Documente Academic
Documente Profesional
Documente Cultură
1. Introduction
Data transmitted across a network is vulnerable to many types of attack. The use of
the Internet as a vehicle for commerce has focussed the minds of both developers and
criminals towards securing information on the Internet. One crucial step in the
process of protecting this data is to encrypt it before transmission using an
appropriate algorithm. There are many cryptographic algorithms and protocols
available to use in an encryption process. Cryptographic algorithms do not in
themselves guarantee security. They need to be used in an appropriate way governed
by a protocol to be effective.
All too often in application development provision of security is an afterthought and
badly implemented. There are various reasons for this but one that is often given by
developers is the problem of how to incorporate cryptographic systems into their
applications easily and without needing an advanced knowledge of the mathematics
behind the systems. A solution to this problem would be the provision of a relatively
simple interface to provide security while hiding the details from users. This interface
should be able to support and swap cryptographic algorithms with ease and support
related cryptographic concepts like key management in an easy to use way. The
interface should also be able to incorporate new cryptographic algorithms as the need
arises.
The objective of this paper is to show how this can be accomplished in Java using the
Java Cryptographic Architecture (JCA) as an interface framework. We will take a
relatively new cryptographic algorithm and follow the JCA framework to develop a
set of Java classes to implement it. We will show how to integrate this cryptographic
system into an existing Java application. The informed cryptographer should note that
this integration is for demonstration purposes only and would need an appropriate
protocol developed to ensure industrial strength security.
The paper is organised as follows. In Section two we describe the elliptic curve based
cryptosystem we wish to implement. Section 3 focuses on the Java Cryptographic
Architecture (JCA) as a framework for implementing cryptographic algorithms. We
concentrate on writing a JCA based implementation of an elliptic curve cryptosystem
in section 4. Section 5 describes how to use our implementation in Java applications.
We finally give some conclusions and future work in section 6.
(k*BP, P+k*PUBKEY)
To decrypt this message you multiply the first component by the secret key, s, and
subtract from the second component,
(P+ k*PUBKEY ) - s*(k*BP) = P+k*(s*(BP)) - s*(k*BP) = P
We then reverse the embedding process to produce the message, m, from the point P.
This system requires a high level of mathematical abstraction to implement. One
significant practical problem if this system is to be use~l is how can it be packaged
in a user-friendly way so that developers can incorporate it into their applications
with minimal knowledge its inner workings. The next section will describe a Java
based framework to overcome this problem.
/*The Symmetrickey has been generatedand convertedto a bytearm3,, sylnKey. Now encr3'pt .*/
cyferobj= Cipher.getInstance("ECEG") ;
cyferobj.init(Cipher. ENCRYPT MODE, recipkey) ;
byte [] symKeyCiphertext: cyferobj.doFinal(symKey) ;
The JCA provides a robust and easily evolved framework for the development of
security products. It provided the flexibility to design user defined systems that fit
neatly into the architecture. The existing range of protocols and algorithms can be
extended with relative ease once the JCA blueprint is followed.
Developers can use these crypto components without detailed knowledge of what lies
beneath the hood which speeds up development time and allows developers to
concentrate on the whole system's security. This architecture together with Java
classes like B i g Z n t e g e r demonstrate the suitability of the Java programming
language for developing strong cryptographic products. Although performance has
not been mentioned the authors found no significant performance issues with the
cryptographic components.
The Elliptic curves chosen were the standard curves recommended in [FIPS].
Choosing appropriate curves is a very complex process and future enhancements to
the ECEG provider include developing classes for creating appropriate Elliptic curves
for ECEG to use.
. References
[GAMMA] Gamma, E., Helm, R., Johnson, R., Vlissides, J., "Design Patterns:
Elements of Reusable Software", Addision-Wesley, 1995.
[GARRETT] P. Garrett, "Making, Breaking Codes", Prentice-Hall, 2001.
[taLK] IAIK documentation, http :/ jcewww, iaik.at products jce "
doctmtentation, javadoc index, html
[FinS] FIPS 186-2, Digital Sig~lature Standard, Federal Information
Processing Standards Publication 186-2, US Dept. of
Commerce/NIST National Institute of Standards and Technology,
1994.
[KNUD] B. Knudsen, "Java Cryptography", O'Reilly, 1998.
[KOB] Koblitz, N., "A course in Number theory and Cryptography",
Springer Verlag, 1994.
[NIST] National Institute of Standards and Technology.
[SMART] I. Blake, G. Seroussi & N. Smart, "Elliptic curves in
cryptography", London Mathematical Society, 1997.
[TAtaR] E1Gamal, T., "A public key cryptosystem and signature scheme
based on discrete logarithms", IEEE Trans. on Information Theory
IT-31, (1985), 473-481.