Generación de librerías de código base para autenticación a través de certificados SSL generados automáticamente utilizando Java
Abstract
ABSTRACT
This paper describes the processes involved in the creation and evaluation of a Tool for Automatic Generation of Security Infrastructure in Communications using Java. Incorporation of security services in the source code of distributed applications is not that easy and requires, on the one hand the creation of a manual for the security of infrastructure based on digital certificates of public and private OpenSSL keys, and/or security stores. On the other hand, the application developer must incorporate manually in the source code the functions and/or procedures that properly manage certificates, keys and stores, to secure automatic implementation of the security services.
Keywords: OpenSSL, Automatic Generation, digital certificates, security stores.
RESUMEN
El presente trabajo describe el proceso realizado y resultados obtenidos de la creación de una Herramienta para la Generación Automática de Infraestructura de Seguridad en Comunicaciones usando Java. La incorporación de estos servicios de seguridad en el código fuente de las aplicaciones distribuidas no es fácil, se requiere, por un lado, la creación manual de una infraestructura de seguridad basada en certificados digitales de clave pública y privadas OpenSSL, y/o almacenes de seguridad. Por otro lado, el desarrollador de aplicaciones debe de incorporar, también manualmente, en su código fuente aquellas funciones y/o procedimientos que gestionen de forma adecuada los certificados, claves y almacenes con el objetivo de implementar los servicios de seguridad de forma automatizada.
Palabras clave: OpenSSL, Generación Automática, certificados digitales, almacenes de seguridad.
Downloads
Metrics
References
Ahrendt, W., T. Baar, B. Beckert, R. Bubel, M. Giese, R. Hähnle, P.H. Schmitt, 2005. The key tool. Software & Systems Modeling, 4(1), 32-54.
Alarcos, B., E.D.L. Hoz, M. Sedano, M. Calderón, 2003. Performance analysis of a security architecture for active networks in Java. Disponible en http://www.google.com.ec/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&ved=0ahUKEwjmqrzvka7PAhXH7D4KHaSHDIIQFggiMAE&url=http%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fdownload%3Fdoi%3D10.1.1.579.4621%26rep%3Drep1%26type%3Dpdf&usg=AFQjCNFxY_7CYFeO7H08aNCnwlBbXJGpxg&bvm=bv.133700528,d.cWw.
Clark, J., P.C. van Oorschot, 2013. SoK: SSL and HTTPS: Revisiting past challenges and evaluating certificate trust model enhancements. In Security and Privacy (SP) 2013 IEEE Symposium on, pp. 511-525.
Gröbert, F., 2010. Automatic identification of cryptographic primitives in software. Deplima Thesis, Ruhr-University Bochum, Germany.
Hielscher, R.P., V. Delgado, 2006. Aplicaciones prácticas de la criptografía. Anales de Mecánica y Electricidad, 83(2), 10-16.
Khalil-Hani, M., V.P. Nambiar, M.N. Marsono, 2010. Hardware Acceleration of OpenSSL cryptographic functions for high-performance Internet Security. In: Intelligent Systems, Modelling and Simulation (ISMS), 2010 International Conference on, pp. 374-379.
Kurzyniec, D., V. Sunderam, 2001. Efficient cooperation between Java and native codes–JNI performance benchmark. In: The 2001 international conference on parallel and distributed processing techniques and applications. Disponible en https://www.researchgate.net/publication/228752983_Efficient_cooperation_between_Java_and_native_codes-JNI_performance_benchmark.
Lakhe, B., 2014. Setting Up a KeyStore and TrustStore for HTTP Encryption. In: Practical Hadoop Security (pp. 181-182), Apress.
López Jiménez, J.M., J.F. Otria Silva, E.P. Santiago Posadas, 2015. Implementación de una autoridad certificadora con la herramienta openca para generar certificados digitales. Disponible en http://tesis.ipn.mx/handle/123456789/15042.
Pajin, M.K.A., D., Bukvić, M. Stojaković, I. Barišić, B. Jakovljević, 2015. Securing service access with digital certificates. Disponible en http://services.geant.net/cbp/Knowledge_Base/Security/Documents/gn3-na3-t4-abpd106.pdf, 58 pp.
Park, H., S. Redford, 2007. Client certificate and IP address based multi-factor authentication for J2EE web applications. In: Proceedings of the 2007 conference of the center for advanced studies on Collaborative research, pp. 167-174. IBM Corp.
Pianegiani, F., D. Macii, P. Carbone, 2003. An open distributed measurement system based on an abstract client-server architecture. Instrumentation and Measurement, IEEE Transactions on, 52(3), 686-692.
Schaumont, P., I. Verbauwhede, 2003. Domain-specific codesign for embedded security. Computer, 36(4), 68-74.
Downloads
Published
How to Cite
Issue
Section
License
Copyright © Autors. Creative Commons Attribution 4.0 License. for any article submitted from 6 June 2017 onwards. For manuscripts submitted before, the CC BY 3.0 License was used.
You are free to:
Share — copy and redistribute the material in any medium or format |
Adapt — remix, transform, and build upon the material for any purpose, even commercially. |
Under the following conditions:
Attribution — You must give appropriate credit, provide a link to the licence, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licenser endorses you or your use. |
No additional restrictions — You may not apply legal terms or technological measures that legally restrict others from doing anything the licence permits. |