Upload
michael-wynholds
View
76
Download
7
Embed Size (px)
Citation preview
Intro to Cryptographyon the Web
Mike Wynholds@mwynholds
Basicswarning… math ahead
What is Crypto?cryptography = code makingcryptanalysis = code breaking
Modern crypto is all about mathprime number factorizationelliptic curvespolynomials from finite fields
“A function used to map data of arbitrary size (message)
to data of fixed size (digest).”
Cryptographic Hash Function
Example: MD5, SHA
Cryptographic Hash Function
Cipher
Example: AES, RSA
“An algorithm used to perform encryption or
decryption, via a symmetric or asymmetric key.”
Cipher
X
X
De X
RSAKeys
Public key - (n, e) Private key - (n, d)
Encryption
c = me mod n
Decryption
m = cd mod n
Example
p = 61, q = 53 n = pq = 3233 e = 17 d = 2753
Encrypt with public key
m = 123 c = 12317 mod 3233 = 855
Decrypt with private key
c = 855 m = 8552753 mod 3233 = 123
ECCy2 = x3 + ax + b
● A B = C⦿● Shoot a ball from A to B● Continue to next point on curse● Reflect straight up or down● Next point on the curve is C
● A A = B⦿● A B = C⦿● A C = D⦿● … n times● A X = Y⦿
Given A and n, it is easy to compute Y.Given A and Y, it is hard to compute n.
Message Authentication Code (MAC)
msg = {attack: ‘dawn’} + Custer + (1876-06-26 T 02:56 UTC)
key = “secret-password-banana-elmo”
mac = h( msg + key )
payload = msg + mac
Symmetric Key Cryptography
Public Key Cryptography
Key ExchangeDiffie-Hellman protocol
● large primes● elliptic curves● quantum shenanigans● paint
Key Exchange - RSA
Key Exchange - ECC
SSLthat thing we use everyday
TLS - Handshake (RSA)
TLS - Handshake (DH)
TLS - Record
Encrypt using master secretUse HMAC for validationNumber all records within HMAC body
X.509 Certificates
“A small electronic document used to prove
ownership of a public key.”
X.509 Certificates-----BEGIN CERTIFICATE-----MIIFRjCCBC6gAwIBAgIQIPr7QQi026A+m+4kgYqqJzANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNTEwMTUwMDAwMDBaFw0xNjEwMTQyMzU5NTlaMFAxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEVMBMGA1UECxMMRXNzZW50aWFsU1NMMRQwEgYDVQQDEwtzdGlja2llcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMW0wy+upYHx6YSZvYMpEi6/ZQimwfrAexNP8hvUgsXyfURC3SyE0khhWA4ksEjzr1TI0xlX/ajwYpKXUEnssc8sUkOMiWi1D09bKbGcH3xmAm5dwz2QinWNJbrPBaV7CYkwDmSSmb3gaigR5WnAI5vu5v4o+pjKz9QH6kOSh4UujBt/DIp5MYDZLfZdJv046D/ipSfHzNb8PmP+ad8oyXPjmQoP6SyO++Wbgu585cHCE5D9m1xJ+rQm0e5NETi83MrZwsOiFNVqgGvhLtODhOFjpxgPUbAVZNZftp2X3BZRnyOb1+M4QjGbJzudoAuhTS2D+7fh2vbHY+S7R1u3g2sCAwEAAaOCAdkwggHVMB8GA1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBS51J87AwSMuHXTigX9E6NREsl05kU0N04ThSTJaQ==-----END CERTIFICATE-----
X.509 CertificatesNeed: Public key cryptography with entities you don’t personally know or trust
Solution: Centralized, trusted* Certificate Authorities (CA)
* sort of - don’t forget DigiNotar and many others
X.509 CertificatesEntity generates public and private keyCA issues cert binding public key to certCert is downloaded during key exchangeCerts can be chained togetherRoot certs embedded in OSes and browsersAnd we trust , right?
Forward SecrecyUse ephemeral session keys during TLS
record phasePeriodic new key exchangeA stolen key only works for that session
Forward Secrecy
Perfect Forward SecrecyPiggyback new key exchange on existing TLS
messages
Stolen key can now only compromise the last two messages
HTTP Strict Transport Security
Show me the Codezlet’s use nginx
The Basicsserver { listen 443 ssl; server_name stickies.io; ssl_certificate certs/stickies_io.pem; ssl_certificate_key certs/stickies_io.key; # <-- 2048 bit RSA}
Custom Diffie-Hellman Primesserver { listen 443 ssl; server_name stickies.io; ssl_certificate certs/stickies_io.pem; ssl_certificate_key certs/stickies_io.key; ssl_dhparam certs/dhparam.pem;}
but first…
root@server# openssl dhparam -out dhparam.pem 4096
Disable SSLv3 and TLS1.0server { listen 443 ssl; server_name stickies.io; ssl_certificate certs/stickies_io.pem; ssl_certificate_key certs/stickies_io.key; ssl_dhparam certs/dhparam.pem; ssl_protocols TLSv1.1 TLSv1.2;}
Note: TLS 1.0 is required for IE 7 - 10
Perfect Forward Secrecyserver { listen 443 ssl; server_name stickies.io; ssl_certificate certs/stickies_io.pem; ssl_certificate_key certs/stickies_io.key; ssl_dhparam certs/dhparam.pem; ssl_protocols TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4”}
HTTP Strict Transport Securityserver { listen 443 ssl; server_name stickies.io; ssl_certificate certs/stickies_io.pem; ssl_certificate_key certs/stickies_io.key; ssl_dhparam certs/dhparam.pem; ssl_protocols TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers “...” add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";}
Speed it Up!server { listen 443 ssl; server_name stickies.io; ssl_certificate certs/stickies_io.pem; ssl_certificate_key certs/stickies_io.key; ssl_dhparam certs/dhparam.pem; ssl_protocols TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers “...” add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m;}