Foundations of Network and Foundations of Network and Computer SecurityComputer SecurityJJohn BlackLecture #12Oct 6th2005CSCI 6268/TLEN 5831, Fall 2005Announcements• Project #0 assigned today– Due Oct 18thin class– CAETE students may email project #0 directly to the grader, [email protected]– Non-CAETE students may NOT do this• Quiz #2 is next class– I’ll have a special OH 9:30-10:30am before the quiz, and (as usual) I’ll answer email over the weekendLet’s Sum Up From Last Time• Symmetric Key Model– Encryption• ECB (bad), CBC, CTR– All these are modes of operation built on a blockcipher– Authentication (MACs)• CBC MAC, XCBC, UMAC, HMAC• Asymmetric Key Model– Encryption•RSA-OAEP– Assumes factoring product of large primes is hard– Authentication• RSA signatures– Usually hash-then-signNext Up: SSL• Next we’ll look at how to put all this together to form a network security protocol• We will use SSL/TLS as our model since it’s ubiquitous• But first, we’ll digress to talk about OpenSSL, and our first part of the project (a warm-up)OpenSSL• Was SSLeay• Open Source• Has everything we’ve talked about and a lot more• Most everything can be done on the command line• Ungainly, awkward, inconsistent– Mostly because of history– Have fun, it’s the only game in town• http://www.openssl.org/Brief Tutorial• This is a grad class; you can figure it out from the man page, but…– Syntax is % openssl <cmd> <parms>– cmd can be ‘enc’, ‘rsautl’, ‘x509’, and more– We’ll start with the ‘enc’ command (symmetric encryption)– Let’s look at the enc command in more detailOpenSSL enc command• openssl enc -ciphername [-in filename] [-out filename] [-pass arg] [-e] [-d] [-a] [-K key] [-iv IV] [-p] [-P]• -ciphername can be– des-ecb (yuk!), des-cbc (hmm), des (same as des-cbc), des-ede3-cbc, des3 (same), aes-128-cbc, bf, cast, idea, rc5– Can omit the ‘enc’ command if specifying these… kind of hokey• If you don’t specify filenames, reads from and writes to stdin/stdout– Looks like garbage, of course• If you don’t specify a password on the command line, it prompts you for one– Why are command-line passwords bad?– You can use environment variables but this is bad too– You can point to a file on disk… less bad• What does the password do?– Password is converted to produce IV and blockcipher keyenc (cont)% openssl aes-128-cbc –Penter aes-128-cbc encryption password:• salt is a random number generated for each encryption in order to make the key and iv different even with the same password– Begins to get confusing… didn’t we just change the IV before?– Use this mode only when deriving a new key for each encryption• Eg, when encrypting a file on disk for our own use– If key is fixed, we specify it and the iv explicitly% openssl aes-128-cbc –K FB7D6E2490318E5CFC113751C10402A4 –iv 6ED946AD35158A2BD3E7B5BAFC9A83EAsalt=39A9CF66C733597Ekey=FB7D6E2490318E5CFC113751C10402A4iv =6ED946AD35158A2BD3E7B5BAFC9A83EAUnderstanding Passwords vs. a Specified IV and Key• So there are two modes you can use with enc– 1) Specify the key and IV yourself• This means YOU are in charge of ensuring the IV doesn’t repeat– Use a good random number source or– Use a counter (which you have to maintain… headache!)– 2) Use a passphrase• OpenSSL uses randomness for you by generating a salt along with the IV and AES key• Passphrases are less secure (more guessable) in general• Either way, we get non-deterministic encryptionPassphrase-Based encPassphrase hash functionAES-128-CBCiv, key (128 bits each)saltsaltiv, ciphertextThings to think about:• How to decrypt?• Is the passphrase safe even though the salt and iv are known?plaintextSo How to Encrypt• Let’s encrypt the file ‘test’% cat testhi there% openssl aes-128-cbc -in testenter aes-128-cbc encryption password:Verifying - enter aes-128-cbc encryption password:Salted__mTR&Qi¦¹K¯¿Óàg&5&kE• What’s up with the garbage? – Of course the AES outputs aren’t ASCII!– Use –base64 optionbase64• This is an encoding scheme (not cryptographic)– Translates each set of 6 bits into a subset of ASCII which is printable– Makes ‘garbage’ binary into printable ASCII• Kind of like uuencode– Of course this mapping is invertible– For encryption we want to do this after we encrypt– For decryption, we undo this before we decrypt– This is the –a flag for ‘enc’ but –base64 works as well and is preferableExample: base64• Let’s encrypt file ‘test’ again, but output readable ciphertext% openssl aes-128-cbc -in test -base64enter aes-128-cbc encryption password:Verifying - enter aes-128-cbc encryption password:U2FsdGVkX1/tdjfZnPrD+mSjBBO7InU8Mo4ttzTk8eY=• We’ll always use this option when dealing with portability issues– Like sending ciphertext over emailDecrypting• The command to decrypt is once again ‘enc’ – This makes no sense; get used to it– Use the –d flag to tell enc to decrypt– Let’s decrypt the string U2FsdGVkX1/tdjfZnPrD+mSjBBO7InU8Mo4ttzTk8eY=which I’ve placed into a file called ‘test.enc’% openssl enc -d -in test.encU2FsdGVkX18FZENOZFZdYvLoqPdpRTgZw2CZIQs6bMQ=Hunh?• It just gave back the ciphertext?!– We didn’t specify an encryption algorithm– Default is the identity map (get used to it)– Let’s try again% openssl aes-128-cbc -d -in test.encenter aes-128-cbc decryption password:bad magic number• Ok, now what’s wrong?Error messages not useful• We forgot to undo the –base64– The error msg didn’t tell us that (get used to it)– One more try:% openssl aes-128-cbc -d -in test.enc -base64enter aes-128-cbc decryption password:hi there– It was all worth it, right?– Now it’s your turnProject #0• I’ll give you a ciphertext, you find the password– Password is a three-letter lowercase alpha string– Main purpose is to get you to figure out where openssl lives on your computer(s) – Don’t do it by hand– Full description on our web page• Due Oct 18th, in classBack to SSL/TLS• SSL– Secure Socket Layer• Designed by Paul Kocher, consulting for Netscape•TLS– Transport Layer Security• New version of SSL, and probably what we should call it (but I’m used to SSL)• Used for web applications (https)– But also used many other places that aren’t as well-knownTLS – Sketch•