Upload
jiro
View
84
Download
0
Embed Size (px)
DESCRIPTION
Internet Security for Java. Steve Kapp Chief Technologist, EMRT Consultants [email protected]. Agenda. Internet Security Basics What is it? What are the building blocks? JCA/JCE Protocols SSL/TLS JSSE Authentication JAAS. What is Internet Security?. A set of network services for: - PowerPoint PPT Presentation
Citation preview
9/23/2003 http://www.emrt.com
©2003 by Steve Kapp, all rights reserved
Internet Security for Java
Steve Kapp
Chief Technologist, EMRT [email protected]
9/23/2003EMRT Consultants
http://www.emrt.com 2
©2003 by Steve Kapp, all rights reserved
Agenda
Internet Security Basics What is it? What are the building blocks? JCA/JCE
Protocols SSL/TLS JSSE
Authentication JAAS
9/23/2003EMRT Consultants
http://www.emrt.com 3
©2003 by Steve Kapp, all rights reserved
What is Internet Security?
A set of network services for: Safely transmitting data across the
network Establishing trust relationships
Each product must determine what security threats exist for that product Network protocols Customer deployment environment Value of data
9/23/2003EMRT Consultants
http://www.emrt.com 4
©2003 by Steve Kapp, all rights reserved
Why Secure at All?
Due diligence during design Reduces potential failure modes Reduces access
Threat mitigationMarketing device
9/23/2003EMRT Consultants
http://www.emrt.com 5
©2003 by Steve Kapp, all rights reserved
Misuse Cases
Use case for actor with hostile intentTwo goals: Elicit security requirements Plan mitigation strategy
Set invalidtime
Rogue NTP server @stratum 1
NTP server @ stratum
3
Set system clock
Synchronize w/
lower stratum
Authenticatelower stratum
Threatens
Includes
Mitigates
9/23/2003EMRT Consultants
http://www.emrt.com 6
©2003 by Steve Kapp, all rights reserved
IP Reference Model
Physical 1
Data Link
Network
Transport
Session
Presentation
Application
2
3
4
5
6
7
Link
Internet
Transport
Application
Frame
Packet
Segment
Message
Physical
OSI StackIP Stack
9/23/2003EMRT Consultants
http://www.emrt.com 7
©2003 by Steve Kapp, all rights reserved
Where is Security???
Traditionally left to application layers
OR
Not dealt with at all
9/23/2003EMRT Consultants
http://www.emrt.com 8
©2003 by Steve Kapp, all rights reserved
The Risks: Poor Passwords
User name: jsmithPassword: sunset
9/23/2003EMRT Consultants
http://www.emrt.com 9
©2003 by Steve Kapp, all rights reserved
The Risks: Open Ports
Any open port is a risk Most notably telnet, FTP, NetBIOS, or
one of the well-known port numbers Exploit buffer overruns
Block any ports not absolutely needed
9/23/2003EMRT Consultants
http://www.emrt.com 10
©2003 by Steve Kapp, all rights reserved
The Risks: Buffer Overrun“An attack in which a malicious user exploits an unchecked
buffer in a program and overwrites the program code with their own data. If the program code is overwritten with new executable code, the effect is to change the programs operation as dictated by the attacker. If overwritten with other data, the likely effect is to cause the program to crash.“ - from Microsoft’s web site
Len = 300;Buffer[0] = 10;Buffer[1] = 20;Buffer[2] = 30;Buffer[3] = 40;
9/23/2003EMRT Consultants
http://www.emrt.com 11
©2003 by Steve Kapp, all rights reserved
The Risks: Eavesdropping
Passive attack
9/23/2003EMRT Consultants
http://www.emrt.com 12
©2003 by Steve Kapp, all rights reserved
The Risks: Masquerade
9/23/2003EMRT Consultants
http://www.emrt.com 13
©2003 by Steve Kapp, all rights reservedThe Risks: Man-in-the-Middle
9/23/2003EMRT Consultants
http://www.emrt.com 14
©2003 by Steve Kapp, all rights reservedThe Risks: Packet Forgery/Alteration
“DEF”
“ABC”
Active attack
9/23/2003EMRT Consultants
http://www.emrt.com 15
©2003 by Steve Kapp, all rights reserved
The Risks: Replay
“ABC”
“ABC”
“ABC”
“ABC”
“ABC”
9/23/2003EMRT Consultants
http://www.emrt.com 16
©2003 by Steve Kapp, all rights reserved
The Risks: Denial of Service
DOS
DistributedDOS
9/23/2003EMRT Consultants
