CS338 Computer Security Wednesday, 20 April 2022 + Office hours today - Not at 11:30 - Zoom at 3:00-4:30 + CS Department jobs, 2022-2023 - Prefects - Course staff (lab assisting, grading,...) - You would be great! - Application here: https://docs.google.com/forms/d/e/1FAIpQLSeTMrJu-qJ-dS7Kb_LuXSx-QEklKdpUAsYvsaVsVlrymVZZKQ/viewform + In-class exam, Friday, April 29 - General philosophy on in-class exams - Stuff I want you to have in your head - YES "base64 encodes/rewrites arbitrary byte sequences as sequences of ASCII characters" - MAYBE "to encode, take each 3-byte chunk and turn it into 4 6-bit chunks, and look those chunks up on a table" - NO "the letter Z represents the six bits 011001" - I'm happy if no more than 2-5 people are still working at the end of the exam - No tricks or intentionally obscure questions (at least I try) - Facts, yes. Also some "why" (e.g., why do we use certificates at all? why is it easier to secure an asymmetric key pair than a symmetric key?) - Fair game - Readings - Videos - Class notes - Assignments - Thinking about how to prioritize study - How important is this particular topic? Important enough for a 45-60-minute exam? - What did Jeff emphasize in homework? - What did Jeff emphasize in class? - What did Jeff emphasize in the videos? - Symmetric encryption - Key, plaintext, ciphertext - Be aware of the AES competition - Block ciphers - Block cipher modes - Names of a few important block ciphers: AES, DES, TripleDES, TwoFish... - Stream ciphers - Names of a couple important stream ciphers: ChaCha, RC4,... - Diffie-Hellman key exchange - What's the purpose? - Steps: what do Alice and Bob do, in what order? - Why can't Eve get the key even if she sees every packet? - Steps: what do Alice, Mal, and Bob send in a person-in-the-middle attack? are Alice & Bob fooled? - RSA - Of what does a key pair consist? - How do you create a key pair? - What mathematical relationships do the various numbers (n, e, d, p, q) have? - How do you encrypt/decrypt? - What are the limits on the size (in bits or bytes) of the messages that you can encrypt using a given RSA key? - Public-key/asymmetric encryption in general - Notation I'll use: public key P, secret key S, encrypt/decrypt using the function E E(P, M) or E(S, M) for message M - What relationship is there between E, P, S? - How can a person use E and S to sign something? - How can a person sign something but also prevent eavesdroppers from reading the signature? - IP - What does "IP" stand for? - What's the purpose of IP? - What are the main items in an IP header? - What's an IP address? - What's the most obvious difference between IPv4 and IPv6? - TCP - What does "TCP" stand for? - What's the purpose of TCP? - What's a port? - What's are the main items in a TCP header? - If I want to send a server the payload "Hi there!", what stuff gets prepended (or appended?) to the payload? - What does ACK mean? - What are the steps in a TCP handshake? What particular items of data are being agreed upon during a TCP handshake? - HTTP - What does "HTTP" stand for? - What's the purpose of HTTP? - What does a typical HTTP GET request look like? - What does a typical HTTP response look like? - What are "headers" in the HTTP context? (and be clear about the difference between our two uses of the word "header") - What are some commonly-included headers? - TLS - What does "TLS" stand for? - What is the relationship between TLS and SSL? - What's the purpose of TLS? - What information is exchanged and negotiated during a TLS handshake? - HTTPS - What does "HTTPS" stand for? - How is HTTPS related to HTTP and TLS? - Cryptographic hashes - What do they do? - What are their essential properties? - Names of a few important ones: SHA-256, SHA-2, SHA-1, MD5,... - List a few applications of hashes - What are MACs (and what does "MAC" stand for?)? - How are MACs different from hashes? - base64 - What is it? - How does it work? (But see above for stuff you don't have to memorize) - Miscellaneous - What are ASN.1, DER, PEM? - What do git add, status, commit, push, and pull do? - What does Wireshark do? - What's Kali Linux for? + Questions about homework + TLS, continued - Names: SSL vs. TLS - TLS Handshake - https://datatracker.ietf.org/doc/html/rfc8446#section-4 - Search online for explanations - What are the goals of the handshake? - Generally: set up an encrypted connection - Deciding that Alice and Bob can trust each other's identities - Choose a symmetric key - Which ciphers should we use? symmetric encryption algorithm hash function - What version of TLS are we using? - How do the client and server agree upon a cipher suite? What are the names of the available cipher suites? - [we'll continue to the key exchange on Friday] + Coders Rise Up signs - What is this for? What is its intent? - Some issues to consider - From the Carletonian "[declaring a CAMS major is] a little scary because when you’re pursuing a major in the arts or humanities you get a lot of judgment from other people, so you have to be sure on what you want to do" - How this image makes me feel