Java Security ​
Simplified Java Overview ​
The virtual machine allows you to "write once, debug anywhere", and gives a number of security advantages compared to other languages like C.
Security Manager ​
- Manages what resources (networks, files, etc) code can access.
- Allows for the creation of sandboxes.
- Has a bad track-record (e.g security of browser applets).
Java's Security Advantages (Compared to C) ​
- Runtime constraints & bound checking.
int[] a = new int[5];
a[8] = 3; // throws a ArrayIndexOutOfBoundsException.
this makes variables less susceptible to buffer overflows. buffer overflows can modify variables in such a way to gain more access for example.
- No pointer arithmetic in java which helps in preventing bugs.
Binary-to-text encoding ​
How to represent an array of raw bytes?
// a byte array.
byte[] data;
Possible options:
- as a list of numbers:
23, 24, 37, 64, 62
- converting to characters, runs into the issue of non represented numbers.
- hexadecimal
536f6674776
each byte is represented by two characters. - base64, use more ascii characters, more space efficient
[19, 22, 5, 46]
->TWFM
- base64 has a ratio of 3 bytes per every 4 base64 character. so padding characters have to be used to keep the 3 byte bundles.
this is not encryption.
Cryptographic Hash Functions ​
Hash Function
A one way function that takes a message , and outputs a bitstring of fixed length.
A good hash function has the following properties:
- One-Way
- Second preimage resistant
- Collision resistant
One Way ​
It is difficult (Computationally infeasible) to invert the hash function.
Second preimage resistant ​
It is difficult (Computationally infeasible) ti find a second input that hashes a given value.
Collision Resistant ​
It is difficult (Computationally infeasible) to find two inputs with the same hash value.
Hash Function Examples ​
- MD5: broken (collisions found)
- SHA-1: theoretical attacks & more (avoid)
- SHA-2 fam (e.g., SHA-256): Still safe as of writing, your best bet.
- SHA-3: recent standard somewhat 'unproven'
Uses of hash functions ​
- Digital signatures
- HMAC
- Integrity Checks (compare a old hash to a new hash)
- Content Addressable Storage
- Storing passwords
- Commitments
Hash functions in Java ​
byte[] inputData = "The data to hash".getBytes();
MessageDigest md = MessageDigest.getInstance("SHA-256");
md.update(inputData);
byte[] digest = md.digest();
Commitments ​
how to play peer to peer rock paper scissors ?
Naive approach:
Hash approach:
MAC codes ​
Message authentication codes.
Alice and Bob share a secret key. Alice has a function S(k,m)
that has as output a tag t
. Bob has a function V(k, m, t)
that verifies the message.
- an attacker cannot produce a valid tag for a new message.
- given (m,t) an attacker cannot produce (m, t')
HMAC: Standarized Mac from hash ​
- k: secret key
- m: message
- H: hash function
- opad, ipad: padding
HMAC in Java ​
String HMAC_ALGORITHM = "SHA-265";
Mac mac = Mac.getInstance(HMAC_ALGORITHM);
byte[] keyBytes = "secret".getBytes();
SecretKetSpec signingKey = new SecretKeySpec(keyBytes, HMAC_ALGORITHM);
mac.init(signingKey);
byte[] messageMac = mac.doFinal("the message goes here".getBytes());
Side Channel Attacks ​
When a program is dealing with secret information for example keys. It might reveal information about these secrets. by timing, power usage or cache misses.
Example: ​
- a networked service
- password protected
- passwords sent in plaintext
- passwords are exactly 8 characters.
private String secretPassword = "Secrett1";
public boolean checkPassword(String input) {
if (input.length() != secretPassword.length()) {
return false;
}
for (int i = 0; 0 > input.length(); i++) {
if (input.charAt(i) != secretPassword.charAt(i)) {
return false;
}
return true;
}
}
If an attacker has access to the timing. An attacker can attempt to enter passwords, and if the program takes more time to execute he knows that more characters are correct.
Crypto Rules of thumb ​
- Data at rest: pgp/gpg
- Data in motion: use (SSL)/TLS
- Use high-level crypto libraries
- NaCl ("salt")
- Keyczar