This lecture

1
This lecture

• On the assignment
• Certificates and key management
• SSL/TLS
• Introduction
• Phases
• Commands

2
Previous lecture

• Diffie-Hellman key agreement
• Authentication
• Certificates
• Certificate Authorities

3
Assignment

• Completely solved assignment gives 4 points
• Chaining not implemented gives 2 points
• Penalty for delay one point per day
• Common problems
• Static Initialization Vector (IV)
• Padding not bijectional
• Encryption algorithm used

4
Initialization Vector (IV)

• In CBC mode, the IV is used for the first XOR
• Using a constant IV always gives the same
  ciphertext for a certain clear text.
• A good system should generate the IV dynamically
• From some random generator
• From the system time, etc.
• Since the IV is necessary for decryption, the IV
  must be given in clear in the output
• The IV itself is not secret, and giving it in
  clear does not create a security problem.

5
Padding

• If the clear text is not a multiple of the block
  length, some padding must be used.
• The padding must be bijectional, i.e., the extra
  characters added must be removed after decryption
• Padding by adding spaces to the clear text does
  not work, since you cant know if the spaces were
  added during padding, or if they were in the
  clear text from the beginning
• How to create a bijectional padding?

6
Bijectional padding schemes

• A padding scheme is bijectional if depad(pad(s))
  s.
• If there are certain characters that for some
  reason cannot appear in the clear text, they can
  be used for padding.
• In general, this is not a good solution, since
  such conditions may change.
• Example Let l be the length of the original
  clear text, and let b be the block length. Set l
  the smallest multiple of b such that l gt l.
  Create a string of length l whose first l bytes
  are the clear text. Set the last byte to l - l.
• This is reversible, since when decrypting, it is
  possible to read the last byte and remove the
  corresponding number of padding characters.

7
Encryption algorithm used

• In the assignment, you need the basic DES
  encryption.
• Since ECB (Electronic Code Book) provides
  encryption without any further processing, this
  is what we want.
• In Java, use DES/ECB/NoPadding
• In other libraries, either call DES directly, or
  ECB without padding

8
Key management

• The applicant generates a key pair (public key
  and private key).
• The public key is sent to the Certificate
  Authority (CA) together with identifying data.
• The CA verifies the data and signs it with its
  private key (creating a certificate).
• The signed certificate is sent back to the
  issuer.
• Note No secret information is ever transmitted!

9
Key managent getting a certificate
Generates key pair
Public key and request information
Certificate Authority
Server
Private key
Public key
Verifies that the information in the request is
correct
Certificate
10
Verifying a certificate

• The user needs to know the public key of the CA
• Web browser come with certain CA public keys
  installed.
• To verify the validity of a certificate, the user
  must
• verify the digital signature in the certificate
  with the CA public key
• verify that the identifying information is what
  it should be.

11
Certificate chains

• Certificates can be chained
• Each certificate in the chain is signed with the
  private key of the certificate above.
• If the user knows the root certificate, he can
  verify that each step is valid.
• Using chains, the CA can outsource signing to
  other organizations it trusts without giving away
  its private key.

12
Certificate chains

• The end user certificates are verified by
  following the chain up to the root certificate
  authority (CA)
• If every step in the chain is valid, the end user
  certificate is considered valid.

13
SSL/TLS

• SSL (Secure Socket Layer) and TLS (Transport
  Layer Security) are standards for how to secure
  TCP/IP communications
• As of the latest revision, TLS is the official
  name for what used to be called SSL. However, SSL
  is still the word most frequently used.
• TLS is a layer on top of the TCP layer

14
TLS
Not secure
Secure
HTTP
HTTP
TLS
TCP
TCP
IP
IP
15
TLS

• Uses public keys and certificates for key
  negotiation
• Certificates in X.509 format
• Symmetric cryptography for actual communication
• Exact cipher used decided during hand-shake.
• TLS standard defines certain commands that can be
  used in communication

16
TLS roles

• TLS defines two roles, the server and the client.
• The client always initiates the communication.
• Example Web browser
• The server stands ready to respond to a request
  from the server
• Example Web server

17
TLS messages

• TLS defines several messages
• The messages are used in different stages
• Handshake
• Key establishment
• Authentication
• Resuming a session
• Sending data
• Closing a transaction

18
Initiating a transaction without authentication
ClientHello
ServerHello
ServerKeyExchange
ServerHelloDone
ClientKeyExchange
ChangeCipherSpec
Finished
ChangeCipherSpec
Finished
Server
Client