WebFund 2016W Lecture 18: Difference between revisions
| No edit summary | No edit summary | ||
| (One intermediate revision by the same user not shown) | |||
| Line 141: | Line 141: | ||
| *This is what is used for HTTPS | *This is what is used for HTTPS | ||
| ===First Rule of Cryptography=== | =====Creating Our Key and Certificate===== | ||
| *We can use OpenSSL to create a key and to use that key to sign a certificate | |||
| *Randomness is an important factor in the creation of our key | |||
| **We want this done in a non-deterministic fashion so that nobody can guess what our key is | |||
| **OpenSSL uses Linux drivers which are designed to gather random data from events such as: | |||
| ***User actions on the keyboard and mouse | |||
| ***CPU temperatures | |||
| ***Network activity | |||
| ====First Rule of Cryptography==== | |||
| *Friends don’t let friends implement their own cryptography, algorithms or code because it’s hard to do it and be sure you’re secure | *Friends don’t let friends implement their own cryptography, algorithms or code because it’s hard to do it and be sure you’re secure | ||
Latest revision as of 02:17, 21 March 2016
Video
The video for the lecture given on March 17, 2016 is now available.
Notes
In Class
(This is lecture 18, not 17!)
Lecture 18
----------
Symmetric cryptography
 - everyone uses the same key
 - think secret decoder rings
 - or, file encrypted with AES
 - secret has to be shared between sender and receiver
 
Public-key cryptography
 - but what if we don't have a shared secret?
   - your password isn't good enough, and
   - websites don't remember your password
   - and how would you send them your password in
     the first place
 - instead, we split the key into two parts
   - a public key
   - a private key
 - whatever one does, the other can undo
 - if you encrypt with a public key and decrypt with a
   private key
     - private one-way communication
     - e.g., you download Anil's public key and send
       Anil a secret message
 - if you encrypt with a private key and decrypt with 
   the public key
     - that's a digital signature
First rule of cryptography
 - friends don't let friends implement their own crypto
 - algorithms OR code!
Why?  You'll miss protections against attacks.
Example: timing attacks
 - can extract secrets by watching execution time
 - exploits the fact that some numbers take longer to
   multiply & other operations
Everyone else messes up too
 - so be prepared to update/replace all crypto-related
   code
Student Notes
Additional Notes on OpenStack Instances
- When selecting a floating IP address, the subnet must correspond to the network that you chose for your instance i.e. If you pick comp2406-net-31 you should use a 134.117.31 address and if you pick comp2406-net-26, use a 134.117.26 address. Mismatching will result in an error
- sudo setcap ‘cap_net_bind_service=rep’ /usr/bin/node.jsis used to allow the user to bind to a privileged port
HTTPS
- HTTP is HyperText Transfer Protocol
- HTTPS is a secure version of HTTP which uses SSL/TLS
- SSL - Secure Sockets Layer
- TLS - Transport Layer Security
- The current version of SSL is TLS
- They are security protocols (cryptographic protocols) that encrypt communications to provide a secure connection over a network
 
- Normally in a URL, we don't see HTTP because it is the default so it is omitted
- With HTTPS, we will see the protocol written in the URL
- We also see a lock icon with HTTPS
- It means that the data you are sending is secure and the website you’re accessing has been digitally certified
- When you click on a lock icon, you can view information about the certificate that the server has
 
- If you want to enable SSL/TLS support in a Node application, you can change HTTP to HTTPS (change var http = require(‘http’);tovar http = require(‘https’);in bin/www)- For the code to work, we have to specify some options (key and certificate) for the HTTPS server
 
- You can get it working by modifying the code:
In bin/www:
//use the app objects and put all the configurations into app, If require http is defined.
if (app.locals.sslOptions){
   var http = require(‘https’);
}
else{
   var http-require(‘http’);
}
//modify the ‘HTTP server’ part of your code with sslOptions.
//create an object in the app file.
if (app.locals.sslOptions){
   var server = http.createServer(app.locals.sslOptions, app);
}
else{
   var server = http.createServer(app);
}
In app.js, we specify the HTTPS options by loading the key and certificate files:
var fs = require('fs');
//put this after app is defined but before it is exported
app.locals.sslOptions = {
   key: fs.readFileSync(‘keys/comp2406-test-key.pem’),
   cert: fs.readFileSync(‘keys/comp2406-test-cert.pem’)
}
Certificates
- Certificates are a form of digital authentication for a web server
- They contain information about the server and the authority that has signed the certificate
- Companies such as GlobalSign and Verisign are certificate authorities which are relied upon to sign trustworthy certificates
- If you do not want to pay a trusted certificate authority to sign your server's certificate, you can sign it yourself
- This gives you a usable certificate but it will produce a warning when a browser communicates with your server since it will receive a certificate signed by an untrusted source
- In order to get our web application to work properly with SSL/TLS, we have to create a key and use it to sign a certificate
- An alternative to get a trusted certificate is to get a free temporary certificate (from Let's Encrypt) and update it by using a script to run it in order to obtain new ones upon expiry
 
Symmetric Cryptography
- With symmetric cryptography, everyone uses the same key i.e. if you want to send a secret message to another person, you have to have the same secret decoder ring or files encrypted with AES
- AES is a symmetric block cipher in which the same key is used to encrypt and decrypt a document. It is a block cipher because it encrypts data in blocks as opposed to the whole thing
 
- The key to symmetric cryptography is that the secret has to be shared between the sender and receiver to keep it a secret i.e. instead of making the whole document secret, just make a key to keep it secure
- The difficulty is in initially sharing this secret in a secure fashion
 
Public-key Cryptography
- But what if we don’t have a shared secret?
- Passwords aren’t good enough
- Websites don’t remember your password
- How would you send them your password in the first place (in a secure fashion)?
 
- Instead, we split the key into two parts: public key and private key
- In public key cryptography, you have two keys, a matched pair of public and private keys are opposite (inverters) because what you do with one can be undone with the other
- If you encrypt with a public key and decrypt with a private key, it’s a private one way communication
- For example, you can send the professor a secret message after downloading his public key and using it for encryption
 
- If you encrypt with a private key and decrypt with the public key, that’s a digital signature
 
- If you encrypt with a public key and decrypt with a private key, it’s a private one way communication
- This is what is used for HTTPS
Creating Our Key and Certificate
- We can use OpenSSL to create a key and to use that key to sign a certificate
- Randomness is an important factor in the creation of our key
- We want this done in a non-deterministic fashion so that nobody can guess what our key is
- OpenSSL uses Linux drivers which are designed to gather random data from events such as:
- User actions on the keyboard and mouse
- CPU temperatures
- Network activity
 
 
First Rule of Cryptography
- Friends don’t let friends implement their own cryptography, algorithms or code because it’s hard to do it and be sure you’re secure
- Why?
- You’ll miss protections against attacks. E.g. Timing attacks.
- In a timing attack, the attacker can extract secrets by watching execution time
- This exploits the fact that some numbers take longer to multiply than others
 
 
- You’ll miss protections against attacks. E.g. Timing attacks.
- Even professionally developped crypto systems will have bugs, so be prepared to update/replace all crypto-related code