Win a copy of Cloud Native PatternsE this week in the Cloud forum
or Natural Language Processing in the AI/ML forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
  • Bear Bibeault
Sheriffs:
  • Paul Clapham
  • Knute Snortum
  • Rob Spoor
Saloon Keepers:
  • Tim Moores
  • Ron McLeod
  • Piet Souris
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Frits Walraven
  • Ganesh Patekar

Where/how to store the password for a Java Key Store

 
Saloon Keeper
Posts: 2651
333
Android Eclipse IDE Angular Framework MySQL Database TypeScript Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Background
I am working on an solution which provides wireless connectivity to container-mounted monitoring devices to connect to a shore-side management system while the devices are at sea.

The solution is physically housed in a hardened weatherproof outdoor enclosure mounted on the vessel's monkey island along with other communications and navigation equipment.  The solution is effectively a headless appliance and only has external connections for power, antennas, and an Ethernet network connection (no keyboard, screen, USB connector, etc).

The communications link between the vessel and the shore is via an unreliable low-speed satellite connection, with typical throughput rates in the low kbps range.  The monetary cost of transporting over this link is relatively high, so the solution tries to minimize the usage of the satellite back-haul whenever possible.

The devices sometimes need firmware updates or changes to their configuration.  If urgent, these updates are performed while the devices are at sea.  Firmware updates can be as large as 750kB, and there can be 2000 or more of these devices on a vessel.  Since the same updates are applied to all devices, the solution has a caching proxy which sits between the devices and the shore-side servers.  Requests from the devices to download updates is intercepted and routed to the proxy.  If the proxy has the update in its cache, the update is served to the device without consuming any back-haul bandwidth.  If not found in the cache, the proxy downloads the update from the shore and stores it for subsequent requests.

The resources are downloaded by the devices using HTTP, and the URIs specified by the devices are the same whether being served by the solution at sea or the commercial cellular network on land.

Problem
I have a requirement to move from HTTP to HTTPS.  To be able to continue intercepting requests and serving the updates locally, the HTTPS connection will need to be terminated in the solution.  To be trusted by the devices (as they would trust the shore-side servers), the solution will need a certificate and private keys.  The security information will only be used by the Proxy application (Java SE 8), and I plan on securing the cert and keys in a Java Key Store.

The application will require the password to access the information in the key store.

Although the risk is probably low, there is a concern that the solution may be physically removed from the vessel while it is a port (or maybe tampered with while at sea), so I would like to do the best I can to protect the password used to secure the data in the key store.  I could obscure the password in the application code, but I'm looking for ideas for a more secure solution.

Any thoughts?

 
Saloon Keeper
Posts: 10404
223
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Unless you prompt the user for a password, there's no way to do this without saving a password on the system in some form.

I probably wouldn't even bother with a password for the key store. I'd just let the OS encrypt the file containing the key store, and giving access to it only to a special service account that an administrator has set up for your application to run under.
 
Bartender
Posts: 20924
127
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't believe that the Java keystore database allows running without passwords. In fact, you have to have TWO passwords - one for the keystore and one for the entry in many cases.

The traditional method of securing a keystore has been to never permit unauthorized access to the resources that define (and supply the password to) the keystore.

Beyond that, it doesn't sit well that a myriad of remote nodes should each have their own keystore. Generally you'd have a keystore on the primary server and client certs for each of the clients.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!