Java Symmetric

csci5931 Web Security 1

GS Chapter 4

Symmetric Encryption in Java

csci5931 Web Security 2

Topics

A Blowfish

B Password-based encryption (PBE)

C Key storage

D Modes

E Cipher streams and IV (initialization vector)

F Sealed objects

csci5931 Web Security 3

Applications of symmetric encryptions

File encryption

Network encryption

Database encryption

Applications that require encryption of large

amount of data

csci5931 Web Security 4

JavaxcryptoKeyGenerator httpjavasuncomj2se141docsapijavaxcryptoKeyGeneratorhtml

Provides the functionality of a (symmetric) key generator

Key generators are constructed using one of the getInstance class

methods

KeyGenerator objects are reusable ie after a key has been generated

the same KeyGenerator object can be re-used to generate further keys

There are two ways to generate a key in an algorithm-independent

manner and in an algorithm-specific manner The only difference

between the two is the initialization of the object

csci5931 Web Security 5

JavaxcryptoKeyGenerator Using KeyGeneratorA Create a new key generator

KeyGenerator keyGenerator = KeyGeneratorgetInstance (ldquoDESederdquo)

Note DESede is a triple DES variant with three DES keys k1 k2 k3 The message is encrypted with k1 first then decrypted with k2 and finally encrypted again with k3 This increases the key space and prevents brute force attacks

B Initialize the key generator with the size of the key

keyGeneratorinit (168) initialized to 168 bits

C Generate the key object

Key myKey = keyGeneratorgenerateKey ( )

csci5931 Web Security 6

JavasecurityKey httpjavasuncomj2se141docsapijavasecurityKeyhtml javasecurity

Interface Key

All Superinterfaces Serializable

All Known Subinterfaces DHPrivateKey DHPublicKey DSAPrivateKey DSAPublicKey

PBEKey PrivateKey PublicKey RSAMultiPrimePrivateCrtKey RSAPrivateCrtKey RSAPrivateKey RSAPublicKey SecretKey

All Known Implementing Classes KerberosKey SecretKeySpec

csci5931 Web Security 7

JavasecurityKey The Key interface is the top-level interface for all keys It

defines the functionality shared by all key objects

All keys have three characteristics 1 The key algorithm for that key2 An external encoded form for the key used when a standard

representation of the key is needed outside the Java Virtual Machine as when transmitting the key to some other party

3 The name of the format of the encoded key

Keys are generally obtained through key generators key factory certificates or various Identity classes used to manage keys

Examples javaxcryptoKeyGenerator( ) javasecurityKeyFactory( )

csci5931 Web Security 8

JavaxcryptoCipher

httpjavasuncomj2se141docsapi

public class Cipher

extends Object

This class provides the functionality of a cryptographic cipher for

encryption and decryption It forms the core of the Java

Cryptographic Extension (JCE) framework

To use a Cipher getInstance( ) init( ) update( ) doFinal( )

csci5931 Web Security 9

JavaxcryptoCiphergetInstance( )A In order to create a Cipher object the application calls the Ciphers

getInstance method and passes the name of the requested

transformation to it

static Cipher getInstance(String transformation)

Generates a Cipher object that implements the specified transformation

static Cipher getInstance(String transformation Provider

provider)

Creates a Cipher object that implements the specified transformation as

supplied by the specified provider

static Cipher getInstance(String transformation String provider)

Creates a Cipher object that implements the specified transformation as

supplied by the specified provider

csci5931 Web Security 10

JavaxcryptoCiphergetInstance( ) Examples

Cipher cipher = CiphergetInstance(DESCBCPKCS5Padding)

Cipher cipher = CiphergetInstance(ldquoDESedeECBPKCS5Paddingrdquo)

csci5931 Web Security 11

JavaxcryptoCipherinit( )B Initialize an instance of Cipher

1 Declares the operating mode (ENCRYPT_MODE

DECRYPT_MODE WRAP_MODE UNWRAP_MODE)

2 Pass a key (javasecurityKey) to the cipher

Example

Cipherinit (CipherENCRYPT_MODE myKey)

Note When a Cipher object is initialized it loses all

previously-acquired state In other words initializing a

Cipher is equivalent to creating a new instance of that

Cipher and initializing it

csci5931 Web Security 12

JavaxcryptoCipherupdate( )C Pass the information to be encrypteddecrypted to the cipher

