Security Concern Refactoring – Putu Ashintya Widhiartha Katsuhisa Maruyama
ISSN 1858-1633 2005 ICTS 97
Figure 5. Array Representation of Flattening Arrays refatoring.
3.3. Generating Secure Random Number
As mentioned above, generating random number seems become an unimportant aspect in security.
However, if we could increase the security level of our code by altering a piece of our code without change
the behavior of entire program, we should try to use more secure method or class in our code.
For Java programmers, it does not need big effort for changing random generator to a more secure one.
Java provides java.util.Random class for generating random number. Despite of using this class it will be
better if we use its subclasses java security.SecureRandom. This class provides a
cryptographically strong pseudo-random number generator PRNG. The Secure Random class must
produce non-deterministic output and therefore it is required that the seed material should be unpredictable
and the output of the SecureRandom class will be cryptographically strong sequences as described in
RFC 1750: Randomness Recommendation for Security [9]. The mechanism of this refactoring could
be observed in Figure 6.
Perhaps people will ask what are the weaknesses of SecureRandom class compared with Random class?
The answer is the features of SecureRandom are less than Random class. This is a common dilemma for
secure programming since the features of the software and the security level usually opposite each other [3].
Figure 6. Secure Random Number refactoring
3.4. Storing Deleting Passwords
We know that in Java programming language String variable are immutable, it means we are not
able to delete them from memory. This unique characteristic of Java String data type leads us to avoid
using it for passwords because String passwords will stay in memory and vulnerable from snooping [10].
Even worse, if real memory runs low, the operating system might page this password String to the disk’s
swap space. Therefore, it will be vulnerable to disk block snooping. The solution, although not a perfect
solution, is by substituting the String passwords with Char arrays passwords.
Figure 7 shows codes before and after applying the StoringDeleting Password Refactoring. The last line
is needed in order to overwrite the value of PassKey variable in memory with fake value.
Figure 7. Storing Deleting Password Refactoring
3.5. Smart Serialization
Java has ability to serialize object for storage or transmission. Unfortunately, since any private field
also will be present in the stream during this process, sensitive data is vulnerable to snooping when objects
are serialized [10]. We could use transient keyword to flag an attribute so that it will be skipped in the
streaming.
In Figure 8, the keyword transient was attached to the code after a Smart Serialization refcatoring.
Figure 8. Smart Serialization Refactoring
3.6. Message Digest
Message Digest is a security feature that ensures the integrity of a message. Message digest use a
message as input and generate a block of bits that represents the fingerprint of the message. Each small
change in the message automatically will create a change in the fingerprint. Although using
java.security.MessageDigest class is definitely easy and secure, however for easing programmers maintain
their code security we would like to propose the refactoring which helps programmers for create their
message digest.
before refactoring
String PassKey = “enter”; after refactoring
char KeyInChar[ ] = {‘e’,’n’,’t’,’e’,’r’};
String PassKey = new StringKeyInChar;
………… after execution lines
String PassKey = “fake passwords”;
before refactoring
A
11
A
12
A
13
A
21
A
22
A
23
A
31
A
32
A
33
after refactoring
A
11
A
21
A
31
A
12
A
22
A
32
A
13
A
23
A
33
before refactoring
private char KeyInChar[ ] =
{‘e’,’n’,’t’,’e’,’r’}; after refactoring
private transient char KeyInChar[ ] =
{‘e’,’n’,’t’,’e’,’r’};
before refactoring
import.java.util.random; Random generator = new Random ;
int ran = generator.nextInt ; after refactoring
import.java.security.SecureRandom; SecureRandom generator =
new SecureRandom ; int ran = generator.nextInt ;
Information and Communication Technology Seminar, Vol. 1 No. 1, August 2005
ISSN 1858-1633 2005 ICTS 98
In the code after a Message Digest refactoring of Figure 9, new code fragments for creating a message
digest object and calculating the digest were inserted.
3.7. Convert Message with Private Key to Public Key