crypto meets web security certificates and ssl tls fall
play

Crypto meets Web Security: Certificates and SSL/TLS Fall 2016 Ada - PowerPoint PPT Presentation

Mar 12, 2024 •357 likes •917 views

CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

  1. CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials ...

  2. Security Mindset Anecdote • Change voting registration information (e.g. change the address your ballot is mailed to) – First, last name – Birthday – Driver’s license number 10/31/16 CSE 484 / CSE M 584 - Fall 2016 2

  3. Security Mindset Anecdote 10/31/16 CSE 484 / CSE M 584 - Fall 2016 3

  4. Security Mindset Anecdote • Change voting registration information (e.g. change the address your ballot is mailed to) – First, last name – Birthday – Driver’s license number 10/31/16 CSE 484 / CSE M 584 - Fall 2016 4

  5. Security Mindset Anecdote 10/31/16 CSE 484 / CSE M 584 - Fall 2016 5

  6. Security Mindset Anecdote • Change voting registration information (e.g. change the address your ballot is mailed to) – First, last name – Birthday – Driver’s license number – Driver’s license issue date (added recently) 10/31/16 CSE 484 / CSE M 584 - Fall 2016 6

  7. Diffie-Hellman: Conceptually Common paint: p and g Secret colors: x and y Send over public transport: g x mod p g y mod p Common secret: g xy mod p [from Wikipedia] 10/31/16 CSE 484 / CSE M 584 - Spring 2016 7

  8. Diffie-Hellman Protocol (1976) • Alice and Bob never met and share no secrets • Public info: p and g – p is a large prime number, g is a generator of Z p * • Z p *={1, 2 … p-1}; ∀ a ∈ Z p * ∃ i such that a=g i mod p • Modular arithmetic: numbers “wrap around” after they reach p Pick secret, random X Pick secret, random Y g x mod p g y mod p Alice Bob Compute k=(g y ) x =g xy mod p Compute k=(g x ) y =g xy mod p 10/31/16 CSE 484 / CSE M 584 - Fall 2016 8

  9. Why is Diffie-Hellman Secure? • Discrete Logarithm (DL) problem: given g x mod p , it’s hard to extract x – There is no known efficient algorithm for doing this – This is not enough for Diffie-Hellman to be secure! • Computational Diffie-Hellman (CDH) problem: given g x and g y , it’s hard to compute g xy mod p – … unless you know x or y, in which case it’s easy • Decisional Diffie-Hellman (DDH) problem: given g x and g y , it’s hard to tell the difference between g xy mod p and g r mod p where r is random 10/31/16 CSE 484 / CSE M 584 - Fall 2016 9

  10. Properties of Diffie-Hellman • Assuming DDH problem is hard (depends on choice of parameters!) , Diffie-Hellman protocol is a secure key establishment protocol against passive attackers – Eavesdropper can’t tell the difference between the established key and a random value – Can use the new key for symmetric cryptography • Diffie-Hellman protocol (by itself) does not provide authentication 10/31/16 CSE 484 / CSE M 584 - Fall 2016 10

  11. Choosing p • In practice, we choose very large primes of the form q = 2p + 1 (where p is prime) 10/31/16 CSE 484 / CSE M 584 - Fall 2016 11

  12. RFC 3526 Smallest prime (1536-bit) standardized for DH is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } Its hexadecimal value is: FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D 670C354E 4ABC9804 F1746C08 CA237327 FFFFFFFF FFFFFFFF Generator: 10/31/16 CSE 484 / CSE M 584 - Fall 2016 12

  13. RFC 3526 Smallest prime (1536-bit) standardized for DH is: 2^1536 - 2^1472 - 1 + 2^64 * { [2^1406 pi] + 741804 } Its hexadecimal value is: FFFFFFFF FFFFFFFF C90FDAA2 2168C234 C4C6628B 80DC1CD1 29024E08 8A67CC74 020BBEA6 3B139B22 514A0879 8E3404DD EF9519B3 CD3A431B 302B0A6D F25F1437 4FE1356D 6D51C245 E485B576 625E7EC6 F44C42E9 A637ED6B 0BFF5CB6 F406B7ED EE386BFB 5A899FA5 AE9F2411 7C4B1FE6 49286651 ECE45B3D C2007CB8 A163BF05 98DA4836 1C55D39A 69163FA8 FD24CF5F 83655D23 DCA3AD96 1C62F356 208552BB 9ED52907 7096966D 670C354E 4ABC9804 F1746C08 CA237327 FFFFFFFF FFFFFFFF Generator: 2 10/31/16 CSE 484 / CSE M 584 - Fall 2016 13

