CS338 Computer Security
Monday, 29 September 2024

+ Recap Sunday's assignment

    Diffie-Hellman: *agree upon a shared secret*
        without letting eavesdroppers know the secret

    Eve sees: g, p, g^X mod p (Alice's communication)
              g^Y mod p (Bob's) (neither A nor E can compute Y from this)
              Alice knows X, g^Y mod p: (g^Y mod p)^X mod p = g^XY mod p
              Bob knows Y, g^X mod p: (g^X mod p)^Y mod p = g^XY mod p
        can Eve figure out X? if the numbers are big, no

    RSA: Anybody can encrypt messages intended for Bob to read
        using Bob's public key

        E((n,e), M) = M^e mod n
        E((n,d), Z) = Z^d mod n
        E((n,d), E((n,e), M)) = M^ed mod n = M

    Bob keeps d secret
    Alice sends message E((n,e), M) to Bob
    Only Bob can read M, because only Bob has d
 

+ The problem with DH
- AITM/PITM/MITM -- adversary-in-the-middle, person-in-the-middle, man-in-the-middle

    Eavesdropper (Eve) can't figure out the shared secret. Yay.

    What if Mal pretends to be Bob (to Alice); and pretends to be Alice (to Bob)
    Alice thinks she's talking to Bob, Bob thinks he's talking to Alice

    Alice (X) -- g, p, g^X mod p --> Mal (X_M) -- g, p, g^X_M mod p --> Bob

    Alice (X) <-- g^Y_M mod p -- Mal (Y_M) <-- g^Y mod p -- Bob (Y)

    Alice & Mal have a shared secret
    Mal & Bob have a shared secret
    *Alice and Bob don't know they're talking to Mal


+ The problem with RSA (and its other public-key friends)
- Is this public key from the real Bob?

+ RSA keys in real life
- ssh-keygen -t rsa -m pem
- what's the resulting format?
- walk through Wednesday's assignment

    Private key consists of 

        // This is expressed in ASN.1
        RSAPrivateKey {
            SEQUENCE (
                INTEGER version;
                INTEGER modulus; // n
                INTEGER publicExponent; // e
                INTEGER privateExponent; // d
                INTEGER prime1; // p
                INTEGER prime2; // q
                ...
            )
        }

        RSAPublicKey {
            ...
        }

    Use ssh-keygen to create a key pair

        (n, e, d, p, q, some other stuff) <-- private key
        
        (n, d) <-- public key

    All these integers are really long (and might vary in length)

    Storing an ASN.1 object uses an encoding mechanism called DER


ASN.1 (abstract syntax notation) -- language for describing the structure of a private key, a public key, a certificate, etc.

DER (distinguished encoding rules) -- a way of shoving an ASN.1 object into a file (or memory).