CS 105 – Introduction to the World Wide Web HTTP Request* Domain Name Translation Routing HTTP Response* Privacy and Cryptography Adapted from Kurose & Ross, Computer Networking, Addison-Wesley, 2001.
An HTTP Request GET index.html HTTP/1.1 Host: Connection: close User-agent: Mozilla/4.0 Accept-language:en
Domain Name Translation What is address??? Look it up! –Use a Domain Name Server –Translates a host name into an IP address
Routing Routers –Internet ‘post offices’ Look at address, and send message ‘in the right direction’ Messages often take several ‘hops’ to get to their destination
HTTP Response HTTP/ OK Connection: close Date: Mon, 30 Sep 2002 Last-Modified: Mon, 23 Sep 2002 Content-Length: 6821 Content-Type: text/html …data data data …
Kinds of Messages HTTP requests / responses Instant Messages Telnet sessions Transactions (shopping, etc.)
Privacy Any machine (router) along the path of the message can read it. –Message more like a postcard than a letter Is this good??? –Of course not! What can we do??? –Encrypt the messages
Cryptography Need to figure out a way so the recipient can read the message, but nobody else. Most common technique today: public key cryptography
Public Key Cryptography Each person has a public key and a private key The two keys ‘un-do’ each other –More on this in a minute Public keys are publicly available on Key Servers (anyone can see / get them)
Sending a Message Alice wants to send Bob a message Alice gets Bob’s public key Alice uses the key to encrypt her message Bob gets the message, and uses his private key to decrypt it
Basic Idea For a message encrypted using a given public key, the ONLY way to decrypt it is to use the corresponding private key So, as long as Bob is the only one with his private key, he’s the only one that can read the message
Implementation We want: Efficient: –Encrypting with public key –Decrypting with private key Intractable: –Decrypting without private key
RSA Algorithm One way to do this: Modular Exponentiation –Modular arithmetic – remainder stuff: 13 = 3 (mod 10) –Modular exponentiation: 4 3 = 64 = 4 (mod 10) This can be done efficiently
RSA Algorithm Now, we need to pick numbers that ‘un-do’ each other’s exponentiation For a mod of 10, 2 undoes itself: 0 3 = 0 (mod 10)5 3 = 125 = 5 (mod 10) 1 3 = 1 (mod 10)6 3 = 216 = 6 (mod 10) 2 3 = 8 (mod 10)7 3 = 343 = 3 (mod 10) 3 3 = 27 = 7 (mod 10)8 3 = 512 = 2 (mod 10) 4 3 = 64 = 4 (mod 10)9 3 = 729 = 9 (mod 10)
RSA Algorithm So, our public key is {10, 3} Private key is {2} Encrypting a message: Let’s send 472 –Exponentiate each digit: 438 Decrypting a message: –Exponentiate again: 472
RSA Algorithm Breaking RSA – know exponent, know modulus – just take the root –E.g. find cube root of 4 (mod 10) Most public keys have very large numbers – ~150 digits. Finding these roots is an intractable problem – bigger keys, harder problem!
Security and Many products with built-in cryptographic protection Outlook Express – S/MIME (Secure/Multipurpose Internet Mail Extension) Support Other add-ons (choices for secret key methods, size of key, etc) Pretty Good Privacy (PGP)
Encryption and Signatures Encryption: encodes the message so that other users cannot read it Signatures: let you emulate written signatures
To see more about getting a certificate:
Encrypting vs. Signing Encrypt first, sign second: –Verify signatures before decrypting –Useful in automated verification systems Sign first, encrypt second: –Decrypt before verifying signatures –Useful when plaintext is essence of the message.