Skip to content

Web Security

Tianhao25 edited this page Jan 24, 2018 · 10 revisions

ws

WEB SECURITY MEMO

Abstract

This memo is only to summarize and write down whatever I have learned during these few months about web security. I may choose to publish it sometime.

Body

4 Aspects of Security

  • Integrity
  • Confidentiality
  • Availability
  • Non-repudiation
Integrity Confidentiality Availability Non-repudiation
X X X X

Integrity

Confidentiality

Availability

Non-repudiation

Cryptography

Symmetric-key Encryption

Symmetric-key Encryption means that the encrypt process and decrypt process share the same key.

  1. A: c = Enc(m; k) // A generate the encrypted message with key k.
  2. A -> B: c // A pass encrypted message c to B.
  3. B: m = Dec(c; k) // B decrypt the message with the same key k and get the original message.

Few standards for Symmetric-Key

DES - Data Encryption Standard
Block Size Key Size
64bits 56bits
// Get DES key.
KeyGenerator keyGenerator = KeyGenerator.getInstance("DES");
SecretKey secretKey = keyGenerator.generateKey();

/**
 * DES = Data Encryption Standard.
 * ECB = Electronic Codebook mode.
 * PKCS5Padding = PKCS #5-style padding.
 */
Cipher desCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");

byte[] message = "Hello DES".getBytes();

// Encrypt
desCipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] encryptedMessage = desCipher.doFinal(message);
System.out.println(new String(encryptedMessage));

// Decrypt
desCipher.init(Cipher.DECRYPT_MODE, secretKey);
byte[] decryptedMessage = desCipher.doFinal(encryptedMessage);
// Hello DES
System.out.println(new String(decryptedMessage));
3DES - Triple Data Encryption Standard (Simple use 2 or 3 DES keys)
Block Size Key Size
64bits 112bits or 168bits
byte[] seed = new byte[24];
SecureRandom random = new SecureRandom();
random.nextBytes(seed);

DESedeKeySpec deSedeKeySpec = new DESedeKeySpec(seed);
SecretKeyFactory des3KeyFactory = SecretKeyFactory.getInstance("DESede");

SecretKey DESKey = des3KeyFactory.generateSecret(deSedeKeySpec);

Cipher cipher = Cipher.getInstance("DESede");

cipher.init(Cipher.ENCRYPT_MODE, DESKey);
byte[] encryptMessage = cipher.doFinal("It's my cookbook.".getBytes());
cipher.init(Cipher.DECRYPT_MODE, DESKey);
byte[] message = cipher.doFinal(encryptMessage);
System.out.println(new String(message));
AES - Advanced Encryption Standard
Block Size Key Size
128bits 128, 192, or 256 bits

what-is-the-difference-between-ecb-mode-versus-cbc-mode-aes-encryption

KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
// Set key size
keyGenerator.init(256);
SecretKey secretKey = keyGenerator.generateKey();
String encodedKey = Base64.getEncoder().encodeToString(secretKey.getEncoded());
System.out.println(encodedKey);

byte[] decodedKey = Base64.getDecoder().decode(encodedKey);
// rebuild key using SecretKeySpec from string
SecretKey originalKey = new SecretKeySpec(decodedKey, 0, decodedKey.length, "AES");

Cipher cipher = Cipher.getInstance("AES");
cipher.init(Cipher.ENCRYPT_MODE, secretKey);
byte[] encryptedMessage = cipher.doFinal("WHAT ARE YOU DOING TO ME?".getBytes());

cipher.init(Cipher.DECRYPT_MODE, originalKey);
byte[] message = cipher.doFinal(encryptedMessage);
System.out.println(new String(message));