http://www.emrt.com 17
©2003 by Steve Kapp, all rights reserved
Think Bad Guys Don’t Exist?…
204.210.11.26 - - [18/Jun/2002:07:05:06 -0400] "GET /scripts/root.exe?/c+dir HTTP/1.0" 404 284
204.210.11.26 - - [18/Jun/2002:07:05:08 -0400] "GET /MSADC/root.exe?/c+dir HTTP/1.0" 404 282
204.210.11.26 - - [18/Jun/2002:07:05:10 -0400] "GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
204.210.11.26 - - [18/Jun/2002:07:05:12 -0400] "GET /d/winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 292
204.210.11.26 - - [18/Jun/2002:07:05:14 -0400] "GET /scripts/..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 306
204.210.11.26 - - [18/Jun/2002:07:05:16 -0400] "GET /_vti_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323
204.210.11.26 - - [18/Jun/2002:07:05:18 -0400] "GET /_mem_bin/..%255c../..%255c../..%255c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 323
204.210.11.26 - - [18/Jun/2002:07:05:22 -0400] "GET /scripts/..%c1%1c../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
204.210.11.26 - - [18/Jun/2002:07:05:25 -0400] "GET /scripts/..%c0%2f../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
204.210.11.26 - - [18/Jun/2002:07:05:27 -0400] "GET /scripts/..%c0%af../winnt/system32/cmd.exe?/c+dir HTTP/1.0" 404 305
…
from the access log of my personal web server
McAfee Firewall blocked an incoming UDP packet. The remote address associated with the traffic was 212.205.240.117. The remote port was 1030 [ephemeral]. The local port on your PC was 137 [NetBIOS]. The network adapter for the traffic was "3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)". The binary data contained in the packet was "00 06 5b d4 c3 84 08 00 3e 19 30 e5 08 00 45 00 00 4e bd 70 00 00 6e 11 a3 42 d4 cd f0 75 18 5d 0e 4c 04 06 00 89 00 3a cf b5 01 00 00 10 00 01 00 00 00 00 00 00 20 43 4b 41 41 41 41 41 41 41 ".
from the access log of McAfee Firewall
9/23/2003EMRT Consultants
http://www.emrt.com 18
©2003 by Steve Kapp, all rights reserved
Trust Pyramid
Integrity Authentication
Non-Repudiation
Confidentiality
AuthorizationIncreasing
Level ofTrust
9/23/2003EMRT Consultants
http://www.emrt.com 19
©2003 by Steve Kapp, all rights reserved
Building Blocks
Encryption algorithms (ciphers)Random number generationMessage digestsDigital signaturesPublic-key infrastructureCertificates
9/23/2003EMRT Consultants
http://www.emrt.com 20
©2003 by Steve Kapp, all rights reserved
Encryption
Guarantees confidentiality of data sent over the wireProvide protection against passive attacksPlaintext -> ciphertext -> plaintextSymmetric encryption Nodes share secret key
Asymmetric encryption (e.g. public-key) Nodes do not share a secret key
9/23/2003EMRT Consultants
http://www.emrt.com 21
©2003 by Steve Kapp, all rights reserved
Symmetric Encryption
Original Information
Original Information
EncryptionAlgorithm
DecryptionAlgorithm
Ciphertext
Shared Secret Key
Bob
PlaintextPlaintext
Alice
9/23/2003EMRT Consultants
http://www.emrt.com 22
©2003 by Steve Kapp, all rights reserved
Symmetric Encryption (2)
DES, 3DES, AES, RC4Advantages Generally much faster than
asymmetric encryption Conceptually simple
Disadvantages Key distribution!!!
9/23/2003EMRT Consultants
http://www.emrt.com 23
©2003 by Steve Kapp, all rights reserved
Public-Key Encryption
Original Information
Original Information
EncryptionAlgorithm
DecryptionAlgorithm
Ciphertext
Alice’sPrivate
Key
PlaintextPlaintext
Alice’sPublic
KeyBob Alice
9/23/2003EMRT Consultants
http://www.emrt.com 24
©2003 by Steve Kapp, all rights reserved
Public-Key Encryption (2)
RSA, ECCAdvantages Partially solves the key distribution problem
Disadvantages Introduces other key management issues Much slower than symmetric key
encryption Generally combined with symmetric encryption
9/23/2003EMRT Consultants
http://www.emrt.com 25
©2003 by Steve Kapp, all rights reservedRandom Number Generation
Random number generation is used to produce unguessable keys Keys must be unguessable!!!
