book

Programming .NET Security

by Adam Freeman, Allen Jones

June 2003

Intermediate to advanced

714 pages

22h 8m

English

O'Reilly Media, Inc.

Read now

Unlock full access

How This Book Is OrganizedPart I: FundamentalsPart II: .NET SecurityPart III: .NET CryptographyPart IV: .NET Applications FrameworksPart V: API Quick ReferenceWho Should Read This BookAssumptions This Book MakesConventions Used in This BookHow to Contact Us
1.1. The Need for Security1.2. Roles in Security1.2.1. The Business Sponsor1.2.2. The Architect1.2.3. The Programmer1.2.4. The Security Tester1.2.5. The System Administrator1.2.6. The User1.2.7. The Hacker/Cracker1.3. Understanding Software Security1.3.1. Restricted Resources1.3.2. Trust1.3.3. Secrets1.3.3.1. The lifetime of secrets1.3.3.2. Protecting secrets1.4. End-to-End Security1.4.1. Real-World Trust Relationships1.4.2. Side Channels1.4.3. Physical Security1.4.4. Third-Party Software
2.1. Assemblies Explained2.2. Creating Assemblies2.2.1. Creating a Single-File Assembly2.2.2. Creating a Multifile Assembly2.3. Shared Assemblies2.4. Strong Names2.4.1. Creating a Key Pair2.4.2. Creating an Assembly Strong Name2.4.2.1. Specifying the version and culture metadata2.4.2.2. Specifying the key pair2.4.2.3. Creating the strong name2.4.2.4. Creating a strong name for a multifile assembly2.4.3. Delayed Signing2.4.4. Verifying a Strong Name2.5. Publisher Certificates2.5.1. Using the Global Assembly Cache2.6. Decompiling Explained2.6.1. Decompiling Assemblies2.6.2. Protecting Against Decompilation2.6.2.1. Obfuscation2.6.2.2. Native compilation
3.1. Application Domains Explained3.1.1. Application Isolation in the .NET Framework3.1.2. Application Domain and Assembly Management3.1.3. Assembly Isolation with Application Domains3.1.4. Application Domains and Runtime Security3.1.4.1. Assembly evidence and identity3.1.4.2. Application domain evidence and identity3.1.4.3. Application domains and security policy3.1.4.4. Role-based security3.1.4.5. Application domains and isolated storage3.1.5. Application Domains and Application Configuration
4.1. Designing a Secure .NET Application4.1.1. Identifying Restricted Resources4.1.2. Identifying Trust4.1.3. Identifying Secrets4.1.4. Failing Gracefully4.2. Developing a Secure .NET Application4.3. Security Testing a .NET Application4.4. Deploying a .NET Application4.5. Executing a .NET Application4.6. Monitoring a .NET Application
5.1. Runtime Security Explained5.1.1. Running Unverifiable and Native Code5.2. Introducing Role-Based Security5.3. Introducing Code-Access Security5.3.1. Evidence, Security Policy, and Permissions5.3.2. Windows Security and Code-Access Security5.4. Introducing Isolated Storage

