Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Docsity AI
Docsity AI
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search for your university

Find the specific documents for your university's exams

Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

Secure Sockets and Certificates in Java: SSL Encryption, Certificates, and Protocols, Lab Reports of Operating Systems

University of Texas - San AntonioOperating Systems

An overview of secure sockets and certificates in java, discussing ssl encryption, certificates, certificate authorities, and the ssl protocol. It covers the use of ssl in java, including ssl handshake protocol, ssl record protocol, and ssl session management.

Typology: Lab Reports

Pre 2010

Uploaded on 07/30/2009

koofers-user-sz4-1
koofers-user-sz4-1 🇺🇸

10 documents

1 / 8

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
CS 5523 Lecture 21:
Secure Sockets and Certificates in Java
]Discuss Laboratory 3
]Finish Needham-Shroeder
]Secure Socket Layer
]SSL Classes and Examples in Java
Secure socket layer (SSL)
]Developed by Netscape, 1994
]Standardized by IETF January 1999 as TLS 1.0 (SSL 3.0)
]Is supported by most browsers for electronic transactions
]Has negotiable encryption and authentication algorithms
]Bootstraps by establishing a secure channel based on public-key
encryption
]Channel is fully configurable so not everything has to be encrypted
pf3
pf4
pf5
pf8

Partial preview of the text

Download Secure Sockets and Certificates in Java: SSL Encryption, Certificates, and Protocols and more Lab Reports Operating Systems in PDF only on Docsity!

CS 5523 Lecture 21:

Secure Sockets and Certificates in Java

] Discuss Laboratory 3 ] Finish Needham-Shroeder ] Secure Socket Layer ] SSL Classes and Examples in Java

Secure socket layer (SSL)

] Developed by Netscape, 1994

] Standardized by IETF January 1999 as TLS 1.0 (SSL 3.0)

] Is supported by most browsers for electronic transactions

] Has negotiable encryption and authentication algorithms

] Bootstraps by establishing a secure channel based on public-key encryption

] Channel is fully configurable so not everything has to be encrypted

Secure socket layer (SSL) encryption

] uses public key cryptography (RSA) to provide authentication

] uses secret key cryptography to provide privacy: \ Data Encryption Standard (DES) \ Triple-strength DES (3DES) \ Rivest Cipher 2 (RC2) \ Rivest Cipher 4 (RC4).

] uses digital signatures to provide data integrity.

Secure socket layer (SSL) certificates contain:

] Issuer – if a user trusts the CA that issues a certificate, and if the certificate is valid, the user can trust the certificate. ] Period of validity - an expiration date that should be checked when verifying the validity of a certificate. ] Subject - includes information about the entity that the certificate represents. ] Subject's public key – the primary piece of information that the certificate provides. All other fields provide validity of this key. ] Signature - signed by the CA that issued the certificate to ensure the validity of the certificate. Because only the certificate is signed, not the data sent in the SSL transaction, SSL does not provide for non-repudiation.

Instructor’s Guide for Coulouris, Dollimore and Kindberg© Addison-Wesley Publishers 2000 Distributed Systems: Concepts and Design Edn. 3

Figure 7. SSL protocol stack

SSL Handshake protocol

SSL Change Cipher Spec

SSL Alert Protocol

Transport layer (usually TCP)

Network layer (usually IP)

SSL Record Protocol

HTTP Telnet

SSL protocols: Other protocols:

Instructor’s Guide for Coulouris, Dollimore and Kindberg© Addison-Wesley Publishers 2000 Distributed Systems: Concepts and Design Edn. 3

Figure 7. SSL handshake protocol

Client Server

ClientHello ServerHello Certificate Certificate Request ServerHelloDone Certificate Certificate Verify Change Cipher Spec Finished Change Cipher Spec Finished

Establish protocol version, session ID, cipher suite, compression method, exchange random values

Optionally send server certificate and request client certificate

Send client certificate response if requested

Change cipher suite and finish handshake

Instructor’s Guide for Coulouris, Dollimore and Kindberg© Addison-Wesley Publishers 2000 Distributed Systems: Concepts and Design Edn. 3

Figure 7. SSL handshake configuration options

Component Description Example Key exchange method

the method to be used for exchange of a session key

RSA with public-key certificates Cipher for data transfer

the block or stream cipher to be used for data

IDEA

Message digest function

for creating message authentication codes (MACs)

SHA

Instructor’s Guide for Coulouris, Dollimore and Kindberg© Addison-Wesley Publishers 2000 Distributed Systems: Concepts and Design Edn. 3

Figure 7. SSL record protocol

Application data abcdefghi

Record protocol units abc^ def^ ghi

Compressed units

MAC

Encrypted

TCP packet

Fragment/combine

Compress

Hash

Encrypt

Transmit

Secure client using default

import java.io.; import javax.net.ssl. ;

... int port = availablePortNumber; String host = "hostname"; try { SSLSocketFactory sslFact = (SSLSocketFactory)SSLSocketFactory.getDefault(); SSLSocket s = (SSLSocket)sslFact.createSocket(host, port); OutputStream out = s.getOutputStream(); InputStream in = s.getInputStream(); // Send and receive messages } catch (IOException e) { }

Java security class relationships

KeyManager TrustManager

SSLContext

SSLSocket

SSLServerSocket

SSLSocket

SSLSession

SSLSession in Java

] Security context negotiated by the peers

] Contains the cipher suite used for communication

] Has management information such as creation time

] Contains a shared master secret for creating keys

For next time:

] Finish reading Chapter 7