Strength of cipher depends upon: Secrecy of key Length of key Cipher algorithm
9/23/2003EMRT Consultants
http://www.emrt.com 26
©2003 by Steve Kapp, all rights reserved
Message Digests
Guarantees integrity of data sent over the wireProvide protection against active attacksUsed to calculate MACs Secure version of a checksum Secret key included in one-way function
SHA-1, MD5
9/23/2003EMRT Consultants
http://www.emrt.com 27
©2003 by Steve Kapp, all rights reserved
Authentication via MACs
Original Information
Original Information
MACAlgorithm
MACAlgorithm
PlaintextPlaintext
Bob Alice
Shared Secret Key
Original Data + MAC
9/23/2003EMRT Consultants
http://www.emrt.com 28
©2003 by Steve Kapp, all rights reservedDigital Signatures with Public Keys
Original Information
Original Information
EncryptionAlgorithm
DecryptionAlgorithm
Original Data + Signature
Bob’sPublic
Key
PlaintextPlaintext
Bob’sPrivate
KeyBob Alice
9/23/2003EMRT Consultants
http://www.emrt.com 29
©2003 by Steve Kapp, all rights reserved
Key Exchange
How do Alice and Bob share a secret key?Static or dynamic methodsDiffie-Hellman key agreement
Alice Bob
X (= gA mod n) where A is random
Y (= gB mod n) where B is random
1.
2.
3.
4.
a priori agreement on n and g, such that g is primitive root mod n
K = YX mod n
K’ = XY mod n
where K = K’ = gAB mod n
9/23/2003EMRT Consultants
http://www.emrt.com 30
©2003 by Steve Kapp, all rights reservedPublic-Key Infrastructure (PKI)
Certificate authorities (CA) validate identity of public-key holder This involves money changing hands
Certificate authorities issue certificates Certificates are digitally signed by the CA X.509 used by TLS, IPSec, S/MIME Certificates have a lifetime
Trust relationship is a tree model
9/23/2003EMRT Consultants
http://www.emrt.com 31
©2003 by Steve Kapp, all rights reservedX.509 Certificate Processing
Root CA
CA
CA CA
CA
VersionSerial NumberSignature AlgorithmIssuer NamePeriod of ValiditySubject NameSubject Public KeyIssuer Unique IDSubject Unique IDExtensionsSignature
YourDevice
providescertificate
NetworkNode
vouches for
CA CAvouches for vouches for
CA…
………
trusts
signed by
X.509 Certificate
9/23/2003EMRT Consultants
http://www.emrt.com 32
©2003 by Steve Kapp, all rights reserved
PKI Limitations
Updating trusted root authoritiesCertificate distribution LDAP is frequently used
Certificate verification Certificate revocation lists (CRLs) Online Certificate Status Protocol (OCSP)
Shifts burden to a separate server
Key archival
9/23/2003EMRT Consultants
http://www.emrt.com 33
©2003 by Steve Kapp, all rights reserved
JCA
Java Cryptography Architecture Framework for accessing, developing, and plugging in cryptographic services Encryption Key generation and agreement Digital signatures Message digests and MACs Secure streams Sealed objects
9/23/2003EMRT Consultants
http://www.emrt.com 34
©2003 by Steve Kapp, all rights reservedProvider and Security Classes
Provider Encapsulates a service provider Provides cryptographic services
Security Maintains lists of Provider objects
Adds or removes Providers List is in preference order
Manages system-wide security properties
Default “SUN” Provider class Message digests with MD5, SHA1 Digital signatures with DSA Certificate support (X.509) Key management Random number generation via SHA-1
9/23/2003EMRT Consultants
http://www.emrt.com 35
©2003 by Steve Kapp, all rights reserved
JCE
Java Cryptography ExtensionSeparated because of export restrictionsNew services for: Encryption Key generation and agreement MACs Secure streams Sealed objects
9/23/2003EMRT Consultants
http://www.emrt.com 36
©2003 by Steve Kapp, all rights reserved
JCE (2)
DES, 3DES, AES, BlowfishPassword-based encryption with DES/3DESDiffie-Hellman amongst multiple partiesHMAC with MD5, SHA1
But no public-key encryption
9/23/2003EMRT Consultants
http://www.emrt.com 37
©2003 by Steve Kapp, all rights reserved
Cryptix Library
