![Page 1: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/1.jpg)
D u k e S y s t e m s
Servers and secure communication
Jeff ChaseDuke University
![Page 2: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/2.jpg)
Shell lab
• We need to understand a little about:– job states: foreground and background
– process states
– blocking or sleep states: waiting for an external event
• Shell exposes a fundamental problem:– Many programs monitor/control asynchronous activities.
– E.g., shell manages children, apps wait for clicks, servers wait for requests, everyone waits for I/O to complete.
– How should a program wait for the next event, if there are many possible events to wait for?
– Wait for a specific event may miss others.
• Good event handling mechanisms are important.
![Page 3: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/3.jpg)
Unix was wrong
• Unix was designed around blocking system calls.– read from tty
– wait* for child process
– listen for arriving server connection
– Blocked process makes no progress until event occurs.
– signals an afterthought to “kill” a process
• Unix got it wrong.– Evolving signal mechanisms for better shells.
– Evolving designs for high-performance servers.
• Newer systems (and Ux variants) have better event handling mechanisms.– Kqueue, epoll, Android component interfaces
![Page 4: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/4.jpg)
Wait (Unix)
![Page 5: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/5.jpg)
Wait*
fork
execargv[0]=“echo”argv[1]=“y”argc = 2
wait
“echo y”
dsh
If a child is running in the foreground, the parent shell
“suspends execution” (blocks or sleeps) until the child
changes state (e.g., exits).
Child process continues on to execute “echo” program independently of parent.
Shell waits in read call for next command from tty.
![Page 6: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/6.jpg)
Parent/child interaction
fork
exit
exec
STOP
wait
“echo y”
dsh
“<ctrl-z>” SIGSTOP
“fg” kill SIGCONT
wait EXIT
A wait returns when the status of the child
changes (e.g., STOP).
Child blocks when it receives a STOP signal (e.g., resulting from ctrl-z on
keyboard).
Child wakes up when it receives
a CONTINUE signal (e.g., sent
by shell).
The awakened shell blocks in read to accept
the next command.
What if a foreground job exits before the parent
calls wait?
![Page 7: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/7.jpg)
Job states and transitions
fg
bgstop
exited
exit
exit
tty intty out
SIGCONT
SIGCONTset-fg
ctrl-z (SIGSTP)
![Page 8: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/8.jpg)
Monitoring background jobs
fork
exec
EXIT
“echo y&”
dsh
“jobs”
wait
How should a parent learn of status changes to a child if it’s busy doing something else and does not poll?
“Do you know where your children are?”
Parent can use a non-blocking wait to poll the
status of a child.
![Page 9: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/9.jpg)
Monitoring background jobs
fork
exec
EXIT
“echo y&”
dsh
Parent is waiting for read to return the next input command.
How should parent learn of the child exit event?
coffee….
What if a child changes state while the shell is blocked on some other event, e.g., waiting for input, or waiting for a foreground job to
complete?
A “real” shell should notice and inform the user immediately. But
dsh will not.
![Page 10: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/10.jpg)
Shell and children
Job 1
Job 2
Job 3
P1A P1B
P2A
P3A
dsh
Any of these child jobs/processes could
exit or stop at any time.
![Page 11: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/11.jpg)
Monitoring background jobs
fork
exec
EXIT
“echo y&”
dsh
SIGCHLD
Event notificationsSTOP
SIGCHLD
coffee….
A “real” shell receives SIGCHLD signals from the kernel when a
child changes state.
If the shell is blocked on some other system call (e.g., read), then SIGCHLD interrupts the
read.
Key point: many programs need to be able to receive and handle multiple
event types promptly, regardless of what order they arrive in. Unix has grown some funky mechanisms to deal with
that.
![Page 12: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/12.jpg)
Process states and transitions
running
readyblocked
exitedfg or bg
fg or bg
The kernel process/thread scheduler governs these transitions.
exit
wait, STOP, read, write, listen, receive, etc.
sleep
STOP wait
wakeup
Sleep and wakeup are internal primitives (later).
