GS: Chapter 4 Symmetric Encryption in Java

1
GS Chapter 4Symmetric Encryption in Java
2
Topics

• Blowfish
• Password-based encryption (PBE)
• Key storage
• Modes
• Cipher streams and IV (initialization vector)
• Sealed objects

3
Applications of symmetric encryptions

• File encryption
• Network encryption
• Database encryption
• Applications that require encryption of large
  amount of data.

4
Javax.crypto.KeyGenerator

• http//java.sun.com/j2se/1.4.1/docs/api/javax/cryp
  to/KeyGenerator.html
• Provides the functionality of a (symmetric) key
  generator
• Key generators are constructed using one of the
  getInstance class methods.
• KeyGenerator objects are reusable, i.e., after a
  key has been generated, the same KeyGenerator
  object can be re-used to generate further keys.
• There are two ways to generate a key in an
  algorithm-independent manner, and in an
  algorithm-specific manner. The only difference
  between the two is the initialization of the
  object.

5
Javax.crypto.KeyGenerator

• Using KeyGenerator
• Create a new key generator
• KeyGenerator keyGenerator KeyGenerator.getInstan
  ce (DESede)
• Note DESede is a triple DES variant with three
  DES keys k1, k2, k3. The message is encrypted
  with k1 first, then decrypted with k2, and
  finally encrypted again with k3. This increases
  the key space and prevents brute force attacks.
• Initialize the key generator with the size of the
  key
• keyGenerator.init (168) // initialized to 168
  bits
• Generate the key object
• Key myKey keyGenerator.generateKey ( )

6
Java.security.Key

• http//java.sun.com/j2se/1.4.1/docs/api/java/secur
  ity/Key.html
• java.security Interface Key
• All Superinterfaces
• Serializable
• All Known Subinterfaces
• DHPrivateKey, DHPublicKey, DSAPrivateKey,
  DSAPublicKey, PBEKey, PrivateKey, PublicKey,
  RSAMultiPrimePrivateCrtKey, RSAPrivateCrtKey,
  RSAPrivateKey, RSAPublicKey, SecretKey
• All Known Implementing Classes
• KerberosKey, SecretKeySpec

7
Java.security.Key

• The Key interface is the top-level interface for
  all keys. It defines the functionality shared by
  all key objects.
• All keys have three characteristics
• The key algorithm for that key
• An external encoded form for the key used when a
  standard representation of the key is needed
  outside the Java Virtual Machine, as when
  transmitting the key to some other party
• The name of the format of the encoded key
• Keys are generally obtained through key
  generators, key factory, certificates, or various
  Identity classes used to manage keys.
• Examples javax.crypto.KeyGenerator( )
  java.security.KeyFactory( )

8
Javax.crypto.Cipher

• http//java.sun.com/j2se/1.4.1/docs/api/
• public class Cipher
• extends Object
• This class provides the functionality of a
  cryptographic cipher for encryption and
  decryption. It forms the core of the Java
  Cryptographic Extension (JCE) framework.
• To use a Cipher getInstance( ), init( ), update(
  ), doFinal( ).

9
Javax.crypto.Cipher.getInstance( )

• In order to create a Cipher object, the
  application calls the Cipher's getInstance
  method, and passes the name of the requested
  transformation to it.
• static Cipher getInstance(String transformation)
  Generates a Cipher object that implements the
  specified transformation.
• static Cipher getInstance(String transformation,
  Provider provider) Creates a Cipher object that
  implements the specified transformation, as
  supplied by the specified provider.
• static Cipher getInstance(String transformation,
  String provider) Creates a Cipher object that
  implements the specified transformation, as
  supplied by the specified provider.

