INF 123 SW ARCH, DIST SYS & INTEROP

LECTURE 17Prof. Crista Lopes

Objectives Trust on the Internet

Certificates & certificate authorities Public Key Cryptography SSL

Basic Threat: Domain Name Hijacking

Computers use a variety of methods to accomplish domain name resolution (name IP address) Local computer: hosts file DNS

Trojans may compromise hosts file, LAN router, or even entire ISP’s DNS resolution Leafs are more vulnerable -- demo

Very serious threat to the integrity of the Internet

Problem Formulation How can we trust that a domain name is

under control of its legitimate owner in the presence of such attacks?

Trusted Third Party

Certificate Authorities

Trusted Third Party A wants to talk to B, but is not sure B is

B

A B

Trusted Third Party, aka Certificate Authority

In broad strokes:

A B

CA1

3

2

4

5

6

Trusted Third Party1. B requests a digital certificate from CA2. CA verifies B in real life3. CA gives certificate to B

some time later…4. A contacts B5. B sends its digital certificate to A6. A verifies it with CA7. Finally, A is assured that B is B

Digital Certificate (non-electronic version: driver’s license) Binds an identity to a public key Electronic document signed by an authority Contains:

Owner’s public key Owner’s name Expiration date Serial number Name of the issuer Digital signature of the issuer

Trusted Certificate Authorities http://www.mozilla.org/projects/security/

certs/included/

Digital certificates from these CAs are expen$ive

Public Key Cryptography

Public Key Cryptography Asymmetric key algorithms

mathematically related key pair: one secret private key and another key that can be made public

Avoids secure initial exchange of key

Symmetric vs. Asymmetric

Symmetric

Asymmetric

ofreceiver

ofreceiver

Asymmetric Keys Data encrypted with a public key can

only be decrypted with the corresponding private key use this to ensure that only the recipient

can decrypt the message Data encrypted with a private key can

only be decrypted with the corresponding public key use this to ensure authenticity of sender

(assuming the sender’s public key can be trusted – hence CAs)

Digital Signatures

Password- vs. Certificate-based Authentication

Password

Certificate

Recap: SSL/TLS Extra pieces of transport-layer protocol

for negotiating cyphers and ensuring authentication of the server

Bottom line: Payload data is encrypted before sending,

decrypted upon reception

Recap: HTTPS = HTTP + SSL/TLS

POST /wifi/login HTTP/1.1Hostname: …Content-Type: …Content-Length: …

METHOD=login&firstname=foo&lastname=bar&password=hereismypassword

Unintelligible gibberish

Recap: HTTPS = HTTP + SSL/TLS https:// instead of http://

Uses port 443 by default instead of port 80

How SSL works http://video.google.com/videoplay?docid

=7130470471741831613

To Learn More on Cryptography CS 167

Final Remark about CAs Anyone can create certificates

you can too Tools choose which certificate authorities

to trust they may or may not trust yours

Alternative: Web of Trust Decentralized trust model

as opposed to CAs/PKI which are centralized Phil Zimmerman:

“As time goes on, you will accumulate keys from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault-tolerant web of confidence for all public keys.”