Professional Documents
Culture Documents
Module Overview
• Course map
• Relevance
• Objectives
• References
Module 15
Balanced Solutions
Think Beyond
• What do you do, knowing environments are not totally
secure?
• How do you create a workable security plan?
• What is the trade off between security and usability?
Internal Risks
• Biggest threat
• Unintentional threats
• Social engineering
• Educating employees
• Intentional threats
Berkeley r Commands
• rexec
• rlogin and rsh commands
• rlogin
• rsh
• Trusted hosts and users – /etc/hosts.equiv and
$HOME/.rhosts
• r command conditions
Email
• Definition of SMTP
• UNIX implementation of SMTP – sendmail
• Accessing the SMTP port
• SMTP commands
• Weaknesses in SMTP – MAIL FROM, VRFY/EXPN
• Security options in Version 8 of sendmail
Passwords
• Importance of protecting passwords
• Password security problems
• Password cracking programs
• Crack and CrackJack
• Packet sniffers
• snoop, Sniffit, Network General Sniffer, Tcpdump
3.0, Gobbler, ethdump v1.03, Net Monitor
• Social engineering
CERT
• What it is
• What it does
• CERT advisories
• Where advisories are published
• Vendor-initiated bulletins
Example of Recommended
Programming
public void start() {
if (frozen) {
//Do nothing. The user has requested that we
//stop changing the image.
} else {
//Start animating!
if (animatorThread == null) {
animatorThread = new Thread(this);
}
animatorThread.start();
}
}
Malicious Applets
• They exist
• What they can do
• Dealing with them
• Examples of annoying applets
• Moving dialog
• Sounds that will not stop
Attack Applets
• No reported security breaches
• Does not mean they have not occurred
• Research teams have shown they are possible
• Refer to Appendix C
Module Overview
• Course map
• Relevance
• Objectives
• References
Module 14
Think Beyond
• With the availability of security protocols, digital
signatures, certificates, access control mechanisms, and
so forth, how secure are your Java programs?
• How secure is the Internet?
• Can Java applets still cause problems?
Java Card
• What it is
• Features and benefits
• Java Card specification
Web Servers
• Basic security features
• Basic authentication
• Digest authentication
• SSL server authentication
• SSL privacy protection
• Realms with users and groups
• ACLs to protect access to Web pages
Module Overview
• Course map
• Relevance
• Objectives
• References
Module 13
Java Security-Related
Software and Products
Think Beyond
• What are some of the Sun Java products and software
that support security protocols?
• What features do they provide?
CertStore Class
• Purpose
• Information provided to CertStore
• Help option
• Example syntax use
> java sun.security.CertStore -keystore
%HOME%\keys -selfcert
Login Facility
• Purpose
• Using the Login class
> java -Duser.keystore=%HOME%\keys sun.security.Login
sun.security.AuthGUI MySSLApplication
Cipher Suites
• Definition
• Negotiation process
• Cipher suites names
Classes
• CACertificateStoreImpl
• CertFileManager
• Verisign
• AuthContext
• AuthGUI
• AuthTTY
• CertStore
• Login
• SimpleTrustDecider
Interfaces
• KeyStore
• CACertificateStore
• AliasChooser
• TrustDecider
• channel
• codesigning
• ExportControl
sun.security Package
Subclass
Interfaces Classes Implements
Object
CACertificateStoreImpl
Dictionary
CertFileManager
KeyStore final Login
AuthContext
CACertificateStore final Verisign
AliasChooser
AuthGUI AuthTTY
TrustDecider
final SimpleTrustDecider
ExportControl
final CertStore
Implementation Classes
• Functionality provided
• Packages provided
• sun.security
• sun.security.ssl
• sun.security.x509
• sun.security.jsafe
javax.net.ssl
Module Overview
• Course map
• Relevance
• Objectives
• References
Module 12
Think Beyond
• How can SSL be used in applications to encipher data
sent between client and servers?
• How is SSL used in client programs that use the HTTPS
protocol in accessing a URL?
Covert Channels
• What are they?
