Java SE Security

advertisement
Java™ Security Overview
Tools to securely
manage applications
Java SE Security
Java security technology includes:
 a set of APIs,
 tools,
 implementations security algorithms,
 mechanisms,
 protocols.
Java SE Security
The Java security APIs span a wide
range of areas, including:
 platform Security,
 cryptography,
 authentication and access control,
 secure communication,
 public key infrastructure.
Java SE Security
Java security technology provides the
developer with a comprehensive security
framework for writing applications,
and also provides the user or administrator
with a set of tools to securely manage
applications.
1 Introduction
Java SE Security Documentation
J2SE 1.4.2 | J2SE 5.0 | Java SE 6
Note
 There are three security extensions for use with
J2SE 1.3.1.
 They are Java Authentication and Authorization
Service, Java Cryptography Extension, and Java
Secure Socket Extension.
 These three extensions have been integrated
into J2SE 1.4.
Java SE Security Overview
Platform Security
Cryptography
Authentication and Access Control
Secure Communications
Public Key Infrastructure (PKI)
3 Basic Security Architecture
http://java.sun.com/javase/6/docs/
technotes/guides/security/overvie
w/jsoverview.html
3 Basic Security Architecture
The Java platform defines a set of APIs
spanning major security areas, including
cryptography, public key infrastructure,
authentication, secure communication,
and access control.
3 Basic Security Architecture
These APIs allow developers to easily
integrate security into their application
code. They were designed around the
following principles:
3 Basic Security Architecture
Implementation independence
Applications do not need to implement
security themselves.
Rather, they can request security services
from the Java platform.
 Implementation independence
Security services are implemented in providers
(see below), which are plugged into the Java
platform via a standard interface.
An application may rely on multiple independent
providers for security functionality.
3 Basic Security Architecture
Implementation interoperability
Providers are interoperable across
applications.
Specifically, an application is not bound to
a specific provider, and a provider is not
bound to a specific application.
3 Basic Security Architecture
 Algorithm extensibility
The Java platform includes a number of built-in
providers that implement a basic set of security
services that are widely used today.
However, some applications may rely on
emerging standards not yet implemented, or on
proprietary services.
The Java platform supports the installation of
custom providers that implement such services.
3 Basic Security Architecture
Security Providers
The java.security.Provider class
encapsulates the notion of a security
provider in the Java platform.
It specifies the provider's name and lists
the security services it implements.
3 Basic Security Architecture
Security Providers
Multiple providers may be configured at
the same time, and are listed in order of
preference.
When a security service is requested, the
highest priority provider that implements
that service is selected.
3 Basic Security Architecture
Applications rely on the relevant
getInstance method to obtain a security
service from an underlying provider.
For example, message digest creation
represents one type of service available
from providers.
3 Basic Security Architecture
 An application invokes the getInstance
method in the
java.security.MessageDigest class to
obtain an implementation of a specific message
digest algorithm, such as MD5.
MessageDigest md =
MessageDigest.getInstance("MD5");
3 Basic Security Architecture
 The program may optionally request an
implementation from a specific provider, by
indicating the provider name, as in the following:
MessageDigest md =
MessageDigest.getInstance("MD5",
"ProviderC");
3 Basic Security Architecture
Figures 1 and 2 illustrate these options for
requesting an MD5 message digest
implementation.
3 Basic Security Architecture
Both figures show three providers that
implement message digest algorithms.
The providers are ordered by preference
from left to right (1-3).
3 Basic Security Architecture
In Figure 1, an application requests an
MD5 algorithm implementation without
specifying a provider name.
3 Basic Security Architecture
The providers are searched in preference
order and the implementation from the first
provider supplying that particular
algorithm, ProviderB, is returned.
Figure 1 Provider searching
3 Basic Security Architecture
In Figure 2, the application requests the
MD5 algorithm implementation from a
specific provider, ProviderC.
3 Basic Security Architecture
This time the implementation from that
provider is returned, even though a
provider with a higher preference order,
ProviderB, also supplies an MD5
implementation.
