
//update the signature object with the data to
be signed rsa.update(someData) //sign the
data byte signature rsa.sign()
31
Digital Verification

• Receiver verifies data with public key

PublicKey pubKey aKeyPair.getPublic() rsa.initV
erify(pubKey) //update the signature object with
the data to be verified rsa.update(data) //verify
the signature Boolean isVerified
rsa.verify(sig)
32
Tools

• Keytool
• Creates pairs of public and private keys
• Imports and displays certificate
• Export certificate
• Generate self signed X509 certificates
• Jarsigner
• Sign JAR files
• Verify the signature of the signed JAR file
• Policy tool
• Create and modify the policy configuration file

33
Policytool
34
Policy File

• Default policy files defined insecurity
  properties file (java.security)
• System
• policy.url.1JAVA_HOME/lib/security/java.policy
• User
• policy.url.2fileUSER_HOME/.java.policy

35
Policy File

• Customized policy file can be considered as
• command-line argument
• appletviewer -J-Djava.security.policymypolicy
  http//somepath/somehtml.html
• Additional policy file specification in security
  properties file
• policy.url.3file/USER_HOME/test/myploicy

36
Keytool

• Can be used to
• Create private key and associated public key
  certificate
• Issue certificate request
• Import certificate replies (from CA after
  request)
• Import public key certificates of others
• manage your keystore

37
Keytool

• -alias - to refer to it in future
• -keypass - password for private key
• -storepass - keystore password
• More secure if passwords are given when prompted
  for

Keytool -genkey -alias signEmail -keypass kpn10
-keystore myownstore -storepass fgh23
38
Distinguished Name

• Previous command will prompt for
• First and last name (CN)
• Organizational unit name (OU)
• Organization name (O)
• City or locality (L)
• State or province (ST)
• Two-letter country code (C)
• This will constitute the distinguished name

39
Keystore

• A password-protected database
• stores private key and its associated public key
  certificate
• Can contain trusted certificates
• Each entry is identified by an alias
• An alias may identify the purpose of the key.
  i.e. signMyEmails

40
Signing Code
41
Signed Code Verification

• Exported public key needs to be verified for
  authenticity before it can be used for
  verification
• Use of certificate is more common rather than the
  public key itself
• Trust chain/certificate chain
• Trusted certificates are kept in keystore

42
Signed Code Verification

• Verification can be done by
• jarsigner tool (for jar files containing the code
  and signature)
• it retrieves the signers certificate and
  certificate chain from keystore and puts them in
  jar file
• API methods
• Runtime system (checks the policy file)

43
Receiving Signed Code