• What are the security issues?
• Examples of covert channels
• Java DNS security bug
• Concurrency control locks
• AIX PIDs
• Covert channel analysis
Secure Multicast
• Definition
• Why secure multicast is necessary
• SKIP and secure multicast
• Requirements
SKIP
• Definition
• Characteristics of SKIP
• SKIP and Java
• How does SKIP enhance security?
• Advantages of using SKIP
• Technologies using SKIP
JSAFE
• Developed by RSA Digital Security
• JSAFE feature summary
S-HTTP
• Creating an S-HTTP message
• Receiving an S-HTTP message
• Message protection
S-HTTP
• Characteristics of S-HTTP
OSI layers Function provided
Network applications such as file
Application transfer and terminal emulation
S-HTTP
Presentation Data formatting and encryption
COLD hot
Step 4:
DES
Step 5:
DES COLD
DES DES
COLD
COLD
Step 6:
hot
DES
COLD
DES
Step 7:
DES
DES
DES
Step 8:
DES
DES
Hello Hello
Step 1:
Step 2:
COLD Digital Digital
Certificate COLD Certificate
Server Server
Information Information
left
left
MD5
MD5
digest digest
COLD COLD
Server Server
Information Information
Step 3:
MD5
MD5
digest
COLD COLD
Server Server
Information Information
left
MD5
digest Compare
MD5
COLD digest
RIGHT COLD
Server
Information Server
Information
Client Server
Server hello
Sends digital certificate to
Certificate assure client of its identity
ServerkeyExchange
CertificateRequest*
ServerHelloDone
Ciphers
• SSL 2.0 ciphers
• SSL 3.0 ciphers
SSL
• Characteristics of SSL
HTTP/HTTPS/FTP
TCP
Module Overview
• Course map
• Relevance
• Objectives
• References
Module 11
Secure Communications
Think Beyond
Secure communication has become an important topic with
the emergence of the World Wide Web and the growing
Internet.
• What are some of the main protocols being used in Web
Servers, browsers, and other applications that transmit
information, conduct transactions, and so forth?
• What makes these protocols secure?
Enforcing Control
• Enforcing control of a resource using an ACL is
application specific.
• The lab exercise should make this clear.
Resource
ACL Interfaces
• java.security package
• Principal
• java.security.acl package
• Acl
• AclEntry
• Group
• Owner
• Permission
Module Overview
• Course map
• Relevance
• Objectives
• References
Module 10
Think Beyond
• Digital signatures provide authentication
• How do you control access to resources from within a
Java program?
• How does Java provide for authorization?
• Who is authorized to access what resources?
• What type of access is allowed?
• What Java classes and packages are provided?
Recap
1. Create a keystore with private/public key pair
2. Create CSR and submit to CA
3. Import a trusted certificate for the CA
4. Replace self-signed certificate with certificate reply
5. Create a JAR file
6. Sign the JAR file
7. Export your certificate
8. Make your signed JAR file and certificate available
};
jar verified.
>
> jarsigner
Usage: jarsigner [options] jar-file alias
jarsigner -verify [options] jar-file
jarsigner Utility
• Purposes
• Sign a JAR file
• Verify signatures and integrity of signed JAR files
• Algorithms used
• SHA-1/DSA
• MD5/RSA
Exporting Certificates
• Provide with your JAR file
• keytool -export -alias alias -file
filename.cert
Importing Certificates
• Importing a trusted certificate
• keytool -import -alias alias -file
CA_certificate_file
• Checking trusted certificates
• keytool -printcert -file cert_file
• Creating a Certificate Signing Request
• keytool -csr -file csr_file -alias alias
• Importing certificate reply
• keytool -import -alias alias -file
cert_reply
Implementing Java Security Module 9, slide 23 of 35
Copyright 1998 Sun Microsystems, Inc. All Rights Reserved. SunService April 1998
Sun Educational Services
Importing Certificates
• Reasons for
• To add it to your list of trusted certificates
• To import a certificate reply
Deleting an Entry
• keytool -delete -alias alias
Self-Signed Certificates
• One for which the issuer (signer) is the same as the
subject (the entity whose public key is being
authenticated by the certificate).