10
Javax.crypto.Cipher.getInstance( )

• Examples
• Cipher cipher Cipher.getInstance("DES/CBC/PKCS5P
  adding")
• Cipher cipher Cipher.getInstance(DESede/ECB/PKC
  S5Padding)

11
Javax.crypto.Cipher.init( )

• Initialize an instance of Cipher
• Declares the operating mode (ENCRYPT_MODE,
  DECRYPT_MODE, WRAP_MODE, UNWRAP_MODE)
• Pass a key (java.security.Key) to the cipher
• Example
• Cipher.init (Cipher.ENCRYPT_MODE, myKey)
• Note When a Cipher object is initialized, it
  loses all previously-acquired state. In other
  words, initializing a Cipher is equivalent to
  creating a new instance of that Cipher and
  initializing it.

12
Javax.crypto.Cipher.update( )

• Pass the information to be encrypted/decrypted to
  the cipher
• The information must be in the form of a byte
  array.
• Note Ciphers typically buffer their output. If
  the buffer has not been filled, null will be
  returned.
• Alternative update( ) methods
• byte update (byte input)
• byte plaintext myString.getBytes (UTF8)
• byte ciphertext cipher.update (plaintext)
• int update (byte  input, int inputOffset,
  int inputLen, byte  output, int outputOffset)
• Continues a multiple-part encryption or
  decryption operation (depending on how this
  cipher was initialized), processing another data
  part.

13
Javax.crypto.Cipher.doFinal( )

• Finish the operation
•  byte doFinal( ) Finishes a multiple-part
  encryption or decryption operation, depending on
  how this cipher was initialized.
•  byte doFinal(byte input) Encrypts or
  decrypts data in a single-part operation, or
  finishes a multiple-part operation.
• Example
• Byte ciphertext cipher.doFinal ( )

14
SimpleExample.java

• P.69 SimpleExample.java (see http//sce.cl.uh.edu
  /yang/teaching/proJavaSecurityCode.html)
• Sample output
• gtjava SimpleExample "How are you doing?"
• Plain MessageHow are you doing?
• Generating a TripleDES key...
• Done generating the key.
• Now encrypting the message
• Message Encrypted
• Ciphertext-74-45759-44-115-19-8-56-99-47794393-45
  -107-41-125-127-233271855
• Now decrypting the message
• Message decrypted
• Decrypted text How are you doing?

15
BlowfishExample.java

• Blowfish keys can be any bit size from 8 to 448,
  as long as the number if divisible by 8.
• p.69 BlowfishExample.java (see
  http//sce.cl.uh.edu/yang/teaching/proJavaSecurity
  Code.html)
• Sample output
• gtjava BlowfishExample "It's a wonderful day!"
• Generating a Blowfish key...
• Done generating the key.
• Plaintext
• 73 116 39 115 32 97 32 119 111 110 100 101 114
  102 117 108 32 100 97 121 33
• Ciphertext
• -77 56 -88 61 -52 -12 -57 43 -10 66 -54 -98 -86
  56 -86 51 -127 -125 30 48 -64 11
• 2 -37 -125
• Decrypted text It's a wonderful day!

16
Password-based encryption (PBE)

• hashing symmetric encryption
• The user-provided password is hashed by a message
  digest algorithm, such as SHA.
• The hash value is then used to construct a key
  for a symmetric encryption algorithm, such as
  Blowfish.
• The plaintext is then encrypted by the symmetric
  encryption algorithm.
• Problems?
• PBE is usually less secure, due to its smaller
  key space.
• Passwords may suffer dictionary attack.
• Two people might choose the same password, which
  would create two identical entries in the
  password file.

17
Password-based encryption (PBE)

• PBE salt iteration count
• A salt is a randomly generated piece of data, say
  64 bits, that is added to each password.
• The combined saltpassword is used to generate
  the key.
• The key is then used to generate a symmetric
  cipher.
• For the purpose of decryption, the salt must be
  stored as part of the ciphertext.
• See figures on page 74.

18
Password-based encryption (PBE)
19
Base64 Encoding

• Effective in representing ASCII data as 6-bit
  characters (save one bit per character)
• Widely used in networking transmissions of data
  e.g., in MIME emails other Internet-related
  applications
• Input N bytes
• Number of output characters
• (N 8 / 24) 4, if N8 24 is zero
• (N 8 / 24 1) 4, otherwise.
• Example N 8 bytes.
• (64 / 24 1) 4 ? 12 characters
• See http//nas.cl.uh.edu/yang/teaching/csci5939Dat
  abaseSecurity/base64.ppt, RFC2045, and Appendix C.

