Abstract:
Java, an object oriented language, is already becoming the preferred language of choice for both standalone
and web enabled applications. However, aspects of Java Cryptography are less well understood. The
cryptographic capabilities of Java make it an attractive vehicle for building secure applications. For
example, the Java Cryptographic Extension (JCE) promises plug-in cryptographic libraries and seamless
addition of a number of security components and services such as message digests, digital signatures,
random number generators and algorithms for symmetric and public key cryptography.
This tutorial provides an overview of the Java cryptographic library features. We will describe some of the
cryptographic mechanisms, and their use, in Java. This tutorial is of value to educators, researchers, and
practitioners in information technology and software development, particularly individuals who are or may
be interested in the design and deployment of secure applications.
Objectives:
- Understand basics of cryptography and their provisions in Java
- Be familiar with the role of Java security manager
- Know how to override methods of the security manager
- Know the methods and usage options of Java cryptographic modules
- Write simple programs for computing digests and doing authentications
- Understand basics of SSL and their deployment in Java
Intended audience:
This tutorial is geared for educators, students, and professionals in information technology and software
development, and those seeking to leverage security aspects of applications.
Background of the Audience:
Web surfing. Proficiency in object-oriented concepts in Java and/or C++ programming languages.
Exposure to security concepts such as digests, encryption and certificates is also desirable.
Biography of the presenter:
Ray Kresman is a Professor of Computer Science at Bowling Green State University, Bowling Green, OH.
His applied computer science interests include computer security and web-to-database connectivity, threetier
architectures and secure internet technologies, and data warehousing. Dr. Kresman's work on
distributed systems was supported by the National Science Foundation. He has published in the area of
distributed systems and complexity of algorithms.
Tutorial Outline
Introduction (15 minutes)
- Java Overview and relationship to C++
- Applets & applications
Java security (15 minutes)
- Visibility and security features
- Rights of application
- Rights of Applet
Cryptographic Extension (JCE) (15 minutes)
- Security
- What is JCE?
- JCE components
- JCE in applications and applets.
Secure communication (25 minutes)
- DES classes
- Member functions
- Implementation of DES
- Code walk-through
Key Exchange (25 minutes)
- Key exchange b/w strangers
- Diffie Hellman protocol
- MD5 and Secure hash
- Examples
Digest Algorithms (25 minutes)
- Message digest class
- Securing a digest in Java
- MD5 and Secure hash
- Examples
Secure Socket Layer (20 minutes)
- How does it work?
- Encapsulation
Q & A and Concluding Remarks (20 minutes)
|
