Securing Your Java Code • Chapter 7 287 Second, from the client end it could be beneficial to not allow the client to send a transaction until the server has finished processing with the last transaction.This will only protect against hackers using your client software. If they write new client software to communicate with your server, and figure out your protocol, then they could bypass this restriction. Another tactic can be implemented from the server side. Usually, with Java, when a client contacts the server a new thread is created to handle the transaction.These threads all take up memory and processing power. If someone bombards the server with transactions, too many threads could be created, which eventually crash the server. A more satis- factory reaction would be to limit the number of threads a server can create. If a client attempts a transaction on the server and the server is overloaded, it would just receive a message that the server is busy. Obviously this is better than allowing the server to crash. So how is this implemented in code? Imagine a typical ClientThread object that is created each time a client connects: class ClientThread { public ClientThread(Socket client) { // Constructor code here } } This is how a client thread is typically created.As you see, there is no way to limit the number of client threads created using this method. In order to change this, we will create what is known as thread pooling. Thread pooling is when we limit the number of threads that can be cre- ated. By doing this, we essentially create a limited pool of threads to use. In order to implement this, we eliminate the public constructor by making it private.This ensures that the constructor cannot be used to create an unlimited number of thread instances. Instead, we use a static method called getInstance() to get an instance of the object.This method can restrict the number of legal instances that can be created: class ClientThread extends Thread{ www.syngress.com 137_hackapps_07 6/19/01 3:38 PM Page 287 288 Chapter 7 • Securing Your Java Code private static int totalClients = 0; public static ClientThread getInstance(Socket client) { System.gc(); if(totalClients <= 100) { ++totalClients; return new ClientThread(client); } return null; } private ClientThread(Socket client) { // Constructor code here } public finalize() { —totalClients; } } As you can see, the constructor method has been made private, so only this class can call the constructor. A private static integer keeps track of the number of instances for this class. Of course, every time an object is destroyed the class must keep track.This is a very effective means of limiting the number of threads that a server will create. These are a few key points to remember when designing an applica- tion in Java that is open to the public.As always, there could be specific issues with your design that you should consider from a security per- spective. It is a good idea to think like a hacker when doing this and try to figure out what a hacker might try in order to ruin your day.The important thing is to implement your security design at the beginning of your application design.Trying to implement security after you have experienced a breach is much more difficult to do. www.syngress.com 137_hackapps_07 6/19/01 3:38 PM Page 288 Securing Your Java Code • Chapter 7 289 Third-Party Trojan Horse Attacks The key to a Trojan horse attack is to place a piece of code on a target computer and have it begin executing.This is usually accomplished by insinuating a piece of code onto a target machine by claiming it per- forms a certain function, when in fact its main purpose is to do some- thing devious on the user’s machine. In the Java world, a piece of code usually arrives as an applet, and you are basically protected against damage in this respect because the sandbox will not allow dangerous operations to take place. However, as we discussed earlier, there is a threat from RMI (see sidebar on RMI) and serializable objects.With these technologies, it is possible to upload a dangerous class into a Java server program. www.syngress.com Remote Method Invocation (RMI) RMI is a technology that allows methods on an object to be called from Java running on a remote computer. For example, there could be an object instantiated on a server in Japan. With RMI, a client computer in the United States could call that method and the method would execute right on the machine in Japan. This is very similar to