CSCI6268L15 - Foundations of Network and Computer Security...

Info iconThis preview shows pages 1–11. Sign up to view the full content.

View Full Document Right Arrow Icon
Foundations of Network and Foundations of Network and Computer Security Computer Security J J ohn Black Lecture #15 Oct 5, 2009 CSCI 6268/TLEN 5550, Fall 2009
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Project #0 I’ll give you a ciphertext, you find the password Password is a three-letter lowercase alpha string Main purpose is to get you to figure out where openssl lives on your computer(s) Don’t do it by hand Full description on our web page Due Oct 14 th , in class
Background image of page 2
Back to SSL/TLS SSL Secure Socket Layer Designed by Paul Kocher, consulting for Netscape TLS Transport Layer Security New version of SSL, and probably what we should call it (but I’m used to SSL) Used for web applications (https) But also used many other places that aren’t as well-known
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
TLS – Sketch Let’s start by trying to design TLS ourselves and see what else we’ll need This will end up being only a sketch of the very complex protocol TLS actually is We want: Privacy, authentication Protection against passive and active adversaries We have: Symmetric/asymmetric encryption and authentication Collision-resistant hash functions
Background image of page 4
A First Stab First we need a model Client/Server is the usual one Client and Server trust each other No shared keys between client and server Assuming a shared key is not realistic in most settings Adversary is active (but won’t try DoS) Server generates RSA key pair for encryption – pk S , sk S S subscript stands for “Server”
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
A First Stab (cont) Now client C comes along and wants to communicate with server S C sends SSL HELLO to initiate session – S responds by sending pk S C sends credit card number encrypted with pk S – S decrypts credit card number with sk S and charges the purchase What’s wrong here?
Background image of page 6
Our First Protocol: Problems There are tons of problems here We don’t know how to encrypt {0,1} * , only how to encrypt elements of Z n * Ok, say we solve that problem (there are ways) It’s really SLOW to use RSA on big messages Ok, we mentioned this before… let’s use symmetric cryptography to help us There is no authentication going on here! • Adversary could alter pk S on the way to the client We’d better add some authentication too Let’s try again…
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Second Stab C says Hello S sends pk S to C C generates two 128-bit session keys – K enc , K mac , used for encryption and MACing C encrypts (K enc , K mac ) with pk S and sends to S S recovers (K enc , K mac ) using sk S and both parties use these “session keys” to encrypt and MAC all further communication
Background image of page 8
Second Stab (cont) Problems? Good news: we’re a lot more efficient now since most crypto is done with symmetric key Good news: we’re doing some authentication now Bad news: Man-in-the-Middle attack still possible Frustratingly close If we could get pk S to the client, we’d be happy
Background image of page 9

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Man in the Middle Let’s concretely state the problem
Background image of page 10
Image of page 11
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 03/11/2010 for the course CS 6268 taught by Professor Black during the Spring '09 term at University of Colombo.

Page1 / 37

CSCI6268L15 - Foundations of Network and Computer Security...

This preview shows document pages 1 - 11. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online