  14. RFC 3526 • Biggest prime given by RFC 3526 is 8192-bit 10/31/16 CSE 484 / CSE M 584 - Fall 2016 14

  15. Some Number Theory Facts • Euler totient function ϕ (n) (n≥1) is the number of integers in the [1,n] interval that are relatively prime to n – Two numbers are relatively prime if their greatest common divisor (gcd) is 1 – Easy to compute for primes: ϕ (p) = p-1 – Note that if a and b are relatively prime, then ϕ (ab) = ϕ (a) ϕ (b) 10/31/16 CSE 484 / CSE M 584 - Fall 2016 15

  16. Some Number Theory Facts • Euler totient function ϕ (n) (n≥1) is the number of integers in the [1,n] interval that are relatively prime to n – Two numbers are relatively prime if their greatest common divisor (gcd) is 1 – Easy to compute for primes: ϕ (p) = p-1 – Note that if a and b are relatively prime, then ϕ (ab) = ϕ (a) ϕ (b) • Euler’s theorem: if a ∈ Z n *, then a ϕ (n) =1 mod n Z n *: integers relatively prime to n 10/31/16 CSE 484 / CSE M 584 - Fall 2016 16

  17. RSA Cryptosystem [Rivest, Shamir, Adleman 1977] • Key generation: – Generate random large primes p, q • Say, 1024 bits each – Compute n =pq and ϕ (n) =(p-1)(q-1) – Choose small e, relatively prime to ϕ (n) • Typically, e=2 16 +1=65537 – Compute unique d such that ed = 1 mod ϕ (n) • Modular inverse: d = e -1 mod ϕ (n) – Public key = (e,n); private key = (d,n) • Encryption of m: c = m e mod n • Decryption of c: c d mod n = (m e ) d mod n = m 10/31/16 CSE 484 / CSE M 584 - Fall 2016 17

  18. Why RSA Decryption Works e ⋅ d=1 mod ϕ (n), thus e ⋅ d=1+k ⋅ϕ (n) for some k Let m be any integer in Z n * (not all of Z n ) c d mod n = (m e ) d mod n = m 1+k ⋅ ϕ (n) mod n = ( m mod n) * ( m k ⋅ ϕ (n) mod n) Recall: Euler’s theorem: if a ∈ Z n *, then a ϕ (n) =1 mod n c d mod n = ( m mod n) * ( 1 mod n) = m mod n Proof omitted: True for all m in Z n , not just m in Z n * 10/31/16 CSE 484 / CSE M 584 - Fall 2016 18

  19. Why is RSA Secure? • RSA problem: given c, n=pq, and e such that gcd(e, ϕ (n))=1, find m such that m e =c mod n – In other words, recover m from ciphertext c and public key (n,e) by taking e th root of c modulo n – There is no known efficient algorithm for doing this • Factoring problem: given positive integer n, find primes p 1 , …, p k such that n=p 1 e1 p 2 e2 …p k ek • If factoring is easy, then RSA problem is easy (knowing factors means you can compute d = inverse of e mod (p-1)(q-1)) – It may be possible to break RSA without factoring n -- but if it is, we don’t know how 10/31/16 CSE 484 / CSE M 584 - Fall 2016 19

  20. RSA Encryption Caveats • Encrypted message needs to be interpreted as an integer less than n • Don’t use RSA directly for privacy – output is deterministic! Need to pre-process input somehow • Plain RSA also does not provide integrity – Can tamper with encrypted messages 10/31/16 CSE 484 / CSE M 584 - Fall 2016 20

  21. Optimal Asymmetric Encryption Padding • Don’t use RSA directly for privacy – output is deterministic! Need to pre-process input somehow • OAEP changes the plaintext randomly, creating a scheme which is secure under chosen plaintext attacks OAEP: instead of encrypting M, encrypt M ⊕ G(r) ; r ⊕ H(M ⊕ G(r)) – r is random and fresh, G and H are hash functions 10/31/16 CSE 484 / CSE M 584 - Fall 2016 21

  22. Digital Signatures: Basic Idea public key ? public key private key Alice Bob Given: Everybody knows Bob’s public key Only Bob knows the corresponding private key Goal: Bob sends a “digitally signed” message 1. To compute a signature, must know the private key 2. To verify a signature, only the public key is needed 10/31/16 CSE 484 / CSE M 584 - Fall 2016 22

  23. RSA Signatures • Public key is (n,e) , private key is (n,d) • To sign message m: s = m d mod n – Signing & decryption are same underlying operation in RSA – It’s infeasible to compute s on m if you don’t know d • To verify signature s on message m: verify that s e mod n = (m d ) e mod n = m – Just like encryption (for RSA primitive) – Anyone who knows n and e (public key) can verify signatures produced with d (private key) • In practice, also need padding & hashing – Standard padding/hashing schemes exist for RSA signatures 10/31/16 CSE 484 / CSE M 584 - Fall 2016 23