6.1. Evidence Explained6.1.1. Sources and Types of Evidence6.1.1.1. Host evidence6.1.1.2. Assembly evidence6.2. Programming Evidence6.2.1. Introduction to Evidence Programming6.2.2. Using the Evidence Class6.2.3. Using the Standard Evidence Classes6.2.3.1. The ApplicationDirectory class6.2.3.2. The Hash class6.2.3.3. The Publisher class6.2.3.4. The Site class6.2.3.5. The StrongName class6.2.3.6. The Url class6.2.3.7. The Zone class6.2.4. Viewing Evidence6.2.5. Assigning Evidence to Assemblies6.2.6. Assigning Evidence to Application Domains6.3. Extending the .NET Framework6.3.1. Creating Custom Evidence6.3.1.1. Defining the Author evidence class6.3.1.2. Using the SecurityElement Class6.3.1.3. Building the Author evidence class6.3.2. Using Custom Evidence6.3.2.1. Making the Author assembly a fully trusted assembly6.3.2.2. Serializing evidence6.3.2.3. Embedding evidence in an assembly6.3.3. The Next Steps in Customization
7.1. Permissions Explained7.1.1. Granting Permissions7.1.2. Requesting Permissions7.1.3. Permission Types7.1.3.1. Code-access permissions7.1.3.2. Identity permissions7.1.4. Enforcing Code-Access Security7.1.4.1. Stack walks explained7.2. Programming Code-Access Security7.2.1. Security Statement Syntax7.2.1.1. Imperative security statements7.2.1.2. Declarative security statements7.2.2. Programming Permissions7.2.2.1. Common permission class functionality7.2.2.2. Using the SecurityPermission class7.2.3. Programming Permission Sets7.2.4. Programming Permission Requests7.2.4.1. Requesting minimum permission7.2.4.2. Requesting optional permissions7.2.4.3. Refusing permissions7.2.5. Programming Permission Demands7.2.5.1. Demand7.2.5.2. LinkDemands7.2.5.3. Inheritance demands7.2.6. Manipulating Stack Walks7.2.6.1. Assert7.2.6.2. Deny7.2.6.3. PermitOnly7.2.6.4. Reverting overrides7.3. Extending the .NET Framework7.3.1. Creating Custom Code-Access Permissions7.3.1.1. Designing the RadioPermission class7.3.1.2. Defining imports and assembly scope attributes7.3.1.3. Defining the RadioAction enumeration7.3.1.4. Defining the RadioPermission class7.3.1.5. Implementing the IUnrestrictedPermission interface7.3.1.6. Implementing the IPermission interface7.3.1.7. Implementing the ISecurityEncodable interface7.3.1.8. Defining the RadioPermissionAttribute class7.3.1.9. Building the Radio.dll library7.3.1.10. Using RadioPermission to enforce security
8.1. Security Policy Explained8.1.1. Security Policy Levels8.1.1.1. Code groups8.1.1.2. Named permission sets8.1.1.3. Fully trusted assemblies8.1.2. Policy Resolution8.1.2.1. Code group attributes8.1.3. Configuring Security Policy8.2. Programming Security Policy8.2.1. Programming Code Groups8.2.1.1. Programming membership conditions8.2.1.2. Programming policy statements8.2.1.3. Creating code groups8.2.2. Programming Policy Levels8.2.2.1. Managing fully trusted assemblies8.2.2.2. Managing named permission sets8.2.2.3. Managing the code group tree8.2.3. Programming the Security Manager8.2.4. Programming Application Domain Policy8.3. Extending the .NET Framework8.3.1. Custom Membership Conditions Explained8.3.2. Defining the AuthorMembershipCondition Class8.3.3. Building the AuthorMembershipCondition Assembly8.3.4. Using the AuthorMembershipCondition Membership Condition8.3.4.1. Installing security assemblies8.3.4.2. Generating AuthorMembershipCondition XML8.3.4.3. Configuring security policy8.3.5. Testing Custom Membership Conditions
9.1. Default Security Policy9.1.1. Security Policy Files9.1.2. Named Permission Sets9.1.3. Enterprise and User Policy Code Groups9.1.4. Machine Policy Code Groups9.1.5. Fully Trusted Assemblies9.2. Inspecting Declarative Security Statements9.3. Using the .NET Framework Configuration Tool9.3.1. Managing Fully Trusted Assemblies9.3.1.1. Adding a fully trusted assembly9.3.1.2. Deleting a fully trusted assembly9.3.2. Managing Named Permission Sets9.3.2.1. Creating named permission sets9.3.3. Managing Code Groups9.3.3.1. Creating code groups9.3.4. Other Security Policy Administration Options9.4. Using the Code-Access Security Policy Tool9.4.1. Controlling the Security System9.4.1.1. Switching code-access security on and off9.4.1.2. Switching execution permission checks on and off9.4.2. Administering Policy Levels9.4.2.1. Specifying the target policy level9.4.2.2. Specifying the target code group9.4.2.3. Managing fully trusted assemblies9.4.2.4. Managing named permission sets9.4.2.5. Managing code groups9.4.3. Evaluating Security Policy9.4.4. Forcing Security Changes9.4.5. Resetting Security Policy
