Jini distributed key exchange and file transfer service with digital signatures

Kevin Ligozio

Physical copy available from RIT's Wallace Library at QA76.9.D5 L54 2004

Abstract

This thesis compares security algorithms for the Jini Networking Technology. The first method is to add security at the infrastructure level, and is the method chosen by the Jini Community in Jini version 2.0. The second method is the original research portion of this thesis, and explores adding security in the application layer. In order to explore the application layer security, the thesis includes four components. First, we investigate and implement some cryptographic algorithms. Specifically, we use a Java Cryptography Extension (JCE) Provider containing the Diffie-Hellman Key Agreement algorithm and the RSA Digital Signature Algorithm. Second, we perform a novel experiment by creating two Jini services, the JINI Key Agreement Service (JKAS) and the JINI Secure File Transfer Service (JSFTS), in order to analyze Jini application layer security. These services use both the provider developed for this thesis, and also the Cryptix JCE provider that provides the Rijndael encryption and MD5 message digests. Combined with the JCE providers the services perform authenticated key agreement and secure file transfers, both with digital signatures. Third, we create a client application with CLI interface to experiment with the services. Finally, we create a second application that acts as a certificate generator for use with a pseudo-certificate authority.