1. INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 17 Prof. Crista Lopes

2. Objectives  Trust on the Internet  Certificates & certificate authorities  Public Key Cryptography  SSL

3. Basic Threat: Domain Name Hijacking  Computers use a variety of methods to accomplish domain name resolution (name  IP address)  Local computer: hosts file  DNS  Trojans may compromise hosts file, LAN router, or even entire ISP’s DNS resolution  Leafs are more vulnerable -- demo  Very serious threat to the integrity of the Internet

4. Problem Formulation  How can we trust that a domain name is under control of its legitimate owner in the presence of such attacks?

5. Trusted Third Party Certificate Authorities

6. Trusted Third Party  A wants to talk to B, but is not sure B is B A A B B

7. Trusted Third Party, aka Certificate Authority  In broad strokes: A A B B CA 1 3 2 4 5 6

8. Trusted Third Party 1. B requests a digital certificate from CA 2. CA verifies B in real life 3. CA gives certificate to B some time later… 4. A contacts B 5. B sends its digital certificate to A 6. A verifies it with CA 7. Finally, A is assured that B is B

9. Digital Certificate  (non-electronic version: driver’s license)  Binds an identity to a public key  Electronic document signed by an authority  Contains:  Owner’s public key  Owner’s name  Expiration date  Serial number  Name of the issuer  Digital signature of the issuer

10. Trusted Certificate Authorities  http://www.mozilla.org/projects/security/certs/incl uded/ http://www.mozilla.org/projects/security/certs/incl uded/  Digital certificates from these CAs are expen$ive

11. Public Key Cryptography

12.  Asymmetric key algorithms  mathematically related key pair: one secret private key and another key that can be made public  Avoids secure initial exchange of key

13. Symmetric vs. Asymmetric Symmetric Asymmetric of receiver of receiver

14. Asymmetric Keys  Data encrypted with a public key can only be decrypted with the corresponding private key  use this to ensure that only the recipient can decrypt the message  Data encrypted with a private key can only be decrypted with the corresponding public key  use this to ensure authenticity of sender (assuming the sender’s public key can be trusted – hence CAs)

15. Digital Signatures

16. Password- vs. Certificate-based Authentication Password Certificate

17. Recap: SSL/TLS  Extra pieces of transport-layer protocol for negotiating cyphers and ensuring authentication of the server  Bottom line:  Payload data is encrypted before sending, decrypted upon reception

18. Recap: HTTPS = HTTP + SSL/TLS POST /wifi/login HTTP/1.1 Hostname: … Content-Type: … Content-Length: … METHOD=login&firstname=foo&lastname=bar &password=hereismypassword Unintelligible gibberish

19. Recap: HTTPS = HTTP + SSL/TLS  https:// instead of http://  Uses port 443 by default instead of port 80

20. How SSL works  http://video.google.com/videoplay?docid=71304 70471741831613 http://video.google.com/videoplay?docid=71304 70471741831613

21. To Learn More on Cryptography  CS 167

22. Final Remark about CAs  Anyone can create certificates  you can too  Tools choose which certificate authorities to trust  they may or may not trust yours

23. Alternative: Web of Trust  Decentralized trust model  as opposed to CAs/PKI which are centralized  Phil Zimmerman:  “As time goes on, you will accumulate keys from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault- tolerant web of confidence for all public keys.”