20
Password-based encryption (PBE)
21
Password-based encryption (PBE)

• Random.nextBytes (byte  bytes) Generates
  random bytes and places them into a user-supplied
  byte array.
• public class PBEKeySpec
• extends Object
• implements KeySpec
• A user-chosen password that can be used with
  password-based encryption (PBE).
• The password can be viewed as some kind of raw
  key material, from which the encryption mechanism
  that uses it derives a cryptographic key.

22
Password-based encryption (PBE)

• public class SecretKeyFactory extends Object
• This class represents a factory for secret keys.
• Key factories are used to convert keys (opaque
  cryptographic keys of type Key) into key
  specifications (transparent representations of
  the underlying key material), and vice versa.
  Secret key factories operate only on secret
  (symmetric) keys.
• Key factories are bi-directional, i.e., they
  allow to build an opaque key object from a given
  key specification (key material), or to retrieve
  the underlying key material of a key object in a
  suitable format.
• Application developers should refer to their
  provider's documentation to find out which key
  specifications are supported by the
  generateSecret and getKeySpec methods.

23
Password-based encryption

• Twofish encryption algorithm
• A symmetric block cipher that accepts keys of any
  length, up to 256 bits
• Among the new encryption algorithms being
  considered by the National Institute of Science
  and Technology (NIST) as a replacement for the
  DES algorithm
• Highly secure and flexible
• Works extremely well with large microprocessors,
  8-bit smart card microprocessors, and dedicated
  hardware.
• (Source http//www.wiley.com/cda/product/0,,04713
  53817,00.html)

24
Password-based encryption

• An example program PBE.java (see
  http//sce.cl.uh.edu/yang/teaching/proJavaSecurity
  Code.html)
• Sample PBE encryption/decryption
• gtjava PBE -e sasquatch "Hello World!"
• yrVhjq5djcoeSIS1LbeAtu5KIKf5ntNhg
• gtjava PBE -e sasquatch "Hello World!"
• lQ1lzMl8ONMGBJFXSnpbltXowvJTmck1w
• gtjava PBE -d sasquatch "lQ1lzMl8ONMGBJFXSnpbltXow
  vJTmck1w"
• Hello World!

25
Key storage

• Storage of keys in a persistent media (file,
  database) for later retrieval or transportation
• Objectives The stored keys must be protected.
• Problems?
• If the key storage is compromised, the data
  protected by the keys become unprotected.
• Solutions?
• Use PBE to encrypt the keys. Problems?

26
Key storage

• Key Wrapping
• The wrap( ) method, defined in javax.crypto.Cipher
  , takes a key as an argument and returns the
  encrypted value of the key as a byte array.
• Example
• cipher.init (Cipher.WRAP_MODE, passwordKey,
  paramSpec)
• byte encryptedKeyBytes cipher.wrap
  (secretKey)
• To decrypt the key
• cipher.init (Cipher.UNWRAP_MODE, passwordKey,
  paramSpec)
• Key key cipher.unwrap(encryptedKeyBytes,
  Blowfish, Cipher.SECRET_KEY)

27
Key storage

• Key Encryption
• Use the getEncoded( ) method, as defined in
  java.security.Key, to encrypt the key.
• Example
• byte keyBytes myKey.getEncoded( )
• cipher.init (Cipher.ENCRYPT_MODE, passwordKey,
  paramSpec)
• byte encryptedKeyBytes cipher.doFinal
  (keyBytes)
• To decrypt the key
• cipher.init (Cipher.DECRYPT_MODE, passwordKey,
  paramSpec)
• byte keyBytes cipher.doFinal
  (encryptedKeyBytes)
• SecretKeySpec myKey new SecretKeySpec
  (keyBytes, Blowfish )

28
Padding

• Padding is needed to make the size of the
  plaintext to be a multiple of the block size.
• Most symmetric algorithms use one of two types of
  padding
• No padding requires the data end on a block
  exactly
• PKCS5 padding (PKCS Public Key Cryptography
  Standard)
• Suppose there are N bytes in a block that need to
  be padded.
• Fill each of the N bytes with the value N.
• If the data end on a multiple of the block size,
  add an entire block of padding.
• (See the illustration on p.81.)