1 The information must be in the form of a byte array

2 Note Ciphers typically buffer their output If the buffer has not been filled

null will be returned

Alternative update( ) methods

byte[ ] update (byte[] input)byte[ ] plaintext = myStringgetBytes (ldquoUTF8rdquo)byte[ ] ciphertext = cipherupdate (plaintext)

int update (byte[ ] input int inputOffset int inputLen byte[ ] output int outputOffset)

Continues a multiple-part encryption or decryption operation (depending on how this cipher was initialized) processing another data part

csci5931 Web Security 13

JavaxcryptoCipherdoFinal( )D Finish the operation

byte[ ] doFinal( ) Finishes a multiple-part encryption or decryption operation depending on

how this cipher was initialized

byte[ ] doFinal(byte[] input)

Encrypts or decrypts data in a single-part operation or finishes a multiple-

part operation

Example

Byte[ ] ciphertext = cipherdoFinal ( )

csci5931 Web Security 14

SimpleExamplejava P69 SimpleExamplejava (see httpscecluheduyangteaching

proJavaSecurityCodehtml) Sample outputgtjava SimpleExample How are you doing

Plain Message=How are you doing

Generating a TripleDES keyDone generating the key

Now encrypting the messageMessage Encrypted

Ciphertext=-74-45759-44-115-19-8-56-99-47794393-45-107-41-125-127-233271855

Now decrypting the messageMessage decrypted

Decrypted text How are you doing

csci5931 Web Security 15

BlowfishExamplejava Blowfish keys can be any bit size from 8 to 448 as long as the

number if divisible by 8 p69 BlowfishExamplejava (see

httpscecluheduyangteachingproJavaSecurityCodehtml) Sample output

gtjava BlowfishExample Its a wonderful dayGenerating a Blowfish keyDone generating the key

Plaintext73 116 39 115 32 97 32 119 111 110 100 101 114 102 117 108 32 100 97 121 33

Ciphertext-77 56 -88 61 -52 -12 -57 43 -10 66 -54 -98 -86 56 -86 51 -127 -125 30 48 -64 112 -37 -125

Decrypted text Its a wonderful day

csci5931 Web Security 16

Password-based encryption (PBE) hashing + symmetric encryption

The user-provided password is hashed by a message digest algorithm such as SHA

The hash value is then used to construct a key for a symmetric encryption algorithm such as Blowfish

The plaintext is then encrypted by the symmetric encryption algorithm

Problems1 PBE is usually less secure due to its smaller key space2 Passwords may suffer lsquodictionary attackrsquo3 Two people might choose the same password which

would create two identical entries in the password file

csci5931 Web Security 17

Password-based encryption (PBE)

PBE + salt + iteration count A salt is a randomly generated piece of data say 64

bits that is added to each password The combined salt+password is used to generate the

key The key is then used to generate a symmetric cipher For the purpose of decryption the salt must be stored as

part of the ciphertext See figures on page 74

csci5931 Web Security 18

Password-based encryption (PBE)

csci5931 Web Security 19

Base64 Encoding Effective in representing ASCII data as 6-bit characters (save one bit

per character)

Widely used in networking transmissions of data eg in MIME

emails amp other Internet-related applications

Input N bytes

Number of output characters

(N 8 24) 4 if N8 24 is zero

(N 8 24 + 1) 4 otherwise

Example N = 8 bytes

(64 24 + 1) 4 12 characters

See httpnascluheduyangteachingcsci5939DatabaseSecuritybase64ppt RFC2045 and Appendix C

csci5931 Web Security 20

Password-based encryption (PBE)

csci5931 Web Security 21

Password-based encryption (PBE) RandomnextBytes (byte[ ] bytes)

Generates random bytes and places them into a user-supplied byte array

public class PBEKeySpecextends Object

implements KeySpec

A user-chosen password that can be used with password-based encryption

(PBE)

The password can be viewed as some kind of raw key material from which

the encryption mechanism that uses it derives a cryptographic key

csci5931 Web Security 22

Password-based encryption (PBE) public class SecretKeyFactory extends Object

This class represents a factory for secret keys

Key factories are used to convert keys (opaque cryptographic keys of type

Key) into key specifications (transparent representations of the

underlying key material) and vice versa Secret key factories operate

only on secret (symmetric) keys

Key factories are bi-directional ie they allow to build an opaque key

object from a given key specification (key material) or to retrieve the

underlying key material of a key object in a suitable format

Application developers should refer to their providers documentation to find

out which key specifications are supported by the generateSecret

and getKeySpec methods

csci5931 Web Security 23

Password-based encryption

Twofish encryption algorithmA symmetric block cipher that accepts keys of any length up to 256

bits

Among the new encryption algorithms being considered by the National

Institute of Science and Technology (NIST) as a replacement for

the DES algorithm

Highly secure and flexible

Works extremely well with large microprocessors 8-bit smart card

microprocessors and dedicated hardware

(Source httpwwwwileycomcdaproduct0047135381700html)

csci5931 Web Security 24

Password-based encryption

An example program PBEjava (see

httpscecluheduyangteachingproJavaSecurityCodehtml)

