[JavaWeb] A brief talk on interface security design guidelines (including source code)

I. Introduction

Combined with the [Java Basics] Basics of Encryption and Security I wrote before, you can read this article to be more familiar with the basic concepts of "Encryption and Security"

---

Personally, I think the safety measures are mainly in 2 aspects

1. How to guarantee数据在传输过程中不被窃取
2. Is that the data has arrived at the server,服务器端验证传过来的数据没有被篡改，如何不被攻击

2. Security measures

1. Data encryption

We know that data is easy to be transmitted during transmission 抓包. If it is transmitted directly, such as through http协议, then the data transmitted by the user can be obtained by anyone, so the data must be encrypted. Common practice is to encrypt key fields, for example: user password is directly encrypted by md5. The function of encryption is to ensure that data is not stolen during transmission.

• Now the mainstream practice is to use https协议, add a layer of encryption layer between http and tcp(SSL层) , this layer is responsible for encryption and decryption of data;

2. Data endorsement

Data signature is a string that cannot be forged by the sender to ensure that the data has not been tampered with by packet capture during transmission.

You may ask if the data has been httpsencrypted, is it necessary to endorse it?

• The data is encrypted during transmission. In theory, even if the packet is captured, the data cannot be tampered with; but we need to know that the encrypted part is actually there 外网. Now many services 内网need to go through a lot of service jumps in the process, so the addition here It can be signed 防止内网中数据被篡改.

3. Timestamp mechanism

Data is very easy to get caught, but after the above 加密, 加签the processing, data can not even get to see the real data. But there are lawbreakers 不关心真实的数据，而是直接拿到抓取的数据包进行恶意请求. At this time, you can use the timestamp mechanism

• Add the current time to each request, and the server will get it 当前时间和请求中的时间相减，看看是否在一个固定的时间范围内, for example, within 5 minutes. In this way, the time in the maliciously requested data packet cannot be changed, so it will be regarded as an illegal request after 5 minutes.

4. AppId mechanism

Most websites basically require a user name and password to log in. It is not anyone who can use my website. This is actually a security mechanism. The corresponding externally-provided interface actually needs such a mechanism, not everyone can call it, 需要使用接口的用户需要在后台开通appidand provide the relevant 密钥(appSecret) to the user . The appid and key (mainly used to generate the signature sign) need to be provided in the called interface, and the server will perform related verification;

5. Current limiting mechanism

It was originally a real user, and the appid was activated, but 频繁调用接口the situation occurred; this situation needs to be limited to the relevant appid

• Commonly used current limiting algorithms are 令牌桶sum 漏桶算法.

6. Blacklist mechanism

If this appid conducted many illegal operations, or that there is a special 中黑系统, after analyzing the direct inclusion of this appid 黑名单, 所有请求直接返回错误码.

7. Data legality verification

This can be said to be a processing mechanism that every system will have 只有在数据是合法的情况下才会进行数据处理. Each system has its own verification rules, of course, there may also be some conventional rules, such as ID card length and composition, telephone number length and composition, etc.;

Three. How to achieve

The above is a general introduction to some commonly used interface security measures. Of course, there may be other methods that I don’t know. I hope you can add. Let’s take a look at the above methods and measures and how to implement them in detail;

1. Data encryption

Encryption methods are now mainstream 对称加密(单钥加密)and 非对称加密(双钥加密).

• Symmetric encryption : used in the 加密sum 解密of symmetric keys密钥是相同的

  • Common symmetric encryption algorithms: DES,AES

  • DES: 比较老的算法There are three parameter entries (original text, key, encryption mode). And 3DES is just a mode of DES, a more secure variant based on DES, the data is encrypted three times, and it is also designated as AES的过渡算法.
    -AES:高级加密标准，新一代标准，加密速度更快，安全性更高（优先选择）

  • Advantages: 计算速度快, suitable for large data encryption and decryption .
  • Disadvantages: it is before data transfer, 发送方和接收方必须商定好密钥and so that both sides keep it secret key, 如果一方的秘钥被泄露，那么加密信息也就不安全了.

  There is only one key, so the preservation of the key becomes very important. Once the key is leaked, the password is also cracked.

Because of the fast speed of symmetric encryption and decryption, it can be mixed with asymmetric encryption. Asymmetric encryption can be used to encrypt the symmetric encryption key to protect the security of the key.

