Tutorial 5 – Computer Systems
Tutorial 5 – Computer Systems
Copyright By PowCoder代写 加微信 powcoder
Revising Diffie-Hellman key
1) Provides perfect forward
secrecy: ONLY IF EPHEMERAL,
public variables must be
destroyed and not reused!!!
Session keys will not be
compromised
even if the private key is
compromised.
Just getting private key doesn’t
help the attacker.
2) No authentication happening
3) Vulnerable to MITM attacks
How does TLS work?
TCP connection is established
Client sends ClientHello to server asking for secure
connection with cipher suites
Server responds with ServerHello and selects one cipher
suite, also includes its certificate and can request client to
send its certificate (mutual authentication)
Client confirms validity of certificate
Client generates session key by random number or Diffie-
concludes and both parties share a key that is
then used for encrypting and decrypting
Certifcates
A certificate is a digitally signed document that provides proof of identity
A certificate authority creates a certificate for Bob including a digital signature which is a
hash of Bob’s information (including the public key) which is signed by CA’s private key.
To verify…
Bob sends Alice his public key in plaintext along with the certificate signed by a root CA
Verify certificate by using CA’s public key
Check if Bob has private key by picking a random called (a nonce) and send to bob with his
public key
If the nonce can be sent back in plaintext, it is of certificate validation
Domain Validation
Checks if the requester has some control over the
domain (e.g. emails with the domain, nonces)
Organisational Validation
Connects a certificate to a legal entity
The identity of legal entity is verified
Extended Validation (EV)
Includes an offline process involving authorised officers
to validate legal entity
https://www.digicert.com/difference-between-dv-ov-and-ev-ssl-certificates
https://www.digicert.com/difference-between-dv-ov-and-ev-ssl-certificates
程序代写 CS代考 加微信: powcoder QQ: 1823890830 Email: powcoder@163.com