Droba Security Ievads Pa sakum datortklus pamata izmantoja
Drošība / Security
Ievads • Pašā sakumā datortīklus pamata izmantoja universitātes pētnieki e-pasta rakstīšanai un korporatīvie darbinieki printeru koplietošanai • Tādos apstākļos par drošību daudz nedomāja. . . • Tagad miljoni cilvēku izmanto Internetu, lai • • • Pārvaldīt banka rēķinus Aizpildīt nodokļu deklarācijas Iepirkties e-veikalos • Līdz ar to problēma kļūst ļoti aktuāla!
Pakrāpēji • Visvairāk drošības problēmas rādās ļaundarīgu personu dēļ, kuri mēģina iegūt labumu sev, jeb kaitēt citiem • Pakrāpēju kategorijas: • • Students - intereses pēc Biznesmenis - uzzināt konkurentu plānus Afērists - nozagt kredītkaršu numurus Spiegs - nozagt pretinieka militāru informāciju
Drošības problēmas • Drošības problēmas var sadalīt četros apgabalos: • Slepenums • Lai informācija nenokļūtu pie ne-autorizēta lietotāja • Autentifikācija • Lietotāja identitātes noskaidrošana • Saistību izpildīšanas stingrā nodrošināšana • Digitālais paraksts • Integritātes nodrošināšana • Atklāt gadījumus, kad informācija ceļā ir modificēta
TCP/IP protokolu steks • Tīklu drošība ir tāds aspekts, kurš aptver visus TCP/IP modeļa protokolu līmeņus
IPsec • A suite of protocols for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet in a data stream • Operates at the network layer of the TCP/IP model • For an application to use IPsec no code change is required • Mandatory part of IPv 6 (mandatory to implement, not mandatory to use), optional for use with IPv 4
Informācijas drošības pamati • Visos līmeņos (izņemot fizisko) informācijas aizsardzība balstās uz KRIPTOGRĀFIJAS
Kriptogrāfijas pamati • Kriptogrāfija – no grieķu: • κρυπτός • γράφω kryptós gráfo “noslēpts" “rakstīt" • Kriptogrāfijai ir gara un krāsaina vēsture
Kriptogrāfijas pamatjēdzieni • Šifrēšana / Atšifrēšana • Atklāts teksts [šifrs] Šifrēts teksts • Šifrs – algoritmu pāris, ar kuriem var šifrēt/atšifrēt • Atslēga – slepens (mainīgais) parametrs • Kerkgofa (Kerckhoff) princips [1883]: Šifrēšanas algoritmi ir atklāti, tikai atslēgas ir slepenas
Kriptogrāfiskie algoritmi • Kriptogrāfiskie algoritmi sadalās divās grupās: • Algoritmi ar simetrisku atslēgu • AES (Rjindael) • DES (tripple-DES) • RC 4 • Algoritmi ar publisku atslēgu • RSA • Diffie-Hellman
Algoritmi ar simetrisku atslēgu • Viena atslēga tiek izmantota gan šifrēšanai, gan atšifrēšanai • Sadalījums: • Stream ciphers • Iešifrē ziņojuma bitus pa vienam • Block ciphers • Iešifrē bitu blokus (64 -256 biti vienā blokā) • Priekšrocība: Strādā daudz ātrāk nekā publiskās atslēgas algoritmi • Trūkums: Atslēgas pārvaldība
AES (Rjindael) • Advanced Encryption Standard: Simetriskais bloku šifrs, kuru ASV valdība izvēlējas par šifrēšanas standartu (2002) • Aizvietoja DES algoritmu, kurš bija atzīts par nedrošu • Algoritma struktūra: Substitūciju-permutāciju tīkls • Bloka izmērs: 128 biti • Atslēgas garums: 128, 192 vai 256 biti
AES vienas iterācijas soļi 1 3 2 4 http: //en. wikipedia. org/wiki/Advanced_Encryption_Standard
Algoritmi ar publisku atslēgu • 1976. gadā Stenfordas universitātes pētnieki Diffie un Hellman piedāvāja radikāli jaunu kriptosistēmu – šifrēšanas un atšifrēšanas atslēgas bija dažādas! • Publiskās atslēgas kriptogrāfijas pamata principi: • • • Šifrēšanas atslēga ir publiska Atšifrēšanas atslēga ir privāta un to praktiski nevar iegūt no publiskās atslēgas Lietojumi: • • Sazināšanas konfidencialitāte Digitālais paraksts
Darbības principi http: //en. wikipedia. org/wiki/Public-key_cryptography
RSA 1. Izvēlēties divus lielus skaitļus p un q 2. Aprēķināt n=pq un z=(p-1)(q-1) 3. Izvēlēties skaitļi d, kas ar z ir savstarpēji pirmskaitļi 4. Atrast tādu skaitļi e, lai de=1(mod z) Lai iešifrēt ziņojumu P izmanto formulu: Lai atšifrēt atpakaļ:
Digitālais paraksts • Lai elektroniskie ziņojumi varētu aizvietot fiziskus dokumentus ir nepieciešams atrisināt paraksta jautājumu • Ir vajadzīga tāda ziņojumu sūtīšanas sistēma, lai: • • • Saņēmējs varētu pārbaudīt sūtītāja personību Sūtītājs vēlāk nevarētu noliegt ziņojuma saturu Saņēmējs nevarētu vēlāk samainīt saņemtu ziņojumu • Parasti digitāla paraksta algoritmi balstās uz asimetriskās (publiskās atslēgas) kriptogrāfijas
