![Page 1: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/1.jpg)
www.exoplatform.com
Copyright 2011 eXo Platform
Secure & Authentication of communication
Lai Trung HieuCollaboration Team
![Page 2: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/2.jpg)
2www.exoplatform.com
Copyright 2011 eXo Platform
Introduction
![Page 3: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/3.jpg)
3www.exoplatform.com
Copyright 2011 eXo Platform
DNS Spoofing
![Page 4: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/4.jpg)
4www.exoplatform.com
Copyright 2011 eXo Platform
![Page 5: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/5.jpg)
5www.exoplatform.com
Copyright 2011 eXo Platform
Website security indicators
https://www.google.com/support/chrome/bin/answer.py?answer=95617&hl=en-US
![Page 6: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/6.jpg)
6www.exoplatform.com
Copyright 2011 eXo Platform
Agenda
Secure & AuthenticationDigital certificate & PKIAn example conversationJava security architecture overvieweXo platform implementation
![Page 7: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/7.jpg)
www.exoplatform.com
Copyright 2011 eXo Platform
Secure & Authentication
![Page 8: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/8.jpg)
8www.exoplatform.com
Copyright 2011 eXo Platform
SSL story
SSL was invented by Netscape Communications in 1994.
May 1996, Internet Engineering Task Force (IETF) start to research TLS to be standardize SSL protocol.
TLS then became an IETF standards track protocol.
January 1999 TLS, 1.0 (SSL 3.1) first published in RFC 2246 1999 to be update version for SSL 3.0.
April 2006, TLS 1.1 (SSL 3.2)
August 2008 TLS 1.2 (SSL 3.3)
![Page 9: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/9.jpg)
9www.exoplatform.com
Copyright 2011 eXo Platform
TLS/SSL fundamental
Based on public key cryptography
![Page 10: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/10.jpg)
10www.exoplatform.com
Copyright 2011 eXo Platform
Applications
Web browsing Electronic mail Internet faxingInstant messaging Voice-over-IP
![Page 11: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/11.jpg)
www.exoplatform.com
Copyright 2011 eXo Platform
Digital certificate & PKI
![Page 12: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/12.jpg)
12www.exoplatform.com
Copyright 2011 eXo Platform
Copyright 2010 eXo Platform SAS
Digital certificate
Electronic document which uses a digital signature to bind a public key with an identity
![Page 13: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/13.jpg)
13www.exoplatform.com
Copyright 2011 eXo Platform
ConfidenceIntegrityAuthenticateTo identify who is who on the Internet?
Issuer’s nameEntity namepublic keyExpired dateUsages
![Page 14: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/14.jpg)
14www.exoplatform.com
Copyright 2011 eXo Platform
Public key infrastructure
Public & private key concept
![Page 15: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/15.jpg)
15www.exoplatform.com
Copyright 2011 eXo Platform
![Page 16: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/16.jpg)
www.exoplatform.com
Copyright 2011 eXo Platform
An example conversation
![Page 17: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/17.jpg)
17www.exoplatform.com
Copyright 2011 eXo Platform
Introduction
{Some thing} information to be exchanged
{Something}key information encrypted by key
Digest[Something] make a digest for information
![Page 18: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/18.jpg)
18www.exoplatform.com
Copyright 2011 eXo Platform
Digital signature
Nobita: Hi, Are you Doraemon?
Doraemon: Nobita, It’s me Doraemon!
{digest[Nobita, It’s me Doraemon!!]}Doraemon’private key
![Page 19: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/19.jpg)
19www.exoplatform.com
Copyright 2011 eXo Platform
Exchange keys
Nobita: Hi, Are you Doraemon?
Doraemon: Nobita, It’s me Doraemon!
Here is my public key.
Nobita: Show me your evidence!
Doraemon: Nobita, It’s me Doraemon!
digest[Nobita, It’s me Doraemon!!]}Doraemon’private key
![Page 20: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/20.jpg)
20www.exoplatform.com
Copyright 2011 eXo Platform
Digital certificate
Nobita: Hi, Are you Doraemon?
Doraemon: Nobita, It’s me Doraemon!
