CSE484/CSEM584ComputerSecurity:MoreCryptography

TA:JaredMoorejlcmoore@cs

Logistics

• Lab1FinaldueTOMORROW (11:59pm).• ForquickestresponsefromTAs,emailallofus:

cse484-tas@cs.washington.edu• Checkforumforsometips.• Homework#2 outnow(crypto),dueonFriday,5/55pm.

LastWeekQuestions

• WhatisthedifferencebetweenAESandencryptionmodes(CBC,CTR,etc.)?– AESandDESdefinetheblockcipherandcanbeusedwithvariousmodes

• Wherearepasswordsaltsstored?Doweassumeanattackhasaccesstothem?– Inthesamefileasthepasswordhashes.Yes.

SomeNumberTheoryFacts

• Euler totient function ϕ(n) (n≥1) is the number of integers in the [1,n] interval that are relatively prime to n– Two numbers are relatively prime if their greatest

common divisor (gcd) is 1– Easy to compute for primes: ϕ(p)=p-1– Note that ϕ(ab)=conϕ(a)ϕ(b)

• Euler’s theorem: if a ∈ Zn*, then aϕ(n)≡ 1 (mod n)Zn*: integers relatively prime to n

4/27/17 CSE484/CSEM584- Spring2016 4

DHSummary

• Publicinfo:p (largeprime)andg (generatorofZp*)

Zp*={1,2…p-1};∀a∈Zp*∃i suchthata≡ gi (modp)

RSASummary

• Keygeneration– Generatelargeprimesp,q

• Say,1024bitseach(needprimality testing,too)– Computen=pq andϕ(n)=(p-1)(q-1)– Choosesmalle,relativelyprimetoϕ(n)(inZn*)– Computeuniquedsuchthated ≡ 1(modϕ(n))– Publickey=(e,n);privatekey=(d,n)

• Encryption ofm:c=memodn– Modularexponentiationbyrepeatedsquaring

• Decryption ofc:cd modn=(me)d modn=m

WhyRSADecryptionWorks

e⋅d≡ 1(modϕ(n)),thus e⋅d=1+k⋅ϕ(n) forsomek

LetmbeanyintegerinZn*(notallofZn)cd modn =(me)d modn =m1+k⋅ϕ(n)modn

=(mmodn)*(mk⋅ϕ(n) modn)

Recall:Euler’stheorem:ifa∈ Zn*,thenaϕ(n)=1modn

cd modn =(mmodn)*(1modn)=mmodn

Proofomitted:TrueforallminZn,notjustminZn*

4/27/17 CSE484/CSEM584- Spring2016 7

Readthepaper!

• https://people.csail.mit.edu/rivest/Rsapaper.pdf

SampleRSADecryption

• 2621513 714131312814 15131420963125261416 2315262 6131

• p=3,q=11,n=33,e=7,d=3

• A-1B-2C-3D-4E-5F-6G-7H-8I-9J-10K-11L-12M-13N-14O-15P-16Q-17R-18S-19T-20U-21V-22W-23X-24Y-25Z-26

SampleRSADecryption

• Howtocomputed?– Recall:ed ≡ 1(modϕ(n))(whereϕ(n)=(p-1)(q-1))– Sodisinverseofemodϕ(n).– Howtocomputemodularinverse?• UseextendedEuclideanalgorithm• …orWolframAlphaJ• Notethatthisishardifyoudon’tknowϕ(n) (i.e.,can’tfactorn).

PublicKeyCryptoSummary

• Diffie-Hellman:Whyisitsecure?– Discretelog;computationalDHproblem;decisionalDHproblemarehard.

• RSA:Whyisitsecure?– Takingeth rootishard;Factoringishard.

CryptographySummary• Goal:Privacy– One-timepad– Blockciphersw/symmetrickeys(e.g.,DES,AES)

• Modes:EBC,CBC,CTR– Publickeycrypto(e.g.,Diffie-Hellman,RSA)

• Goal:Integrity– MACs,oftenusinghashfunctions(e.g,MD5,SHA-256)

• Goal:PrivacyandIntegrity– Encrypt-then-MAC(why?)

• Goal:Authenticity(andIntegrity)– Digitalsignatures(e.g.,RSA,DSS)

CertificateAuthorities

• CAssigncertificates;rootCAscanauthorizeintermediateCAs(certificatechains).

• Problemswiththismodel?• Ideasforalternatesolutions?– Examples:Perspectives(http://perspectives-project.org/),Convergence(http://convergence.io/)• Bothrelyonnotaryservers(chosenbytheuser):browsercheckscertificatesitseesagainstthoseseenovertimebytrustednotaries. Howdoesthishelp?

SSLStripAttack

[FiguresthankstoElie Bursztein.Seealsohttp://www.thoughtcrime.org/software/sslstrip/.]

SSLStripAttack

http://elie.im/index.php

<html> <body> <form action="https://elie.im/login.php"> <input type="text" name="login"/> <input type="password" name="pass"/> </form> </body></html>

https://elie.im/login.php

login: Eliepassword: secretpass

Server

Client

http://elie.im/index.php

<html> <body> <form action="http://elie.im/login.php"> <input type="text" name="login"/> <input type="password" name="pass"/> </form> </body></html>

http://elie.im/login.php

login: Eliepassword: secretpass

Man-in-the-middleAttacker

SSL Strip Flow

[FiguresthankstoElie Bursztein.Seealsohttp://www.thoughtcrime.org/software/sslstrip/.]

SSLUserInterfaceAttacks

[FiguresthankstoElie Bursztein]

SSLUserInterfaceAttacks

[FiguresthankstoElie Bursztein]

1. Valid HTTPS page

2. HTTP page

3. HTTP page+ Lock spoofing

SSLUserInterfaceAttacks

[FiguresthankstoElie Bursztein]