Digitāla paraksta princips • Šifrēšanas funkcija E un atšifrēšanas funkcija D ar īpašībām: • D(E(m))=m un E(D(m))=m
Digitāla paraksta shēma • Tipiski sastāv no trīs algoritmiem: 1. Atslēgu ģenerācijas algoritms, kas izveido publisku atslēgu PK un privātu atslēgu SK paraksta īpašniekam 2. Parakstīšanas algoritms: • 3. Paraksta verifikācijas algoritms: • • S(m, SK)=k V(m, PK, k)={true/false} Digital Signature Algorithm (DSA): ASV digitāla paraksta standarts (1991)
Message Digest • Parasti nav nepieciešams šifrēt visu ziņojumu, bet vajag tikai izveidot digitālu parakstu autora autentifikācijas mērķim • Ideja – izmantot neatgriezenisku heš-funkciju • • Ieeja: patvaļīga garuma bitu virkne Izeja: fiksēta garuma (128, 160) bitu virkne
Prasības ziņojuma profila funkcijai Heš-funkciju MD sauc par ziņojuma profilu un tai ir jāizpildās sekojošiem nosacījumiem: 1. Dotam tekstam P ir vienkārši aprēķināt MD(P) 2. Zinot MD(P) praktiski nav iespējams aprēķināt P 3. Dotam P praktiski nav iespējams atrast tādu P’, lai MD(P)=MD (P’) 4. Pat viena bita izmaiņa ieejas virkne noved pie ļoti atšķirīga rezultāta
Digitālais paraksts ar profila izmantošanu m - ziņojums DA – Alises privātā atslēga MD – ziņojuma profila (message digest) funkcija
Digitālais paraksts http: //gdp. globus. org/gt 4 -tutorial/singlehtml/progtutorial_0. 2. 1. html#id 2563251
Message Digest algoritmi Divi populāri heš-funkciju algoritmi: • MD 5 (Message-Digest algorithm 5) • • Digest size: 128 bits Designer: Ron Rivest, 1991 Internet standard Widely used to check integrity of files • SHA-1 (Secure Hash Algorithm) • • Digest size: 160 bits Applications: Digital Signature Algorithm, TLS/SSL, PGP, SSH, S/MIME, and IPsec
Java Security
Platform Security • The Java™ platform was designed with a strong emphasis on security • Core language features: • • Strong data typing Automatic memory management Garbage collection Range-checking on arrays Access modifiers (public, protected, private) Byte-code verification Secure class loading
Java Security Technology • Java security technology includes a large set of APIs, tools, and implementations of commonly used security algorithms, mechanisms, and protocols • cryptography • public key infrastructure • secure communication • authentication • access control
Basic Security Architecture • Security APIs were designed around the following principles • Implementation independence • Applications do not need to implement security themselves, they can request security services from the Java platform via providers • Implementation interoperability • Providers are interoperable across applications • Algorithm extensibility • The Java platform includes a number of built-in providers, supports the installation of custom providers
Security Providers • Implementation independence is achieved using a "provider"-based architecture • Provider - a package or set of packages that implement one or more security services import java. security. *; Provider[] providers = Security. get. Providers(); for (Provider p: providers){ System. out. println(p. to. String()); } Java 6. 0 SUN version 1. 6 Sun. Rsa. Sign version 1. 5 Sun. JSSE version 1. 6 Sun. JCE version 1. 6 Sun. JGSS version 1. 0 Sun. SASL version 1. 5 XMLDSig version 1. 0 Sun. PCSC version 1. 6 Sun. MSCAPI version 1. 6
Cryptographic engines • Algorithm independence is achieved by defining types of cryptographic "engines" (services) • An engine class provides the interface to a specific type of cryptographic service, independent of a particular cryptographic algorithm or provider • Examples: • • Secure. Random Message. Digest Signature Cipher
Listing provider services Provider[] providers = Security. get. Providers(); for (Provider p: providers){ System. out. println(p. to. String()); Set<Service> services = p. get. Services(); for (Service s: services){ System. out. println(" " + s. get. Type() + " --> " + s. get. Algorithm()); } }