Here is my digital certificate.
Nobita: Show me your evidence!
Doraemon: Nobita, It’s me Doraemon!
digest[Nobita, It’s me Doraemon!!]}Doraemon’private key
![Page 21: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/21.jpg)
21www.exoplatform.com
Copyright 2011 eXo Platform
Nobita: Hi, Are you Doraemon?
Xeko: Nobita, It’s me Doraemon!
Here is my digital certificate.
Nobita: Show me your evidence!
Xeko : ???
![Page 22: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/22.jpg)
22www.exoplatform.com
Copyright 2011 eXo Platform
Exchange secret key(session key)
Nobita: Hi, Are you Doraemon?
Doraemon: Nobita, It’s me Doraemon!
Here is my digital certificate.
Nobita: Show me your evidence!
Doraemon: Nobita, It’s me Doraemon!
digest[Nobita, It’s me Doraemon!!]}Doraemon’private key
Nobita: Ok, Doreamon. Here is{secret key}Doraemon’s public key
Doraemon: {blah blah}secret-key
Nobita: {blah hihi}secret-key
![Page 23: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/23.jpg)
www.exoplatform.com
Copyright 2011 eXo Platform
Java security architecture
overview
![Page 24: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/24.jpg)
24www.exoplatform.com
Copyright 2011 eXo Platform
Copyright 2010 eXo Platform SAS
A set of APIs spanning major security areas:• Cryptography• Public key Infrastructure• Authentication• Secure communication• Access control
Basic Security Architecture
![Page 25: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/25.jpg)
25www.exoplatform.com
Copyright 2011 eXo Platform
Copyright 2010 eXo Platform SAS
![Page 26: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/26.jpg)
26www.exoplatform.com
Copyright 2011 eXo Platform
Cryptography
• Message digest algorithms• Digital signature algorithms• Symmetric bulk encryption • Symmetric stream encryption• Asymmetric encryption• Password-based encryption (PBE)• Elliptic Curve Cryptography (ECC)• Key agreement algorithms• Key generators• Message Authentication Codes (MACs)• (Pseudo-)random number generator
java.securityjava.crypto
•RSA and DSA signature algorithms•DES, AES, and ARCFOUR encryption algorithms•MD5 and SHA-1 message digest algorithms•Diffie-Hellman key agreement algorithm
![Page 27: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/27.jpg)
27www.exoplatform.com
Copyright 2011 eXo Platform
Public Key Infrastructure
•Key and Certificate Storage•PKI Tools
• Keytool• Jarsignertool
![Page 28: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/28.jpg)
28www.exoplatform.com
Copyright 2011 eXo Platform
Authentication
•LoginContext & LoginModule•Krb5LoginModule for authentication using Kerberos protocols•JndiLoginModule for username/password authentication using LDAP or NIS databases•KeyStoreLoginModule for logging into any type of key store, including a PKCS#11 token key store
![Page 29: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/29.jpg)
29www.exoplatform.com
Copyright 2011 eXo Platform
Secure Communication
•SSL/TLS• javax.net.ssl.SSLSocket• javax.net.ssl.SSLEngine
•Simple Authentication and Security Layer (SASL)•GSS-API and Kerberos
![Page 30: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/30.jpg)
30www.exoplatform.com
Copyright 2011 eXo Platform
Access Control
•Permissions•Policy•Access Control Enforcement
![Page 31: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/31.jpg)
www.exoplatform.com
Copyright 2011 eXo Platform
eXo platform implementation
![Page 32: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/32.jpg)
32www.exoplatform.com
Copyright 2011 eXo Platform
• User certificates management• OpenPGP/ SMIME support• Reply a topic by mail• And more….
![Page 33: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/33.jpg)
www.exoplatform.com
Copyright 2011 eXo Platform
Q & A
![Page 34: Secure & authentication By Lai HIEU - eXo SEA](https://reader035.vdocuments.mx/reader035/viewer/2022062303/55587714d8b42a8d018b536f/html5/thumbnails/34.jpg)
www.exoplatform.com
Copyright 2011 eXo Platform
Thank you!