Figure 2 Specific provider requested
3 Basic Security Architecture
The Java platform implementation from
Sun Microsystems includes a number of
pre-configured default providers that
implement a basic set of security services
that can be used by applications.
3 Basic Security Architecture
Note that other vendor implementations of
the Java platform may include different
sets of providers that encapsulate vendorspecific sets of security services.
3 Basic Security Architecture
When this paper mentions built-in default
providers, it is referencing those available
in Sun's implementation.
3 Basic Security Architecture
The sections below on the various security
areas (cryptography, authentication, ... .)
each include descriptions of the relevant
services supplied by the default providers.
A table in Appendix C summarizes all of
the default providers.
3 Basic Security Architecture
File Locations
Certain aspects of Java security
mentioned in this paper, including the
configuration of providers, may be
customized by setting security properties.
3 Basic Security Architecture
You may set security properties statically
in the security properties file, which by
default is the java.security file in the
lib/security directory of the directory where
the Java™ Runtime Environment (JRE) is
installed.
3 Basic Security Architecture
Security properties may also be set
dynamically by calling appropriate
methods of the Security class (in the
java.security package).
3 Basic Security Architecture
The tools and commands mentioned in
this paper are all in the
~jre/bin directory,
where ~jre stands for the directory in
which the JRE is installed.
3 Basic Security Architecture
The cacerts file mentioned in Section 5 is
in:
~jre/lib/security.
4 Cryptography
4 Cryptography
The Java cryptography architecture is a
framework for accessing and developing
cryptographic functionality for the Java
platform.
It includes APIs for a large variety of
cryptographic services, including: ... ...
4 Cryptography











Message digest algorithms
Digital signature algorithms
Symmetric bulk encryption
Symmetric stream encryption
Asymmetric encryption
Password-based encryption (PBE)
Elliptic Curve Cryptography (ECC)
Key agreement algorithms
Key generators
Message Authentication Codes (MACs)
(Pseudo-) random number generators
4 Cryptography
For historical (export control) reasons, the
cryptography APIs are organized into two
distinct packages as follow:
The java.security package contains
classes that are not subject to export
controls (like Signature and
MessageDigest).
4 Cryptography
The javax.crypto package contains
classes that are subject to export
controls (like Cipher and
KeyAgreement).
4 Cryptography
The cryptographic interfaces are providerbased, allowing for multiple and
interoperable cryptography
implementations.
4 Cryptography
Some providers may perform
cryptographic operations in software;
Others may perform the operations on a
hardware token (for example, on a
smartcard device or on a hardware
cryptographic accelerator).
4 Cryptography
Providers that implement export-controlled
services must be digitally signed.
The Java platform includes built-in
providers for many of the most commonly
used cryptographic algorithms, including:
4 Cryptography
 RSA,
 DSA signature algorithms,
 DES, AES,
 ARCFOUR encryption algorithms,
 MD5 and SHA-1 message digest algorithms,
 Diffie-Hellman key agreement algorithm.
PKCS – Public Key Cryptography
Standards
In cryptography, PKCS refers to a group of
Public Key Cryptography Standards
devised and published by RSA Security.
PKCS
RSA Data Security Inc was assigned the
licensing rights for the patent on the RSA
asymmetric key algorithm and acquired
the licensing rights to several other key
patents as well (e.g., the Schnorr patent).
PKCS
As such, RSA Security, and its research
division, RSA Labs, were interested in
promoting and facilitating the use of
public-key techniques. To that end, they
developed the PKCS standards.
PKCS
The several PKCS standards can be
viewed at:
http://en.wikipedia.org/wiki/PKCS
PKCS #5
2.0
Password-based Encryption Standard
See RFC 2898 and PBKDF2.
PKCS #6
V1.5
Extended-Certificate Syntax Standard
Defines extensions to the old v1 X.509
certificate specification.
Obsoleted by v3 of the same.
PKCS#7
 In cryptography, PKCS refers to a group of Public Key
Cryptography Standards devised and published by
RSA Security.
 Cryptographic Message Syntax Standard.
 See RFC 2315.
 Used to sign and/or encrypt messages under a PKI.