---

• Asymmetric encryption :, generated 加密和解密使用不同的密钥by the 服务端meeting 一对密钥, 私钥stored in 服务端, and 公钥can be released for 任何人use.用公钥加密的数据，只能用和它对应的私钥解密，用私钥加密也只能同与之对应的公钥解密。
  • Common asymmetric encryption is the RSA 加密algorithm
  • Advantages: more secure than symmetric encryption
  • Disadvantages: The speed of encryption and decryption is much faster than that of symmetric encryption 慢(such as: the generation of key pairs, the private key is reversed according to the public key) is not suitable for encryption and decryption of big data
  • Scene: The most common scenario is used 数字签名and 密码传输, as 数字签名use secret key cryptography, public key decryption; as 加密解密when using public key cryptography, private key to decrypt .

  It should be relatively easy to generate a public key and a private key at the same time, but it should be difficult or impossible to deduce the private key from the public key
  

• Two methods have advantages and disadvantages, but httpsthe implementation is just 结合了两种加密方式, , 整合了双方的优点are better in terms of safety and performance

Symmetric encryption and asymmetric encryption code implementation, Java provides related tools that can be used directly, but I will not introduce more here. How to configure and use https is relatively complicated for HTTPS analysis and actual combat

2. Data endorsement

Three kinds of data signing security policy: 消息摘要, 数字签名,数字签名+加密[证书]

security strategy	description	Security Level
Message digest (Digest), also known as message Hash	Combine data and Key (custom key) to hash	安全级别低, The key security is very low. In the case of key security, it can basically guarantee the non-tampering of data.
Digital Signature (Signature)	Use certificates and asymmetric signature algorithms to sign data	安全级别中, Can guarantee the non-tampering and non-repudiation of the data, but cannot guarantee the privacy of the data
Signature-encryption [certificate]	Use certificates and asymmetric algorithms to sign data, and use a one-time password and symmetric algorithms to encrypt data	安全级别高, Which can guarantee the non-tampering and non-repudiation of the data, and the privacy of the data.

• Confidentiality: Don't watch without permission
• Integrity: no tampering
• Availability (Availability): prevent unavailability
• Non-Repudiation: Users cannot deny their actions

---

1. Digest

• Message digests use more digest algorithms (also known as Hash algorithms) MD5、SHA-1、SHA-256. The data that needs to be submitted is combined into a string in some way, and then an encrypted string is generated through the hash algorithm. This string is the data packet 签名signature. ,such as:

  This fixed-length hash value is a summary of this data, also called a fingerprint.

str = 参数1={
    
    参数1}&参数2={
    
    参数2}&……&参数n={
    
    参数n}&signature={
    
    用户密钥};
MD5.encrypt(str);

Note: The final 用户密钥signature, 客户端和服务端都有一份so that will be more secure;

• The principle of message digest:, Hash算法不可逆and the calculation result has 唯一性, in 用户密钥the case that the privacy is guaranteed, the integrity can be guaranteed
• Message digest flaws: 用户密钥Yes 明文传输, privacy is difficult to guarantee.

---

2. Digital Signature (Signature)

If you use the "public key" to encrypt the data and use the "private key" to decrypt it, this is 「加密」; otherwise, use " 私钥」对数据加密, use 「公钥」去解密, this is 「签名」!!!

Simply looking at it, there seems to be no difference, just a different name. But in fact, the purpose of the two is completely different. Because 所有人都持有公钥，所以「签名」并不能保证数据的安全性, because everyone can use the public key to decrypt. But the "signature" can be used as a guarantee 数据的准确性和不可否认性. Because 公钥和私钥是一一对应的so当一个公钥能解密某个密文时，说明这个密文一定来自于私钥持有者。

Efficient digital signature scheme: use 摘要算法(Hash算法)and 非对称加密结合use.

• 如何签名: The client first with Hash算法the calculation 明文数据of Hash值, and then this Hash值用 “私钥“ 加密. In this way, it can be obtained more quickly 原始信息的签名, and the plaintext data and ciphertext are transmitted to the server at the same time
• 如何验证: The server uses the 相同的Hash算法calculation first 客户端传递明文数据的Hash值, then uses “公钥“ 对 客户端传递的签名进行解密it to get the received Hash value, and finally compares the two Hash values ​​to determine whether they are equal. If they are not equal, the data is not credible.

If the plaintext data is particularly large, the direct use asymmetric encryption to generate a signature would lead to efficiency particularly under the encryption and decryption (slow- _slow- slow), which is why the above will先将明文数据hash后在通过私钥加密

Specific operation

1. Client to 明文数据make a md5/SHAcalculation of 计算后的值通过 "私钥" 加密得到密文(签名), the client will 明文数据and 密文sent to the server
2. The server to 密文pass “公钥解密”to get 值Awhile the server for 明文a make md5/SHAcalculated值B
3. The server comparing the client and the Hash value A plaintext value B , , 相同得验证通过if not equal described untrusted data.