  24. DSS Signatures • Digital Signature Standard (DSS) – U.S. government standard (1991, most recent rev. 2013) • Public key: (p, q, g, y=g x mod p), private key: x • Security of DSS requires hardness of discrete log – If could solve discrete logarithm problem, would extract x (private key) from g x mod p (public key) 10/31/16 CSE 484 / CSE M 584 - Fall 2016 24

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Crypto Meets Web Security [Finish Asymmetric Crypto; Web Certificates] Fall 2017 Franziska

Crypto Meets Web Security [Finish Asymmetric Crypto; Web Certificates] Fall 2017 Franziska

CSE 484 / CSE M 584: Computer Security and Privacy Crypto Meets Web Security [Finish Asymmetric Crypto; Web Certificates] Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi

849 views • 25 slides
Crypto meets Web Security: Certificates and SSL/TLS Spring 2017 Franziska (Franzi) Roesner

Crypto meets Web Security: Certificates and SSL/TLS Spring 2017 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

532 views • 36 slides
Crypto meets Web Security: Certificates and SSL/TLS Spring 2016 Franziska (Franzi) Roesner

Crypto meets Web Security: Certificates and SSL/TLS Spring 2016 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, John

848 views • 29 slides
Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Bart Jacobs

Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Bart Jacobs

Crypto intro Crypto intro Symmetric crypto Symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen Achieving security goals with symmetric crypto Radboud University Nijmegen e-Passport example

269 views • 7 slides
PKI and Certificate Security Outline Motivation Certificates Public Key Infrastructure

PKI and Certificate Security Outline Motivation Certificates Public Key Infrastructure

IN3210 Network Security PKI and Certificate Security Outline Motivation Certificates Public Key Infrastructure Threats to certificates / PKI Protecting certificates / PKI 2 Certificates Motivation 3 Motivation: TLS

1.68k views • 108 slides
Computer Security: Secret Key Crypto B. Jacobs Institute for Computing and Information Sciences

Computer Security: Secret Key Crypto B. Jacobs Institute for Computing and Information Sciences

Crypto intro Symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen e-Passport example Encryption: modes of operation Computer Security: Secret Key Crypto B. Jacobs Institute for Computing and Information

856 views • 73 slides
Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Achieving security

Outline Crypto intro Computer Security: Secret Key Crypto Symmetric crypto Achieving security

Crypto intro Crypto intro Symmetric crypto Symmetric crypto Achieving security goals with symmetric crypto Achieving security goals with symmetric crypto Radboud University Nijmegen Radboud University Nijmegen e-Passport example

1.11k views • 12 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
1 Figure 7.3 Figure 7.3 Messages with both Authenticity and Secrecy Messages with both

1 Figure 7.3 Figure 7.3 Messages with both Authenticity and Secrecy Messages with both

Today Today 1. Review/Summary of security technologies Crypto and certificates 2. Combination of techniques in SSL Security Technologies and Hierarchical Trust Security Technologies and Hierarchical Trust The basis for secure HTTP, ssh

269 views • 7 slides
Security Technologies and Hierarchical Trust Security Technologies and Hierarchical Trust Today

Security Technologies and Hierarchical Trust Security Technologies and Hierarchical Trust Today

Security Technologies and Hierarchical Trust Security Technologies and Hierarchical Trust Today Today 1. Review/Summary of security technologies Crypto and certificates 2. Combination of techniques in SSL The basis for secure HTTP, ssh

564 views • 40 slides
Security infrastructure, certificates and responsibilities Anand Padmanabhan for the OSG

Security infrastructure, certificates and responsibilities Anand Padmanabhan for the OSG

OSG Summer Workshop Lubbock, 2011 Security infrastructure, certificates and responsibilities Anand Padmanabhan for the OSG Security team Aug 10th, 2011 OSG Security 1 OSG Security OSG Security model A high level overview Aug 10th, 2011

714 views • 37 slides
Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute

Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute

ITS335 Web Security Browsing Applications Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 its335y15s2l08,

680 views • 35 slides
Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute

Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute

ITS335 Web Security Browsing Applications Web Security HTTPS Certificates Summary ITS335: IT Security Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 2 February 2014 its335y13s2l09,

446 views • 31 slides
Getting Post-Quantum Crypto Algorithms Ready for Deployment End of ECRYPT II Event: Crypto for

Getting Post-Quantum Crypto Algorithms Ready for Deployment End of ECRYPT II Event: Crypto for

Getting Post-Quantum Crypto Algorithms Ready for Deployment End of ECRYPT II Event: Crypto for 2020 Tim Gneysu Hardware Security Group Horst Grtz Institute for IT-Security, Bochum 1/24/2013 Outline Introduction Alternative Public-Key