CORBA, only it is Java-specific. Imagine a method with an argument: setName(String name) The remote client could call this method on the server, and pass its own String object as the name. RMI uses object serializa- tion to send the actual object through the network and to the server machine, where the method will be executed. This can lead to holes in the security unless the policy for the RMI Security Manager is implemented properly. For example, the object that gets passed as an argument could contain malicious code. Tools & Traps… 137_hackapps_07 6/19/01 3:38 PM Page 289 290 Chapter 7 • Securing Your Java Code For example, imagine a server using RMI with a method such as setInventory(item) as in Figure 7.11. Let’s say item belongs to the class Product. Let’s also say there is a method used by the server in Product called getPrice(). A malicious hacker could write his own class to interact with the RMI server. He could also create a subclass of Product called Hacker that overrides the method getPrice().Within this code, it could do things such as read files and transmit them back to his com- puter. After the server called the method getPrice(), it would begin executing his malicious code. The best protection against this is the use of an RMISecurityManager and a policy file. Java actually includes an RMISecurityManager in the java.rmi package.With this special Security Manager, you can disallow all or some of the 21 dangerous operations, but only within RMI calls. Coding Functional but Secure Java Applets Applications that run only on a single PC do not have much need for security. For example, your word processor really doesn’t need to worry about anyone spying on the file you are typing because it only resides on your internal disk drive. After an application starts to interact with a network or the Internet, the need for security increases. Data can easily be intercepted on the Internet. Hackers can pretend to be someone they are not.They can take your carefully constructed code and decompile it, www.syngress.com Figure 7.11 Using RMI to Invoke Malicious Code on a Server Client Server setInventory(evil) class Evil extends Product Malicious Code 137_hackapps_07 6/19/01 3:38 PM Page 290 Securing Your Java Code • Chapter 7 291 modify it, and use it to connect to your server and do things you never imagined. For this reason it is important to implement the proper secu- rity measures to protect your application or applet. This section addresses how to accomplish that with Java code. One of the main worries of data carried over the Internet is that someone can intercept a message, change the contents, and resend the information to its destination.The Java Security API allows the integrity of a message to be validated by using message digests. Taking the concept a step further, with the Internet you cannot always be 100 percent sure that a message in fact came from the party you think sent it. After all, it is quite easy to create an e-mail address under someone else’s name, George W. Bush for example, and send it off to the Chief of Staff. In order to be sure that the sender is valid, a digital signature can be used.This not only acts like an ID-check on a sender, but it also checks the message to make sure that it was not modified en route.This same concept can also be applied to JAR signing. Authentication takes the digital signature concept another step fur- ther.What if an entity has a valid digital signature, but you are not sure if you can trust running their code on your PC? In this case, we can receive authentication from a trust company. A trust company essentially tells you,“Yes, this person checks out.”The mechanism Java uses to deal with this is a digital certificate. Finally, we discuss how to use Java encryption for the ultimate in data privacy.With encryption, no one can read your data without holding the proper key to unlock it.We evaluate the various methods of encryption and comment on how safe these methods really are. For now, let’s start off easy with message digests. Message Digests When a message is sent to you over the Internet, you would feel reas- sured if you could verify that it has not been altered along the way.You might think this would only be important for spies and secret agents, the possibility exists that it could become corrupted during its transit.As you probably know, even just one corrupted byte of data in a binary file www.syngress.com 137_hackapps_07 6/19/01 3:38 PM Page 291 292 Chapter 7 • Securing