SUN version 1. 6 services SUN version 1. 6 Secure. Random --> SHA 1 PRNG Signature --> SHA 1 with. DSA Signature --> NONEwith. DSA Key. Pair. Generator --> DSA Message. Digest --> MD 2 Message. Digest --> MD 5 Message. Digest --> SHA-256 Message. Digest --> SHA-384 Message. Digest --> SHA-512 Algorithm. Parameter. Generator --> DSA Algorithm. Parameters --> DSA Key. Factory --> DSA Certificate. Factory --> X. 509 Key. Store --> JKS Key. Store --> Case. Exact. JKS Policy --> Java. Policy Configuration --> Java. Login. Config Cert. Path. Builder --> PKIX Cert. Path. Validator --> PKIX Cert. Store --> LDAP Cert. Store --> Collection Cert. Store --> com. sun. security. Indexed. Collection
Requesting service • To use the JCA, an application • requests a particular type of object (such as a Message. Digest) • and a particular algorithm or service (such as the "MD 5" algorithm) and gets an implementation from one of the installed providers • try { Message. Digest md = Message. Digest. get. Instance("MD 5"); } catch (No. Such. Algorithm. Exception e) { // no such algorithm provided }
Provider selection md = Message. Digest. get. Instance("MD 5"); md = Message. Digest. get. Instance("MD 5", "Provider. C");
The Secure. Random Class • • Provides the functionality of a Random Number Generator Produces cryptographically strong random numbers Secure. Random random = Secure. Random. get. Instance("SHA 1 PRNG"); System. out. println("Int: " + random. next. Int()); System. out. println("Float: " + random. next. Float()); System. out. println("Long: " + random. next. Long()); System. out. println("Boolean: " + random. next. Boolean()); Int: 256421598 Float: 0. 63456607 Long: 7589616350181670704 Boolean: true
The Message. Digest Class • Designed to provide the functionality of cryptographically secure message digests such as SHA-1 or MD 5 • The MD 5 algorithm produces a 16 byte digest, and SHA-1's is 20 bytes • Message digests are used to produce unique and reliable identifiers of data, sometimes called "checksums" or the "digital fingerprints" of the data
Computing a Message. Digest object Message. Digest sha = Message. Digest. get. Instance("SHA-1"); byte[] i 1 = "Hello World". get. Bytes(); sha. update(i 1); byte[] hash = sha. digest(); System. out. println((new BASE 64 Encoder()). encode(hash)); byte[] i 2 = "Hello World!". get. Bytes(); sha. update(i 2); hash = sha. digest(); System. out. println((new BASE 64 Encoder()). encode(hash)); sha. update(i 1); hash = sha. digest(); System. out. println((new BASE 64 Encoder()). encode(hash)); Ck 1 Vq. Nd 45 QIvq 3 AZd 8 XYQLv. Eht. A= Lve 95 gj. OVATpf. V 8 EL 5 X 4 nxwj. KHE= Ck 1 Vq. Nd 45 QIvq 3 AZd 8 XYQLv. Eht. A=
The Signature Class • Provide the functionality of a cryptographic digital signature algorithm such as DSA
Signature Object States • Signature objects are modal objects • Signature object is always in a given state, where it may only do one type of operation • The three states a Signature object may have are: init. Sign() SIGN UNINITIALIZED init. Verify() VERIFY
Generating a Pair of Keys • First step is to generate public/private key pair • All key pair generators share the concepts of a keysize and a source of randomness Key. Pair. Generator key. Gen = Key. Pair. Generator. get. Instance("DSA"); Secure. Random random = Secure. Random. get. Instance("SHA 1 PRNG"); key. Gen. initialize(1024, random); Key. Pair pair = key. Gen. generate. Key. Pair(); Private. Key private. Key = pair. get. Private(); Public. Key public. Key = pair. get. Public();
Generating/verifying a signature byte[] data = "Data to be signed". get. Bytes(); // generating a signature Signature dsa. For. Sign = Signature. get. Instance("SHA 1 with. DSA"); dsa. For. Sign. init. Sign(private. Key); dsa. For. Sign. update(data); byte[] signature = dsa. For. Sign. sign(); // verifying a signature Signature dsa. For. Verify = Signature. get. Instance("SHA 1 with. DSA"); dsa. For. Verify. init. Verify(public. Key); dsa. For. Verify. update(data); boolean verifies = dsa. For. Verify. verify(signature); System. out. println("Signature verifies: " + verifies);
The Cipher Class • Provides the functionality of a cryptographic cipher used for encryption and decryption for (String a: Security. get. Algorithms("Cipher")){ System. out. println(a); } ARCFOUR PBEWITHMD 5 ANDDES RC 2 RSA PBEWITHMD 5 ANDTRIPLED ES PBEWITHSHA 1 ANDDESEDE AESWRAP AES DESEDEWRAP RSA/ECB/PKCS 1 PADDING PBEWITHSHA 1 ANDRC 2_40
