## Today

- The gritty realities of transferring sensitive info across the internet
- and what tools we have to ensure that happens safely

## Motivation

- Everything is done online now.
- Banking, taxes, paying bills, all communication…
- Want a job flipping burgers? APPLY ONLINE
**There is no separation between “online” and “IRL.” online is real life.**- Most things you do will involve other people’s data.

- Building large, modern web pages often involves using
**multiple domains.**- Embedding pieces of content from other domains (ads, videos, images etc.)
- Using JS libraries that you didn’t write
- Hosting your content on a
**CDN**(content distribution network)

- We need to keep data safe and confidential…
- …but also allow things to be shared when necessary.
- we need to share resources… from several origins…
- we might call that
**cross-origin resource sharing……………….**

- we might call that

## Terminology

**Confidentiality:**keeping information secret from those who should not be able to see it**database leaks**exploit this

**Integrity**- Data integrity: has the content of the data been modified?
- Origin integrity: can you verify the source of the data?
**XSS**exploits this

**Availability**- Can you access the information? Information that is inaccessible may as well not exist!
**DoS (denial of service)**attacks exploit this

**Policy**defines what actions are allowed in the system**Mechanism**is a way to enforce policy- A
**threat**is a potential security violation- Generally, you can call the entity that you will protect against an
**adversary**

- Generally, you can call the entity that you will protect against an
**Threat Modelling**is the process of identifying threats in your system that you will aim to protect against- The
**attack surface**is all the possible ways an adversary can exploit a threat- How many “doors” does your “web site house” have? Smaller attack surface = less chance of exploits

## Our System Model

**Alice and Bob**are the two parties trying to communicate securely.**Mallory**is a malicious third party trying to spy on their communications.- Alice and Bob

## Cryptography (crypto for short)

**CRYPTO IS NOT SHORT FOR CRYPTOCURRENCY. CRYPTOCURRENCY IS A WASTE OF COMPUTING POWER AND IS MOSTLY USED TO SCAM IMPRESSIONABLE PEOPLE.**- Cryptography is based on mathematical functions which are
**inverses**of one another.- think multiplication and division, or exponentiation and logarithms

- You have two functions: one encrypts and one decrypts
- when you put a message through the encryption, you get the
**ciphertext**

- when you put a message through the encryption, you get the
**important:**these functions are**easy to compute,**but**very difficult to reverse**- so if someone sees the ciphertext, it just looks like gibberish, and they can’t (reasonably) figure out the original message

## Symmetric ciphers

- A
**symmetric cipher**(e.g. AES) is simple from a high level:- Alice and Bob both have a
**shared secret**key K- they have exchanged this key
*in advance*through some secure channel (we’ll see that shortly)

- they have exchanged this key
- Alice and Bob also have a pair of functions:
`ciphertext = Encrypt(K, message)`

`message = Decrypt(K, ciphertext)`

- As long as the key is kept private, each can encrypt and decrypt messages to one another
- but how do they share that key?

- Alice and Bob both have a
- An
**asymmetric**or**public-key**cipher (e.g. RSA, Diffie-Hellman) lets us distribute the keys securely.- Diffie-Hellman is based on
**modular exponentiation.**- in modular exponentiation,
`g^a^b = g^b^a (mod p)`

- that is, you can
**swap the order of the exponents**and you get the**same output**

- in modular exponentiation,
- so here’s how Diffie-Hellman works (red is public, green is private):
- Alice and Bob
**publicly**decide on and exchange a pair of numbers,`(g, p)`

`g`

is the base of the exponentiation, and`p`

is the modulus

- Alice and Bob
**privately**generate numbers`a`

and`b`

- these are their
**private keys**

- these are their
- Alice and Bob compute
`g^a (mod p)`

and`g^b (mod p)`

, respectively, and exchange them- these are their
**public keys,**hence the name

- these are their
- Now, then can each
*raise those exchanged numbers*to their*own private keys*- Alice computes
`(g^b)^a (mod p)`

- Bob computes
`(g^a)^b (mod p)`

- Alice computes
- Now they both have
**the same number - the secret key**`K`

!

- Alice and Bob
- if Mallory was listening in, she would have seen
`p, g, (g^a),`

and`(g^b)`

- this is
*not*enough information to easily compute`K`

- even if she multiplies
`(g^a)`

and`(g^b)`

, she just gets`g^(a+b)`

, which isn’t useful

- this is

- Diffie-Hellman is based on

## Signatures and hashes

**Digital signatures**are a way of using a public-key cipher to mark a message as being from someone in particular- RSA is usually used for this
- The idea is that Alice can send along a piece of data that could
*only have been encrypted with her private key*- Bob can verify this to make sure he’s not reading a forged message

**Cryptographic hash functions**are used to generate some kind of “practically unique number”- E.g., SHA-256
- Should be collision-resistant (among other properties…)
- that is, it should be really, really difficult to find two inputs that hash to the same value
**this is literally all cryptocurrency is, finding hash collisions****it does not do any useful work and wastes so much power y’all**

## Data storage: Passwords

**The server should never store passwords.**- What? how? Why?
- If the database is breached, the infiltrators will see all the passwords!
- Instead the server stores a
**hash**of the password. - When the user logs in, hash their input and compare to the stored hash.

- If you click “forgot password” on a site and they
**email you your password in plain text…**- That site sucks and you should not trust it.
- They are storing your passwords in plaintext.

- Salting
- To make it even more secure…
- For each user, when they set their password,
**generate a long random number**and store that - Then concatenate that number with their password, and hash
*that* - This way, even if two users have the same password, the resulting hash will be different!

NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO. NEVER IMPLEMENT YOUR OWN CRYPTO.

- Use a trusted and tested library.
- For password storage, use bcrypt or something comprable