Your Java Code could bring the whole program down, or even worse, give false results without any indication that something is wrong. The answer to this dilemma is what is known as a message digest.A message digest is essentially a digital fingerprint that can be generated from any string of bytes, whether it is a text message or a binary file. Java uses a class called a MessageDigest. Using the SHA-1 algorithm (which we discuss later), this class can generate a unique fingerprint that consists of 20 bytes (Figure 7.12).You feed it a message (a series of bytes) and it returns a fingerprint. It doesn’t matter how long the message is, it will always return a unique 20-byte fingerprint. Let’s say that a message arrives, and a fingerprint arrives separately. How can we use this to check if the message has been modified? We can use the MessageDigest algorithm against the message and see if it gener- ates the same fingerprint as the one that was sent to us. If the finger- prints do not match, it means that the message is different from the original message that was sent. As long as the fingerprint arrives sepa- rately from the message, we can check the fingerprint against the mes- sage for a match. So how secure is this scheme? Well, there are an infinite number of messages, but a finite number of fingerprints that can be generated with only 20 bytes. If we do a little math, we see that 20 bytes is also 160 bits (20 bytes times 8 bits/byte). Each bit has 2 states, on or off. So the total number of unique fingerprints is 2 160 or 1,461,501,600,000,000,000,000,000,000,000,000,000,000,000,000,000. www.syngress.com Figure 7.12 Using the MessageDigest Class to Generate a Fingerprint MessageDigest class Fingerprint 137_hackapps_07 6/19/01 3:38 PM Page 292 Securing Your Java Code • Chapter 7 293 That is a lot of unique fingerprints that can be produced (in fact, the number is impossible to comprehend), but this also means that there are some messages that will have the same fingerprint.This is really nothing to be worried about in practical terms, however, because it would be extremely rare for two messages to have the same fingerprint. Even more important, it is not possible to modify a message and still produce the same fingerprint as the original. If we change just one byte in a message the fingerprint will be radically different from the original fingerprint. Actually, three algorithms in the Java SDK can be used to produce a fingerprint (see Table 7.4).These algorithms produce a hash that we use as the fingerprint.There have been irregularities found in the MD5 algorithm that may make it somewhat less secure than SHA-1, however MD5 is still irreversible as far as anyone knows. Table 7.4 The Three Algorithms Available to Message Digests in Java Algorithm Bits Inventor Rating MD2 128 Ronald Rivest at MIT High MD5 128 Ronald Rivest at MIT Higher SHA-1 160 National Institute of Standards & Technology Highest Let’s try to obtain a fingerprint from a message.The MessageDigest class is actually an abstract class, but we can still get an instance of it by using the getInstance() method. In this method, we include a string that indicates the algorithm we would like to use. After our program has an instance of MessageDigest, it can begin reading our message into it one byte at a time—or as an array of bytes.When all the bytes of the message have been read, it can call the method digest() to invoke the algorithm and return a fingerprint. import java.security.*; public class Fingerprint { public static void main(String [] args) { www.syngress.com 137_hackapps_07 6/19/01 3:38 PM Page 293 294 Chapter 7 • Securing Your Java Code MessageDigest md = null; String message = ""; for(int i=0;i<args.length;i++) message = message + " " + args[i]; try { md = MessageDigest.getInstance("SHA-1"); } catch (NoSuchAlgorithmException ae) {} md.update(message.getBytes()); byte [] fingerprint = md.digest(); System.out.print("Fingerprint: "); for(int j=0;j<fingerprint.length;j++) System.out.print((fingerprint[j] + 128) + " "); } } This little program accepts a sentence using command line argu- ments. It will automatically place a space between words. It then gets a message digest and updates it with the bytes from your message. It calls the digest() method and outputs the resulting fingerprint to the screen. As you can see by running this program, even the slightest change in the message gives a radically different fingerprint (see Figure 7.13). One weakness with this method