Security

Computer Network Fundamentals

Learning Assistant Slides

Week 6

eado.me/laform

2

Tentative Plans

3

Security

Week 6

Week 9

Code Explore

Routing

Week 10

Final Review

(Today)

Code Explore

Security

Week 7

Routing

Week 8

Project 2

4

5

Internet

Unreliable

Reliable

6

Reliable

Hello!

Hey there!

\x43\x98??

7

Wait...you’re not B!

Many different parts

8

Reliable Data Transport

Key Exchange

Certificate Verification

Ciphers

Almost like TCP + TLS 1.3

9

Reliable Data Transport

10

Project specifics

11

stdin

stdout

stdout

stdin

Bidirectional

Similar to TCP, but:

• Sequenced by packet; not by byte
• No congestion control; window fixed to 20 packets
• Single retransmission timer; on expire, resend smallest SEQ in window
• Maximum of 2000 packets sent (no need to check for repeated SEQ)

12

// transport.c

packet tosend[MAX_SEQ];

packet torecv[MAX_SEQ];

while (1) {

int base_seq = 1; // Last ACKed packet

int seq = 1; // Last sent packet

​

// Get data from peer

// Non-blocking; eado.me/cs118 > Socket Programming Tips

int bytes_recvd = recvfrom();

​

// Check if data from peer, then process

if (bytes_recvd > 0) process_data();

​

// Retransmit if needed

if (timer_set() && base_seq < seq) {

// Send packet with lowest SEQ that's unACKed

sendto(get_pkt(base_seq));

}

// Send packet if within window

if (packet_available() && seq < base_seq + CWND) {

sendto(get_pkt(seq - 1));

}

​

// Read from stdin

make_packet();

}

Achieving reliability

13

cwnd = 4 (fixed)

• pkt 2 lost
• pkt 3, 4 buffered
• retransmit pkt 2 on RTO

​

How does the congestion window look after each step? What about the receiver buffer?

ACK 1

ACK 1

ACK 1

ACK 1

RTO

ACK 5

ACK 6

ACK 7

Certificate Verification

14

Elliptic Curve Cryptography

15

y² = x³ + ax + b

Source: https://curves.xargs.org

Elliptic Curve Cryptography

16

How many times did we add the blue point to itself to get to the green point?

​

It’s hard to tell, right? This is a trapdoor function: easy to go in one direction, hard to go the other way.

Source: https://curves.xargs.org

Elliptic Curve Cryptography

17

Generator

​

Public Key

​

Private Key

#

Source: https://curves.xargs.org

P = kG

= 3

Elliptic Curves in Finite Fields

18

𝐅₂₉ (not actually; just for illustrative purposes)

Source: https://curves.xargs.org

Delegating trust

19

19

#

Delegating trust

20

20

Delegating trust

21

21

A has CA’s public key and uses it as a source of trust

Delegating trust

22

22

#

B asks CA to sign its public key by providing verification

Delegating trust

23

23

#

CA hashes B’s public key and encrypts it using its private key

Delegating trust

24

24

#

Now when A requests from B, it sends over its public key and certificate

Delegating trust

25

25

#

A hashes B’s public key and decrypts it using CA’s public key

Delegating trust

26

26

#

The hashes are the same, so A knows that the CA really did sign B’s public key

Remember DNS?

27

CR

root

edu

ucla

Why do we trust the root server?

Project specifics

ECDSA: Elliptic Curve Digital Signature Algorithm

SHA-256: Hash function

Client is given: public key of certificate authority� Must derive: own public, private key

Server is given: private key, public key signed by certificate authority� Must derive: own public key

Goal: exchange public keys

28

Project specifics

29

client_hello

1. Verify pub key

2. Verify client nonce

3. Sign server nonce

1. Sign nonce

server_hello

client nonce

server nonce, pub key, CA’s sig, signed client nonce

key_exchange

signed server nonce, pub key, signed pub key

Both sides have each other’s public key

30

// signing_nonce.c

int main() {

// Load private key from file and derive public key

load_private_key("../keys/priv_key.bin");

derive_public_key();

load_peer_public_key(public_key, pub_key_size);

​

// Generate nonce

unsigned char nonce[32];

generate_nonce(nonce, 32);

​

printf("Nonce: %.*s\n", 32, nonce);

​

// Sign nonce with private key

unsigned char sig[255];

size_t sig_size = sign(nonce, 32, sig);

​

printf("Signature: %.*s\n", sig_size, sig);

​

​

// Verify nonce with public key

int verified = verify(nonce, 32, sig,

sig_size, ec_peer_public_key);

​

printf(verified == 1 ?

