CSE 484 / CSE M 584 Computer Security: Crypto & Web Security - - PowerPoint PPT Presentation

▶

Dec 31, 2023 7 likes •271 views

CSE 484 / CSE M 584 Computer Security: Crypto & Web Security TA: Thomas Crosley tcrosley@cs Many slides by Franziska Roesner and Adrian Sham HTTP :// XKCD . COM /1323/ Lab 1 Deadline Reminders Lab 1 Final due tomorrow! (4/29, 8pm).

SLIDE 1

CSE 484 / CSE M 584

Computer Security: Crypto & Web Security

TA: Thomas Crosley tcrosley@cs Many slides by Franziska Roesner and Adrian Sham

SLIDE 2

HTTP://XKCD.COM/1323/

SLIDE 3

Lab 1 Deadline Reminders

Lab 1 Final due tomorrow! (4/29, 8pm).
Upcoming office hours:

– Friday 2:00pm – Kevin (CSE 021)

SLIDE 4

Today

Crypto Summary
RSA Summary
Cer\ficate Authori\es
Security Best Prac\ces

SLIDE 5

Cryptography Summary

Goal: Privacy

– Symmetric keys:

One-\me pad, Stream ciphers
Block ciphers (e.g., DES, AES) à modes: EBC, CBC, CTR

– Public key crypto (e.g., Diffie-Hellman, RSA)

Goal: Integrity

– MACs, oben using hash func\ons (e.g, MD5, SHA-256)

Goal: Privacy and Integrity

– Encrypt-then-MAC

Goal: Authen\city (and Integrity)

– Digital signatures (e.g., RSA, DSS)

SLIDE 6

RSA Summary

Key genera\on

– Generate large primes p, q (and keep them private)

Say, 1024 bits each (need primality tes\ng, too)

– Compute n = pq and ϕ(n) = (p-1)(q-1) – Choose small e, rela\vely prime to ϕ(n) – Compute unique d such that ed ≡ 1 mod ϕ(n) – Public key = (e,n); private key = (d,n)

Encryp\on of m: c ≡ me mod n

– m must be, 0 <= m < n – Modular exponen\a\on by repeated squaring

Decryp\on of c: cd mod n = (me)d mod n = m

SLIDE 7

Sample RSA Decryp\on

26 2 15 13 7 14 13 13 1 28 14 15 13

14 20 9 6 31 25 26 14 16 23 15 26 2 6 13 1

p=3, q=11, n=33, e=7, d=3
A-1 B-2 C-3 D-4 E-5 F-6 G-7 H-8 I-9 J-10 K-11

L-12 M-13 N-14 O-15 P-16 Q-17 R-18 S-19 T-20 U-21 V-22 W-23 X-24 Y-25 Z-26

SLIDE 8

Sample RSA Decryp\on

How to compute d?

– Recall: ed ≡ 1 mod ϕ(n) (where ϕ(n) = (p-1)(q-1)) – So d is inverse of e mod ϕ(n). – How to compute modular inverse?

Use extended Euclidean algorithm
… or Wolfram Alpha J
Note that this is hard if you don’t know ϕ(n) (i.e., can’t

factor n).

SLIDE 9

Cer\ficates

SLIDE 10

CA Ecosystem

Source: hvp://conferences.sigcomm.org/imc/2013/papers/imc257-durumericAemb.pdf

SLIDE 11

Colliding Cer\ficates

4/28/16 CSE 484 / CSE M 584 - Spring 2016 11

serial number validity period real cert domain name real cert RSA key X.509 extensions signature

identical bytes (copied from real cert) collision bits (computed) chosen prefix (difference)

serial number validity period rogue cert domain name ??? X.509 extensions signature

set by the CA

Hash to the same MD5 value! Valid for both certificates!

[Sotirov et al. “Rogue Certificates”]

SLIDE 12

Problem With Collisions

Goal: Snape wants to trick Dumbledore into accept a

document B from Harry that is different than document A that Harry actually signed

Snape creates 2 documents A and B that have iden\cal

hash value (collision!)

Snape sends document A to Harry, who signs the hash

and gives a signature to Snape

Snape avaches that signature to document B and sends

it to Dumbledore

Dumbledore accepts it because the signatures match

SLIDE 13

More Rogue Certs

In Jan 2013, a rogue *.google.com certificate

was issued by an intermediate CA that gained its authority from the Turkish root CA TurkTrust

– TurkTrust accidentally issued intermediate CA certs to customers who requested regular certificates – Ankara transit authority used its certificate to issue a fake *.google.com certificate in order to filter SSL traffic from its network

This rogue *.google.com certificate was trusted by

every browser in the world

4/28/16 CSE 484 / CSE M 584 - Spring 2016 13

SLIDE 14

What is Prevy Good Privacy (PGP)

hvp://lifehacker.com/how-to-encrypt-your-email-and-keep-your-conversa\ons-p-1133495744

