SHAPE—an approach for self-healing and self-protection in complex distributed networks

Abstract

Increasing complexity of large scale distributed systems is creating problem in managing faults and security attacks because of the manual style adopted for management. This paper proposes a novel approach called SHAPE to self-heal and self-protect the system from various kinds of faults and security attacks. It deals with hardware, software, and network faults and provides security against DDoS, R2L, U2L, and probing attacks. SHAPE is implemented and evaluated against various standard metrics. The results are provided to support the approach.

You can access detail paper from here.

Keystore based approach for Key Management through Java

Java keystores provide a convenient mechanism for storing and deploying public and private keys. Truststore and Keystore file will be used in the communication to provide secured transaction between two systems. The keytool command is used to create the key store file which contains the public/private keys and then using keystore, Create a truststore file which contains only public keys. Keystore will keep the private key secure by adding the additional two level password securities at both the keystore and at private key level.

Here we will be using the RSA based asymmetric approach for encryption and decryption.

Steps to follow:

1. Generate a private key in keystore file and verify the newly created keystore file.  While generating the keystore and key, we need to define the different passwords.

keytool -genkeypair -alias certificatekey -keyalg RSA -validity 3650 -keystore keystore.jks

We can define the validity also for which this key will remain valid. This we can use for keeping the check for keys to remain valid for a year or so.

keytool -list -v -keystore keystore.jks

2. Export the certificate (describing public key) and import the certificate into the truststore file. Verify the newly created trust store file.

keytool -export -alias certificatekey -keystore keystore.jks -rfc -file selfsignedcert.cer

keytool -import -alias certificatekey -file selfsignedcert.cer -keystore truststore.jks

3. Keystore will remain at OMS for decryption and Truststore will be shared to DAX for encryption.
4. Java custom code will fetch the private key details from the keystore. Sample program for encryption and decryption will look like:

Note: 

1. Share only the truststore.jks i.e. public key with other system. Keystore.jks can perform both encryption and decryption and should never be shared.

2. Don't commit the private key into code repository. It should be placed at secure place so as to maintain complete security.

/* getting data for keystores */

//for decryption

File file = new File("{Path}\\keystore.jks");

//for encryption

File file1 = new File("{Path}\\truststore.jks");

FileInputStream is = new FileInputStream(file);

KeyStore keystore = KeyStore.getInstance(KeyStore.getDefaultType());

FileInputStream is1 = new FileInputStream(file1);

KeyStore keystore1 = KeyStore.getInstance(KeyStore.getDefaultType());

/* Information for certificate to be generated */

String password = "{Password given at time of key generation}";

String alias = "certificatekey";

           

/* getting the private key */

keystore.load(is, password.toCharArray());

PrivateKey key = (PrivateKey) keystore.getKey(alias,password.toCharArray());

           

/* Get certificate of public key */

keystore1.load(is1, password.toCharArray());

java.security.cert.Certificate cert = keystore1.getCertificate(alias);

/* Here it prints the public key */

System.out.println("Public Key:");

System.out.println(cert.getPublicKey());

/* Here it prints the private key */

System.out.println("\nPrivate Key:");

System.out.println(key);

Cipher cipher = Cipher.getInstance("RSA");

cipher.init(Cipher.ENCRYPT_MODE, cert.getPublicKey());

byte[] encryptedData = cipher.doFinal("Text to be Encrypted".getBytes());

System.out.println("Encryted Data: " + encryptedData);

           

           

cipher.init(Cipher.DECRYPT_MODE, key);

byte[] descryptedData = cipher.doFinal(encryptedData);

System.out.println("Decrypted Data: " + new String(descryptedData));

1