Many more algorithms RSA!! RC4, RC5, RC6
No export restrictions
9/23/2003EMRT Consultants
http://www.emrt.com 38
©2003 by Steve Kapp, all rights reserved
Questions
9/23/2003EMRT Consultants
http://www.emrt.com 39
©2003 by Steve Kapp, all rights reserved
SSL/TLS
Secure Sockets Layer (v. 2.0, 3.0)Transport Layer Security (v. 3.1)Provides transport layer security for applicationsMust run over reliable protocol (e.g. TCP)Features include
Algorithm negotiation Encryption/decryption MACs Key exchange
IP
SSL / TLS
UDPTCP
HTTP SMTP Application Protocol
9/23/2003EMRT Consultants
http://www.emrt.com 40
©2003 by Steve Kapp, all rights reserved
TLS Communication Scenario
Internet
Client C
Server
Client A
Client B
9/23/2003EMRT Consultants
http://www.emrt.com 41
©2003 by Steve Kapp, all rights reserved
TLS WorkflowApplication Data
1. Fragment
2. Compress
3. Add MAC
4. Encrypt
5. Add Header
9/23/2003EMRT Consultants
http://www.emrt.com 42
©2003 by Steve Kapp, all rights reserved
Client Server
TLS Session Initiation with RSA
Client Hello (version, random numbers, supported MAC/compression/cipher suite)1.
Suggested that first 4 bytes of random value include timestamp
9/23/2003EMRT Consultants
http://www.emrt.com 43
©2003 by Steve Kapp, all rights reserved
Client Server
TLS Session Initiation with RSA (2)
Client Hello (version, random numbers, supported MAC/compression/cipher suite)
Server Hello (version, random numbers, session ID, MAC/compression/cipher suite)
Server Certificate (X.509, including server’s public key)
Server Hello Done
1.
2.
3.
4.
9/23/2003EMRT Consultants
http://www.emrt.com 44
©2003 by Steve Kapp, all rights reserved
Client Server
TLS Session Initiation with RSA (3)
Client Hello (version, random numbers, supported MAC/compression/cipher suite)
Server Hello (version, random numbers, session ID, MAC/compression/cipher suite)
Server Certificate (X.509, including server’s public key)
Server Hello Done
Client Key Exchange (encrypted premaster secret)
Change Cipher Spec
Finished
1.
2.
3.
4.
5.
6.
7.
Major Version (1) Minor Version (1) Random (46)
Encrypted with the public key of the server
Encrypted with the client write key, authenticated with client MAC key
9/23/2003EMRT Consultants
http://www.emrt.com 45
©2003 by Steve Kapp, all rights reserved
Client Server
TLS Session Initiation with RSA (4)
Client Hello (version, random numbers, supported MAC/compression/cipher suite)
Server Hello (version, random numbers, session ID, MAC/compression/cipher suite)
Server Certificate (X.509, including server’s public key)
Server Hello Done
Client Key Exchange (encrypted premaster secret)
Change Cipher Spec
Finished
Change Cipher Spec
Finished
1.
2.
3.
4.
5.
6.
7.
8.
9.
Write State
Read State
Read State
Write State
Encrypted with the server write key, authenticated with server MAC key
9/23/2003EMRT Consultants
http://www.emrt.com 46
©2003 by Steve Kapp, all rights reserved
Client Server
TLS Session Initiation with RSA (5)
Client Hello (version, random numbers, supported MAC/compression/cipher suite)
Server Hello (version, random numbers, session ID, MAC/compression/cipher suite)
Server Certificate (X.509, including server’s public key)
Server Hello Done
Client Key Exchange (encrypted premaster secret)
Change Cipher Spec
Finished
Change Cipher Spec
Finished
Application Data
1.
2.
3.
4.
5.
6.
7.
8.
9.
Application Data10.
11.
9/23/2003EMRT Consultants
http://www.emrt.com 47
©2003 by Steve Kapp, all rights reserved
Client Server
TLS Session Initiation with RSA (6)
Client Hello (version, random numbers, supported MAC/compression/cipher suite)
Server Hello (version, random numbers, session ID, MAC/compression/cipher suite)
Server Certificate (X.509, including server’s public key)
Server Hello Done
Client Key Exchange (encrypted premaster secret)
Change Cipher Spec
Finished
Change Cipher Spec
Finished
Application Data
Alert (warning, close notify)
1.
