Lecture 020 - Crypto

Internet Security


Security Means

Cryptographic Tools

RC4 Stream Ciphers

RC4 Stream Ciphers

AES Block Ciphers

AES Block Ciphers

Hash Message Authentication Code (HMAC)

Hash Message Authentication Code (HMAC)


MAC: same word, different meaning - Media Access Control: MAC Address - Message Authentication Code: for integrity

Also note that Message Authentication Code cannot guarantee authenticity. Since one adversarial could replay the message again. MAC only guarantees integrity.

Different Order of MAC: in summary, MAC-then-Encrypt is attackable, but Encrypt-then-MAC is not.

TLS uses MAC-then-encrypt, even though encrypt-then-MAC is generally considered better, for legacy reasons

Certification Authority (CA)

So, public key exchange is secure. But another issue is that: if you ask kokecacao.me for a public key, someone could intersect the message and send you a fake public key and read your secret message. Here is where Certification Authority (CA) comes in.

Diffie-Hellman Key Exchange is vulnerable to man-in-the-middle attack and CA will prevent it.

Certification Authority (CA)

Certification Authority (CA)

Certification authority (CA): binds public key to particular entity. We trust CA blindly (CA can be malicious but is often governed by country law)

  1. CA make sure server's identity by posting response challenges to a domain name, to link IP to domain name
  2. CA establish CA signed certificate to domain name
  3. User request certificate from domain name, then verify CA's certificate using CA's public key
  4. User can trust the IP address who responded the certificate by trusting CA

CA servers have often been compromied by hackers.

I will not explain what CA does in detail. You should look at one of my posts on how to set up SSL certificate for more hands-on experience.

Certificate Transparency: to make all certificate and their CA's public key discoverable, an idea is to use a distributed certificate storage (store both real certificate and malicious ones since we can't distinguish, but we still can check inconsistency)

It is essentially a blockchain storing CA certificates and changes instead of leger.

Merkle Tree

Merkle Tree is a tool to check whether a message is included in a checksum in O(\log n) time instead of O(n) time for n messages in 1 checksum.

Merkle Tree Construction: given n messages, we want to obtain one summary hash for all n messages.

Merkle Tree: to verify that klzzwxh:0007 is hashed by klzzwxh:0008 we only need 3 additional hashes in green.

Merkle Tree: to verify that C is hashed by H_{A-H} we only need 3 additional hashes in green.

Merkle Tree Verification:

Merkle proof consistency: it is rare such that two different sequences of messages will hash to the same root in Merkle Tree.

Merkle Tree is used to concatenate multiple (2^n) transactions into one block in blockchains.

Transport Layer Security (TLS)

TLS implements HTTPS by adding a layer on top of TCP.

TLS Handshake

TLS Handshake


  1. Client: ClientHello: ClientRandom256, SupportedProtocols
  2. Server: ServerHello: ServerRandom256, ProtocolDecided
  3. Server: CACert
  4. Client: decrypt CACert with CAPublic to obtain ServerPublic that is verified by CA
  5. Server: generate g^a \mod p, add signature, sign both with ServerPrivate to produce ServerDHE
  6. Client: decrypt ServerDHE with true ServerPublic: if signature match, then Server's identity verified
  7. Client: generate, send g^b \mod p
  8. PremasterSecret (PS) is g^{ab} \mod p
  9. Both server generate 4 symmetric keys using PremasterSecret, ClientRandom256, ServerRandom256
  10. Exchange MAC to ensure all previous messages are not tampered
  11. From now on, all messages are encrypted and MACed
4 Symmetric Keys:

CB: For encrypting client-to-server messages
CS: For encrypting server-to-client messages
IB: For MACing client-to-server messages
IS: For MACing server-to-client messages

Note that ClientRandom256, ServerRandom256 are chosen for every handshake to prevent replay attack. Shared secret is deleted after TLS session so adversary cannot regenerate shared secret even with server's private key.

Access Control

Access Control: who (subject) can do what (rights) to what/whom (objecat/subject)

Access Control Matrix: a \text{number of files} \times \text{number of users} matrix storing permission rwx.

Access Control Matrix is a dense matrix storying sparse data, wasting storage space. Access Control Lists (ACL), like adjacency lists version of the matrix, is not any better.

Why don't we use layered permission system?


Anonymity is not confidentiality: Confidentiality hides the content of the communication. Anonymity hides identities of the parties who are communicating

Idea: multiple proxies, relays to enable anonymous communication.

Onion Router: servers who provide replay service

Keys in Onion Routing

Keys in Onion Routing

Onion Routing

Onion Routing

Each router learns only the identity of the next router. This is because you will never know whether the previous router is the original message sender or not.

Note that two connections are not encrypted:


Table of Content