Decluttering my mind into the web ...
Contents:
Week 5 Live Event Section 1: Cryptographic Protocols ---- Video 01: Cryptographic Protocols Section 2: Secret / Secure Messaging ---- Video 02: Secret Messaging Section 3: Kerberos (case study) ---- Video 03: The Kerberos Protocol Section 4: Public Key Infrastructure (PKI) ---- Video 04: Digital Signatures and Certificates ---- Video 05: Certificate Authorities (CA) Section 5: Case Study: Secure Sockets Layer (SSL, or TLS) ---- Video 06: Certificates on the Web ---- Video 07: The TLS/SSL Protocol ---- Video 08: SSL Continued
This week begins with an introduction to cryptographic protocols and secret messaging, and goes on to present the Kerberos authentication protocol as a case study, followed by a deeper dive into the PKI systems, certificate authorities, and a detailed look at how the HTTPS protocol (also known as SSL or TLS) works.
Topic Outline:
Cryptographic Protocols
This lecture depicts the subtleties and properties of cryptographic protocols. Cryptographic protocols are self-enforcing, multi-party, step-by-step protocols that do not rely on mutual trust. They are often complex and fragile, with properties such as privacy and non-repudiation. In this lecture, we outlines the goals and properties of such protocols.
What is a cryptographic protocol? A step-by-step procedure to accomplish a goal using cryptographic methods.
What is the difference between a protocol and an algorithm?
They are the same, but the term protocol is prefered because computation is done across multiple parties (similar to networking).
Notes:
What are their properties?
Note: They are not really independent, often they need to be together.
Types of protocols (these terms come from more from law rather than CS):
Sending messages that are private, authentic, and non-tamperable is called secret (or secure) messaging. Sending messages that are secret is harder than you might think. Every message must be authenticated, encrypted, tamper-detectable and free from MITM attacks. Combinations of public-key and symmetric key encryption along with message authentication codes (MAC) are used to do secret messaging.
MAC == Message Authentication Codes
To avoid message tampering:
What about authentication?
Notes:
The standard algorithm used is HMAC (hash MAC / Keyed MAC).
Why is it used?
Because of the length extension atack on hash functions (similar to birthday attcks).
“In cryptography and computer security, a length extension attack is a type of attack where an attacker can use Hash(message1) and the length of message1 to calculate Hash(message1 ‖ message2) for an attacker-controlled message2, without needing to know the content of message1. Algorithms like MD5, SHA-1, and SHA-2 that are based on the Merkle–Damgård construction are susceptible to this kind of attack. The SHA-3 algorithm is not susceptible.”
Remark:
The Kerberos protocol is an authentication protocol that was the precursor to the current single sign-on systems. It was developed in 1986 from a symmetric key version of Needham and Schroder. This lecture discusses the details of Kerberos and how good cryptographic designs are done. The Kerberos case study provides a strong learning opportunity, particularly in regards to the nuances of cryptographic protocols.
Kerberos:
Kerberos is a computer-network authentication protocol that works on the basis of tickets to allow nodes communicating over a non-secure network to prove their identity to one another in a secure manner.
Its designers aimed it primarily at a client–server model and it provides mutual authentication—both the user and the server verify each other’s identity.
Kerberos protocol messages are protected against eavesdropping and replay attacks.
Kerberos builds on symmetric key cryptography and requires a trusted third party, and optionally may use public-key cryptography during certain phases of authentication.
Kerberos uses UDP port 88 by default.
Several steps:
Public Key Infrastructure (PKI) is the fabric that holds together trust management in the world wide web. Certificates and certificate authorities act as the pillars of this technology.
Lecture Video Guide
Digital Signatures and Certificates: This lecture takes a closer look at digital signatures and certificates and discusses the properties and rules of signing digital documents.
Certificate Authorities (CA): Digital certificates are issued by trusted agencies called Certificate Authorities (CA). Root Certificate Authorities function as the root of trust. Web of Trust is a decentralized system for managing trust. Trust management helps ensure correct authentication and acts as a deterrent to MITM attacks. This lecture explores Certificate Authorities and surrounding topics.
How do digital signatures work?
How to verify?
Properties of digital signatures:
Rule for digital signatures: Do not sign anything you did not create.
Then what should you do?
Why?
What is the primary usage of digital signatures?
PKI components:
Remarks:
What is the web of trust?
Revocation of certificates?
OCSP (Online Certificate Status Protocol):
Remark: it is not on by default.
Using the PKI infrastructure described before, we show how secure messaging (HTTPS) works with web browsers and servers.
Lecture Video Guide
Certificates on the Web: All secure web servers use certificates. This lecture shows how to access certificates, public keys and other information about secure web servers.
The TLS/SSL Protocol: Secure Sockets Layer (SSL) or Transport Level Security (TLS) is the messaging protocol used in HTTPS connections. This lecture shows the details of the SLL protocol.
SSL Continued: The inner details of the SSL protocol is presented in this lecture, including the pre-master secret, how to generate a master secret and key material, and PRF and HMAC functions.
Nothing to note here.