inf 123 sw arch, dist sys & interop lecture 17 prof. crista lopes
Post on 21-Dec-2015
216 views
TRANSCRIPT
INF 123 SW ARCH, DIST SYS & INTEROP
LECTURE 17
Prof. Crista Lopes
Objectives
Trust on the Internet Certificates & certificate authorities Public Key Cryptography SSL
Basic Threat: Domain Name Hijacking
Computers use a variety of methods to accomplish domain name resolution (name IP address) Local computer: hosts file DNS
Trojans may compromise hosts file, LAN router, or even entire ISP’s DNS resolution Leafs are more vulnerable -- demo
Very serious threat to the integrity of the Internet
Problem Formulation
How can we trust that a domain name is under control of its legitimate owner in the presence of such attacks?
Trusted Third Party
Certificate Authorities
Trusted Third Party
A wants to talk to B, but is not sure B is B
A B
Trusted Third Party, aka Certificate Authority
In broad strokes:
A B
CA1
3
2
4
5
6
Trusted Third Party
1. B requests a digital certificate from CA2. CA verifies B in real life3. CA gives certificate to B
some time later…4. A contacts B5. B sends its digital certificate to A6. A verifies it with CA7. Finally, A is assured that B is B
Digital Certificate
(non-electronic version: driver’s license) Binds an identity to a public key Electronic document signed by an authority Contains:
Owner’s public key Owner’s name Expiration date Serial number Name of the issuer Digital signature of the issuer
Trusted Certificate Authorities http://www.mozilla.org/projects/security/
certs/included/
Digital certificates from these CAs are expen$ive
Public Key Cryptography
Public Key Cryptography
Asymmetric key algorithms mathematically related key pair: one secret
private key and another key that can be made public
Avoids secure initial exchange of key
Symmetric vs. Asymmetric
Symmetric
Asymmetric
ofreceiver
ofreceiver
Asymmetric Keys
Data encrypted with a public key can only be decrypted with the corresponding private key use this to ensure that only the recipient
can decrypt the message Data encrypted with a private key can
only be decrypted with the corresponding public key use this to ensure authenticity of sender
(assuming the sender’s public key can be trusted – hence CAs)
Digital Signatures
Password- vs. Certificate-based Authentication
Password
Certificate
Recap: SSL/TLS
Extra pieces of transport-layer protocol for negotiating cyphers and ensuring authentication of the server
Bottom line: Payload data is encrypted before sending,
decrypted upon reception
Recap: HTTPS = HTTP + SSL/TLS
POST /wifi/login HTTP/1.1Hostname: …Content-Type: …Content-Length: …
METHOD=login&firstname=foo&lastname=bar&password=hereismypassword
Unintelligible gibberish
Recap: HTTPS = HTTP + SSL/TLS https:// instead of http://
Uses port 443 by default instead of port 80
How SSL works
http://video.google.com/videoplay?docid=7130470471741831613
To Learn More on Cryptography CS 167
Final Remark about CAs
Anyone can create certificates you can too
Tools choose which certificate authorities to trust they may or may not trust yours
Alternative: Web of Trust
Decentralized trust model as opposed to CAs/PKI which are centralized
Phil Zimmerman: “As time goes on, you will accumulate keys from other
people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault-tolerant web of confidence for all public keys.”