11 Pmd Security 6

Class Outline

Programming Mobile Devices Security

• • • •

What is security? Web security XML and Web services security Security in Java, MIDP

Jacek Kopecký [email protected]

What is Security? • • • • •

Authentication, authorization Confidentiality, privacy Non-repudiation Intrusion prevention, detection Risk assessment

Authentication • Identifying the peer • “Alice makes sure that she’s talking to Bob, not someone else”

• Physical authentication: • Something Bob knows • Password, PIN

• Something Bob has • ID smart card, cell phone

• Something Bob is • Signature, fingerprint, retinal scan, voiceprint

• Digital authentication: • Secure key, certificate

Authorization • Authorization – giving access to peer • • • •

“Alice allows Bob to do certain things” Authenticated (known) peer Allowing or blocking an action In a bank – access to your account, not others

• Authorization requires authentication

Confidentiality, Privacy, Non-repudiation • Alice wants to send something to Bob, nobody else • Revealing as little as possible from communication to eavesdroppers • Private channel – hides data (usually encryption)

• Various levels • Encrypted channel from you to mail server • Encrypted email body, open headers

• Privacy goes further • Anonymizer proxy – hides user identity, behavior

• Non-repudiation • Alice cannot deny sending something to Bob (digsig) • Auditing, contracting

1

Intrusion prevention, detection Risk assessment • •

Security breaches Viruses, worms, trojans etc.

1. Writing secure systems 2. Logging significant actions (safely) 3. Auditing systems, logs •

Web Security Overview • HTTP Authentication • HTTPS • Solutions for confidentiality, authentication

What level of prevention is cheaper than having breach?

Web Security – HTTP Auth • Basic – almost plain text password • Digest – challenge, response • Both are HTTP request parameters • Forms with username, password • Forms can scramble the data on client • Part of payload on request

XML & WS Security Overview • XML Encryption • XML Digital Signature • Includes XML Canonicalization

• XML Key Management System • Security Assertion, Access Control Markup • WS-Security

Web Security – HTTPS • • • • • •

Confidentiality HTTPS provides TLS encryption Server authentication (important) Port 443 (not 80) Limits caching Supported in MIDP 2.0

XML Encryption • Problem: hide parts of XML documents <PaymentInfo xmlns='http://example.org/paymentv2'> John Smith 4019 2445 0277 5567 Example Bank <Expiration>04/02

2

XML Encryption Hiding Whole XML Documents <EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#'> A23B45C56

XML Encryption Hiding Element Content <PaymentInfo xmlns='http://example.org/paymentv2'> John Smith <EncryptedData xmlns='http://www.w3.org/2001/04/xmlenc#' Type='http://www.w3.org/2001/04/xmlenc#Content'> A23B45C56

XML Signature Verification • Verifying digital signature (roughly): • Digest the data • Decrypt the signature (with known public key of signer, or with shared key) • The digest must match the decrypted signature

• Signature verifies data is same as was signed • With public-key cryptography, signature also gives non-repudiation

XML Encryption Hiding Elements <PaymentInfo xmlns='http://example.org/paymentv2'> John Smith <EncryptedData Type='http://www.w3.org/2001/04/xmlenc#Element' xmlns='http://www.w3.org/2001/04/xmlenc#'> A23B45C56

XML Signature • Digest of data, protected with encryption • Creating digital signature (roughly): • Digest the data • Encrypt the digest (with private or shared key) • The encrypted result is the signature

XML Canonicalization • For signature, data is digested • Digest algorithms work with octet streams • Equivalent XML may have different octet stream representations: <element att="val"/> <element att = 'val' />

• Canonicalization (C14N) prescribes the one serialization • Serious issues with namespaces, other inherited values (xml:base, xml:lang etc.) • Must be inherited to be verified by signature • Same applies to encrypting only parts of XML documents

3

XML Key Management, XACML, SAML • XKMS – XML Key Management Specification • Distributing and registering public keys • Minimizing complexity of using XML Signature