10.1. Role-Based Security Explained10.1.1. .NET Role-Based Security Explained10.1.2. Comparing .NET Role-Based Security and Windows Security10.2. Programming Role-Based Security10.2.1. Introducing the IIdentity and IPrincipal Interfaces10.2.2. Determining the Current Principal10.2.3. Programming the Windows Role-Based Security Implementation10.2.3.1. Configuring the current WindowsPrincipal10.2.3.2. Impersonating Windows users10.2.4. Making Role-Based Security Demands10.2.4.1. Using imperative role-based security statements10.2.4.2. Using declarative role-based security statements10.2.5. Programming the Generic Role-Based Security Implementation10.2.5.1. Configuring the current GenericPrincipal
11.1. Isolated Storage Explained11.1.1. Levels of Isolation11.1.1.1. Determining user and code identity11.1.1.2. Isolation by user and assembly11.1.1.3. Isolation by user, assembly, and application domain11.1.2. Limitations of Isolated Storage11.2. Programming Isolated Storage11.2.1. Isolated Storage and Code-Access Security11.2.2. Obtaining a Store11.2.3. Creating Directories11.2.4. Creating, Reading, and Writing Files11.2.5. Searching for Files and Directories11.2.6. Deleting Files and Directories11.2.7. Deleting Stores11.3. Administering Isolated Storage11.3.1. Configuring Security Policy11.3.1.1. Granting isolated storage permissions with Mscorcfg.msc11.3.1.2. Granting isolated storage permissions with Caspol.exe11.3.2. Managing Isolated Storage Stores
12.1. Cryptography Explained12.1.1. Confidentiality12.1.2. Integrity12.1.3. Authentication12.2. Cryptography Is Key Management12.3. Cryptographic Attacks12.3.1. Brute Force Attacks, Theft, and Guessing12.3.2. Cryptanalysis12.3.3. Software Bugs
13.1. Hashing Algorithms Explained13.1.1. Creating a Hash Code13.1.2. Message Limits13.1.3. Hash Code Length13.1.4. The .NET Framework Hashing Algorithms13.2. Programming Hashing Algorithms13.2.1. The HashAlgorithm Class13.2.2. Instantiating the Algorithm13.2.3. Hashing Data from Memory13.2.4. Hashing Streamed Data13.2.5. Validating Hash Codes13.3. Keyed Hashing Algorithms Explained13.3.1. Creating the Keyed Hash Code13.3.1.1. HMAC algorithms13.3.1.2. Block cipher hash codes13.3.2. The .NET Framework Keyed Hashing Algorithms13.4. Programming Keyed Hashing Algorithms13.4.1. The KeyedHashAlgorithm Class13.4.2. Instantiating the Algorithm13.4.3. Hashing Data and Validating Hash Codes13.5. Extending the .NET Framework13.5.1. The Alder32 Algorithm Explained13.5.2. Defining the Abstract Class13.5.3. Defining the Implementation Class13.5.3.1. Creating the implementation class13.5.3.2. Implementing the Initialize method13.5.3.3. Implementing the HashCore and HashFinal methods13.5.3.4. Completing the class13.5.3.5. Testing the implementation
14.1. Encryption Revisited14.2. Symmetric Encryption Explained14.2.1. Creating the Encrypted Data14.2.2. Cipher Modes14.2.2.1. Electronic Codebook mode14.2.2.2. Cipher block chaining14.2.2.3. Cipher feedback mode14.2.3. Block Padding14.2.4. Symmetric Encryption Key Lengths14.2.5. The .NET Framework Encryption Algorithms14.3. Programming Symmetrical Encryption14.3.1. The SymmetricAlgorithm Class14.3.2. Instantiating the Algorithm14.3.3. Configuring the Algorithm14.3.3.1. Block and key sizes14.3.3.2. Cipher and padding modes14.3.3.3. Keys and initialization vectors (IVs)14.3.4. Encrypting and Decrypting Data14.4. Extending the .NET Framework14.4.1. The Extended Tiny Encryption Algorithm Explained14.4.2. Defining the Abstract Class14.4.3. Defining the Implementation Class14.4.4. Defining an Abstract Transformation14.4.5. Defining the Encryption Transformation14.4.6. Defining the Decryption Transformation
15.1. Asymmetric Encryption Explained15.1.1. Creating Asymmetric Keys15.1.2. Asymmetric Algorithm Security15.1.3. Creating the Encrypted Data15.1.3.1. Asymmetric data padding15.2. Programming Asymmetrical Encryption15.2.1. The AsymmetricAlgorithm class15.2.2. The RSA class15.2.3. The RSACryptoServiceProvider Class15.2.4. Instantiating the Algorithm15.2.5. Using RSA Keys15.2.6. Encrypting and Decrypting Data15.3. Extending the .NET Framework15.3.1. The ElGamal Algorithm Explained15.3.1.1. ElGamal key generation protocol15.3.1.2. ElGamal encryption and decryption functions15.3.2. Processing Large Integer Values15.3.3. Defining the Abstract Class15.3.4. Defining the Implementation Class15.3.5. Defining the Abstract Cipher Function Class15.3.6. Defining the Encryption Class15.3.7. Defining the Decryption Class15.3.8. Testing the Algorithm
16.1. Digital Signatures Explained16.1.1. Digital Signature Security16.1.2. The .NET Framework Digital Signature Algorithms16.1.3. Creating Digital Signatures16.2. Programming Digital Signatures16.2.1. Using the Abstract Class16.2.2. Using the Implementation Class16.2.3. Using the Signature Formatter Classes16.3. Programming XML Signatures16.3.1. XMLDSIG Explained16.3.2. Signing an XML Document16.3.2.1. Creating the reference16.3.2.2. Creating the SignedXML16.3.2.3. Setting the signing algorithm16.3.2.4. Creating the signature16.3.3. Embedding Objects in the Signature16.3.4. Verifying an XML Signature16.4. Extending the .NET Framework16.4.1. The ElGamal Signature Functions Explained16.4.2. Defining the Signature Function Class16.4.3. Implementing the Managed Class Methods16.4.4. Defining the PKCS #1 Helper Class16.4.5. Defining the Signature Formatter Class16.4.6. Defining the Signature Deformatter Class16.4.7. Testing the Algorithm