of verification is that the fingerprint must be sent separately from the message.The hash algorithms for SHA- 1, MD2, and MD5 are all publicly available, so if someone were to inter- cept your message and the fingerprint, they could modify the message, generate a new fingerprint, and send both of these on to you.To you it would appear as though the message was not altered. Essentially, the weakness in this method is that you can’t authenticate whom the mes- sage came from.This may sound a bit overwhelming, but a security measure is actually in place that will help with this: digital signatures. www.syngress.com 137_hackapps_07 6/19/01 3:38 PM Page 294 Securing Your Java Code • Chapter 7 295 Digital Signatures Java contains classes in the java.security package that allow digital signa- tures to appear with your message or code. Digital signatures are a step above message digests in that using them states with certainty the iden- tity of the sender, as well as indicating whether or not the message was modified since being sent.You might wonder why you would even bother with message digests in the first place if digital signatures offer these improvements.The tradeoff with digital signatures is that there are many more steps to follow, they increase the amount of data to be sent, and it is difficult to make the process invisible to the user. In compar- ison, message digests make it easy to have your program compare two fingerprints to ensure they are the same. Digital signatures use the concept known as public key cryptography. With this process, there are two keys: a private key and a public key (see Figure 7.14).As the names suggest, the private key is held by one indi- vidual and not shown to anyone else.The public key is made available to anyone who wants it, and can be posted to a public Web site, sent to other people, or sent to a trusted third party (such as VeriSign).Where the public key is located depends on how you—as a developer—would like to implement the security check. www.syngress.com Figure 7.13 Using the Message Digest to Generate Digital Fingerprints 137_hackapps_07 6/19/01 3:38 PM Page 295 296 Chapter 7 • Securing Your Java Code The creator of a message uses the private key. Using an algorithm (supplied in the java.security package) and the private key, a user can create a signature.This signature is unique to the message it was created with.The message and the signature are then sent to someone else. When they receive the message, they can verify the signature. An algo- rithm is run that uses the message, the signature, and the public key. It can then verify that the public key matches the signature.The important thing to remember about this is that only the private key can create the signature.The public key can not be used to create a signature (other- wise this would invalidate the entire security model). Also, a private key can not be derived from a public key. The beauty of this method is that it allows secure transactions over insecure transport modes, such as the Internet.The mathematics behind the algorithms do not have to be understood to use the system, but if used properly your message should be close to 100 percent secure. For example, let’s say that you are designing a client program that receives messages from central headquarters.The design spec for the pro- gram says you absolutely positively have to be sure that the message was not intercepted on its way from HQ to the client and modified. In this instance, you could embed the HQ’s public key right in the program. www.syngress.com Figure 7.14 Using a Digital Signature to Verify a Message Private Public Signature Signature Verification 137_hackapps_07 6/19/01 3:38 PM Page 296 [...]... 91a47e6df63413c5e12ed0899bcd132acd50d99151bdc43ee737592e17 q: 962 eddcc 369 cba8ebb 260 ee6b6a126d9346e38c5 g :67 8471b27a9cf44ee91a49c5147db1a9aaf244f05a434d64 869 31d2d14271b9e3 5030b 71fd73da179 069 b32e293 563 0e1c2 062 354d0da20a6c416e50be794ca4 y:2dbebe746b73439bfc8148f220984286e18 563 53515bebb1d55e1341 264 4e993c 759 26 dca2afdf731c1aa8f944876b86a679d256f2fa4c983a1135c7d76e6390 And here’s a Private key: p:fca682ce8e12caba26efccf7110e526db078b05edecbcd1eb4a208f3ae 161 7ae0... p:fca682ce8e12caba26efccf7110e526db078b05edecbcd1eb4a208f3ae 161 7ae0 1f35b 91a47e6df63413c5e12ed0899bcd132acd50d99151bdc43ee737592e17 q: 962 eddcc 369 cba8ebb 260 ee6b6a126d9346e38c5 g :67 8471b27a9cf44ee91a49c5147db1a9aaf244f05a434d64 869 31d2d14271b9e3 5030b 71fd73da179 069 b32e293 563 0e1c2 