 Used also for certificate dissemination (for instance as a
response to a PKCS#10 message).
 Formed the basis for S/MIME, which is now based on
RFC 3852, an updated Cryptographic Message Syntax
Standard (CMS).
PKCS #10
V1.7
Certification Request Standard
See RFC 2986. Format of messages sent
to a certification authority to request
certification of a public key.
See certificate signing request.
PKCS #11
V2.20
Cryptographic Token Interface (Cryptoki)
An API defining a generic interface to
cryptographic tokens (see also Hardware
Security Module).
PKCS #12
V1.0
Personal Information Exchange Syntax
Standard.
Defines a file format commonly used to
store private keys with accompanying
public key certificates, protected with a
password-based symmetric key.
PKCS #15
 V1.1
 Cryptographic Token Information Format
Standard.
 Defines a standard allowing users of
cryptographic tokens to identify themselves to
applications, independent of the application's
Cryptoki implementation (PKCS #11) or other
API.
 RSA has relinquished IC-card-related parts of
this standard to ISO/IEC 7816-15.[1]
4 Cryptography
These default providers implement
cryptographic algorithms in Java code.
The Java platform also includes a builtin provider that acts as a bridge to a
native PKCS#11 (v2.x) token.
4 Cryptography
This provider, named SunPKCS11,
allows Java applications to seamlessly
access cryptographic services located on
PKCS#11-compliant tokens.
Security Token
A security token (or sometimes a
hardware token, authentication token or
cryptographic token[1]) may be a
physical device that an authorized user of
computer services is given to aid in
authentication. The term may also refer to
software tokens.
Several types of security tokens.
Security Token
Hardware tokens are typically small
enough to be carried in a pocket or purse
and often are designed to attach to the
user's keychain.
Security Token
Some may store cryptographic keys, such
as a digital signature, or biometric data,
such as a fingerprint.
Security Token
Some designs feature tamper resistant
packaging, other may include small
keypads to allow entry of a PIN.
SecurID tokens from RSA Security.
eToken tokens from Aladdin Knowledge
Systems
ActivIdentity Tokens.
5 Public Key Infrastructure
Public Key Infrastructure (PKI)
Tools for managing keys and
certificates and comprehensive, abstract
APIs with support for the following
features and algorithms:
Public Key Infrastructure (PKI)
Certificates and Certificate Revocation
Lists (CRLs): X.509
Certification Path Validators and Builders:
PKIX (RFC 3280), On-line Certificate
Status Protocol (OCSP)
Public Key Infrastructure (PKI)
KeyStores: PKCS#11, PKCS#12
Certificate Stores (Repositories):
LDAP, java.util.Collection
Java ™ Cryptography Architecture
(JCA) Reference Guide
for JavaTM Platform Standard Edition 6
http://java.sun.com/javase/6/docs/technote
s/guides/security/crypto/CryptoSpec.html
includes the Java Cryptographic
Extension (JCE)
6 Authentication
Abstract authentication APIs that can
incorporate a wide range of login
mechanisms through a pluggable
architecture.
A comprehensive policy and permissions
API that allows the developer to create
and administer applications requiring finegrained access to security-sensitive
resources.
JAAS
Java Authentication and Authorization
Service (JAAS)
Reference Guide
for the Java TM SE Development Kit 6
JAAS
http://java.sun.com/javase/6/docs/technote
s/guides/security/jaas/JAASRefGuide.html
Figure 3 Authentication login modules plugging
into the authentication framework
7 Secure Communication
8 Access Control
Figure 4
Controlling access to resources
User Guides
Java SE 6 Security Documentation
Extensive information on the security
features of the Java SE 6 release,
including reference guides, API
specifications (javadocs), tool
documentation, and tutorials.
Java 2 SDK, v 5.0 Security
Documentation
Extensive information on the security
features of the Java 2 SDK, v 5.0 release,
including reference guides, API
specifications (javadocs), tool
documentation, and tutorials.
Java 2 SDK, v 1.4 Security
Documentation
Extensive information on the security
features of the Java 2 SDK, v 1.4 release,
including reference guides, API
specifications (javadocs), tool
documentation, and tutorials.