Option Defaults
• -alias
• -keyalg
• -keysize
• -sigalg
• -validity
• -keystore
• -file
Passwords
• Key password
• Store password
• Warning regarding passwords
-help
keytool Utility
• keytool functionality
• keytool commands and options
Keystore Architecture
• KeyStore class
• Default implementation of KeyStore
• Changing the keystore property
• Entry in %JAVA_HOME%\lib\security\
java.security for keystore property
• Keystore entries
• Key/certificate entries
• Trusted certificate entries
X.509 Versions
• Version 1
• Version 2
• Version 3
X.509 Certificates
• X.509 format
• Version
• Subject name
• Public key
• Issuer name
• Serial number
• Validity period
Server Step 2:
Information MD5
digest
MD5
COLD
COLD
Server Server
Information Information
Step 3:
left
MD5
digest
MD5
digest
COLD left COLD
Server Server
Information Information
Step 4:
left
MD5
MD5
digest digest
COLD COLD
Server Server
Information Information
Certificate Example
Step 1 – Server information sent to CA
Step 2 – CA creates digest
Step 3 – Digital signature of CA created
Step 4 – Digital certificate sent back to server
hot
RIGHT COLD DOWN
hot
Hello Hello
Which key will decipher?
Sender 2
left
left
left
Module Overview
• Course map
• Relevance
• Objectives
• References
Module 9
Think Beyond
• How do you use cryptography and encryption
algorithms to digitally sign files or objects?
• Are message digests alone secure? How could they be
attacked?
• What is the difference between message digests and
digital signatures?
• Is there a relationship between message digests and
digital signatures?
MessageDigest Class
• Interface to the functionality for a digest algorithm
• Important components for message digests
• Message Digest API – MessageDigest class
• Message Digest SPI – MessageDigestSpi class
Message Authentication
Sender Receiver
COLD (public key)
MD5 MD5
COLD
hot (private key)
Step 1: MD5
Hello
MD5
Hello digest
hot
MD5
digest
Step 2:
hot
hot
MD5
MD5
MD5
Step 3: Hello digest
Hello Step 5:
COLD
hot
hot
MD5
MD5
MD5
digest digest digest
Step 6:
?
= digest
MD5
MD5
digest
Terminology
• Message digest
• Message digest algorithm
• Properties of digests
Module Overview
• Course map
• Relevance
• Objectives
• References
Module 8
Message Digests
Think Beyond
The concept of a one-way function is considered a building
block for many security protocols and algorithms.
Signature Example
Signature dsa = Signature.getInstance("DSA"); // create Signature object
Signature Class
• Components of the class
• Digital Signature API
• Digital Signature SPI
• Properties of the class
Key Interface
• Characteristics:
• Algorithm
• Encoded form
• Format
Engine Classes
• MessageDigest, Signature, KeyPairGenerator
• Referred to as Service Provider Interfaces (SPIs)
• Each provide a factory method –
getInstance(String algorithm)
Security Class
• Used to manage providers and security properties and
methods
• Methods include:
• getProviders()
• addProvider(Provider provider)
• removeProvider(String name)
Provider Class
• Methods for accessing provider name, version number,
and other information
• Provider packages include:
• Digital signature algorithms
• Message digest algorithms
• Encryption algorithms
• Padding schemes
Major Classes
• Provider
• Security
• Engine classes
• Signature
• Key
Restrictions Elsewhere
• Cryptographic algorithms are available outside U.S.
• Import restrictions
Algorithms at a Glance
.