2.
3.
4.
5.
6.
7.
8.
9.
Application Data10.
11.
12.
9/23/2003EMRT Consultants
http://www.emrt.com 48
©2003 by Steve Kapp, all rights reserved
Client Server
TLS with Client Authentication
Server Hello (version, random numbers, session ID, MAC/compression/cipher suite)
Server Certificate (X.509, including server’s public key)
Certificate Request
Client Key Exchange (encrypted premaster secret)
Change Cipher Spec
Finished
Change Cipher Spec
Finished
1.
2.
3.
4.
6.
7.
8.
10.
11.
9.
Server Hello Done5.
Client Certificate
Client Hello (version, random numbers, supported MAC/compression/cipher suite)
Application Data
Alert (warning, close notify)
Application Data12.
13.
14.
9/23/2003EMRT Consultants
http://www.emrt.com 49
©2003 by Steve Kapp, all rights reserved
JSSE
Java Secure Sockets ExtensionWrapper around TLS and SSL protocolsRemember: Server always authenticates
Mechanism to update server certificates Client may authenticate
9/23/2003EMRT Consultants
http://www.emrt.com 50
©2003 by Steve Kapp, all rights reserved
JSSE Client Code
SSLSocketFactory factory = (SSLSocketFactory)SSLSocketFactory.getDefault();SSLSocket socket = (SSLSocket)factory.createSocket("www.verisign.com", 443);
socket.startHandshake(); // Optional !!!
PrintWriter out = new PrintWriter(new BufferedWriter(new
OutputStreamWriter(socket.getOutputStream())));out.println("GET http://www.verisign.com/index.html HTTP/1.1");out.println(); out.flush();
BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream()));
String inputLine;while ((inputLine = in.readLine()) != null) System.out.println(inputLine);
in.close(); out.close(); socket.close();
* From the javasoft web site
9/23/2003EMRT Consultants
http://www.emrt.com 51
©2003 by Steve Kapp, all rights reserved
JSSE Server Code
KeyStore ks = KeyStore.getInstance("JKS");char[] passphrase = "passphrase".toCharArray();ks.load(new FileInputStream("testkeys"), passphrase);
KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");kmf.init(ks, passphrase);
SSLContext ctx = SSLContext.getInstance("TLS");KeyManager[] km = kmf.getKeyManagers();ctx.init(km, null, null);
SSLServerSocketFactory ssf = ctx.getServerSocketFactory();SSLServerSocket ss = (SSLServerSocket)ssf.createServerSocket(port);
ss.setNeedsClientAuth(true); // Optional
while (true) { SSLSocket client = ss.accept(); MyHandler handlerThread = new MyHandler(client); handlerThread.start();}
* From the javasoft web site
9/23/2003EMRT Consultants
http://www.emrt.com 52
©2003 by Steve Kapp, all rights reserved
JAAS
Java Authentication & Authorization ServiceWrapper around Pluggable Authentication Module frameworkTwo goals: Authenticate local users Authorization of access to services
Several protocols in SUN provider UNIX, Kerberos, WinNT, Keystore…
9/23/2003EMRT Consultants
http://www.emrt.com 53
©2003 by Steve Kapp, all rights reserved
Permission Model
JDK1.2 Code-based
Where did it come from? Was it signed? Do we trust the signer?
