Intro to Cryptographyon the Web

Mike Wynholds@mwynholds

Basicswarning… math ahead

What is Crypto?cryptography = code makingcryptanalysis = code breaking

Modern crypto is all about mathprime number factorizationelliptic curvespolynomials from finite fields

“A function used to map data of arbitrary size (message)

to data of fixed size (digest).”

Cryptographic Hash Function

Example: MD5, SHA

Cryptographic Hash Function

Cipher

Example: AES, RSA

“An algorithm used to perform encryption or

decryption, via a symmetric or asymmetric key.”

Cipher

X

X

De X

RSAKeys

Public key - (n, e) Private key - (n, d)

Encryption

c = me mod n

Decryption

m = cd mod n

Example

p = 61, q = 53 n = pq = 3233 e = 17 d = 2753

Encrypt with public key

m = 123 c = 12317 mod 3233 = 855

Decrypt with private key

c = 855 m = 8552753 mod 3233 = 123

ECCy2 = x3 + ax + b

● A B = C⦿● Shoot a ball from A to B● Continue to next point on curse● Reflect straight up or down● Next point on the curve is C

● A A = B⦿● A B = C⦿● A C = D⦿● … n times● A X = Y⦿

Given A and n, it is easy to compute Y.Given A and Y, it is hard to compute n.

Message Authentication Code (MAC)

msg = {attack: ‘dawn’} + Custer + (1876-06-26 T 02:56 UTC)

key = “secret-password-banana-elmo”

mac = h( msg + key )

payload = msg + mac

Symmetric Key Cryptography

Public Key Cryptography

Key ExchangeDiffie-Hellman protocol

● large primes● elliptic curves● quantum shenanigans● paint

Key Exchange - RSA

Key Exchange - ECC

SSLthat thing we use everyday

TLS - Handshake (RSA)

TLS - Handshake (DH)

TLS - Record

Encrypt using master secretUse HMAC for validationNumber all records within HMAC body

X.509 Certificates

“A small electronic document used to prove

ownership of a public key.”

X.509 Certificates-----BEGIN CERTIFICATE-----MIIFRjCCBC6gAwIBAgIQIPr7QQi026A+m+4kgYqqJzANBgkqhkiG9w0BAQsFADCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxNjA0BgNVBAMTLUNPTU9ETyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBDQTAeFw0xNTEwMTUwMDAwMDBaFw0xNjEwMTQyMzU5NTlaMFAxITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRlZDEVMBMGA1UECxMMRXNzZW50aWFsU1NMMRQwEgYDVQQDEwtzdGlja2llcy5pbzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMW0wy+upYHx6YSZvYMpEi6/ZQimwfrAexNP8hvUgsXyfURC3SyE0khhWA4ksEjzr1TI0xlX/ajwYpKXUEnssc8sUkOMiWi1D09bKbGcH3xmAm5dwz2QinWNJbrPBaV7CYkwDmSSmb3gaigR5WnAI5vu5v4o+pjKz9QH6kOSh4UujBt/DIp5MYDZLfZdJv046D/ipSfHzNb8PmP+ad8oyXPjmQoP6SyO++Wbgu585cHCE5D9m1xJ+rQm0e5NETi83MrZwsOiFNVqgGvhLtODhOFjpxgPUbAVZNZftp2X3BZRnyOb1+M4QjGbJzudoAuhTS2D+7fh2vbHY+S7R1u3g2sCAwEAAaOCAdkwggHVMB8GA1UdIwQYMBaAFJCvajqUWgvYkOoSVnPfQ7Q6KNrnMB0GA1UdDgQWBBS51J87AwSMuHXTigX9E6NREsl05kU0N04ThSTJaQ==-----END CERTIFICATE-----

X.509 CertificatesNeed: Public key cryptography with entities you don’t personally know or trust

Solution: Centralized, trusted* Certificate Authorities (CA)

* sort of - don’t forget DigiNotar and many others

X.509 CertificatesEntity generates public and private keyCA issues cert binding public key to certCert is downloaded during key exchangeCerts can be chained togetherRoot certs embedded in OSes and browsersAnd we trust , right?

Forward SecrecyUse ephemeral session keys during TLS

record phasePeriodic new key exchangeA stolen key only works for that session

Forward Secrecy

Perfect Forward SecrecyPiggyback new key exchange on existing TLS

messages

Stolen key can now only compromise the last two messages

HTTP Strict Transport Security

Show me the Codezlet’s use nginx

The Basicsserver { listen 443 ssl; server_name stickies.io; ssl_certificate certs/stickies_io.pem; ssl_certificate_key certs/stickies_io.key; # <-- 2048 bit RSA}

Custom Diffie-Hellman Primesserver { listen 443 ssl; server_name stickies.io; ssl_certificate certs/stickies_io.pem; ssl_certificate_key certs/stickies_io.key; ssl_dhparam certs/dhparam.pem;}

but first…

root@server# openssl dhparam -out dhparam.pem 4096

Disable SSLv3 and TLS1.0server { listen 443 ssl; server_name stickies.io; ssl_certificate certs/stickies_io.pem; ssl_certificate_key certs/stickies_io.key; ssl_dhparam certs/dhparam.pem; ssl_protocols TLSv1.1 TLSv1.2;}

Note: TLS 1.0 is required for IE 7 - 10

Perfect Forward Secrecyserver { listen 443 ssl; server_name stickies.io; ssl_certificate certs/stickies_io.pem; ssl_certificate_key certs/stickies_io.key; ssl_dhparam certs/dhparam.pem; ssl_protocols TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4”}

HTTP Strict Transport Securityserver { listen 443 ssl; server_name stickies.io; ssl_certificate certs/stickies_io.pem; ssl_certificate_key certs/stickies_io.key; ssl_dhparam certs/dhparam.pem; ssl_protocols TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers “...” add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";}

Speed it Up!server { listen 443 ssl; server_name stickies.io; ssl_certificate certs/stickies_io.pem; ssl_certificate_key certs/stickies_io.key; ssl_dhparam certs/dhparam.pem; ssl_protocols TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers “...” add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m;}