ECE-6612http://www.csc.gatech.edu/copeland/jac/6612/

Prof. John A. Copelandjohn.copeland@ece.gatech.edu

404 894-5177fax 404 894-0035

Office: Klaus 3362email or call for office visit

Chapter 4b - X.509 Authentication

X.509 Authentication Service • An International Telecommunications Union (ITU) recommendation (versus “standard”) for allowing computer host or users to securely identify themselves over a network.

• An X.509 certificate purchased from a “Certificate Authority” (trusted third party) allows a merchant to give you his public key in a way that your Browser can generate a session key for a transaction, and securely send that to the merchant for use during the transaction (padlock icon on screen closes to indicate transmissions are encrypted).

• Once a session key is established, no one can “high jack” the session (for example, after your enter your credit card information, an intruder can not change the order and delivery address).

• User only needs a Browser that can encrypt/decrypt with the appropriate algorithm, and generate session keys from truly random numbers.

• Merchant’s Certificate is available to the public, only the secret key must be protected. Certificates can be cancelled if secret key is compromised.

Certificate Authority generates the“signature” that is added to raw

“Certificate”

MIC

Hash

Raw “Certificate” has user name, public key, expiration date, ...

RawCert.

SignedCert.

3

Generate hash codeof Raw Certificate

Encrypt hash code with CA’s private key to form CA’s signature

Signed CertificateRecipient can verify signature using CA’s public key.

CA’s Secure Area

4

This Certificate belongs to: investing.schwab.com trading subnet a 1199

Charles Schwab & Co., Inc. Phoenix, Arizona, US

This Certificate was issued by Secure Server Certification Authority

RSA Data Security, Inc. US

Serial Number: 6B:68:2F:3B:FD:8A:46:73:04:33:10:8A:32:1E:47:5BThis Certificate is valid from Wed Nov 03, 1999 to Thu Nov 02, 2000

Certificate Fingerprint: 4B:80:C6:C5:2D:63:14:E7:6F:50:BD:16:39:3C:96:FD

5

Information Provided by Browser about a Certificate

Are you sure that you want to delete this Site Certificate?

This Certificate belongs to: endor.mcom.com

Netscape Communications Corp. US

This Certificate was issued by: rootca.netscape.com Information Systems

Netscape Communications Corporation US

Serial Number: 01:77This Certificate is valid from Thu May 15, 1997 to Tue Nov 11, 1997

Certificate Fingerprint: 06:BF:60:88:D9:E7:59:BF:3A:35:74:33:28:8E:26:F6

6

Certificates Can Be Deleted (and Added)

X.509 Chain of Authentication

CA<<A>> = CA {A’s id and information}

X<<A>> = certificate of A “signed” by X

To authenticate X<<A>>, you must get the public key of X from a trusted source, such as Z - your own CA. ( Z<<X>>)

Z in turn may have to get X’s certificate from a higher level CA.

Ultimately there must be an “Authentication Tree” of CA’s so that a user can work up the tree (from Z) and back down to the issuer of the certificate in question, X.

7

X.509 Chain of Authentication

8

In practice, there is no single top-level Certificate Authority (CA), only a group of CA’s that each Browser vendor deems fit to include in the installation program.

9

“Root” Certificate Authorities in Firefox (2010)

added by user

In 2005, Arjen Lenstra and Benne de Weger demonstrated "how to use hash collisions to construct two X.509 certificates that contain identical signatures and that differ only in the public keys", achieved using a collision attack on the MD5 hash function.

In 2008, Alexander Sotirov and Marc Stevens presented at the Chaos Communication Congress a practical attack that allowed them to create a rogue Certificate Authority, accepted by all common browsers, by exploiting the fact that RapidSSL was still issuing X.509 certificates based on MD5.