Security Code Guidelines
Some guidelines to allow you to take full
advantage of the security provided by the
Java platform.
JAR Guide
A short introduction to using the JAR tool
to create JAR files. This describes the
applet tag syntax for associating an applet
with a .JAR file, instead of a .class file.
JAR File Specification
JAR file is a file format based on the
popular ZIP file format and is used for
aggregating many files into one.
Deploying signed applets in Java Plugin
A pointer to the Java Plug-in developer
guide.
The guide includes a chapter on security
and the signed applet support in Java
Plug-in, ...
... which allows users to grant (signed)
applets all permissions based on their
authenticated signers, without having to
configure and deploy any policy or
keystore configuration files.
Security Tools
Documentation
keytool
Solaris/Linux and Microsoft Windows
 keytool is a utility for creating and managing
keystores and certificates.
jarsigner
Solaris/Linux and Microsoft Windows
 jarsigner is a utility for generating and
verifying JAR signatures.
Policy Tool
Solaris/Linux and Microsoft Windows
Policy tool is a GUI tool for creating and
managing policy files.
kinit
Microsoft Windows
 kinit is a utility for obtaining Kerberos v5
tickets.
klist
Microsoft Windows
 klist is a utility to list entries in a Kerberos v5
credential cache and key tab.
ktab
Microsoft Windows
 ktab is a utility to help the user manage
entries in the key table.
Java Security Feedback Alias
Java Security Feedback Alias
Information about the javasecurity@sun.com alias, and an online
archive of the questions, comments, and
answers from the alias.
Products and Technologies
JAAS
Java Authentication and Authorization
Service (JAAS)
JAAS
The Java Authentication and Authorization
Service (JAAS) is a set of APIs that enable
services to authenticate and enforce
access controls upon users.
JAAS
It implements a Java technology version of
the standard Pluggable Authentication
Module (PAM) framework, and supports
user-based authorization. » Read More
JAAS
JAAS has now been integrated into the
Java 2 SDK, version 1.4.
JAAS - What’s new – J2ME
November 2006
Foundation Profile 1.1 JSR 219
An expert group working via the Java
Community Process has defined an
optional package comprising the ...
JAAS in J2ME
... Java Secure Socket Extension (JSSE),
Java Cryptography Extension (JCE), and
Java Authentication and Authorization
Service (JAAS) APIs for use with Java 2
Platform, Micro Edition Foundation
Profile implementations.
JCE
Java Cryptography Extension (JCE)
JCE
The Java Cryptography Extension
(JCE) is a set of packages that provides
a framework and implementations for:
 encryption,
 key generation and key agreement,
 Message Authentication Code (MAC)
algorithms.
JCE
Support for encryption includes symmetric,
asymmetric, block, and stream ciphers.
The software also supports secure
streams and sealed objects.
JCE in J2SE (included as part of J2SE
1.4.x and later)
JCE – What’s new - J2ME
June 2003
Foundation Profile 1.1 JSR 219
An expert group working via the Java
Community Process has defined an
optional package comprising the ...
JCE in J2ME
Java Secure Socket Extension (JSSE),
Java Cryptography Extension (JCE), and
Java Authentication and Authorization
Service (JAAS) APIs for use with Java 2
Platform, Micro Edition (J2ME)
Foundation Profile implementations.
JSSE
Java Secure Socket Extension (JSSE)
JSSE
The Java Secure Socket Extension
(JSSE) is a set of packages that enable
secure Internet communications.
JSSE
It implements a Java technology version of
Secure Sockets Layer (SSL) and
Transport Layer Security (TLS)
protocols.
JSSE
It includes functionality for data
encryption, server authentication,
message integrity, and optional client
authentication.
JSSE
JSSE in J2SE (included as part of J2SE
1.4.x and later)
What's New in JSSE
June 2003
Foundation Profile 1.1 JSR 219
An expert group working via the Java
Community Process has defined an
optional package comprising the
JSSE in J2ME
... Java Secure Socket Extension (JSSE),
Java Cryptography Extension (JCE), and
Java Authentication and Authorization
Service (JAAS) APIs for use with Java 2
Platform, Micro Edition (J2ME)
Foundation Profile implementations.
