Anda di halaman 1dari 10

‫بسم اهلل الرمحن الرحيم‬

International University of Africa

Faculty of Computer Studies


Department of Computer Science

Graduation Project Title

Supervised by:
Mr. Mohamed Dewa Waziri

Prepared by:
Muhedin Abdullahi Mohamed

August 2008
High above is Allah, the king, the
truth! Be not in haste with the
Qur-an before its revelation to
thee is completed, but say "O my
Lord! Increase me in knowledge.
Surat Ta-ha, Ayah:114

ii
Dedication

To my beloved parents, who


brought me up, encouraged and supported
throughout my life in education and
knowledge?

To students who are interested in


the field of computer science.

Muhedin Abdullahi Mohamed

iii
Acknowledgements

All thanks to the Almighty Allah


whose mercy we live and whose guidance
we are Muslims.
After that I would like to thank all
people who participated in the achievement
of this project from the days it was a concept
to its current form.
My deep thanks to my parents who
encouraged and stand with me all the time.

Special thanks to the International


University of Africa for giving me the
scholarship of which without it I could not
write this research

Final thanks to my supervisor Mr.


Mohamed Dewa Waziri who helped me in
collecting, supervising and reviewing this
project.

Muhedin Abdullahi Mohamed

iv
Abstract

Public Key Infrastructure (PKI) is a computer technology which


facilitates secure exchange of information between individuals through
computer systems. The system permits trusted parties such as a bank, to
issue Digital Certificates to people that need to trust each other. The
technology generally operates with the IP address.
The purpose of the certificates is for holders to prove their identity.
It is possible for them to also digitally sign transactions and documents.
Authenticity of the transaction is substantiated by the signature and also
proves that the data exchanged has not been tampered with or changed.
The concept of the PKI is often summarized into five concepts.
First, Authentication assures that the persons or resources involved in a
networked communication have been identified correctly. Second,
Authorization assures that persons and systems have the proper
permissions to perform the requested activities. Third, Data integrity
assures that the content has not been altered, either on purpose or by
accident. Fourth, Confidentiality assures that the content is available
only to the intended audience and fifth, Non-repudiation assures that the
signer of a message cannot later deny signing it.
In this project we explained the necessary cryptographic
backgrounds of the public key infrastructure. Further details of the public
key infrastructure, its basic components and protocols are introduced. We
finally implemented a prominent PKI protocol (SSL protocol) by using
java programming language.

v
Table of Contents Pages
A Verse ………………………………………………………………. ii
Dedication …………………………………………………………….iii
Acknowledgments.…………………………………………………….iv
Abstract ………………………………………………………………..v
Table of Contents ……………………………………………………..vi
Table of Figures ……………………………………………………… viii

Chapter One: Basic Cryptographic Concepts


1.1 Introduction……………………….…………..……………………2
1.2 What is cryptography?.......................................................................3
1.3 Types of cryptography…………………….…..……………………5
1.3.1 Private Key cryptography………………………………………...6
1.3.2 Public Key cryptography ……………………………………..10
1.3.3 Hash functions………………………………………………..14
1.4 Digital cryptography basics………………………………………..18
1.4.1 Message digests……………………………………………….18
1.4.2 Message authentication codes………………………………..21
1.4.3 Digital signatures…………………………………………….23
1.5 Cryptanalysis……………………………………………………….25
1.5.1 Classical cryptanalysis……………………………………….26
1.5.2 Modern cryptanalysis………………………………………..26
1.6 Key concept………………………………………………………..28
1.6.1 Key management…………………………………………….28
1.6.2 Key distribution………………………….…………………..29
1.6.3 Key protection…………………………….…………………32

vi
Chapter Two: Public Key Infrastructure
2.1 Introduction………………………………………………………34
2.2 What does the e-commerce mean?.................................................35
2.3 Certificates……………………………………………………….37
2.4 PKI components…………………………………………………40
2.4.1 Certificate Authority (CA)…………………………………40
2.4.2 Certificate Revocation …………………………………….43
2.4.3 Registration Authority……………………………………..45
2.5 PKI management functions…………….………………………..46
2.6 PKI security services…………………….………………………48
2.6.1 Confidentiality……………………..………………………48
2.6.2 Integrity………………………………………..…………..49
2.6.3 Authentication…………………………………..…………49
2.6.4 Non-Repudiation………………………………..…………50
2.7 Uses of PKI systems…………………………………..………....51
2.8 PKI protocols…………………………………………..………...53
2.8.1 Secure Socket Layer (SSL)……….……………..………...53
2.8.2 Transport Layer Security (TLS)…..……………….………55
2.8.3 IPsec protocol ……………………………………..………56
2.8.4 Pretty Good Privacy (PGP)…………….…………….…….58
2.8.5 Secure/ Multipurpose Internet Mail Extension (S/MIME)…60
2.8.6 Secure Electronic Transaction (SET)………………………61

Chapter Three: SSL- Secure Socket Layer


3.1 What is SSL and how does it works..…………………………….65
3.2 Negotiable encryption…………………………………………….68
3.3 Java Secure Socket Extension 'JSSE'………………………..……71

vii
3.3.1 The javax.net package…………..…………………………..72
3.3.2 The javax.net.SSL package…………………………………73
3.3.3 The javax.Security.cert package……………………………76
3.3.4 Installing and Customizing JSSE…………………………..78
3.4 Programming with JSSE………………………………………….80
3.4.1 Making existing client/server application secure…………...81
3.4.2 A complete example ………………………………………..82
3.4.3 Extending httpServer to handle https://URLs........................90
3.4.3.1 Creating server certificate…………………..……...90
3.5 Programming client applications with JSSE………………..……98
3.5.1 Working with low-level SSL-socket …………………..…..99
3.5.2 Exporting and importing certificates……………………….102

Chapter Four: Conclusions


4.1 Results……………………………..…………………………….107
4.2 Project's problems………………………..………………………108
4.3 Recommendations…………………………..……………………109
4.4 Glossary………………………………………..…………………110
4.5 References………………………………………………………..117

Table of Figures
Fig 1.1 Process of cryptography…………………………………….4
Fig 1.2 Secret key cryptography…………………………………….8
Fig 1.3 Public key cryptography…………………………………….12
Fig 1.4 Hash function………………………………………………..15
Fig 1.5 PGP uses Hash function……………………………………..18
Fig 1.6 Message digest function……………………………………..19
Fig 1.7 Message authentication codes……………………………….22

viii
Fig 1.8 Digital signatures…………………………………………….24
Fig 2.1 Digital certificate……………………………………………39
Fig 2.2 PKI architecture……………………………………………..46
Fig 2.3 Position of the SSL protocol………………………………...53
Fig 2.4(A) PGP at the sender site……………………………………59
Fig 2.4(B) PGP at the receiver site…………………………………..60
Fig 3.1 SSL handshake protocol……………………………………..69
Fig 3.2 The index.html page…………………………………………89
Fig 3.3 Certificate creation…………………………………………..90
Fig 3.4 Unknown server certificate………………………………….96
Fig 3.5 A view of the generated certificate………………………….97

ix
x