X.509 certificates based on SHA-1 had been deemed to be secure up until very recent times. In April 2009 at the Eurocrypt Conference, Australian Researchers of Macquarie University presented "Automatic Differential Path Searching for SHA-1". The researchers were able to deduce a method which increases the likelihood of a collision by several orders of magnitude.

In 2011, SHA-2 hashes 256-bits or 512-bits long were recommended by NIST. In Oct. 2012, “Keccak” won the NIST contest and was named SHA-3.

Source: Wikipedia.com article on “X.509”, “SHA-3”

Security Issues with X.509 Certificates

10

Safari Browser - Google Safe Browsing Service - 2011

Firefox Browser - OCSP - 2011

11

Google Safe Browsing is a service provided by Google that provides lists of URLs for web resources that contain malware or phishing content. The Google Chrome and Mozilla Firefox web browsers use the lists from the Google Safe Browsing service for checking pages against potential threats. Google also provide a public API for the service.

Google also provides information to Internet Service Providers, by sending e-mail alerts to Autonomous System operators regarding threats hosted on their networks.

According to Google, as of June 2012, some 600 million Internet users were using this service, either directly or indirectly.

To use this service copy into your web browser address bar and edit change:

http://www.google.com/safebrowsing/diagnostic?site=mysite.com

the last name needs to be the url of the webpage or site you wish to find out about. {url = unique resource locator}

Source: Wikipedia.com article on “Google Safe Browsing” 12

Secure Shell (SSH) and Secure Copy (SCP)

13

SSH allows you to securely open a terminal window on a remote UNIX host. SCP allows you to securely transfer files. Secure FTP (SFTP) has an interactive command-line interface like FTP.

The authentication process and the TCP connection in both cases is encrypted. Authentication is done using the hosts’ RSA Public Keys. Users are authenticated by their host password, or by using their stored public RSA key, which can be generated by the SSH utility ssh-keygen). A session key is generated by Diffie-Hellman.

SSH can also be used for secure tunneling of TCP connections and X11 graphical user interface (GUI) connections.

Secure SSH Logon without a password

[myPC:~] copeland% ssh-keygen -t rsa

Generating public/private rsa key pair.Enter file in which to save the key (/Users/copeland/.ssh/id_rsa): [ENTER]Enter passphrase (empty for no passphrase): [ENTER]Enter same passphrase again: [ENTER]

Your identification has been saved in /Users/copeland/.ssh/id_rsa.Your public key has been saved in /Users/copeland/.ssh/id_rsa.pubThe key fingerprint is:99:e6:61:f7:76:cb:33:c8:99:e1:2d:96:40:1c:b3:59 copeland@myPC.ece.gatech.edu

Generate a Public-Private Key Pair on your PC

14

The “key fingerprint” is a 128-bit secure hash of the public key.[ENTER] means you should hit the Enter or Return key.

[myPC:~] copeland% scp .ssh/id_rsa.pub ecelinsrv1.ece.gatech.edu:.ssh/xThe authenticity of host ’ecelinserv1.ece.gatech.edu (130.207.232.12)' can't be established.RSA key fingerprint is 9c:07:e8:1d:6a:fa:fb:5b:40:35:e3:2a:1d:d3:95:76.Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added ’ecelinsrv1.ece.gatech.edu,130.207.232.12' (RSA) to the list of known hosts.

copeland@ecelinsrv1.ece.gatech.edu's password: ####### id_rsa.pub . . . . . 4kB== add your .ssh/id_rsa.pub file, now .ssh/x on ecelinserv1, to .ssh/authorized_keys ===

[myPC:~] copeland% ssh ecelinsrv1.ece.gatech.edupassword: #######Last login: Fri Feb 10 15:06:47 2009 from myPC.ece.gatech.educopeland@ecelinsrv1% cat .ssh/x >> .ssh/authorized_keys

== in the future, no password will be needed ==

scp the Public Key only to ecelinserv1

15

If your username is not the same on both hosts, you have to replace host with : username@host in ssh and scp commands (see “man ssh” & “scp”).