Using Encryption (AES) // Generate AES key Key. Generator keygen = Key. Generator. get. Instance("AES"); Secret. Key aes. Key = keygen. generate. Key(); // Initialize cipher object Cipher aes. Cipher = Cipher. get. Instance("AES/ECB/PKCS 5 Padding"); aes. Cipher. init(Cipher. ENCRYPT_MODE, aes. Key); byte[] cleartext = "Data to be encoded". get. Bytes(); // Encrypt the cleartext byte[] ciphertext = aes. Cipher. do. Final(cleartext); // Initialize the same cipher for decryption aes. Cipher. init(Cipher. DECRYPT_MODE, aes. Key); // Decrypt the ciphertext byte[] cleartext 1 = aes. Cipher. do. Final(ciphertext);
Encryption Exceptions try { // algorithm from previous slide. . . System. out. println("Cipher successful!"); } catch (No. Such. Algorithm. Exception e 1) {. . . } catch (No. Such. Padding. Exception e 2) {. . . } catch (Bad. Padding. Exception e 3) {. . . } catch (Invalid. Key. Exception e 4) {. . . } catch (Illegal. Block. Size. Exception e 5) {. . . }
HTTPS
HTTPS • Hypertext Transfer Protocol Secure • HTTP protokola paplašinājums, kas atbalsta šifrēšanu • Dati, kas tiek pārraidīti pa HTTP tiek “iepakoti” kriptogrāfiskā protokolā SSL vai TLS, līdz ar ko tiek nodrošināta aizsardzība • Tiek izmantots URL prefikss https: // • Porta numurs pēc noklusējuma: 443
HTTPS • Sistēmu izstrādāja Netscape Communications Corporation, lai nodrošināt autentifikāciju un šifrētu savienojumu • HTTPS tiek plaši izmantots Web aplikāciju pasaulē, kur ir svarīga savienojuma drošība, piemērām, maksājumu sistēmās • HTTPS aizsarga datus pārraides gaitā no slepus noklausīšanas un "man-in-the-middle" tipa uzbrukumiem
HTTPS • Stingri ņemot, HTTPS nav atsevišķs protokols: HTTPS = HTTP + SSL/TLS • Lai sagatavot Web serveri HTTPS savienojumu pieņemšanai administratoram ir jāizveido publiskas atslēgas sertifikātu • HTTPS izmanto atslēgas garumu tikai 40, 56 vai 128 biti, kas ir nepietiekami • Līdz ar to nevajadzētu uzskatīt, ka HTTPS nodrošina augstu drošības līmeni
SSL/TLS
SSL/TLS • SSL = Secure Sockets Layer (first released in 1994) • TLS = Transport Layer Security (first defined in 1999) • TLS is the successor to the SSL • A protocol that ensures privacy between communicating applications and their users on the Internet • Provides secure communications for such things as • web browsing, e-mail, Internet faxing, instant messaging and other data transfers
TLS authentication • TLS provides endpoint authentication and communications privacy over the Internet • Typically, only the server is authenticated, while the client remains unauthenticated • So, the end users can be sure with whom they are communicating • The next level of security - both ends of the "conversation" are authenticated mutual authentication
TLS phases TLS involves three basic phases: 1. Peer negotiation for algorithm support 2. Key exchange and authentication 3. Symmetric cipher encryption and message authentication Typical algorithms could be: • • Key exchange: RSA, Diffie-Hellman, DSA, SRP, PSK Symmetric ciphers: RC 4, Triple DES, AES or Camellia Cryptographic hash function: HMAC-MD 5 or HMAC-SHA
TLS Handshake (1/3) • A TLS client and server negotiate a stateful connection by using a handshaking procedure • Aim: to agree on various parameters used to establish the connection's security 1. Client connects to a TLS-enabled server requesting a secure connection 2. Client presents a list of supported ciphers and hash functions
TLS Handshake (2/3) 3. From this list, the server picks the strongest cipher and hash function that it also supports and notifies the client of the decision 4. The server sends back its identification in the form of a digital certificate • • • the server name the trusted certificate authority (CA) the server's public encryption key 5. The client may confirm that the certificate is authentic before proceeding
TLS Handshake (3/3) 6. Secure session key generation • The client encrypts a random number with the server's public key • Sends the result to the server • Only the server can decrypt it (with its private key) 7. From the random number, both parties generate key material for encryption and decryption This concludes the handshake and begins the secured connection, which is encrypted and decrypted with the key material until the connection closes
