CS338 Computer Security
Monday, 18 April 2022

+ Today
- Masks
- Schneier debrief
- Trusted third party's role in preventing PITM
- Storing cryptographic info

+ Masks
- CS department policy (for now)
    - See my email to cs-interest from Saturday
    - Olin 310 & 304 are masks-required
- My office
    - Masks optional
    - If you arrive with mask on, I'll put a mask on, too

+ Schneier debrief
- Thank you
- Reactions?

+ Game #1: do you really have the private key?
Bob: "here's my public key P"
Alice: "prove that you have the private (secret key) S
    that goes with P. Encrypt this M with S."
Bob: [C = E(S, M) if Bob has S] "Here's C."
Alice: [X = E(P, C) =? E(P, E(S, M)) = M]
    If X == M, then Bob must have S

+ Game #2: CA vouching for Bob
Alice & Bob: "we trust CA, and we trust our data transfer
connection to CA. We both have a copy of CA's public key P_CA."

Bob: hey CA, here's a document D:

    ==== D ====
    I am "Bob"
    Here is my public key:
        P_Bob = (n = 0xA635BF290..., e = 0x10001)

CA: H = SHA-256(D)
    Sig = E(S_CA, H)
    Cert = D || Sig
    [Due diligence to make sure it's really Bob asking]
    Hey Bob, here's Cert

Alice: Bob, what's your public key?

Bob: Here's Cert. P_Bob is in there.

Alice:
    (D, Sig) = Cert
    H = SHA-256(D)
    Y = E(P_CA, Sig)
    If Y == H, CA has vouched for Bob
        Only CA could have created Sig,
        and D says Bob and P_Bob actually
        go together.

    I can trust...what? Do I need to play Game #1 with Bob?
    Why do I trust CA? Why do I trust my channel to CA?

THINK ABOUT THESE GAMES!

+ Break

+ Storing/transmitting key information
- PKCS (Public Key Cryptography Standards)
    - RSA Security, LLC
    - IETF (Internet Engineering Task Force)
        - ISOC (Internet Society)
    - RFCs (Requests for Comments)
    - PKCS #1 vs. RFC 8017
- ASN.1 - a language for describing data structures
- DER - a language for encoding ASN.1-described
        data into an unambiguous sequence of bytes
- PEM - a way of writing arbitrary byte data + a
        description of the data'a meaning in ASCII text
- don't forget our friend base64

+ Let's look at Carleton's certificate
- I already exported it to www.carleton.edu.pem
    I'll show you how to do that another day
- X.509 certificate structure (RFC 5280, section 4.1)
    This is articulated in ASN.1
- How is it stored?
    - PEM format structure
    - DER