CS338 Computer Security
Wednesday, 1 October 2025

+ Questions

+ Coming up
- certificates, PKI, TLS
- cryptographic scenarios assignment: due Sunday
- exam prep info: Monday Oct 6
- in-class exam: Friday Oct 10


+ Today
- Current assignment: structure of an RSA key file
    - why are we doing this?
    - some more details about what's going on

- Goal for the next couple days: Public-Key Infrastructure (PKI)
    - What's a digital signature?
    - What's a certificate, and what's it for?

- Try stuff
    - shasum
    - look at a TLS certificate
        - with a browser
        - with openssl

+ Cryptographic hash functions
- MD4, MD5, MD6,... (Ron Rivest)
- SHA1, SHA2, SHA3, SHA256, SHA224...
- more
- checksum - generic term, sometimes used for hash functions
- claim: change 1 bit in the data, the hash value changes a lot
    - try it with uppercase/lowercase ASCII letters


+ Key files
- Why care about the details?
    - exact byte contents of cryptographic objects matter
    - we are *really* gonna care about certificates, whose
        structure is very similar, but more complicated

- Cryptographic hash functions
    - Think about byte-for-byte ambiguity in normal text
        newline characters, space characters, capitalization, etc.
    - Play with a text file and look at its bytes
        with "hexdump -C myfile.txt"
    - Hash the file with "shasum -a 256 myfile.txt"
    - Change 1 bit of the data; what happens to the hash?

- Ways of describing the key
    - ASN.1 [programmer-readable]
        https://datatracker.ietf.org/doc/html/rfc8017#appendix-A.1.2

    - Rewrite the ASN.1 object using DER
        https://en.wikipedia.org/wiki/X.690#DER_encoding
    
    - Rewrite the DER encoding using base64
        https://en.wikipedia.org/wiki/Base64#Base64_table_from_RFC_4648

    - Rewrite the base64 encoding by sticking header & footer
      on it to give the final form: a PEM file
        https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail

+ Where are we going?

    Alice/Bob Diffie-Hellman --> shared secret S
        Secret-to-key algorithm --> shared AES key
    Alice/Bob: communicate, encrypting using AES

    Problem: AITM attack on Diffie-Hellman process

    Solution: "certificates"

+ Certificate-based story outline

    Alice/"Bob" Diffie-Hellman + secret-to-key gives shared AES key K

    "Bob" sends Alice a certificate saying "Bob uses RSA public key (n_b,e_b)"

    Alice checks to make sure a Trusted Third Party has signed the certificate
        ** if it's legit, Alice now believes that the real Bob uses (n_b,e_b) as a public key
        ** but is "Bob" the real Bob?
            (wait, why wouldn't it be the real Bob? the TTP said
             the certificate is legit! Answer: the certificate is
             a publicly available document)

    Alice sends "Bob" a challenge x: prove to me you have the secret/private
        key (n_b,d_b) that goes with the public key (n_b,e_b) by
        encrypting x with (n_b,d_b)

    "Bob" sends his response to the challenge
    Alice checks the response for validity

QUESTION: can't Mal just send Alice's challenge to Bob?
SEE BELOW

    Challenge passed? Then Alice believes she's talking to the real Bob, so now
        Alice and Bob now freely communicate encrypting with AES key K

---
What's in the challenge, to prevent Mal from just asking Bob to answer all of Alice's questions?