Common Algorithms
• DES (Data Encryption Standard)
• RSA (authors: Rivest, Shamir, Adleman)
• DSA (Digital Signature Algorithm)
• Diffie-Hellman
• RC2 and RC4 (Rivest Cipher, designed by Ron Rivest)
Asymmetric Algorithms
Sender Receiver
COLD COLD
public key
Step 1:
hot private key
Step 2: COLD
COLD
COLD
Hello Hello Hello
Step 3:
hot
COLD
Hello
Hello
Symmetric Algorithms
Sender Receiver
Step 1:
key key
Secret transfer
Step 2:
key
Non-secret transfer
key
key
Hello Hello Hello
Step 3: key
key
Hello Hello
Cryptographic Algorithms
• Symmetric algorithm
• Public-key (asymmetric) algorithm
Benefits of Encryption
• Main benefit – confidentiality
• Other benefits
• Authentication of the data sender
• Integrity of the data sent
• Nonrepudiation
Definitions
• Cryptography
• Encryption
• plaintext or cleartext
• ciphertext
• Decryption
Module Overview
• Course map
• Relevance
• Objectives
• References
Module 7
Cryptography
Think Beyond
The next several modules discuss the specific security
packages provided in the JDK for working with the following:
• Encryption and decryption
• Message digests
• Digital signatures and certificates
• Access control lists
abstract
java.security. subclass
Permission
xyzCorp.tv.TVPermission
java.io.
FilePermission java.net.
NetPermission
• implies method
return ((this.mask & that.mask) == that.mask) &&
super.implies(that);
• Other methods
• NewPermissionCollection, writeObject,
readObject, equals, getActions
Exceptions
• Two types associated with security
• java.lang.SecurityException
• java.security.GeneralSecurityException
java.lang.RuntimeException
java.lang.IllegalArgumentException java.lang.SecurityException
java.security.InvalidParameterException
java.security.ProviderException
java.security.AccessControlException
java.lang.Exception
java.security.GeneralSecurityException
sun.misc.Launcher
• Used to run applications under a security manager
enforced by the security policy
• New class path variable, java.app.class.path
• Syntax
java -Djava.app.class.path=\untrusted_code_path
sun.misc.Launcher my_appl arg1 arg2
java.security.SecureClassLoader
• Extends java.lang.ClassLoader
java.security.AccessController
• Makes all access control decisions
• Bases decisions on the security policy
• Denies access by throwing AccessControlException
• Checks permissions
FilePermission perm = new FilePermission("/tmp/accessList",
"read");
AccessController.checkPermission(perm);
• Algorithm used
• Privileged code
java.security.ProtectionDomain
• Infrastructure – Encapsulates the characteristics of a
domain
• Signer
• CodeSource
• SecureClassLoader and protection domains
• Creates or assigns protection domain to a class
• Uses Policy object to determine permissions
Access Control
• ProtectionDomain
• AccessController
• SecureClassLoader
• sun.misc.Launcher
PermissionCollection and
Permissions
Object
Permission objects
PermissionCollection and
Permissions
• PermissionCollection interface
• Used to group Permission objects (add, implies,
enumerate methods)
• newPermissionCollection() method
• Permissions class
• Heterogeneous collection of Permission objects
java.security.Permission
• Abstract class
• Subclassed to describe specific types of access (such as
files or sockets)
• Properly named subclasses
• Actions list
XXXPermission("name", "actions");
• implies method
• Example
java.security.CodeSource
• Extends the concept of a CODEBASE (used in HTML)
• Location URL
• Public keys for verifying signed code
• Equality of two CodeSource objects
java.security.Policy
• Represents the ASCII policy configuration file
• Protection domains use to initialize permissions:
policy = Policy.getPolicy();
Module Overview
• Course map
• Relevance
• Objectives
• References
Module 6
Think Beyond
• What are the new classes that form the infrastructure of
the Protection Domains Security model?
Protection
Domain A Permissions
x.class
y.class
z.class
w.class Protection Permissions
Domain B
Matching Entries
• Algorithm used to “match” entries
• Permissions are additive
• Example 2
grant signedBy "Sun,IBM", codeBase "http://java.sun.com/" {
permission java.io.FilePermission "C:\\tmp", "read";
permission java.io.SocketPermission "*", "connect";
}
• Target wildcards
• java.io.FilePermission and
java.net.SocketPermission
Protection Domains
• Terminology
• Protection domain
• Signer
• Location (codebase)
• Examples of protection domains
• Categories of domains
• System
• Application
* Selectively
grant access
to network Java Sandbox
resources
* Unsigned code
* Fine-grained
control * No access
* Administrators
can tailor
security policies
Applet Capabilities
• Sandbox model
• Digitally signed applets
• JDK 1.2 Applets
JDK 1.1
Sandbox
JDK 1.0
Module Overview
• Course map
• Relevance
• Objectives
• References
Module 5
Think Beyond
• How does the new security model affect the role of the
security manager?