EXIT
![Page 13: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/13.jpg)
while (1) {
Char *cmd = getcmd();
int retval = fork();
if (retval == 0) {
// This is the child process
// Setup the child’s process environment here
// E.g., where is standard I/O, how to handle signals?
exec(cmd);
// exec does not return if it succeeds
printf(“ERROR: Could not execute %s\n”, cmd);
exit(1);
} else {
// This is the parent process; Wait for child to finish
int pid = retval;
wait(pid);
}
}
Inside the Shell
![Page 14: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/14.jpg)
Communication: endpoints and channels
channelpipe
bindingconnection
endpointport
data transferstream
flowmessages
request/reply RPC
events
operationsadvertise (bind)listenconnect (bind)close
write/sendread/receive
If one side advertises a named endpoint, we call it a server.
If one side initiates achannel to a named endpoint, we call it a client.
![Page 15: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/15.jpg)
Protection systems
• Every process (or other entity) has a label that governs its access rights on the system.
• The label is a list of named attributes and optional values.
• Each system defines the space of attributes and their interpretation.
• Some attributes and values represent an identity bound to the process.
• E.g.: uid=“alice”
login
shell
tool
log in
fork, setuid(“alice”), exec
fork/exec
uid=“alice”
Every file and every process is labeled/tagged with a user ID. A root process may change its user ID.
A process inherits its userID from its parent process.
Alice
![Page 16: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/16.jpg)
Android permissions
http://source.android.com/tech/security/
![Page 17: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/17.jpg)
Services
RPC
GET (HTTP)
![Page 18: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/18.jpg)
Binding to a service (Android)
public abstract boolean bindService (Intent service, ServiceConnection conn, int flags)
Connect to an application service, creating it if needed. …The given conn will receive the service object when it is created and be told if it dies and restarts. …
This function will throw SecurityException if you do not have permission to bind to the given service.
![Page 19: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/19.jpg)
Networking
channelbinding
connection
endpointport
Some IPC mechanisms allow communication across a network.E.g.: sockets using Internet communication protocols (TCP/IP).Each endpoint on a node (host) has a port number.
Each node has one or more interfaces, each on at most one network.Each interface may be reachable on its network by one or more names.
E.g. an IP address and an (optional) DNS name.
node A node B
operationsadvertise (bind)listenconnect (bind)close
write/sendread/receive
![Page 20: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/20.jpg)
Networking and distributed systems
channelbinding
connection
endpointport
node A node B
1.Nodes may crash (fail-stop).2.They may lie, cheat, or steal (“Byzantine” failure)3.They may run different software.4.Networks might not be reliable or safe.
Issues:
![Page 21: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/21.jpg)
Real networks are insecure
Alice
Bob
Mallory
attack
![Page 22: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/22.jpg)
Crypto primitives
Encrypt/Decrypt
Signing
Secure hashing
Use a shared secret key(symmetric)
oruse a keypair
one public, one private(asymmetric)
useful forfingerprinting data
![Page 23: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/23.jpg)
Cryptography for Busy People
• Standard crypto functions parameterized by keys.– Fixed-width “random” value (length matters, e.g., 256-bit)
– Symmetric (DES: fast, requires shared key K1 = K2)
– Asymmetric (RSA: slow, uses two keys)
• “Believed to be computationally infeasible” to break
E
D
EncryptEncrypt
DecryptDecrypt
K1
K2
M
M
[Image: Landon Cox]
![Page 24: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/24.jpg)
Symmetric Crypto
• “Secret key” or “private key” cryptography.– DES, 3DES, DESX, IDEA, AES
• Sender and receiver must possess a shared secret
– Shared key K
– K = K1 = K2
• Message M, Key K{M}K = Encrypt(M, K)
M = Decrypt({M}K , K)
![Page 25: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/25.jpg)
Example: Java KeyGenerator class
“A key generator is used to generate secret keys for symmetric algorithms.” [oracle.com]
![Page 26: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/26.jpg)
Example: Java Cipher class
“The Cipher class provides the functionality of a cryptographic cipher used for encryption and decryption. Encryption is the process of taking data (called cleartext) and a key, and producing data (ciphertext) meaningless to a third-party who does not know the key. Decryption is the inverse process: that of taking ciphertext and
a key and producing cleartext.” [oracle.com]
![Page 29: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/29.jpg)
Two “Key points”
• The random challenge is a nonce.– “number used once”
• Understand why the protocol uses a nonce.