29
Modes of DES

• ECB, CBC
• CFB (Cipher FeedBack)
• Similar to CBC, but may work on smaller chunks of
  data (8 bits for example).
• OFB (Output FeedBack)
• Similar to CFB, but provides better protection
  against data loss during transmission.
• That is, a single-bit error will not cause the
  whole block to be lost, as in the cases of ECB,
  CBC and CFB.

30
Cipher streams and IV

• Javax.crypto.CipherInputStream
• javax.crypto.CipherOutputStream
• They provide convenient wrappers around standard
  input and output streams for them to be
  automatically encrypted or decrypted.
• Initialization Vector (IV)
• A sequence of random bytes appended to the front
  of the plaintext before encryption by a block
  cipher.
• Adding the initialization vector to the beginning
  of the plaintext eliminates the possibility of
  having the initial ciphertext block the same for
  any two messages.
• How to determine the size of a IV, given a
  cipher? Example A 256-bit Rijndael cipher needs
  a 16-byte IV.

31
IV in Java

• public class IvParameterSpec
• extends Object
• implements AlgorithmParameterSpec
• This class specifies an initialization vector
  (IV). Examples which use IVs are ciphers in
  feedback mode, e.g., DES in CBC mode and RSA
  ciphers with OAEP encoding operation.
• (NOTE See page 434 for RSA-OAEP padding.)

32
Rijndael

• What is Rijndael ? (Dutch, pronounced as Rain
  Doll)
• Rijndael is a block cipher, designed by Joan
  Daemen and Vincent Rijmen as a candidate
  algorithm for the AES.The cipher has a variable
  block length and key length. We currently
  specified how to use keys with a length of 128,
  192, or 256 bits to encrypt blocks with al length
  of 128, 192 or 256 bits.
• (Source http//www.esat.kuleuven.ac.be/rijmen/ri
  jndael/)
• After nearly four years of evaluation, in October
  2000, Rijndael was selected by the NIST as the
  AES' (Advanced Encryption Standard). See the
  press release.

33
FileEncryptor.java

• FileEncryptor.java (see http//sce.cl.uh.edu/yang/
  teaching/proJavaSecurityCode.html)
• Four functions
• createKey( password )
• loadKey ( password )
• encrypt ( password, inputFile, outputEncryptedFile
  )
• decrypt ( password, inputEncryptedFile,
  outputfile)

34
Sealed objects

• Sealed object An object that is encrypted.
• The object must be serializable.
• Sealed objects can be useful for storing or
  transferring an encrypted version of an object.
• The default JDK 1.2 prevents extensions from
  using the class loader to create classes that are
  neither standard objects nor extensions. That
  is, a custom object such as a CreditCard object,
  wont be able to be decrypted.
• See Appendix D the EncryptedObject class for a
  better sealed object implementation.

35
Sealed objects

• SealedObjectExample.java (see http//sce.cl.uh.edu
  /yang/teaching/proJavaSecurityCode.html)
• Sample output
• gtjava SealedObjectExample
• Creating a key.
• Encrypting the object.
• Unencrypting the object.
• Credit card number 1234567890

36
Next

• Asymmetric Encryption (GS 5)
• Relevant links
• RFC 1829 - The ESP DES-CBC Transform - This
  document describes the DES-CBC security transform
  for the IP Encapsulating Security Payload (ESP).
• The GNU Crypto project This project aims at
  providing free, versatile, high-quality, and
  provably correct implementations of cryptographic
  primitives and tools in the Java programming
  language for use by programmers and end-users.
  Its also got a comprehensive listing of
  crypto-related algorithms.