17.1. Cryptographic Keys Explained17.1.1. Understanding Key Complexity17.1.2. Exchanging Symmetric Algorithm Keys17.2. Programming Cryptographic Keys17.2.1. Creating Keys17.2.1.1. Using the algorithm classes17.2.1.2. Using a random number generator17.2.1.3. Using a key-derivation protocol17.2.2. Using Key Persistence17.2.3. Key Exchange Formatting17.3. Extending the .NET Framework17.3.1. ElGamal Key Exchange Explained17.3.2. Defining the Key Exchange Formatter17.3.3. Defining the Key Exchange Deformatter
18.1. ASP.NET Security Explained18.1.1. ASP.NET Security Overview18.1.2. ASP.NET Configuration Files18.1.2.1. ASP.NET security-related configuration elements18.1.2.2. Using <location> elements18.2. Configuring the ASP.NET Worker Process Identity18.3. Authentication18.3.1. Configuring IIS Authentication Modes18.3.2. No Authentication18.3.3. Windows Authentication18.3.4. Forms Authentication18.3.4.1. Configuring Forms authentication18.3.4.2. Creating the logon page18.3.4.3. Creating the protected page18.3.5. Passport Authentication18.4. Authorization18.4.1. File Authorization18.4.2. URL Authorization18.5. Impersonation18.6. ASP.NET and Code-Access Security
19.1. COM+ Security Explained19.1.1. COM+ Role-Based Security19.1.2. COM+ Process-Access Security19.1.2.1. Authentication19.1.2.2. Impersonation19.2. Programming COM+ Security19.2.1. Creating the Serviced Component19.2.2. Specifying the COM+ Application Type19.2.3. Applying the Security Attributes19.2.3.1. The ApplicationAccessControl attribute19.2.3.2. The ComponentAccessControl Attribute19.2.3.3. The SecurityRole attribute19.2.3.4. The SecureMethod attribute19.2.4. Compiling and Installing the COM+ Application19.3. Administering COM+ Security19.3.1. Viewing the COM+ Catalogue19.3.2. Populating COM+ Application Roles19.3.3. Assessing and Assigning Role Scope19.3.4. Managing COM+ Security19.3.4.1. Managing the application19.3.4.2. Managing the component
20.1. The Event Log Service Explained20.1.1. Event Logs20.1.2. Event Sources20.1.3. Event Structure20.1.3.1. Event source name20.1.3.2. Message20.1.3.3. Event type20.1.3.4. Event identifier and event category20.1.3.5. Binary data20.2. Programming the Event Log Service20.2.1. Querying the Event Log System20.2.2. Using Event Sources20.2.3. Reading Event Logs20.2.4. Writing Events20.2.5. Using Custom Event Logs20.2.6. Monitoring Event Logs
21.1. Finding a Quick-Reference Entry21.2. Reading a Quick-Reference Entry21.2.1. Type Name, Namespace, Assembly, Type Category, and Flags21.2.2. Description21.2.3. Synopsis21.2.3.1. Member availability and flags21.2.3.2. Functional grouping of members21.2.4. Class Hierarchy21.2.5. Cross-References21.2.6. A Note About Type Names
22.1. General Considerations22.2. Classes22.3. Structures22.4. Interfaces22.5. Class, Structure, and Interface Members22.5.1. Fields22.5.2. Methods22.5.3. Properties22.5.4. Events22.6. Delegates22.7. Enumerations

Content preview from Programming .NET Security

Chapter 12. Introduction to Cryptography

The previous chapters shown how to apply security to an application; the topics that follow demonstrate how to use cryptography to secure the data that your applications use.

We begin with an overview of cryptography and discuss some of the dangers and limitations of which you should be aware when putting it to use. Consider this chapter as a simple primer for those who have not previously encountered cryptography. In the chapters that follow, we examine specific aspects of cryptography in detail, and illustrate how to use and extend the .NET Framework’s cryptographic support.

You should seriously consider using cryptography in any application that processes sensitive or valuable data. However, contrary to common opinion, cryptography itself is vulnerable to attack and is not something that can be “plugged into” an application and then forgotten. Throughout this book, we have shown you that software security is an ongoing process that requires careful planning and management. This is especially true for cryptography, where it is easy to create disastrous mistakes.

Cryptography Explained

The most common way to describe cryptographic systems is to assume that one person (usually named Alice) wants to send a message to another person (Bob). However, a third person (Eve) is determined to eavesdrop on their conversation. Figure 12-1 shows the relationship between Alice, Bob, and Eve.

Figure 12-1. Alice, Bob, and Eve are commonly used to illustrate ...