WebFund 2016W Lecture 18: Difference between revisions
No edit summary |
No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 141: | Line 141: | ||
*This is what is used for HTTPS | *This is what is used for HTTPS | ||
===First Rule of Cryptography=== | =====Creating Our Key and Certificate===== | ||
*We can use OpenSSL to create a key and to use that key to sign a certificate | |||
*Randomness is an important factor in the creation of our key | |||
**We want this done in a non-deterministic fashion so that nobody can guess what our key is | |||
**OpenSSL uses Linux drivers which are designed to gather random data from events such as: | |||
***User actions on the keyboard and mouse | |||
***CPU temperatures | |||
***Network activity | |||
====First Rule of Cryptography==== | |||
*Friends don’t let friends implement their own cryptography, algorithms or code because it’s hard to do it and be sure you’re secure | *Friends don’t let friends implement their own cryptography, algorithms or code because it’s hard to do it and be sure you’re secure |
Latest revision as of 02:17, 21 March 2016
Video
The video for the lecture given on March 17, 2016 is now available.
Notes
In Class
(This is lecture 18, not 17!)
Lecture 18 ---------- Symmetric cryptography - everyone uses the same key - think secret decoder rings - or, file encrypted with AES - secret has to be shared between sender and receiver Public-key cryptography - but what if we don't have a shared secret? - your password isn't good enough, and - websites don't remember your password - and how would you send them your password in the first place - instead, we split the key into two parts - a public key - a private key - whatever one does, the other can undo - if you encrypt with a public key and decrypt with a private key - private one-way communication - e.g., you download Anil's public key and send Anil a secret message - if you encrypt with a private key and decrypt with the public key - that's a digital signature First rule of cryptography - friends don't let friends implement their own crypto - algorithms OR code! Why? You'll miss protections against attacks. Example: timing attacks - can extract secrets by watching execution time - exploits the fact that some numbers take longer to multiply & other operations Everyone else messes up too - so be prepared to update/replace all crypto-related code
Student Notes
Additional Notes on OpenStack Instances
- When selecting a floating IP address, the subnet must correspond to the network that you chose for your instance i.e. If you pick comp2406-net-31 you should use a 134.117.31 address and if you pick comp2406-net-26, use a 134.117.26 address. Mismatching will result in an error
sudo setcap ‘cap_net_bind_service=rep’ /usr/bin/node.js
is used to allow the user to bind to a privileged port
HTTPS
- HTTP is HyperText Transfer Protocol
- HTTPS is a secure version of HTTP which uses SSL/TLS
- SSL - Secure Sockets Layer
- TLS - Transport Layer Security
- The current version of SSL is TLS
- They are security protocols (cryptographic protocols) that encrypt communications to provide a secure connection over a network
- Normally in a URL, we don't see HTTP because it is the default so it is omitted
- With HTTPS, we will see the protocol written in the URL
- We also see a lock icon with HTTPS
- It means that the data you are sending is secure and the website you’re accessing has been digitally certified
- When you click on a lock icon, you can view information about the certificate that the server has
- If you want to enable SSL/TLS support in a Node application, you can change HTTP to HTTPS (change
var http = require(‘http’);
tovar http = require(‘https’);
in bin/www)- For the code to work, we have to specify some options (key and certificate) for the HTTPS server
- You can get it working by modifying the code:
In bin/www:
//use the app objects and put all the configurations into app, If require http is defined.
if (app.locals.sslOptions){
var http = require(‘https’);
}
else{
var http-require(‘http’);
}
//modify the ‘HTTP server’ part of your code with sslOptions.
//create an object in the app file.
if (app.locals.sslOptions){
var server = http.createServer(app.locals.sslOptions, app);
}
else{
var server = http.createServer(app);
}
In app.js, we specify the HTTPS options by loading the key and certificate files:
var fs = require('fs');
//put this after app is defined but before it is exported
app.locals.sslOptions = {
key: fs.readFileSync(‘keys/comp2406-test-key.pem’),
cert: fs.readFileSync(‘keys/comp2406-test-cert.pem’)
}
Certificates
- Certificates are a form of digital authentication for a web server
- They contain information about the server and the authority that has signed the certificate
- Companies such as GlobalSign and Verisign are certificate authorities which are relied upon to sign trustworthy certificates
- If you do not want to pay a trusted certificate authority to sign your server's certificate, you can sign it yourself
- This gives you a usable certificate but it will produce a warning when a browser communicates with your server since it will receive a certificate signed by an untrusted source
- In order to get our web application to work properly with SSL/TLS, we have to create a key and use it to sign a certificate
- An alternative to get a trusted certificate is to get a free temporary certificate (from Let's Encrypt) and update it by using a script to run it in order to obtain new ones upon expiry
Symmetric Cryptography
- With symmetric cryptography, everyone uses the same key i.e. if you want to send a secret message to another person, you have to have the same secret decoder ring or files encrypted with AES
- AES is a symmetric block cipher in which the same key is used to encrypt and decrypt a document. It is a block cipher because it encrypts data in blocks as opposed to the whole thing
- The key to symmetric cryptography is that the secret has to be shared between the sender and receiver to keep it a secret i.e. instead of making the whole document secret, just make a key to keep it secure
- The difficulty is in initially sharing this secret in a secure fashion
Public-key Cryptography
- But what if we don’t have a shared secret?
- Passwords aren’t good enough
- Websites don’t remember your password
- How would you send them your password in the first place (in a secure fashion)?
- Instead, we split the key into two parts: public key and private key
- In public key cryptography, you have two keys, a matched pair of public and private keys are opposite (inverters) because what you do with one can be undone with the other
- If you encrypt with a public key and decrypt with a private key, it’s a private one way communication
- For example, you can send the professor a secret message after downloading his public key and using it for encryption
- If you encrypt with a private key and decrypt with the public key, that’s a digital signature
- If you encrypt with a public key and decrypt with a private key, it’s a private one way communication
- This is what is used for HTTPS
Creating Our Key and Certificate
- We can use OpenSSL to create a key and to use that key to sign a certificate
- Randomness is an important factor in the creation of our key
- We want this done in a non-deterministic fashion so that nobody can guess what our key is
- OpenSSL uses Linux drivers which are designed to gather random data from events such as:
- User actions on the keyboard and mouse
- CPU temperatures
- Network activity
First Rule of Cryptography
- Friends don’t let friends implement their own cryptography, algorithms or code because it’s hard to do it and be sure you’re secure
- Why?
- You’ll miss protections against attacks. E.g. Timing attacks.
- In a timing attack, the attacker can extract secrets by watching execution time
- This exploits the fact that some numbers take longer to multiply than others
- You’ll miss protections against attacks. E.g. Timing attacks.
- Even professionally developped crypto systems will have bugs, so be prepared to update/replace all crypto-related code