copeland@ecelinsrv1% ls -l .sshtotal 32-rw-r--r-- 1 copeland users 3284 Dec 2 21:22 authorized_keys-rw------- 1 copeland users 887 Feb 12 2006 id_rsa-rw-r--r-- 1 copeland users 242 Feb 12 2006 id_rsa.pub-rw-r--r-- 1 copeland users 5964 Oct 27 08:21 known_hosts-rw-r--r-- 1 copeland users 396 Feb 3 10:28 x

The files in the “hidden” .ssh directory contain the following: “authorized_keys” - RSA public keys from your other computers, “id_rsa” - the RSA Private Key for this host-user (do not copy), “id_rsa.pub” - the RSA Public Key for this host-user (put on other computers, in their “authorized_keys” directories), “known_hosts” - the host Public Key from all computers you ssh’ed to and from in the past (added when you typed “yes”).

Files in the /usr/home/copeland/.ssh/ directory

16

Secure Tunneling a TCP Connection

17

Type

[myPC:~]% ssh -N -f 7777: remote_host :3389 remote_host

on a single command line. “remote_host” can be an IP address or DNS name. To have a remote desktop on windows.gatech.edu, configure “localhost” and port 7777 in your Remote Desktop Program (instead of “windows.gatech.edu” and port 3389).

You windows.gatech.eduYou:RemoteTCP x:3389

Firewall that blocks port 3389

Secure Relaying a TCP Connection

18

[myPC:~]% ssh -N -f -L 8080:relay_host:23456 -R 23456:www.gatech.edu:80 relay_host

on a single command line. “relay_host” can be an IP address or DNS name. To go to www.gatech.edu, type “http://localhost:8080” in your browser.

Caveat: Different versions on UNIX, ssh, and sshd may require different parameters. The “Relay Host” must support normal ssh access, and be configured to permit relaying.

You Relay Host www.gatech.eduYou:RelayTCP x:22

Relay:wwwTCP y:80

Firewall that blocks port 80

Making a DES Key from a Password or Phrase

password, n 7-bit ASCII characters

(little endian - least significant bit first)

flattened bit stream (7 x n bits)

fanfold into 56 bits

bitwise XOR

64-bit key Every eighth bit is a parity bit 19

Programs Available fromwww.csc.gatech.edu/copeland/jac/6612/tools/

hextext.c - allows you to view files in both hex and ascii formats.

char_count.c - shows the number of different characters in a file, computes the character entropy.

To use, you must first compile them. On a UNIX or LINUX:

gcc hextext.c -o hextext (the executable file is “hextext”) ./hextext for help ./hextext filename 3000 file and max. bytes ./hextext filename 3000 | less see one screen at a time

gcc char_count.c -lm -o char_count (note the “-lm” for math library)./char_count filename (Windows: install cygwin)

If “gcc” is not available, try “cc”. If you want to look at a text file, “less” is better than “more” (use “control-u” to back up, “space” for next page).

20

Maximum Lines (p_limit) value: 30 Input File is 120317-s100.raw

Byte No. HEX VALUES TEXT 0 2 4 6 8 10 12 14 16 18 0 2 4 6 8 0 2 4 6 8 0: d4c3 b2a1 0200 0400 0000 0000 0000 0000 6400 0000 : ................d... 20: 0100 0000 e544 4838 1ead 0200 4e00 0000 4e00 0000 : .....DH8....N...N... 40: 0000 0000 0800 0300 0000 0000 0001 0080 1935 8da3 : .................5.. 60: 0800 4500 0040 0291 0000 3f11 16fc 1858 302f 1858 : ..E..@....?....X0/.X 80: 0142 0400 0035 002c 90c7 061a 0100 0001 0000 0000 : .B...5.,............ 100: 0000 0377 7777 0363 7363 0667 6174 6563 6803 6564 : ...www.csc.gatech.ed 120: 7500 0001 0001 e544 4838 21fd 0200 7200 0000 a400 : u......DH8!...r..... 140: 0000 0000 0000 0800 0300 0000 0000 0001 0050 0f00 : .................P.. 160: 308c 0800 4500 0096 4acf 4000 fc11 d166 1858 0142 : 0...E...J.@....f.X.B 180: 1858 302f 0035 0400 0082 7a8a 061a 8180 0001 0002 : .X0/.5....z......... 200: 0001 0001 0377 7777 0363 7363 0667 6174 6563 6803 : .....www.csc.gatech. 220: 6564 7500 0001 0001 c00c 0005 0001 0000 a1ce 0010 : edu.................