Security Resources
Free Advice from Security Experts
Free Advice from Security Experts
 Sun has compiled its knowledge from over two
decades of secure IT designs and deployments.
 The resulting architectural blueprints and tools
will help you simplify, enhance, and automate
security controls throughout your enterprise.
Developing a Security Policy (PDF)
This article details the importance of
security policies and the basic steps
involved.
Secure by Design
Sun.com Feature Story featuring "10
Steps to Better Security"
Security Executive Brief (PDF)
A printable overview of Sun's vision,
methodology, and portfolio
Systemic Security Executive Overview
Presentation (PDF)
Systemic Security Architectural Patterns
Presentation (PDF)
Security Alert Feed
Get alerts and solutions for security
vulnerabilities directly from the Sun
experts
White Papers
These business and technical papers help
security and IT professionals understand
Sun's recommended approaches and
tactics for managing real-world security
and compliance goals. More
Webcasts
Listen to and watch Sun's Security
NetTalks.
These on-demand webcasts provide
practical and detailed recommendations
from Sun and industry experts.
Easy and convenient expertise, ready
when you are. More
Reference Documentation
Read Sun's extensive documentation of
accrued knowledge on security technology
and implementation.
These technical guides are for
practitioners -- architects, developers, and
system administrators who need tools
today.
More
Sun Security Blueprints and Books
Search on security on this site to find the
most popular and prolific topic on Sun's
free best practices site.
Learn More
Mobile Java Tecnology
Mobile Java Tecnology
Introduction to Mobile Java Technology
To develop applications using wireless
Java technology, you'll need to assimilate
information from several fields.
Mobile Java Tecnology
You'll need to understand something about
wireless communications technology, the
business of wireless communications, and
a lot about the Java platform.
Mobile Java Tecnology
Where should you begin? This page
contains a high-level overview of wireless
Java technology and many links to
detailed information about specific
subjects.
 March 7, 2007
An Introduction to the PIM API for Java ME The
SDN Mobile Java site is presenting a six part
series on the Personal Information Management
API (JSR 75). Java ME expert and JCP member
Enrique Ortiz provides the definitive text on the
PIM API. Jump on Part 1 now and be prepared
for the rest of the series in the coming weeks.
» Read more
March 16, 2007
Using the PIM API for Java ME, Part 2 Portability Considerations In this
installment Enrique explores how to test
for PIM API presence on your device and
test for presence of the various databases
and fields. Learn how to navigate the API
and build robust applications.
» Read more
March 20, 2007
Using the PIM API for Java ME, Part 3 Security Considerations Will your
application protect the user's address
book, calendar and to-do list? In part 3
learn how PIM is designed to work in
conjunction with the MIDP 2.0 security
framework.
» Read more
 March 26, 2007
Design Consideration for Using the PIM API for
Java ME
 Welcome to Part 4 of the PIM API series.
 Now it's time to explore design issues that will
affect how your application is developed.
 Read this, then start your application design.
» Read more
 April 2, 2007
Managing Personal Information - Using the PIM
API for Java ME In the penultimate article in the
PIM API series Enrique presents sample source.
Small examples of how to do everything from
retrieving the names of PIM databases through
PIM create/read/update/delete operations to
exception handling. Now it's time to play.
» Read more
April 10, 2007
Managing Personal Information Summary of PIM Fields
In the final installment, it is provided an
extensive reference on the PIM fields and
pointers to related on-line resources.
Now you have it all.
» Read more
The J2ME Universe
J2ME
The current universe of configurations,
profiles and optional packages is shown in
the diagram below.
The tables immediately following provide
more details about the abbreviations in the
figure.
The J2ME Universe Today (May 2007)
Overview of J2ME
Unlike J2SE, J2ME is not a piece of
software, nor is it a single specification.
This difference can be confusing, even for
developers who are already familiar with
J2SE.
Overview of J2ME
Instead, J2MEis a platform, a collection of
technologies and specifications that are
designed for different parts of the small
device market.
