CS338 Computer Security
Monday, 2 October 2023

+ Coming up
- Reading TLS
- Assignment due Saturday
- In-class exam Wednesday 10/11
    - I'll give you a study guide Wed 10/4 or Fri

+ Recap: let's fill in some details
- TCP ports and handshake
- HTTP
- Symmetric encryption
    - what's it for?
    - what characterizes "symmetric" here? (secret key, shared  
        only by sender & receiver)
    - stream ciphers vs. block ciphers
    - AES, TwoFish, RC4, DES, Triple DES, etc. etc.
- Asymmetric encryption
    - what's it for?
    - what characterizes "asymmetric" here? (key pairs, one
        per potential participant in communication; secret
        keys known only by one person; public keys public)
    - RSA, Elliptic Curve
    - properties of "one-way trapdoor functions"
- Diffie-Hellman key exchange
    - what's it for?
    - sequence of events in an exchange
        --> g, p, g^A mod p
        <-- g^B mod p
    - what are the numbers and who knows them?
    - AITM/PITM attack on this protocol
- Cryptographic hashes
    - maps any data to a fixed-length output integer output value
    - the outputs are statistically well spread
        (in practice, we can confident that if D1 and D2 differ,
            H(D1) != H(D2)...)
    - don't want to be able to compute D from H(D)
    - should be hard to find ANY D1 and D2 with H(D1) = H(D2)
- Digital signatures
- Pragmatics [ssh-keygen, openssl, etc.]


+ Public Key Infrastructure: let's draw some timelines
- "Trusted third party"
- Certificates
    - Identity + public key + CA signature

(1) Sequence of events between Alice and Bob to make Alice confident she's talking to bob.com

(2) Sequence of events between Bob and CA to get the certificate in the first place

(3) Other?