062 354d0da20a6c416e50be794ca4 x:5445fb6a341e4ae1182ef22ac7c0ff8c9f3a69e2 www.syngress.com 299 137 _hackapps_ 07 300 6/ 19/01 3:38... by your program Java also includes what is known as a keystore (i.e., it stores keys), which will be discussed later How you implement your security is up to you With the DSA algorithm, your keys generally look something like a huge string of numbers.These are actually huge integer numbers represented in hexadecimal Here’s a Public key: p:fca682ce8e12caba26efccf7110e526db078b05edecbcd1eb4a208f3ae 161 7ae0... a www.syngress.com 137 _hackapps_ 07 6/ 19/01 3:38 PM Page 301 Securing Your Java Code • Chapter 7 SecureRandom object.The SecureRandom class is a special random number generator, better than the regular Random class that you can seed with your own random numbers Using more random numbers decreases the likelihood of someone trying several random seeds and recreating your key-pair .Your computer will only... pair of keys (private and public).These can be obtained using the KeyPairGenerator class 2 After you have your keys, you can use the private key with the Signature class to generate a signature using your message www.syngress.com 297 137 _hackapps_ 07 298 6/ 19/01 3:38 PM Page 298 Chapter 7 • Securing Your Java Code 3 Finally, you can compare the signature against the message using the public key.The algorithm... to produce keys, however Java includes classes for generating your own key pairs.The process is very simple, and takes only a few lines of code Keys consist of several www.syngress.com 137 _hackapps_ 07 6/ 19/01 3:38 PM Page 299 Securing Your Java Code • Chapter 7 hundred bits After you have a key-pair you intend to use, they can be saved by your program, either as a serializable PublicKey and PrivateKey... and it gives us the public key from the entity so that we can use this to verify that the message (series of bytes) from the entity is authentic www.syngress.com 305 137 _hackapps_ 07 3 06 6/19/01 3:38 PM Page 3 06 Chapter 7 • Securing Your Java Code Obtaining Digital Certificates There are a few methods to obtain digital certificates If you have a popular e-mail program such as Outlook Express, you can obtain... also want to import someone else’s certificate into your keystore file.To do this, we use the following command: keytool -import -trustcacerts -file VSBrian.cer www.syngress.com 137 _hackapps_ 07 6/ 19/01 3:38 PM Page 311 Securing Your Java Code • Chapter 7 From a developer’s point of view, you could use the keystore program for generating and managing your certificates quite easily Java contains classes... up to the holders of the keys to keep them from falling into the wrong hands because whoever possesses the keys will be able to decrypt a message www.syngress.com 315 137 _hackapps_ 07 3 16 6/19/01 3:38 PM Page 3 16 Chapter 7 • Securing Your Java Code Figure 7.24 Using a Packet Sniffer to View Network Data Figure 7.25 Encryption Using a Shared Private Key Original Message 0110101101010101110 Decrypted Message... www.syngress.com 137 _hackapps_ 07 6/ 19/01 3:38 PM Page 317 Securing Your Java Code • Chapter 7 1977 and released under the name DES DES is extremely secure and uses a 56- bit key, but it has been proven that with extremely powerful computing resources it can be cracked in under 24 hours (see sidebar) In response to this crack, a newer version was released called triple-DES which uses a key of 168 bits and is . 962 eddcc 369 cba8ebb 260 ee6b6a126d9346e38c5 g :67 8471b27a9cf44ee91a49c5147db1a9aaf244f05a434d64 869 31d2d14271b9e3 5030b 71fd73da179 069 b32e293 563 0e1c2 062 354d0da20a6c416e50be794ca4 y:2dbebe746b73439bfc8148f220984286e18 563 53515bebb1d55e1341 264 4e993c 759 26 dca2afdf731c1aa8f944876b86a679d256f2fa4c983a1135c7d76e6390 And. 962 eddcc 369 cba8ebb 260 ee6b6a126d9346e38c5 g :67 8471b27a9cf44ee91a49c5147db1a9aaf244f05a434d64 869 31d2d14271b9e3 5030b 71fd73da179 069 b32e293 563 0e1c2 062 354d0da20a6c416e50be794ca4 x:5445fb6a341e4ae1182ef22ac7c0ff8c9f3a69e2 www.syngress.com 137 _hackapps_ 07. key: p:fca682ce8e12caba26efccf7110e526db078b05edecbcd1eb4a208f3ae 161 7ae0 1f35b 91a47e6df63413c5e12ed0899bcd132acd50d99151bdc43ee737592e17 q: 962 eddcc 369 cba8ebb 260 ee6b6a126d9346e38c5 g :67 8471b27a9cf44ee91a49c5147db1a9aaf244f05a434d64 869 31d2d14271b9e3 5030b 71fd73da179 069 b32e293 563 0e1c2 062 354d0da20a6c416e50be794ca4 y:2dbebe746b73439bfc8148f220984286e18 563 53515bebb1d55e1341 264 4e993c 759 26 dca2afdf731c1aa8f944876b86a679d256f2fa4c983a1135c7d76e6390 And