• How does the new model extend the sandbox security
model?
• What files are provided to enable easy administration of
a security policy without having to hard-code the policy
into your application?
After Installation
• Install security manager once
• Cannot reinstall or install a different one
• After installation, no other reference to it is required
• JVM calls security manager during specific
operations (such as read and write)
File Access
1 import java.io.*;
2
3 public class Copier implements Runnable {
4 public void run() {
5 try {
6 BufferedReader fis = new BufferedReader(new FileReader("inputtext.txt"));
7 BufferedWriter fos = new BufferedWriter(new FileWriter("outputtext.txt"));
8 char [] buffer = new char [4096];
9 int count;
10 while ((count = fis.read(buffer)) > -1) {
11 fos.write(buffer, 0, count);
12 }
13 fis.close();
14 fos.close();
15 } catch (Exception e) {
16 e.printStackTrace();
17 }
18 }
19 }
checkWrite Methods
public void checkWrite(String filename) {
System.out.println("checkWrite("+filename+")");
if (!accessOK()) {
throw new SecurityException("Not Even!");
}
}
checkWrite Methods
• Two default checkWrite methods:
• public void checkWrite(FileDescriptor fd)
• public void checkWrite(String file)
• Override to conform to your security policy, similar to
checkRead methods
checkAccess Method
• For threads:
public synchronized void checkAccess(Thread t)
checkLink and
checkTopLevelWindow Methods
• checklink()
public void checkLink(String library){
//code for checking if remote or local;
}
• checkToplevelWindow() returns
• False
• True
accessOK()
No
1 checkLink() throw
SecurityException
No throw
2 checkTopLevelWindow() SecurityException
No throw
3 checkAccess(Thread)
SecurityException
No
4 checkAccess(ThreadGroup) throw
SecurityException
Type password
No
Is password correct? return false
ioPassword = true
return true
accessOK Method
• Determines if access is allowed based on entered
password
1 private boolean accessOK() {
2 boolean ok = true;
3 if (inClassLoader()) { // always trust an entirely local call stack
4 if (!ioPassword) {// this is set if validation has already occurred
5 if (sp.getPassword().equals(password)) {
6 ioPassword = true;
7 } else {
8 ok = false;
9 }
10 }
11 }
12 return ok;
13 }
No
SecurityManager calls
checkRead() method
Read No
allowed? checkRead()
throws exception.
Yes
checkRead() returns
FileInputStream Example
• A read from a FileInputStream object checks:
Operations On Approved By
Module Overview
• Course map
• Relevance
• Objectives
Module 4
Security Manager
Think Beyond
• You have looked at the verification process and class
loaders in detail and their role in overall Java security.
• The third element in the java.lang package that
provides for security is the security manager.
• The next module provides the details on the
SecurityManager class and how to write your own
security manager.
Resource Loading
• getResource()
• getSystemResource()
• getSystemResourceAsStream()
• Resource naming
Module Overview
• Course map
• Relevance
• Objectives
• References
Module 3
Class Loaders
Think Beyond
• What is the role of a class loader?
• What are its responsibilities?
• What class loaders are provided by the JVM and
browsers?
• How do you write and implement your own class
loader?
Indirect Execution
• Definition
• JIT compilers
• JavaChips
Kimera Project
• What is it?