Because J2ME spans such a variety of
devices, it wouldn't make sense to try to
create a one-size-fits-all solution.
Overview of J2ME
J2ME, therefore, is divided into
configurations, profiles,and optional
packages.
Configurations are specifications that
detail a virtual machine and a base set of
APIs that can be used with a certain class
of device.
Overview of J2ME
A configuration, for example, might be
designed for devices that have less than
512 KB of memory and an intermittent
network connection.
Overview of J2ME
The virtual machine is either a full Java
Virtual Machine1 (as described in the
specification) or some subset of the full
JVM1.
The set of APIs is customarily a subset of
the J2SE APIs.
Overview of J2ME
A profile builds on a configuration but adds
more specific APIs to make a complete
environment for building applications.
Overview of J2ME
While a configuration describes a JVM1
and a basic set of APIs, it does not by
itself specify enough detail to enable you
to build complete applications.
Profiles usually include APIs for
application life cycle, user interface, and
persistent storage.
Overview of J2ME
An optional package provides functionality
that may not be associated with a specific
configuration or profile.
Overview of J2ME
One example of an optional package is the
Bluetooth API (JSR 82), which provides a
standardized API for using Bluetooth
networking.
This optional package could be
implemented alongside virtually any
combination of configurations and profiles.
The Java Community Process
JCP
The Java Community Process (JCP)
Specifications for J2SE, J2EE, and J2ME
are developed under the aegis of the Java
Community Process (JCP).
The Java Community Process (JCP)
A specification begins life as a Java
Specification Request (JSR).
An expert group consisting of
representatives from interested companies
is formed to create the specification.
The Java Community Process (JCP)
The JSR then passes through various
stages in the JCP before it is finished.
Every JSR is assigned a number.
J2ME specifications are commonly
referred to by their JSR number.
Overview of Wireless
Communications
Overview of Wireless Communications
Wireless communications is a huge field,
encompassing everything from radio and
television broadcasting through pagers,
mobile phones, and satellite
communications.
The field of mobile phones is expanding
very fast at the same time that standards
and protocols are being adopted, used,
updated, and sometimes discarded.
The other rapidly expanding part of the
wireless world is that of wireless local area
networks (LANs).
Driven by widespread acceptance of the
IEEE 802.11 standard, wireless local
networking for computers and other
devices is spreading rapidly.
Although wireless may seem like a special
case, it is actually more intuitive and more
natural than wired networking.
Some day soon the need to plug a laptop
into a network physically will seem quaint
and antiquated.
The notion that you could walk into a room
with your cell phone and have it unable to
interact with other devices in the room will
seem unbelievably primitive.
The future will reveal that wired networks
are the special case.
Conceptually, wireless communications
can be split into two types, local and wide
area.
A local device is similar to a key fob with a
button that unlocks a car, a 900 MHz
cordless phone, a radio control toy, or a
Bluetooth network.
All of these devices operate overshort
distances, typically just a few meters.
Wide area wireless devices operate
effectively over a much greater area. A
pager or mobile phone is a good example.
You can talk on your mobile phone to any
other phone on the planet.
These devices' greater range relieson a
trick, however: a more elaborate landbased network.
A mobile phone doesn't have that much
more radio power than a radio control toy.
What it does have is a network of carefully
placed radio antennas (cell towers); the
phone can continue to operate as long as
it is within range of at least one tower.
The mobile phone device receives service
from a wireless carrier, a company that
operates the land-based network.
While a number of industry consortia and
standard bodies, such as the International
Telecommunication Union, ... ...
… … are trying to define or foster the
development of standards for the wireless
world, today's wireless world is still
fragmented and complex.
If you buy a mobile phone in the U.S.
today, it might run on Motorola's iDEN
network or Sprint's PCS network.
Take it overseas to Europe and you'll be
out of luck--your phone will not work with
Europe's GSM network, nor will it work
with the PDC network or any of the other
mobile networks that live in Japan.
More information about wireless
communications
Making Sense of Cellular gives an
introductory overview of the wireless radio
spectrum.
World of Wireless Communications
provides a brief overview of wireless
communications and the concept of an
embedded device.
Download