Network Security
The Internet Protocol, the backbone of the Internet, is not a secure protocol. Although you can use an IP network securely, you need to apply cryptography on top of the IP network—in your application, for example.
You should assume that every piece of data that you send or receive over a network can be observed, recorded, and replayed by an attacker. Likewise, don’t trust any network traffic you receive without cryptographic authentication as proof of identity. I get chills down my spine every time I use ftp or telnet. Those applications still accept a password, in plaintext, as authentication. As we discussed in Chapter 6, it’s a bad idea to send a password over the network.
IPng (IP next generation) is a new protocol that can provide authentication and privacy at the protocol layer. If you’d like to read more, see http://playground.sun.com/pub/ipng/html/ipng-main.html.
SafeTalk
and CipherMail
,
presented in Chapter 10 and Chapter 11, show how you can use cryptography to provide
authentication and confidentiality in networked Java applications.
Even these applications, however, have some interesting shortcomings.
Consider SafeTalk
, for example. Even though it
encrypts the
contents of a conversation, it can’t conceal the existence of
the conversation. Even if your enemies can’t understand what
you and your friends are chatting about, you might not want your
enemies to know that you’re even talking.
CipherMail
has the same property: Even though the contents of your ...
Get Java Cryptography now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.