• In order for this protocol to work, Alice and Bob need a shared secret.
• How can they establish this shared secret safely?
![Page 30: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/30.jpg)
Asymmetric Crypto
• Sometimes called “public key” cryptography.
• Each subject/principal possesses a keypair: K-1 and K– Decrypt(K, Encrypt(K-1, M)) = M
• Each principal keeps one key private.
• The inverse key may be public.
• Either key can be used to encrypt/decrypt.
![Page 31: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/31.jpg)
Example: Java KeyPairGenerator class
“The KeyPairGenerator class is an engine class used to generate pairs of public and private keys.” [oracle.com]
![Page 32: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/32.jpg)
E
D
CryptCrypt
CryptCrypt
Asymmetric crypto works both ways
[Image: Landon Cox]
A’s private keyor
A’s public key A’s public keyor
A’s private key
![Page 33: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/33.jpg)
Q
• If Alice knows Bob’s public key, how can Alice use it to verify that the party on the other end of a channel is Bob?
• What could go wrong?
• How is this “better” than symmetric crypto?
• How is it “worse”?
![Page 34: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/34.jpg)
Cryptographic hashes
• Also called a secure hash or one-way hash– E.g., SHA1, MD5
• Result called a hash, checksum, fingerprint, digest
• Very efficient
SHA1 hashSHA1 hash
160 bitsArbitrarily large
“Hash digest”
[Image: Landon Cox]
![Page 35: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/35.jpg)
Properties of Secure Hashing
• Collision-resistant– There exist distinct M1 and M2 such that h(M1) == h(M2).
– Such collisions are “hard” to find.
• One way– Given digest, cannot generate an M with h(M) == digest.
– Such collisions are “hard” to find.
• Secure– The digest does not help to discover any part of M.
![Page 36: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/36.jpg)
Properties of Secure Hashing
• Collision-resistant– There exist distinct M1 and M2 such that h(M1) == h(M2).
– Such collisions are “hard” to find.
• One way– Given digest, cannot generate an M with h(M) == digest.
– Such collisions are “hard” to find.
• Secure– The digest does not help to discover any part of M.
Haven’t SHA-1 and MD5 been broken?
Sort of…it turns out collisions are easier to find than thought, at least in some instances.
![Page 37: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/37.jpg)
Digital Signature
• A hash digest of M encrypted with a private key is called a digital signature– “Proves” that a particular identity sent M.
• “Proves” M has not been tampered.• “Unforgeable”
– The sender cannot deny sending M.• “non-repudiable”
– Can be legally binding in the United States
![Page 38: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/38.jpg)
http://pst.libre.lu/mssi-luxmbg/p1/04_auth-art.html
![Page 39: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/39.jpg)
Digital signatures with public keys
{h}Kpri
M
Signing
Verifying
E(Kpri , h)
128 bits
H(M) h
M
hH(doc)
D(Kpub ,{h}) {h}Kpri h'
h = h'?
M
signed doc
Key point: understand how/why digital
signatures use digests and asymmetric crypto
together.
![Page 40: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/40.jpg)
Two “key points”
• Digital signatures are “stronger” than physical signatures, because they are bound to the document contents.– Attacker cannot change the document contents without
invalidating the signature.
• To verify a signature, the receiver must already know the public key of the signer.– And it must be right.
– But how to know for sure?
![Page 41: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/41.jpg)
Two Flavors of “Signature”
• A digest encrypted with a private asymmetric key is called a digital signature– “Proves” that a particular identity sent the message.
• “Proves” the message has not been tampered.• “Unforgeable”
– The sender cannot deny sending the message.• “non-repudiable”
– Can be legally binding in the United States
• A digest encrypted with a shared symmetric key is called a message authentication code (MAC).
• faster, but…
![Page 42: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/42.jpg)
MAC
“Similar to a MessageDigest, a Message Authentication Code (MAC) provides a way to check the integrity of information transmitted over or stored in an unreliable medium, but uses a [symmetric secret] key in the calculation. Only someone with the proper key will be able to verify the received message. Typically, message authentication codes are used between two parties that share a secret key in order to validate information transmitted between these parties.” [oracle.com]
![Page 43: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/43.jpg)
What happens…
• How to authenticate shop.com?
• How to assure integrity/privacy of communications?