• Kimera verifier
• JDK 1.1.2 verifier bug discovered
• Verifier summary
Class2 Class1
Class3 Class3
Class3Malicious Class3Trusted
private boolean spoof; private boolean trustMe;
Type Safety
• Type safety example
makeTrue()
Alarm method Applet
turnOn fileAccessAllowed
setTime networkAccessAllowed
setAlarm
• Type checking
• Dynamic
• Static
Pass 4
• Checks performed vary between JVM implementations
• In a Sun JVM implementation, the executing instruction
performs specific actions:
• The first time a class is referenced
• The first time it invokes a method, or accesses or
modifies a field
Pass 2
• Checks that items are well formed
• final classes are not subclassed, and final methods
are not overridden.
• Every class (except Object) has a superclass.
• Constant pool is properly formed.
• Field and method references in the constant pool
have valid names, classes, and type descriptors.
Pass 1
• Checks the basic form of the class file
• First four bytes have correct magic number
• Recognized attributes have the proper length
• class file is not truncated and does not have trailing
extra bytes
• Constant pool does not contain unrecognizable
information
Class Verifier
• Significance to Java security
• Verification process
During loading During linking During execution
Checks on first
Basic class Remaining Data-flow time execution
file integrity checks that do analysis on of instructions
checks not require each method referencing
looking at the in the code classes,
code array array methods,
fields
Java Interpreter
• Running code compiled for JVM
• Tasks of Java interpreter
• Loading code
• Verifying code
• Executing code
Module Overview
• Course map
• Relevance
• Objectives
• References
Module 2
Think Beyond
• What does the byte code verifier check?
• How sure can you be that a particular JVM
implementation and byte code verifier work as
specified by the Java language?
Security Manager
• Called by JVM when code is run
• Approves or disapproves actions
Untrusted
byte code
CLASSPATH
byte code
Class Loader
• Downloads code for imported applet
• Enforces name space boundaries
Classes Classes
Local from from a
classes trusted URL
machines
Auditing
• Helps isolate and remedy problems
• Does not prevent attacks
• Records extent of breaches
• Assists in repairing damage
Non-Repudiation
• Proof of participation in a transaction
• Promotes electronic agreements between individuals
Authorization
• For each authenticated user:
What Is Security?
• Definition
• Good security practices
• Identification and authentication
• Authorization
• Resource control and containment
• Confidentiality and integrity
• Non-repudiation
• Auditing
Module Overview
• Course map
• Relevance
• Objectives
• References
Module 1
Security Overview
• Discussion
• Laboratory
• Reference
Introductions
• Name
• Company affiliation
• Title, function, and job responsibility
• Security application experience
• Distributed computing experience
• Reasons for enrolling in this course
• Expectations for this course
Module
Skills Gained 1 2 3 4
Skill or Objective 1
Skill or Objective 2
Skill or Objective 3
Skill or Objective 4
Module-by-Module Overview
• Module 9 – Digital Signatures and Certificates
• Module 10 – Access Control Lists
• Module 11 – Secure Communications
• Module 12 – Encryption and SSL
• Module 13 – Java Security-Related Software and
Products
• Module 14 – Applets and Common Internet Security
Problems
• Module 15 – Balanced Solutions
Module-by-Module Overview
• Module 1 – Security Overview
• Module 2 – Java Virtual Machine and Byte Code
Verification
• Module 3 – Class Loaders
• Module 4 – Security Managers
• Module 5 – Extending the Sandbox Security Model
• Module 6 – JDK Security Classes
• Module 7 – Cryptography
• Module 8 – Message Digests
Security Features
Course Overview
• Security features of the Java platform and JDK
• JVM, verification, class loaders
• Java Protected Domains security model
• JDK 1.2 security classes
• Security protocols and Java products
• Applets and Internet security problems
• Balanced solutions
Course Goal
Main goals of the course:
• Describe and illustrate security features of the Java
platform and JDK
• Give you practice implementing these security features
Preface
JSAFE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-14
SKIP. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-15
Comparison of SSL and SKIP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-16
Secure Multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-17
Covert Channels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-18
Check Your Progress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-19
Think Beyond . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-20
Cryptography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Module Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2
Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3
Benefits of Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-4
Cryptographic Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5
Symmetric Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-6
Asymmetric Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-7
Implementing Java
Security
SL-303