Cryptography in Java

Cryptographic services provided by Java: 1) Java cryptography Architecture(JCA): set of classes provides security. JCA is a part of default Java Application development environment. ie. Within JDK. JCA introduced in JDK version 1.1. 2) Java Cryptography Extension(JCE): not a part of core Java JDK. additional piece of software requires license. JCE and JCA are packaged together.

Cryptography in Java
Java Cryptographic Architecture(JCA): Cryptographic functionalities(Access control, permissions, key pairs, MD, DSS) provided as set of classes in a package called security. JCA is provider architecture. separates cryptographic concepts (ie interfaces) from actual

implementation.
Programming language independence is achieved through interfaces. Interface: set of functions signifies what interface can do. No implementation details. Supports plug-able architecture, ie allows to change internal details. vendor-independent and expandable.

Cryptography in Java
Interface:

Cryptography in Java
JCA package consists of number of classes: Engine class : logical representation of cryptographic functionality. Provider: actual implementation of algorithms. When JVM begins execution, consults file and loads appropriate provider classes in memory.

Cryptography in Java
JCA package:

Cryptography in Java
Key Management in JCA: Javakey utility - stores private, public keys of a user in a same unprotected DB. Keytool - stores public, private keys separately and protects them with passwords. Database used by keytool is keystore. Keytool services: Creation of key pairs and self-signed certificates. Export certificates. Issues Certificate Signing Request (CSR) to CA for requesting a certificate. Imports others certificates for signature verification.

Cryptography in Java
JCA features: getInstance(): - accepts name of the desired algorithm as an argument & returns an instance of appropriate class. Example: Implementing SHA-1 algorithm. Update(): -Pass data to update() of MD object & write to output file. Digest(): -creates MD & add it to same file.

Cryptography in Java
Java Cryptographic extension(JCE): Cryptographic functionality of encryption of data. Also based on engine classes and provider classes. Architecture of JCE is similar to JCA. JCE is free.

Cryptography in .NET
Class Model: In cryptographic object model , symmetric algorithms is modeled as single abstract base class. Abstract base class is inherited by number of abstract algorithm classes. Respective algorithm implementation classes are subclasses of abstract algorithm classes.

Cryptography in .NET
Abstract Base class: defines methods and properties common to all algorithms in this class (eg. Length of keys) Abstract Algorithm classes: (has 2 functions) algorithm-specific details.(key sizes and block sizes) define properties and methods specific to every implementation of algorithm, do not apply to other algorithms. Algorithm Implementation classes: To carry out specific action.

Cryptography in Java, .NET and OS

Cryptography in Java, .NET and OS

Cryptography in Java, .NET and OS

How class model is used in .NET? configuration system for crypt. Classes. defines default implementation type for abstract base class, abstract algorithm classes. Abstract class has static create method- creates instance. Once object is created, appropriate method is called.

Cryptography in Operating Systems

All traditional OSs are monolithic - single big program consisting of

several procedures. Each performs its task. Any procedure could call any other procedure. Debugging and enhancing OS is a monumental task. No Information hiding. Every procedure is visible to every other procedure.

Cryptography in Operating Systems

Layered OS: Operations stacked horizontally on top of another. Interaction b/w adjacent layers was possible. All layers executed in kernel mode. Each layer possesses high amount of functionality. Changes to any layer causes problem to adjacent layer. Not easy to implement security features.

Cryptography in Operating Systems

Microkernel OS: contains only bare minimum functionality. Other not part of microkernel, executes as user process. Implements security mechanisms.

Cryptography in Operating Systems

TCP/IP Vulnerabilities: Every computer connected to internet makes use of TCP/IP software. Security problems in TCP/IP: Spoofing Session hijacking: attacker take control of a connection. Sequence Guessing: Attacker can guess random number to manipulate connections. Lack of authentication and encryption SYN flooding: send dummy connection request packets to destination for jamming resources.

Cryptography in Operating Systems

Security in UNIX: Access Control UNIX multiuser OS. Many users able to access OS services at the same time. Needs security and privacy. Assigns unique UID to every user. [0 to 65,535) Files , processes and resources are marked with users UID. Multiple users are grouped into GID. (Group ID) -16 bit. One user can belong to multiple groups. Each process has UID & GID of owner. File created (UID,GID), access rights : read(r),write(w),execute(x).

Cryptography in Operating Systems

User Authentication Stores MD of user passwords in DB. Log on, User enters User id and password. UNIX creates MD of password, compares it with received one. User authenticated. dictionary based attacks, try out list of possible passwords. To prevent, use SALT concept. 3 columns in DB: user id ,salt, MD of concatenation of Users password and salt together.

Cryptography in Operating Systems

Cryptography in Operating Systems

Security in Windows 2000 Every user and group is assigned unique Security ID. (unique all over the world) Binary number followed by a random number. A process runs under users SID, has access token[Sid & other information. User Authentication: Uses kerberos, challenge/response mechanism of windows NT called NT LAN Manager(NTLM) for user authentication.

Cryptography in Operating Systems

NTLM: 1. User enters Userid and password. Client m/c computes MD. 2. Client sends used id to server. (as clear text) 3. Server sends 16-byte nonce to client. 4. Client encrypts nonce with MD of password & sends to server. 5. Server forwards user id, original nonce, clients response to domain controller.[Keeps track of it] 6. Domain controller accepts values from server, retrieves MD of PWD for user from DB(Security Access Manager) & encrypt nonce received from server. 7. DC compares nonce received from server & one that it has computed. If success, authenticated user.