Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Signing, Sealing, and Guarding JavaTM Objects Li Gong and Roland Schemers Javasoft, Sun Microsystems, Inc. “In This Paper, We Describe a Few New Constructs for Signing, Sealing, and Guarding Java Objects. These Constructs Enrich the Existing Java Security APIs So That a Wide Range of Security-aware Application Can Be Significantly Easier to Build.” Presented by Yongqiang Li A Tutorial of Three Java Security Classes: • java.security.SignedObject • java.security.GuardedObject • javax.crypto.SealedObject Outline Introduction Signing Java Objects Sealing Java Objects Guarding Java Objects Conclusion Questions Introduction Java language is widely used to build applications – JDK: JVM, javac, APIs, simplicity “…the base platform provides a consistent security model that supports…” – policy based – configurable – extensible – fine-grained access control Protection provided by the underlying object orientation – Data encapsulation – Object name space partition – Type safety Distributed Java application – “…protect the state of an object for integrity and confidentiality” • Runtime system • Transit • Stored externally Introduction 2 java.security.SignedObject java.security.GuardedObject } JDK1.2 Javax.crypto.SealedObject - JCE1.2 Signing Java Objects 1 Protect object integrity A serializable object - original object SignedObject – Signed Object • Deep copy of original • In serialized form – Signature • Sign algorithm signature Original object SignedObject – DSA(Digital Signature Algorithm) (NIST FIPS 186) – SHA-1(RFC 1321) message digest algorithm – MD5(NIST FIPS 180-1) message digest algorithm – Immutable What is the difference between object signing and code signing ? Signing Java Objects 2 Potential applications of a SignObject – as an unforgeable authorization token in any Java runtime – “…transmitted across JVMs and authenticity an still be verified” – “… to sign and serialize an object for storage outside the java runtime” – “A series of nested SignedObject can be used to construct a logical sequence of signatures” Signing Java Objects 3 API Design – Class SignedObject • public SignedObject(Serializable object, PrivateKey signingKey, Signature signingEngine) • public final void sign(PrivateKey signingKey, Signature signingEngine); • public final Object getContent(); • public final byte[] getSignature(); • public final String getAlgorithm(); • public final boolean verify(PublicKey verificationKey, Signature verificationEngine); Signing Java Objects 4 Examples – Signing Signature signingEngine = Signature.getInstance(algorithm, provider); SignedObject so = new SignedObject(myobject, privatekey, signingEngine); – Verifying Signature verificationEngine = Signature.getInstance(algorithm, provider); if(so.verify(publicKey, verificationEngine)) try { Object myobj = so.getContent(); } catch (ClassNotFoundException e) {}; Signing Java Objects 5 Performance 512-bit SHA-1/DSA Verification (ms) 1024-bit SHA-1/DSA Object size (bytes) Serialization (ms) Signing (ms) Signing Verification (ms) (ms) 10 0 25 43 80 151 100 0 26 44 83 157 10K 1 134 153 189 260 100K 9 1119 1138 1168 1237 -JDK1.2beta , 166MHZ Sun Sparc Ultra-1 ,Solaris 2.5.1, 1000 rounds Sealing Java Objects 1 Protect object confidentiality A serializable object A cryptographic algorithm – A bulk(symmetric key) encryption algorithm -DES, IDEA, RC4 Original object Encryption Decryption Deserialization cipher text SealedObject Sealing Java Objects 2 Using both SignedObject and Original object SealedObject provides integrity and confidentiality – First create SignedObject – Then create SealedObject Signature Why is blindly signing encrypted data sometimes dangerous? cipher text SignedObject and SealedObject Sealing Java Objects 3 API design – Class SealedObject • public SealedObject(Serializable object, Cipher c); • public final Object getContent(Cipher c); Examples – Encryption KenGenerator keyGen = KeyGenerator.getInstance(“DES”); SecretKey desKey = keyGen.generateKey(); Cipher cipher = Cipher.getInstance(“DES”); Cipher.init(Cipher.ENCRYPT_MODE, desKey); String s = new String(“Greeting”); SealedObject so = new SealedObject(s, cipher); – Decryption Cipher.init(Cipher.DECRYPT_MODE), desKey); try { String s = (String)so.getContent(cipher); } catch (ClassNotFoundException e) {}; Guarding Java Objects 1 Provider Consumer return object Request object IBM Compatible IBM Compatible Check permission •Don’t know what information needed by provider Provider Consumer return guardedObject Request object IBM Compatible IBM Compatible Check permission Return object •Don’t want a dialog for each request •Information too security sensitive •“… too much information to pass on” Guarding Java Objects 2 What is the GuardedObject – “A GuardedObject is an object that is used to protect access to another object” 1.Request access go.getObjedct() requester 2. Check guard g.checkGuard() 3. Return reference Guard object Protected object GuardedObject Guarding Java Objects 3 Benefits of using GuardedObject – “… access to a protected object is guaranteed to occur in a context where the protection mechanism would allow it” – Simplify sever programs – Replace access control lists with object stores – “A guarded object class itself does not need to know its own protection semantics” – “…encapsulate protection mechanisms for an object, which can differ for its different method invocations, all inside a guard.” Guarding Java Objects 4 API design – Interface Guard • public abstract void checkGuard(Object object); – Class GuardedObject • public GuardedObject(Object object, Guard guard); • public Object getObject(); Guarding Java Objects 5 Examples – Encapulate an objects protection semeantics inside a guard FileInputStream fis = new FileInputStream(“/a/b/c”); – Provider side Public abstract Permission implements Guard{ … Public void checkGuard{ AccessController.checkPermission(this); } } FileInputStream fis = new FileInputStream(“/a/b/c”); FilePermission = new FilePermission(“/a/b/c”, “read”); GuardedObject g = new GuardedObject(fis,p); – Consumer side FileInputStream fis = (FileInputStream)g.getObject(); Conclusion “The constructs enrich the existing Java security APIs so that security-aware application can be much easier to build.” “The constructs are practical and usable in commercial products.” Question?