TLS Handshake
Applications • TLS runs on layers beneath application protocols such as HTTP, FTP, SMTP, and above a reliable transport protocol, such as TCP • Visa, Master. Card, American Express and many leading financial institutions have endorsed TLS for commerce over the Internet • TLS can also be used to tunnel an entire network stack to create a VPN (Virtual Private Network)
Open. SSL • The Open. SSL Project is a collaborative effort to develop a robust, commercial-grade, full-featured, and Open Source toolkit implementing the • • Secure Sockets Layer (SSL v 2/v 3) Transport Layer Security (TLS v 1) as well as a full-strength general purpose cryptography library http: //www. openssl. org/
Java Platform Support • Provides APIs and an implementation of the SSL and TLS protocols that includes functionality for • • data encryption message integrity server authentication optional client authentication • The javax. net. ssl. SSLSocket class represents a network socket that encapsulates SSL/TLS support on top of a normal stream socket (java. net. Socket)
Piemērs: hanza. net
Piemērs: hanza. net sertifikāts (IE)
Piemērs: digi. parex. lv sertifikāts (Firefox)
Authentication in Java
Definitions • Authentication is the process of determining the identity of a user • Authorization is the process of giving user permission to do or have something • Logically, authorization is preceded by authentication
JAAS • Java™ Authentication and Authorization Service: Authentication and user-based access control services in Java • JAAS can be used for two purposes: • for authentication of users, to reliably and securely determine who is currently executing Java code • for authorization of users to ensure they have the access control rights (permissions) required to do the actions performed
Authentication in Java JAAS authentication is performed in a pluggable fashion pluggable login modules
Authentication mechanics • Applications call into the Login. Context class, which in turn references a configuration import javax. security. auth. login. *; Login. Context lc = new Login. Context(<config file entry name>, <Callback. Handler to be used for user interaction>); lc. logn(); • The configuration specifies which login module • an implementation of the interface javax. security. auth. spi. Login. Module is to be used to perform the actual authentication
Built-in login modules • The Java platform provides the following built-in Login. Modules: • Krb 5 Login. Module for authentication using Kerberos protocols • Jndi. Login. Module for username/password authentication using LDAP or NIS databases • Key. Store. Login. Module for logging into any type of key store, including a PKCS#11 token key store
The Login Configuration • A login configuration file consists of one or more entries, each specifying which underlying authentication technology should be used <name used by application to refer to this entry> { <Login. Module> <flag> <Login. Module options>; <optional additional Login. Modules, flags and options>; }; Login. Domain { sample. Sample. Login. Module required debug=true; com. sun. security. auth. module. NTLogin. Module sufficient; com. foo. Kerberos optional debug=true; };
Specifying login config file • The configuration file to be used can be specified by setting java. security. auth. login. config system property • As a command line argument: java -Djava. security. auth. login. config==login. config • In program code: System. get. Properties(). set. Property( "java. security. auth. login. config", "login. config");
Let’s make secured applications!
References • Java™ Security Overview http: //java. sun. com/javase/6/docs/technotes/guides/s ecurity/overview/jsoverview. html • Java ™ Cryptography Architecture (JCA) Reference Guide http: //java. sun. com/javase/6/docs/technotes/guides/s ecurity/crypto/Crypto. Spec. html • Book “Java Security” http: //www. unix. org. ua/orelly/javaent/security/index. htm
- Slides: 73