"Verified nonce successfully\n" :

"Could not verify nonce");

​

return 0;

}

Key Exchange

31

(EC) Diffie Hellman

32

Both hosts agree on a generator and the curve

Source: Andrea Corbellini

(EC) Diffie Hellman

33

Both hosts generate private keys and derive their public keys

#

#

P_A = k_AG

P_B = k_BG

Source: Andrea Corbellini

(EC) Diffie Hellman

34

P_A = k_AG

P_B = k_BG

P_B

P_A

Source: Andrea Corbellini

(EC) Diffie Hellman

35

P_A = k_AG

P_B = k_BG

k_AP_B

k_BP_A

Source: Andrea Corbellini

(EC) Diffie Hellman

36

P_A = k_AG

P_B = k_BG

k_Ak_BG

k_Bk_AG

Source: Andrea Corbellini

=

S

Eavesdroppers have P_A and P_B

37

// key_deriv.c

int main() {

/* Server side */

​

// Load server private key from file

load_private_key("../keys/priv_key.bin");

​

// Load client public key (typically over the network)

char* der;

int size;

load_peer_public_key(der, size);

​

// Derive ECDH secret

derive_secret();

​

printf("Server side secret: %.*s\n", 32, secret);

/* Client side */

​

// Load client private key from file

load_private_key("../keys/client_priv_key.bin");

​

// Load server public key (typically over the network)

load_peer_public_key(der, size);

​

// Derive ECDH secret

derive_secret();

​

printf("Client side secret: %.*s\n", 32, secret);

​

return 0;

}

Ciphers

38

Slicing up data

39

S

32 bytes

0101010111101010101011010101010111101011101010110111110110101010110001010000101010110010101010111010

...

?? bytes

16 bytes

16 bytes

16 bytes

...

Blocks

AES-256-CBC (with PKCS #7 padding)

AES: Advanced Encryption Standard; encryption/decryption algorithm

256-bit (32 bytes): Key size; determines number of rounds used

CBC: Cipher Block Chaining; how to “stitch up” each block

PKCS: Public Key Cryptography Standards

#7: Cryptographic Message Syntax

​

40

Cipher Block Chaining

41

16 bytes

Cipher

What if my data isn’t 16 bytes?

42

Source: https://node-security.com/posts/cryptography-pkcs-7-padding/

0d

a1

d3

b6

65

34

99

e4

cc

5d

32

b9

ff

3 bytes left

03

03

03

PKCS #7 Padding

What if my data isn’t 16 bytes?

43

Source: https://node-security.com/posts/cryptography-pkcs-7-padding/

0d

a1

d3

b6

65

34

99

e4

cc

5d

32

b9

ff

2 bytes left

PKCS #7 Padding

c3

02

02

44

// cipher.c

int main() {

// Derive ECDH secret

derive_secret();

​

// Plaintext for encryption

unsigned char data[] = "Hello world!";

printf("Plaintext: %s\n", data);

​

// Encrypt plaintext

unsigned char cipher[255];

unsigned char iv[16];

size_t cipher_size = encrypt_data(data, sizeof(data), iv, cipher);

printf("Ciphertext: %.*s\n", cipher_size, cipher);

​

// Decrypt ciphertext

unsigned char decrypted_data[255];

size_t data_size = decrypt_cipher(cipher, cipher_size, iv, decrypted_data);

printf("Decrypted plaintext: %.*s\n", data_size, decrypted_data);

return 0;

}

General Tips

Be on the lookout for starter code + guides at:

eado.me/cs118 > Miscellaneous > Security Programming Tips

​

Next week is our next Code Exploration. It’ll be a social deduction game, so you’re going to have to work together! We’ll be using the cryptographic primitives discussed today. Fingers crossed it’ll be in-person!

45