Keeping Your Secrets
Securing data exchanges is hard in a world where both free lance hackers and government agencies are out to get you. Public key encryption is the basis for most forms of secure exchange, but it depends on trust – and those who are out to get your data are experts at abusing trust. Most forms of encryption are also vulnerable to data capture and later decryption (either when new technologies make the encryption breakable, or when your private keys are exposed).
But there are still ways to protect your secrets, especially if you have some control over both ends of the exchange. You can use a private certificate authority, rather than relying on the badly broken public system, to reduce the need for trust. You can also use forward secrecy, so that even if your data exchanges are captured and your private keys exposed the data remains secret. Combining these two techniques gives you high level secrecy even against adversaries who are able to subvert the internet and capture every packet you send and receive.
This talk will discuss the problems with public certificate authorities and non-forward secrecy, and show you how to avoid them. You’ll see how to use OpenSSL as a private certificate authority with high-quality keys, and how to configure Java applications to enforce the authority and use Diffie-Hellman key exchange to provide forward secrecy for TLS connections. Finally, you’ll get a look at implementing these techniques on Android using the Bouncy Castle library.
Concurrency is the key to application performance in the multicore era. You can manage concurrency in your code with direct control of threads and locks, but for complex applications it’s practically impossible to make sure you avoid race conditions and deadlocks. Languages such as Java and Scala make it easier for you to build concurrent applications by providing higher-level programming constructs. The open source Akka library for Java and Scala goes even further, providing both improved concurrency support within a system and scalability across distributed systems.
The long-established Actor model for concurrency is at the core of Akka. Actors are very lightweight processes which encapsulate state and behavior, essentially a higher-level form of objects with interfaces defined in terms of message exchanges. Akka provides all the scaffolding for building actor systems, with a hierarchical structure for ownership and failure handling that supports self-healing. It now also includes actor-based handling for the standard Internet protocols such as TCP/IP and HTTP. Akka lets you build more-complex concurrent applications with less pain, whether you’re writing a single-user application to run on a PC or a website that needs to scale to millions of users.
In this talk you’ll first get an overview of the concurrency support provided by Java, then see how Scala adds to that support, and finally learn about Akka and actor systems for virtually painless concurrency and scalability. We’ll finish with an example Java application converted to concurrent execution with minimal code changes, using Akka with Scala actors.
Dennis Sosnoski is a Java and Scala developer with a strong security background developed over many years of work on data communications and enterprise systems. His current projects include secure communications between mobile devices, Scala data exchange tools, and implementing the WS-ReliableMessaging protocol over WS-SecureCommunications in the Apache CXF web service project. Dennis is also active in the Java community, as a frequent speaker at users groups and conferences (including JavaOne, Javapolis/Devoxx, and dozens of sessions of the No Fluff Just Stuff conferences in the U.S.), a writer for InfoQ and IBM developerWorks, and contributor to a range of open source projects. See his website at http://www.sosnoski.co.nz for details on his background and services, including training services.
Dennis has loaded copies of his presentations onto his website for your perusal.