SLIDE 15

Alterna\ve: “Web of Trust”

Used in PGP (Prevy Good Privacy)
Instead of a single root cer\ficate authority, each person has

a set of keys they “trust”

– If public-key cer\ficate is signed by one of the “trusted” keys, the public key contained in it will be deemed valid

Trust can be transi\ve

– Can use cer\fied keys for further cer\fica\on Alice Friend of Alice Friend of friend Bob

sigAlice(“Friend”, Friend’s key) sigFriend(“FoaF”, FoaF’s key)

I trust Alice

SLIDE 16

KeyBase

Connect people’s social media iden\\es to

their public cryptographic keys.

hvps://medium.com/@cdixon/keybase-bringing-public-key-cryptography-to-mainstream- users-16a9379dddda#.klwu6rt36

SLIDE 17

HTTP://XKCD.COM/1553/

SLIDE 18

Security Best Prac\ces

SLIDE 19

Ad and Social Media Blocking

Benefits

– Can block malicious content from ads – Faster loading pages – Reduce bandwidth – Privacy

Cons

– Allows sobware to directly modify page – False posi\ves – Economic consequences for online businesses

Social Widget Blocket: hvps://addons.mozilla.org/en-US/firefox/addon/sharemenot/

SLIDE 20

Password Managers

Helps prevent reuse of passwords
One ring master password to rule them all!
Many op\ons available:

– LastPass: CloudBased password manager – KeePass: Desktop applica\on

Images : hvp://www.howtogeek.com/141500/why-you-should-use-a- password-manager-and-how-to-get-started/

SLIDE 21

Last Pass

SLIDE 22

Last Pass

SLIDE 23

KeePass

SLIDE 24

2 Factor Authen\ca\on

Passwords may not be enough
2FA provices iden\fica\on of users by means
f the combina\on of two different

components (such as password and phone)

List of sites that support 2FA:

– hvps://twofactorauth.org/

SLIDE 25

Using your phone

SLIDE 26

CSE 484 / CSE M 584

Computer Security: Crypto & Web Security

TA: Thomas Crosley tcrosley@cs Many slides by Franziska Roesner and Adrian Sham

HTTP://XKCD.COM/1323/

Lab 1 Deadline Reminders

– Friday 2:00pm – Kevin (CSE 021)

Today

Cryptography Summary

– Symmetric keys:

– Public key crypto (e.g., Diffie-Hellman, RSA)

– MACs, oben using hash func\ons (e.g, MD5, SHA-256)

– Encrypt-then-MAC

– Digital signatures (e.g., RSA, DSS)

RSA Summary

– Generate large primes p, q (and keep them private)

– Compute n = pq and ϕ(n) = (p-1)(q-1) – Choose small e, rela\vely prime to ϕ(n) – Compute unique d such that ed ≡ 1 mod ϕ(n) – Public key = (e,n); private key = (d,n)

– m must be, 0 <= m < n – Modular exponen\a\on by repeated squaring

Sample RSA Decryp\on

14 20 9 6 31 25 26 14 16 23 15 26 2 6 13 1

L-12 M-13 N-14 O-15 P-16 Q-17 R-18 S-19 T-20 U-21 V-22 W-23 X-24 Y-25 Z-26

Sample RSA Decryp\on

– Recall: ed ≡ 1 mod ϕ(n) (where ϕ(n) = (p-1)(q-1)) – So d is inverse of e mod ϕ(n). – How to compute modular inverse?

factor n).

Cer\ficates

CA Ecosystem

Colliding Cer\ficates

Hash to the same MD5 value! Valid for both certificates!

Problem With Collisions

document B from Harry that is different than document A that Harry actually signed

hash value (collision!)

and gives a signature to Snape

it to Dumbledore

More Rogue Certs

was issued by an intermediate CA that gained its authority from the Turkish root CA TurkTrust

– TurkTrust accidentally issued intermediate CA certs to customers who requested regular certificates – Ankara transit authority used its certificate to issue a fake *.google.com certificate in order to filter SSL traffic from its network

every browser in the world

What is Prevy Good Privacy (PGP)

Alterna\ve: “Web of Trust”

a set of keys they “trust”

KeyBase

their public cryptographic keys.

HTTP://XKCD.COM/1553/

Security Best Prac\ces

Ad and Social Media Blocking

– Can block malicious content from ads – Faster loading pages – Reduce bandwidth – Privacy

– Allows sobware to directly modify page – False posi\ves – Economic consequences for online businesses

Password Managers

– LastPass: CloudBased password manager – KeePass: Desktop applica\on

Last Pass

Last Pass

KeePass

2 Factor Authen\ca\on

components (such as password and phone)

– hvps://twofactorauth.org/

Using your phone

Hardware tokens