735 views • 55 slides
Cryptography (+ Web Security): Certificates Spring 2015

Cryptography (+ Web Security): Certificates Spring 2015

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography (+ Web Security): Certificates Spring 2015 Franziska (Franzi) Roesner

505 views • 21 slides
Crypto Currency Security from the Frontlines Hedge Funds, Nation State Threats & T echnical

Crypto Currency Security from the Frontlines Hedge Funds, Nation State Threats & T echnical

Crypto Currency Security from the Frontlines Hedge Funds, Nation State Threats & T echnical Security Approaches Adam Healy, CISO State of Crypto Asset Security 2016 Market Capitalization NASDAQ 1 ~$7.8 trillion London Stock Exchange 1

291 views • 12 slides
The BEACON use case under the GDPR Regina Becker ELIXIR-LU ELIXIR AllHands Workshop 7. June

The BEACON use case under the GDPR Regina Becker ELIXIR-LU ELIXIR AllHands Workshop 7. June

The BEACON use case under the GDPR Regina Becker ELIXIR-LU ELIXIR AllHands Workshop 7. June 2018 The BEACON tool Processing genetic data to make it Findable Processing genetic data to make it Findable What does the GDPR

891 views • 15 slides
The IDEM Project Energy Management vs. Data Privacy Cornelia Kappler (deZem) Holger Kinkelin,

The IDEM Project Energy Management vs. Data Privacy Cornelia Kappler (deZem) Holger Kinkelin,

I n d ividualisierbares E nergiecontrollingsystem I D E M mit M andantenfhigkeit The IDEM Project Energy Management vs. Data Privacy Cornelia Kappler (deZem) Holger Kinkelin, Marcel von Maltitz (TUM) 21.05.2014 M Agenda I D E Motivation

1.01k views • 37 slides
Ling 555 Programming for Linguists More unix basics & Regular Expressions Robert Albert

Ling 555 Programming for Linguists More unix basics & Regular Expressions Robert Albert

Ling 555 Programming for Linguists More unix basics & Regular Expressions Robert Albert Felty Speech Research Laboratory Indiana University Sep. 08, 2008 Network tools ssh secure remote login to another computer sftp secure file

594 views • 38 slides
5.7 Policy University of Limerick From Pixabay by Bru-nO Licensed under CC BY-SA 1.0

5.7 Policy University of Limerick From Pixabay by Bru-nO Licensed under CC BY-SA 1.0

5.7 Policy University of Limerick From Pixabay by Bru-nO Licensed under CC BY-SA 1.0 (https://pixabay.com/en/mobile-phone-phone-cellphone-2510529/) Recommendations for product design Use modular construction By Dave Hakkens (Provided via email)

359 views • 15 slides
Factoring RSA keys from certified smart cards: Coppersmith in the wild Daniel J. Bernstein,

Factoring RSA keys from certified smart cards: Coppersmith in the wild Daniel J. Bernstein,

Factoring RSA keys from certified smart cards: Coppersmith in the wild Daniel J. Bernstein, Yun-An Chang, Chen-Mou Cheng, Li-Ping Chou, Nadia Heninger, Tanja Lange, Nicko van Someren 5 December 2013 Problems with non-randomness 2012

545 views • 50 slides
Synthesis of distributed mobile programs using monadic types in Coq Marino Miculan Marco

Synthesis of distributed mobile programs using monadic types in Coq Marino Miculan Marco

Synthesis of distributed mobile programs using monadic types in Coq Marino Miculan Marco Paviotti Dept. of Mathematics and Computer Science University of Udine ITP 2012 August 13th, 2012 1 / 22 The problem The extraction of certified

934 views • 51 slides
Developments in Adversarial Machine Learning Florian Tramr September 19 th 2019 Based on joint

Developments in Adversarial Machine Learning Florian Tramr September 19 th 2019 Based on joint

Developments in Adversarial Machine Learning Florian Tramr September 19 th 2019 Based on joint work with Jens Behrmannn, Dan Boneh, Nicholas Carlini, Edward Chou, Pascal Dupr, Jrn-Henrik Jacobsen, Nicolas Papernot, Giancarlo Pellegrino,

610 views • 21 slides
Aims of the course The aim of this course to show that logic is a natural bridge between

Aims of the course The aim of this course to show that logic is a natural bridge between

Program Extraction From Proofs 1 Ulrich Berger Swansea University Autumn School Proof and Computation Fischbachau, September 16-22, 2018 1 available at www.cs.swan.ac.uk/ csulrich/slides.html 1 / 68 Aims of the course The aim of this

1.64k views • 150 slides

More recommend