Lines: 30, hextext.c by John Copeland 12/5/99

Output from ‘hextext’

21

$ ./char_count char_count.c

char_count vers 000601 File is char_count.c

No. Char.s to EOF = 7396, No. Lines = 183

Occurrence of Single Characters

^@- 0 | ^P- 0 | - 3488 | 0- 104 | @- 1 | P- 12 | `- 0 | p- 154^A- 0 | ^Q- 0 | !- 1 | 1- 77 | A- 16 | Q- 0 | a- 202 | q- 0^B- 0 | ^R- 0 | "- 75 | 2- 71 | B- 5 | R- 14 | b- 48 | r- 316^C- 0 | ^S- 0 | #- 9 | 3- 25 | C- 16 | S- 14 | c- 262 | s- 243^D- 0 | ^T- 0 | $- 0 | 4- 10 | D- 8 | T- 25 | d- 95 | t- 263^E- 0 | ^U- 0 | %- 32 | 5- 29 | E- 27 | U- 8 | e- 296 | u- 108^F- 0 | ^V- 0 | &- 1 | 6- 43 | F- 13 | V- 0 | f- 154 | v- 45^G- 0 | ^W- 0 | '- 18 | 7- 17 | G- 0 | W- 0 | g- 78 | w- 8^H- 0 | ^X- 0 | (- 116 | 8- 16 | H- 0 | X- 0 | h- 100 | x- 31^I- 18 | ^Y- 0 | )- 116 | 9- 4 | I- 27 | Y- 2 | i- 338 | y- 64^J- 247 | ^Z- 0 | *- 232 | :- 5 | J- 0 | Z- 0 | j- 13 | z- 4^K- 0 | ^[- 0 | +- 78 | ;- 193 | K- 1 | [- 104 | k- 6 | {- 24^L- 0 | ^\- 0 | ,- 109 | <- 35 | L- 22 | \- 29 | l- 152 | |- 4^M- 0 | ^]- 0 | -- 100 | =- 121 | M- 5 | ]- 102 | m- 123 | }- 24^N- 0 | ^^- 0 | .- 51 | >- 31 | N- 29 | ^- 4 | n- 342 | ~- 0^O- 0 | ^_- 0 | /- 255 | ?- 0 | O- 17 | _- 27 | o- 213 | �- 0

Occurrence of Single Characters - Sorted

-3488 | "- 75 | F- 13 | `- 0 | 80- 0 | A0- 0 | C0- 0 | E0- 0

Output from ‘char_count’

