CS338 Computer Security
Wednesday, 4 October 2023

+ Today
- A non-obvious detail
- Make a general plan for A & B
- Look at real certificates
- Start looking at TLS 1.3 (RFC 8446)
- Other things on your minds


+ A note about client/server contributions to cryptographic protocols
- DH: K includes a contribution from both Alice and Bob
        K = g^(ab) mod p
    so neither can unilaterally control the final value of K

- Alternative: Alice generates K and sends E(P_Bob, K) to him
    - here, Alice controls K's value
    - could this be dangerous to Bob?
    - any other problems with this?

+ One approach to foiling AITM
Step 0: A gets B's certificate (bob.com, P_B) and validates it
Step 1: A & B do DH to get K (from which they derive an AES key)
Step 2: A poses a challenge to B
Step 3: B responds somehow?
...?


+ Look at a real certificate
- Browser: lock -> [drill down to see the certificate info] -> export
- Export a certificate, and then:
    - open it with a text editor -- what do you see?
    - try this command
        openssl x509 -in CERT_FILE_NAME -inform pem -noout -text
      also
        openssl help x509
    - what info is there? what is clear, what is murky?
- Validation: how does it work?

======= Did not get past here since Jeff lost his way... =======

+ RFC 8446 The Transport Layer Security (TLS) Protocol Version 1.3
- Pay attention to
    - Section 2 for handshake overview
    - Section 3 for notation
    - Section 4 for detailed handshake top-level
    - Several bits of vocabulary
        (EC)DHE
        Pre-shared key (PSK)
        Forward secrecy
- Assumptions for today
    - A & B are not using pre-shared keys; just (EC)DHE
- Questions
    - In what way does A pose her challenge?
    - In what way does B respond?
    - In what way does A send her DH info g,p,g^a mod p (or whatever)?
    - In what way does B respond?


=== some leftover questions from way back ===
- The whole gzip thing

- What is the Ethernet II heading saying? For instance, if it says Src: 4e:27:a6:45:1c:d5 and Dst: 3e:06:30:13:14:64, what does that mean?

- When the hex doesn't convert to text easily - what is it/ how do I figure it out?

- Would wireshark not work if your homepage used https? If it does work, then how would it differ?

- I'm not entirely sure what "a TCP connection" here means.

- All of the protocols in this capture are either TCP or HTTP. Are there other types of protocols that show up frequently?