Cryptography in Java,.NET,OS

Cryptography in JavaCryptographic services provided by Java:

1) Java cryptography Architecture(JCA):• set of classes provides security.• JCA is a part of default Java Application development environment.

ie. Within JDK.• JCA introduced in JDK version 1.1.

2) Java Cryptography Extension(JCE):• not a part of core Java JDK.• additional piece of software requires license.•JCE and JCA are packaged together.

Cryptography in JavaJava Cryptographic Architecture(JCA):

• Cryptographic functionalities(Access control, permissions, key pairs, MD,

DSS) provided as set of classes in a package called security.

• JCA is provider architecture.

• separates cryptographic concepts (ie interfaces) from actual

implementation.

• Programming language independence is achieved through interfaces.

• Interface: set of functions signifies what interface can do. No

implementation details.

• Supports plug-able architecture, ie allows to change internal details.

• vendor-independent and expandable.

Cryptography in JavaInterface:

Cryptography in JavaJCA package consists of number of classes:

• Engine class : logical representation of cryptographic functionality.

• Provider: actual implementation of algorithms.

• When JVM begins execution, consults file and loads appropriate

provider classes in memory.

Cryptography in JavaJCA package:

Cryptography in JavaKey Management in JCA:• Javakey utility - stores private, public keys of a user in a same unprotected DB.• Keytool - stores public, private keys separately and protects them with passwords.• Database used by keytool is keystore.Keytool services:• Creation of key pairs and self-signed certificates.• Export certificates.• Issues Certificate Signing Request (CSR) to CA for requesting a certificate.• Imports others certificates for signature verification.

Cryptography in JavaJCA features:getInstance():- accepts name of the desired algorithm as an argument & returns an instance of appropriate class.Example: Implementing SHA-1 algorithm.

Update():-Pass data to update() of MD object & write to output file.

Digest():-creates MD & add it to same file.

Cryptography in JavaJava Cryptographic extension(JCE):• Cryptographic functionality of encryption of data.• Also based on engine classes and provider classes.• Architecture of JCE is similar to JCA.• JCE is free.

Cryptography in .NET Class Model:• In cryptographic object model , symmetric algorithms is modeled as single abstract base class.• Abstract base class is inherited by number of abstract algorithm classes.• Respective algorithm implementation classes are subclasses of abstract algorithm classes.

Cryptography in .NET Abstract Base class:• defines methods and properties common to all algorithms in this class (eg. Length of keys)

Abstract Algorithm classes: (has 2 functions)• algorithm-specific details.(key sizes and block sizes)• define properties and methods specific to every implementation of algorithm, do not apply to other algorithms.

Algorithm Implementation classes:• To carry out specific action.

Cryptography in Java, .NET and OS

Cryptography in Java, .NET and OS

Cryptography in Java, .NET and OSHow class model is used in .NET?

• configuration system for crypt. Classes.

• defines default implementation type for abstract base class, abstract

algorithm classes.

• Abstract class has static create method- creates instance.

• Once object is created, appropriate method is called.

Cryptography in Operating Systems• All traditional OSs are monolithic - single big program consisting of several procedures. Each performs its task.• Any procedure could call any other procedure.• Debugging and enhancing OS is a monumental task.• No Information hiding. • Every procedure is visible to every other procedure.

Cryptography in Operating Systems

Layered OS:• Operations stacked horizontally on top of another.• Interaction b/w adjacent layers was possible.• All layers executed in kernel mode. • Each layer possesses high amount of functionality.• Changes to any layer causes problem to adjacent layer.• Not easy to implement security features.


Microkernel OS:• contains only bare minimum functionality.• Other not part of microkernel, executes as user process.•Implements security mechanisms.


TCP/IP Vulnerabilities:• Every computer connected to internet makes use of TCP/IP software.Security problems in TCP/IP:• Spoofing• Session hijacking: attacker take control of a connection.• Sequence Guessing: Attacker can guess random number to manipulate connections.• Lack of authentication and encryption• SYN flooding: send dummy connection request packets to destination for jamming resources.


Security in UNIX:Access Control • UNIX – multiuser OS.• Many users able to access OS services at the same time.• Needs security and privacy.• Assigns unique UID to every user. [0 to 65,535)• Files , processes and resources are marked with users UID.• Multiple users are grouped into GID. (Group ID) -16 bit.• One user can belong to multiple groups.• Each process has UID & GID of owner.• File created (UID,GID), access rights : read(r),write(w),execute(x).


User Authentication• Stores MD of user passwords in DB.• Log on, User enters User id and password.• UNIX creates MD of password, compares it with received one. User authenticated.• dictionary based attacks, try out list of possible passwords.• To prevent, use SALT concept.• 3 columns in DB: user id ,salt, MD of concatenation of User’s password and salt together.



Security in Windows 2000• Every user and group is assigned unique Security ID. (unique all over the world)• Binary number followed by a random number.• A process runs under user’s SID, has access token[Sid & other information.User Authentication:• Uses kerberos, challenge/response mechanism of windows NT called NT LAN Manager(NTLM) for user authentication.


NTLM:1. User enters Userid and password. Client m/c computes MD.2. Client sends used id to server. (as clear text)3. Server sends 16-byte nonce to client.4. Client encrypts nonce with MD of password & sends to server.5. Server forwards user id, original nonce, client’s response to domain

controller.[Keeps track of it]6. Domain controller accepts values from server, retrieves MD of PWD

for user from DB(Security Access Manager) & encrypt nonce received from server.

7. DC compares nonce received from server & one that it has computed. If success, authenticated user.

Documents

Cryptography in Java,.NET,OS