Sample PBE encryptiondecryptiongtjava PBE -e sasquatch Hello World

yrVhjq5djco=eSIS1LbeAtu5KIKf5ntNhg==

gtjava PBE -e sasquatch Hello World

lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==

gtjava PBE -d sasquatch lQ1lzMl8ONM=GBJFXSnpbltXowvJTmck1w==

Hello World

csci5931 Web Security 25

Key storage

Storage of keys in a persistent media (file

database) for later retrieval or transportation

Objectives The stored keys must be protected

Problems

- If the key storage is compromised the data protected by

the keys become unprotected

Solutions

Use PBE to encrypt the keys Problems

csci5931 Web Security 26

Key storage Key Wrapping

The wrap( ) method defined in javaxcryptoCipher takes a key as an

argument and returns the encrypted value of the key as a byte array

Example

cipherinit (CipherWRAP_MODE passwordKey paramSpec)

byte[ ] encryptedKeyBytes = cipherwrap (secretKey)

To decrypt the keycipherinit (CipherUNWRAP_MODE passwordKey paramSpec)

Key key = cipherunwrap(encryptedKeyBytes ldquoBlowfishrdquo CipherSECRET_KEY)

csci5931 Web Security 27

Key storage Key Encryption

Use the getEncoded( ) method as defined in javasecurityKey to encrypt the

key

Example

byte[ ] keyBytes = myKeygetEncoded( )

cipherinit (CipherENCRYPT_MODE passwordKey paramSpec)

byte[ ] encryptedKeyBytes = cipherdoFinal (keyBytes)

To decrypt the keycipherinit (CipherDECRYPT_MODE passwordKey paramSpec)

byte[ ] keyBytes = cipherdoFinal (encryptedKeyBytes)

SecretKeySpec myKey = new SecretKeySpec (keyBytes ldquoBlowfishrdquo )

csci5931 Web Security 28

Padding Padding is needed to make the size of the plaintext to be a

multiple of the block size

Most symmetric algorithms use one of two types of padding No padding ndash requires the data end on a block exactly

PKCS5 padding ndash (PKCS = Public Key Cryptography Standard)

Suppose there are N bytes in a block that need to be padded

Fill each of the N bytes with the value N

If the data end on a multiple of the block size add an entire block of

padding

(See the illustration on p81)

csci5931 Web Security 29

Modes of DES

ECB CBC

CFB (Cipher FeedBack) Similar to CBC but may work on smaller chunks of data (8 bits for

example)

OFB (Output FeedBack) Similar to CFB but provides better protection against data loss

during transmission

That is a single-bit error will not cause the whole block to be lost

as in the cases of ECB CBC and CFB

csci5931 Web Security 30

Cipher streams and IV JavaxcryptoCipherInputStream javaxcryptoCipherOutputStream

They provide convenient wrappers around standard input and

output streams for them to be automatically encrypted or

decrypted

Initialization Vector (IV) A sequence of random bytes appended to the front of the plaintext

before encryption by a block cipher Adding the initialization vector to the beginning of the plaintext

eliminates the possibility of having the initial ciphertext block the

same for any two messages How to determine the size of a IV given a cipher Example A

256-bit Rijndael cipher needs a 16-byte IV

csci5931 Web Security 31

IV in Java public class IvParameterSpec

extends Object

implements AlgorithmParameterSpec

This class specifies an initialization vector (IV) Examples

which use IVs are ciphers in feedback mode eg DES

in CBC mode and RSA ciphers with OAEP encoding

operation

(NOTE See page 434 for RSA-OAEP padding)

csci5931 Web Security 32

Rijndael

What is Rijndael (Dutch pronounced as lsquoRain Dollrsquo)

ldquoRijndael is a block cipher designed by Joan Daemen and Vincent

Rijmen as a candidate algorithm for the AES

The cipher has a variable block length and key length We currently

specified how to use keys with a length of 128 192 or 256 bits to

encrypt blocks with al length of 128 192 or 256 bitsrdquo

(Source httpwwwesatkuleuvenacbe~rijmenrijndael)

After nearly four years of evaluation in October 2000 Rijndael was

selected by the NIST as the `AES (Advanced Encryption Standard)

See the press release