Web Services Security • WS-Security specification • Puts all the above together in SOAP • Runtime specifications

• WS-SecurityPolicy • XACML – eXtensible Access Control Markup Language • Authorization policies

• Describes security policies of Web services • Design/deployment-time

• SAML – Security Assertion Markup Language • Authentication, transfer of authentication and authorization decisions

Web Services Security Example <S11:Envelope> <S11:Header> <wsse:Security> <wsse:BinarySecurityToken wsu:Id="X509Token"> MIIEZzCCA9CgAwIBAgIQEmtJZc0rqrKh5i... … <S11:Body wsu:Id="body"> <xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" wsu:Id="enc1"> <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/> <xenc:CipherData> <xenc:CipherValue>d2FpbmdvbGRfE0lm4byV0...

Security in Java • Java Security API (since JDK 1.1) • java.security

Web Services Security Example LyLsF094hPi4wPU... Hp1ZkmFZ/2kQLXDJbchm5gK... <wsse:SecurityTokenReference> <wsse:Reference URI="#X509Token"/>

Java Security API Generating Digests MessageDigest messagedigest = MessageDigest.getInstance("SHA");

• Algorithm-independent and extensible • Implementation-independent

int n = 0; byte [] bytes = new byte [1000];

• Generating digests • Creating and verifying signatures

while ((n = inputstream.read(bytes)) > -1) { messagedigest.update(bytes, 0, n); } byte [] digest = messagedigest.digest();

4

Java Security API Creating Digital Signatures

Java Security API Verifying Digital Signatures

PrivateKey privatekey = (PrivateKey)KeyTools.readFromFile(filePrivate); Signature signature = Signature.getInstance("DSA"); signature.initSign(privatekey);

PublicKey publickey = (PublicKey)KeyTools.readFromFile(filePublic); Signature signature = Signature.getInstance("DSA"); signature.initVerify(publickey);

int n = 0; byte [] bytes = new byte [1000];

int n = 0; byte [] bytes = new byte [1000];

while ((n = inputstream.read(bytes)) > -1) { signature.update(bytes, 0, n); } bytes [] signdata = signature.sign();

while ((n = inputstream.read(bytes)) > -1) { signature.update(bytes, 0, n); } boolean result = signature.verify(signdata);

Java Security API Encryption

Security in Java • Java Cryptography Extension (since JDK1.4) • javax.crypto

• Encryption, decryption

KeyGenerator keygen = KeyGenerator.getInstance("DES"); SecretKey desKey = keygen.generateKey(); Cipher desCipher = Cipher.getInstance("DES/ECB/PKCS5Padding"); // Initialize the cipher for encryption desCipher.init(Cipher.ENCRYPT_MODE, desKey); byte[] cleartext = "This is just an example".getBytes(); // Encrypt the cleartext byte[] ciphertext = desCipher.doFinal(cleartext);

Java Security API Decryption // KeyGenerator keygen = KeyGenerator.getInstance("DES"); // SecretKey desKey = keygen.generateKey(); Cipher desCipher = Cipher.getInstance("DES/ECB/PKCS5Padding"); // Initialize the cipher for decryption, symmetrical key desCipher.init(Cipher.DECRYPT_MODE, desKey); // byte[] ciphertext = /* the ciphertext from previous code */; // Decrypt the ciphertext byte[] cleartext1 = desCipher.doFinal(ciphertext);

Security in MIDP • MIDP 2.0 • Mandates HTTPS • Optionally supports Java Security API • Does not support Java Cryptography Extension

• Bouncy Castle • • • •

Lightweight Cryptography API Implementation that works in MIDP/J2ME Not optimized, especially for public-key algorithms http://bouncycastle.org/

5

Summary • Security is a complex topic • Nothing is totally secure – price trade-off • Social engineering, brute force, physical force

• Web security solves authentication and confidentiality • XML security adds non-repudiation, authorization, identity federation • XML security also applies to Web services • Java provides easy-to-use Security API • For mobile devices, there are lightweight alternatives

6