Java Security

Ogg-Vorbis format, 16Mbytes

MP3, 16Mbytes

WAV format, 175Mbytes

Security Manager

• From JDK 1.2 onwards, applications can be run with a security manager
• This can be set by the runtime

        java -Djava.security.manager

• A security manager can be set by code

        System.setSecurityManager(new SecurityManager())
        

  This may fail if the current security permisssions do not allow a security manager to be set. If

        System.getSecurityManager()

  is null then a security manager can always be set
• The only subclass of SecurityManager that is in the JDK is RMISecurityManager that allows code to be downloaded across the network - for remote code only. Used by RMI and Jini applications
• A security manager needs a security policy, which can also be set at the command line

        java -Djava.security.policy=someURL

Security Policy

• A security policy says what code is allowed to do
• Example permissions:

        permission java.io.FilePermission "/tmp/*", "read, write";
        permission java.lang.RuntimePermission "exitVM", "true";
        

• If a permission isn't granted, then it is not allowed
• In the example, write permission to the /tmp directory is allowed, but not the FilePermission to write to any other directory
• In the example, permission to exit the JVM is granted, but not the RuntimePermission to stopThread

Code Permissions

• Java classes may come from a variety of sources:
  • Classes in the JDK directory jre/lib/ext. These classes are completely trusted
  • Classes in local class files
  • Classes in local jar files
  • Remote classes
• Permissions may be granted to classes based on origin and/or whether they are signed

Sample permissions

• Grant permission only for certain activities, such as socket access at various levels on particular ports, or access to certain files for reading, writing or execution

  
        grant {
          permission java.net.SocketPermission "224.0.1.85", "connect,accept";
          permission java.net.SocketPermission "*.edu.au:80", "connect";
        }
        

• Grant access only to particular hosts, subdomains or domains

  
        grant codebase "http://sunshade.dstc.edu.au/classes/" {
          permission java.security.AllPermission "", "";
        }
        

• Require digital signatures attached to code

  
        grant signedBy "sysadmin" {
          permission java.security.AllPermission "", "";
        }
        

Keystores

• Public/private keys are kept in keystores
• The keystore should be specified in the policy file

        keystore "url", "keystore-type"
        

  e.g.

        keystore "file:/home/jan/.keystore", "JKS";
        

• Keystores are manipulated using keytool

        keytool -keystore ~jan/.keystore -list # list known keys
        keytool -keystore ~jan/.keystore -storepasswd -new
                 # generate password for store access 
        keytool -keystore ~jan/.keystore -genkey
                 # generate a new private/public key
        keytool -keystore ~jan/.keystore -export
                 # export keys to a file for transmission
        

Signing files

• To sign a jar file, use jarsigner

Some private key algorithms

• A crypto transformation can be specified by algorithm/mode/padding where optional parts use default values

        DES
        DES/CBC/PKCS5Padding
        

Some public/private key algorithms

Class Cipher

• The Cipher class is used by JCE to handle crypto
• Get a new object by a factory method of Cipher

        public static Cipher getInstance(String transformation)
        

• A cipher object must be initialised before use by init()

        init(int opmode, Key key)
        init(opmode, Certificate cert)
        // etc
        

  where opmode is one of ENCRYPT_MODE or DECRYPT_MODE
• Encrypt/decrypt by

        public byte[] doFinal(byte[] input)
        

Example

SSL (Secure Sockets Layer)

• SSL was introduced by Netscape for encryption of data at the socket layer.
• Services such as HTTPD, IMAP, etc can then be run above SSL to send encrypted HTML, mail documents
• Netscape/IE show a broken key for ordinary HTTP, a completed key for HTTP over SSL
• SSL has been standardised by the IETF as TLS (Transport Layer Security)
• SSL uses
  • Public key identification of parties - in particular the server
  • Exchange of a secret session key
  • Secret key encryption for message exchange
• JSSE (Java Secure Socket Extension) is in JDK 1.4, and is the Java API for using SSL
• An article on getting JSSE to work is at http://www.ddj.com/articles/2001/0102/0102a/0102a.htm?topic=security

Echo Server with SSL/TLS

I can't get this to see any certificates yet

Echo Client with SSL/TLS

Running the client and server

• Create a keystore to hold the private and public keys for the server. e.g.

  
        keytool -genkey -keystore mykeystore -alias "..." -keypass "..."
        

• Export the X509 certificate from this store

  
        keytool -export -alias "..." -keystore keystore -file mycertfile.cer
        

• Import this into a trustStore for the client

  
        keytool -import -alias "..." -keystore mytruststore -file mycertfile.cer
        

• Run the server using the keystore

  
        java -Djavax.net.ssl.keyStore=mykeystore \
             -Djavax.net.ssl.keyStorePassword="..." \
             TLSEchoServer
        

• Run the client using the truststore

  
        java  -Djavax.net.ssl.trustStore=mytruststore \
              -Djavax.net.ssl.trustStorePassword="..." \
              TLSEchoClient localhost
        

• If things don't work out right, add the debugging flag -Djavax.net.debug=ssl

References

1. Li Gong "Inside Java2 Platform Security" Addison-Wesley 1999
2. Java Cryptography Extension http://java.sun.com/products/jce/index-14.html
3. Java Secure Socket Extension http://java.sun.com/products/jsse/index-14.html