Module 11 Flashcards
what is the goal of https?
to establish an encrypted session
i.e., the data you are sending is not visible
how do we achieve an encrypted session?
some ideas:
- Diffie hellman key exchange
- Public key cryptography
what is a man in the middle attack?
An attacker could be proxying the communication between the browser and the server. As we saw in the Diffie-Hellman key exchange, an attacker can talk to Alice and also talk to Bob, and thus can pretend to be both and read all the communication.
How do certificate authorities prevent man in the middle attacks?
Once a domain has a certificate, the domain can send this certificate to the browser, thus verifying its identity.
An attacker would not be able to produce a valid certificate because that would require splurging the tuple of upenn.edu and some public key under the secret key of some certificate authority. Because we’re using digital signatures, an adversary is not going to be able to create such forgeries unless they managed to compromise the secret key of some certificate authorities, which has happened in the past.
What is an X.509 certificate?
- name of the issuer of the certificate
- domain name of the web server
- name of the organization
- valid dates of the certificate
- public key of the web server
- key usage?
- -> digital signatures?
- -> encryption?
- information about the public key
- -> algorithm (e.g. RSA)
- -> type of padding (e.g., PKCS#1 v1.5)
- -> kind of hash function used (e.g. SHA256)
- signature algorithm
- signature of all the information under the CA’s private key
How does a CA validate web server?
This is tricky!
- CA needs to verify that the requesting entity indeed owns upenn.edu
- Common technique: random URL test
- Not a perfect defense: network / DNS attacker could trick the CA
- high-profile domain names require more extensive validation
- -> phone confirmation, in-person audit
How do intermediate CAs help?
- scalability
- - so root CAs are not responsible for certificates of every single web site - security
- - root CAs can keep their private key stored safely - better validation
- - root CAs are global entities, whereas intermediate CAs can be local
- - specific to a country, state, city, or company
- - in a better position to verify a request for a certificate
Browsers don’t trust intermediate CAs. So how does it work?
What’s the key difference between using RSA handshake or Diffie Hellman handshake for TLS 1.2?
in RSA, we’re using the public key for encryption; in DH, we’re using the public key for verifying signatures
what is forward secrecy?
if an attacker steals the long-term secret key of the web server (SK), it should not be able to read past sessions.
Which TLS handshakes are forward secret?
TLS-RSA:
– not forward secret. if sk is compromised, adversary can recover master secret of old sessions. thus, adversary can recover all keys of old sessions
TLS-DH
- forward secret because sk is used to sign messages, not for encryption
- if adversary gets sk, it can forge new signatures, but it cannot derive old keys
What are some important changes in TLS 1.3
- all protocols support forward secrecy
- no more RSA-KEM - deprecates old ciphers (DES, MD5,SHA1, RSA-KEM)
- streamlines some of the handshake messages