Able to protect 不可篡性and 不可抵赖性, but 不能保障数据的私密性(clear text)

• Even if it is intercepted and tampered with by others 「明文数据」, since it 「私钥」is confidential, the tamper can not generate the correct one 「签名」. So it can be guaranteed 数据的完整.

3. Sign + encryption [certificate] process

1. The client generates one 随机字符串, as password, and then passes the password B公钥加密生成密文C, puts A明文通过password加密生成密文B,
2. While the A明文do MD5/SHAvalue calculated by A私钥encrypting obtained 签名D, the 密文Band 密文Cand 签名Dsent to the server , 服务端通过私钥解密文C得到passwordand then through password解密文Bcan be obtained A明文, at the same time 签名can be used 验证发送者是不是Aas well A发送的数据有没有被第三方修改过.

Suppose there is a malicious party X, who pretends to be A, and sends 密文B(password生成）, 密文Cafter the server receives the data, it can still decrypt the plaintext normally, but it does not 无法证明这个明文数据是A发送的还是恶意用户B发送的. 签名DThe meaning is A自己签名that the server can verify. XBecause it does not A的私钥, this signature cannot be impersonated and will be recognized by the server.

3. Timestamp mechanism

解密后After passing the data, 签名认证we get the data in the packet 客户端时间戳字段, and then 用服务器当前时间去减客户端时间，看本次请求是否超时.

The pseudo code is as follows:

long interval=5*60*1000；//超时时间
long clientTime=request.getparameter("clientTime");
long serverTime=System.currentTimeMillis();
if(serverTime-clientTime>interval){
    
    
    return new Response("超过处理时长")
}

4. AppId mechanism

Generate a unique appId and corresponding appSecret (key). The key can be randomly generated using special characters such as letters and numbers;

• The generation of unique appId depends on the actual situation 是否需要全局唯一, but regardless of whether it is globally unique, it is best to let the generated Id have the following properties:
  • Increasing trend: In this way, when saving the database, the performance of using the index is better.
  • Information security: try not to be continuous, it is easy to find the rules.
  • 全局唯一IdThe common methods of generation Snowflake(Snowflake, commonly known as snowflake algorithm, used for generation 分布式自增 ID) methods, etc.;

5. Current limiting mechanism

Commonly used current limiting algorithms include:令牌桶限流，漏桶限流，计数器限流

• 
  The principle of the token bucket current limiting token bucket algorithm is that the system puts tokens into the bucket at a certain rate, and discards the token when it is full; when the request comes, the token will be taken out of the bucket first. If the token can be obtained, Then you can continue to complete the request, otherwise wait or deny the service; the token bucket allows a certain degree of burst traffic, as long as there is a token, it can be processed, and it supports multiple tokens at a time;
• 
  The principle of the leaky bucket flow limiting algorithm is to flow out requests at a fixed constant rate, and the incoming request rate is arbitrary. When the number of requests exceeds the capacity of the bucket, new requests wait or deny service; it can be seen that the leaky bucket algorithm can force limit data transfer speed;
• Counter current limit
  counter is a relatively simple and rude algorithm, mainly used to limit the total number of concurrency, such as the number of concurrent database connection pool, thread pool, spike; counter current limit as long as the total number of requests within a certain period of time exceeds the set threshold Value is limited to current;

Specifically based on how the above algorithm is implemented, Guavait is RateLimiter工具类based on 令牌桶算法:

RateLimiter rateLimiter = RateLimiter.create(5);

• The above code indicates that only five concurrent requests are allowed to be processed in one second , and the above method can only be used 单应用for request flow limitation and cannot be performed 全局限流. It is needed at this time 分布式限流and can redis+luabe realized based on ;

6. Blacklist mechanism

As to why we don’t discuss China and Black, we can 给每个用户设置一个状态include: 初始化状态，正常状态，中黑状态，关闭状态etc., or we can pass directly 分布式配置中心,直接保存黑名单列表，每次检查是否在列表中即可

7. Data legality verification

The legality check includes: 常规性校验and业务校验

• Routine verification : including signature verification, required verification, length verification, type verification, format verification, etc.
• Business verification : It depends on the actual business, for example, the order amount cannot be less than 0.

Four. Source code

Elegant implementation of third-party open API interface signatures (stateful/stateless)