• How to prevent man-in-the-middle attack?
• How does shop.com authenticate you?
• Answer: Secure Sockets (SSL) or Transport-Layer Security (TLS)
https://www.shop.com/shop.html
![Page 44: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/44.jpg)
Symmetric and Asymmetric Crypto: Better Together• Use asymmetric crypto to “handshake” and establish a secret
session key (slow, but allows for key distribution).
• Then use the key to talk with symmetric crypto (fast and cheap)
• Example: Secure Sockets Layer (SSL) or Transport-Layer Security (TLS), used in HTTPS (Secure HTTP), SSH, SCP, etc.
“SYN, etc.”
“My public key is K.”
Client Server“Let’s establish a session key: {S}K .”
{M}S
…
[encrypted data or content]
![Page 45: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/45.jpg)
What are we missing?
• Does C know (believe) that K really is the public key of S?
• How to authenticate S?
![Page 46: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/46.jpg)
![Page 47: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/47.jpg)
![Page 48: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/48.jpg)
Example: Certificate
Certificates allow A to endorse the public key of B. The endorsement can be validated by anyone who knows and trusts A.
![Page 49: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/49.jpg)
A Digital Certificate (X.509)
![Page 50: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/50.jpg)
Trust management and PKI• An entity A delegates trust to another by endorsing its public
key for possession of an attribute or role.
• The delegation is a fact written as a logic statement and issued in a certificate that is digitally signed by A.
• In a standard x.509 identity certificate (e.g., issued by a PKI CA for web), the attribute is a distinguishing name.
– e.g., “Alice” or “amazon.com”
• But it could be more…
trustsA B
A.trusts B CertificateTerm of validity
Issuer’s name (or key)
Signature
Payload: statement
![Page 51: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/51.jpg)
Take a breath
• Your browser can verify the server identity if it knows the “real” server’s public key.
• The server presents a certificate endorsed by a third party (CA).
• Your browser can verify the certificate if it knows the CA’s public key.
• How does your browser know the CA’s public key?
![Page 52: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/52.jpg)
![Page 53: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/53.jpg)
![Page 54: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/54.jpg)
![Page 55: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/55.jpg)
![Page 56: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/56.jpg)
![Page 57: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/57.jpg)
![Page 58: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/58.jpg)
SSL is not so simple…
• How do we know who we are talking to?– Do we care? Somebody does…
– In SSL, either party MAY present a certificate.
– At least one MUST (e.g., server to validate key K).
• How to prevent replays of encrypted content?– Nonces, serial numbers, timestamps
• SSL/TLS uses this basic handshake protocol, but there are some subtleties:– Hashes and MACs
![Page 59: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/59.jpg)
Secure HTTP
• Uses SSL/TLS over TCP for “end-to-end” security.
• Browser always authenticates the server.– Server presents certificate signed by root CA.
– Domain name must match the certificate, etc.
– Browser has some set of public keys for root CAs wired into it, so it can check the signature.
• Server optionally requests to authenticate the browser (user or user agent).– Browser presents certificate, OR
– Password authentication is much more common. (why?)
• Browser and server negotiate a bulk cipher and secret session key as in “Better Together” above.
![Page 60: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/60.jpg)
SSL in detail
http://docs.oracle.com/javase/7/docs/technotes/guides/security/crypto/CryptoSpec.html
![Page 61: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/61.jpg)
Public Key Infrastructure (PKI)
• Assumption: everyone trusts some root CAs.
• Institutions/organizations set up their own CAs, and the root CAs endorse them to issue certificates for their members.– $$$
• Recursively, to form a hierarchy like DNS.– Delegation of Authority
• Network applications will have access to the keypairs and certificates of their users, and will validate the certificates of servers.
– Any day now…
![Page 62: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/62.jpg)
![Page 63: D u k e S y s t e m s Servers and secure communication Jeff Chase Duke University](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649ef35503460f94c061d6/html5/thumbnails/63.jpg)
Distributing session keys
• We want to use symmetric crypto because it is cheap.
• But we need a way to negotiate and distribute a shared secret (session key).
• Two examples to looks at:– SSL/TLS/HTTPS
– Kerberos (Needham/Schroeder) authentication protocol
– Shibboleth single-sign-on (SSO)