22

Occurrence of Single Characters - Sorted -3488 | "- 75 | F- 13 | `- 0 | 80- 0 | A0- 0 | C0- 0 | E0- 0 n- 342 | 2- 71 | P- 12 | Q- 0 | 81- 0 | A1- 0 | C1- 0 | E1- 0 i- 338 | y- 64 | 4- 10 | ^B- 0 | 82- 0 | A2- 0 | C2- 0 | E2- 0 r- 316 | .- 51 | #- 9 | ^C- 0 | 83- 0 | A3- 0 | C3- 0 | E3- 0 e- 296 | b- 48 | D- 8 | $- 0 | 84- 0 | A4- 0 | C4- 0 | E4- 0 t- 263 | v- 45 | w- 8 | ^E- 0 | 85- 0 | A5- 0 | C5- 0 | E5- 0 c- 262 | 6- 43 | U- 8 | ^F- 0 | 86- 0 | A6- 0 | C6- 0 | E6- 0 /- 255 | <- 35 | k- 6 | G- 0 | 87- 0 | A7- 0 | C7- 0 | E7- 0^J- 247 | %- 32 | :- 5 | H- 0 | 88- 0 | A8- 0 | C8- 0 | E8- 0 s- 243 | x- 31 | B- 5 | ^A- 0 | 89- 0 | A9- 0 | C9- 0 | E9- 0 *- 232 | >- 31 | M- 5 | J- 0 | 8A- 0 | AA- 0 | CA- 0 | EA- 0 o- 213 | 5- 29 | |- 4 | ^K- 0 | 8B- 0 | AB- 0 | CB- 0 | EB- 0 a- 202 | \- 29 | ^- 4 | ^L- 0 | 8C- 0 | AC- 0 | CC- 0 | EC- 0 ;- 193 | N- 29 | z- 4 | ^M- 0 | 8D- 0 | AD- 0 | CD- 0 | ED- 0 p- 154 | _- 27 | 9- 4 | ^N- 0 | 8E- 0 | AE- 0 | CE- 0 | EE- 0 f- 154 | I- 27 | Y- 2 | ^O- 0 | 8F- 0 | AF- 0 | CF- 0 | EF- 0 l- 152 | E- 27 | @- 1 | ^P- 0 | 90- 0 | B0- 0 | D0- 0 | F0- 0 m- 123 | 3- 25 | &- 1 | q- 0 | 91- 0 | B1- 0 | D1- 0 | F1- 0 =- 121 | T- 25 | K- 1 | ^R- 0 | 92- 0 | B2- 0 | D2- 0 | F2- 0 (- 116 | {- 24 | !- 1 | ^S- 0 | 93- 0 | B3- 0 | D3- 0 | F3- 0 )- 116 | }- 24 | ^H- 0 | ^T- 0 | 94- 0 | B4- 0 | D4- 0 | F4- 0 ,- 109 | L- 22 | ^@- 0 | ^U- 0 | 95- 0 | B5- 0 | D5- 0 | F5- 0 u- 108 | '- 18 | ^V- 0 | V- 0 | 96- 0 | B6- 0 | D6- 0 | F6- 0 0- 104 | ^I- 18 | ^G- 0 | W- 0 | 97- 0 | B7- 0 | D7- 0 | F7- 0 [- 104 | 7- 17 | ^X- 0 | X- 0 | 98- 0 | B8- 0 | D8- 0 | F8- 0 ]- 102 | O- 17 | ?- 0 | ^Y- 0 | 99- 0 | B9- 0 | D9- 0 | F9- 0 h- 100 | 8- 16 | ^Z- 0 | Z- 0 | 9A- 0 | BA- 0 | DA- 0 | FA- 0 -- 100 | C- 16 | ^W- 0 | ^[- 0 | 9B- 0 | BB- 0 | DB- 0 | FB- 0 d- 95 | A- 16 | ^D- 0 | ^\- 0 | 9C- 0 | BC- 0 | DC- 0 | FC- 0 g- 78 | R- 14 | ^Q- 0 | ^]- 0 | 9D- 0 | BD- 0 | DD- 0 | FD- 0 +- 78 | S- 14 | ^^- 0 | ~- 0 | 9E- 0 | BE- 0 | DE- 0 | FE- 0 1- 77 | j- 13 | ^_- 0 | bs- 0 | 9F- 0 | BF- 0 | DF- 0 | FF- 0 Entropy is 4.5 bits/byte. Maximum character-wise compression = 56.5 % No. Char.s > 127 (not ASCII text) = 0, 0 % 23