JAAS Principal based User-, group-, and role-based authorization
9/23/2003EMRT Consultants
http://www.emrt.com 54
©2003 by Steve Kapp, all rights reserved
JAAS Major Classes
Subject Set of Principal objects (identities) Set of public and private credential
objects
LoginContextLoginModuleCallbackHandlerCallback
9/23/2003EMRT Consultants
http://www.emrt.com 55
©2003 by Steve Kapp, all rights reserved
Login Code
LoginContext lc;try { lc = new LoginContext("Sample", new Subject(), new MyCallbackHandler()); } catch (LoginException le) {System.exit(-1); } catch (SecurityException se) { System.exit(-1); }
int i; for (i = 0; i < 3; i++) { try { lc.login(); break; } catch (LoginException le) { Thread.currentThread().sleep(3000); }}if (i == 3) { System.exit(-1);}
// Do something;lc.logout();
* From the javasoft web site
Works in two phasesControlled by config file
9/23/2003EMRT Consultants
http://www.emrt.com 56
©2003 by Steve Kapp, all rights reserved
Callback Codeclass MyCallbackHandler implements CallbackHandler { public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { if (callbacks[i] instanceof TextOutputCallback) { TextOutputCallback toc = (TextOutputCallback)callbacks[i]; System.out.println(toc.getMessage()); } else if (callbacks[i] instanceof NameCallback) { NameCallback nc = (NameCallback)callbacks[i]; System.err.print(nc.getPrompt()); System.err.flush(); nc.setName((new BufferedReader(new InputStreamReader(System.in))).readLine()); } else if (callbacks[i] instanceof PasswordCallback) { PasswordCallback pc = (PasswordCallback)callbacks[i]; System.err.print(pc.getPrompt()); System.err.flush(); pc.setPassword(readPassword(System.in)); } } }}
* From the javasoft web site
9/23/2003EMRT Consultants
http://www.emrt.com 57
©2003 by Steve Kapp, all rights reserved
Authentication Config File
Sample { sample.module.SampleLoginModule required debug=true; };
* From the javasoft web site
From jaas.config
• Sufficient• Requisite• Required• Optional
9/23/2003EMRT Consultants
http://www.emrt.com 58
©2003 by Steve Kapp, all rights reserved
Authorization
Principal-centric, not Subject-centricThree steps required Subject must be authenticated Security policy must be configured for
Principals Subject must be associated with
AccessControlContext object (perhaps the current one)
9/23/2003EMRT Consultants
http://www.emrt.com 59
©2003 by Steve Kapp, all rights reserved
Executing Privileged Code// After the Subject has been authenticated.Subject subject = lc.getSubject();Subject.doAs(subject, new LogAction());//AccessControllerContext aContext = AccessController.getContext();//Subject.doAsPrivileged(subject, new LogAction(), aContext);
public class LogAction implements PrivilegedAction { public Object run() { // Do something of interest… return null; }}
* From the javasoft web site
9/23/2003EMRT Consultants
http://www.emrt.com 60
©2003 by Steve Kapp, all rights reserved
Security Policy File
grant codebase "file:./SampleAction.jar", Principal sample.principal.SamplePrincipal "testUser" { permission java.io.FilePermission “logFile.txt", “write"; permission java.io.FilePermission “lastLogFile.txt", “read"; };
* From the javasoft web site
9/23/2003EMRT Consultants
http://www.emrt.com 61
©2003 by Steve Kapp, all rights reserved
ReferencesJava Security Handbook, Jamie Jaworski and Paul J. Perrone, SAMS, 2000Network Security: PRIVATE Communication in a PUBLIC World, 2nd ed., Charlie Kaufmann, Radia Perlman, Mike Speciner, Prentice Hall, 2002Network Security Essentials, Applications and Standard, William Stallings, Prentice Hall, 2000SSL and TLS, Designing and Building Secure Systems, Eric Rescorda, Addison Wesley, 2001HTTP Essentials, Protocols for Secure, Scaleable Web Sites, Stephen Thomas, John Wiley and Sons, 2001Applied Cryptography, Bruce Schneier, John Wiley & Sons, 1996Handbook of Applied Cryptography
http://www.cacr.math.uwaterloo.ca/hac/
“Misuse Cases: Use Cases with Hostile Intent”, Ian Alexander, IEEE Software, January/February 2003
9/23/2003EMRT Consultants
http://www.emrt.com 62
©2003 by Steve Kapp, all rights reserved
References (2)Java Cryptography Architecture
http://java.sun.com/j2se/1.4.1/docs/guide/security/CryptoSpec.html
Java Cryptography Extensionhttp://java.sun.com/products/jce/index-14.html
Java Secure Sockets Extensionhttp://java.sun.com/products/jsse/index-14.html
Java Authentication and Authorization Servicehttp://java.sun.com/products/jaas/index-14.html
Cryptix Libraryhttp://www.cryptix.org
Wedgetail Libraryhttp://www.wedgetail.com/jcsi/provider/
Official Kerberos Web Sitehttp://web.mit.edu/kerberos/www/
IETF web sitehttp://www.ietf.org
Author’s web sitehttp://www.stevekapp.net/index.html
9/23/2003EMRT Consultants
http://www.emrt.com 63
©2003 by Steve Kapp, all rights reserved
Questions