david evans http www cs virginia edu evans l.
Skip this Video
Loading SlideShow in 5 Seconds..
David Evans cs.virginia/evans PowerPoint Presentation
Download Presentation
David Evans cs.virginia/evans

Loading in 2 Seconds...

play fullscreen
1 / 32

David Evans cs.virginia/evans - PowerPoint PPT Presentation

  • Uploaded on

Class 35: Cookie Monsters and Semi-Secure Websites David Evans http://www.cs.virginia.edu/evans CS200: Computer Science University of Virginia Computer Science Why Care about Security? http://www.cs.virginia.edu/cs200/problem-sets/ps8/example/query.php3 Security

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'David Evans cs.virginia/evans' - bernad

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
david evans http www cs virginia edu evans

Class 35:

Cookie Monsters and

Semi-Secure Websites

David Evans


CS200: Computer Science

University of Virginia

Computer Science

why care about security
Why Care about Security?


CS 200 Spring 2003

  • Confidentiality – keeping secrets
    • Most web sites don’t want this
  • Integrity – making data reliable
    • Preventing tampering
    • Only authorized people can insert/modify data
  • Availability
    • Provide service (even when attacked)
    • Can’t do much about this without resources

CS 200 Spring 2003

how do you authenticate
How do you authenticate?
  • Something you know
    • Password
  • Something you have
    • Physical key (email account?, transparency?)
  • Something you are
    • Biometrics (voiceprint, fingerprint, etc.)

Serious authentication requires at least 2 kinds

CS 200 Spring 2003

early password schemes
Early Password Schemes

Login does direct password lookup and comparison.

Login: alyssa

Password: spot

Failed login. Guess again.

CS 200 Spring 2003

login process


Login Process


Login: alyssa

Password: fido

Trusted Subsystem

login sends

<“alyssa”, “fido”>

CS 200 Spring 2003

password problems
Password Problems
  • Need to store the passwords
    • Dangerous to rely on database being secure
  • Need to transmit password from user to host
    • Dangerous to rely on Internet being unsniffed

Solve this today

Solve this Wednesday

CS 200 Spring 2003

first try encrypt passwords
First Try: Encrypt Passwords
  • Instead of storing password, store password encrypted with secret K.
  • When user logs in, encrypt entered password and compare to stored encrypted password.

Problem if K isn’t so secret: decryptK (encryptK (P)) = P

CS 200 Spring 2003

  • Many-to-one: maps a large number of values to a small number of hash values
  • Even distribution: for typical data sets, probability of (H(x) = n) = 1/N where N is the number of hash values and n = 0..N – 1.
  • Efficient: H(x) is easy to compute.




H (char s[]) = (s[0] – ‘a’) mod 10

CS 200 Spring 2003

cryptographic hash functions
Cryptographic Hash Functions


Given h, it is hard to find x

such that H(x) = h.

Collision resistance

Given x, it is hard to find y  x

such that H(y) = H(x).

CS 200 Spring 2003

example one way function
Example One-Way Function

Input: two 100 digit numbers, x and y

Output: the middle 100 digits of x * y

Given x and y, it is easy to calculate

f (x, y) = select middle 100 digits (x * y)

Given f(x, y) hard to find x and y.

CS 200 Spring 2003

a better hash function
A Better Hash Function?
  • H(x) = encryptx (0)
  • Weak collision resistance?
    • Given x, it should be hard to find y  x such that H(y) = H(x).
    • Yes – encryption is one-to-one. (There is no such y.)
  • A good hash function?
    • No, its output is as big as the message!

CS 200 Spring 2003

actual hashing algorithms
Actual Hashing Algorithms
  • Based on cipher block chaining
    • Start by encrypting 0 with the first block
    • Use the next block to encrypt the previous block
  • SHA [NIST95] – 512 bit blocks, 160-bit hash
  • MD5 [Rivest92] – 512 bit blocks, produces 128-bit hash
    • This is what we will use: built in to PHP

CS 200 Spring 2003

hashed passwords
Hashed Passwords

CS 200 Spring 2003

dictionary attacks
Dictionary Attacks
  • Try a list of common passwords
    • All 1-4 letter words
    • List of common (dog) names
    • Words from dictionary
    • Phone numbers, license plates
    • All of the above in reverse
  • Simple dictionary attacks retrieve most user-selected passwords
  • Precompute H(x) for all dictionary entries

CS 200 Spring 2003

86 of users are dumb and dumber
86% of users are dumb and dumber

(Morris/Thompson 79)

CS 200 Spring 2003

salt of the earth
Salt of the Earth

(This is the standard UNIX password scheme.)

Salt: 12 random bits

DES+ (m, key, salt) is an encryption algorithm that

encrypts in a way that depends on the salt.

How much harder is the off-line dictionary attack?

CS 200 Spring 2003

php code
PHP Code

// We use the username as a "salt" (since they must be unique)

$encryptedpass = md5 ($password . $username);

Not quite as secure as using a random value.

What is someone picks xdave as their username

and Lx.Ly. as their password?

CS 200 Spring 2003

authenticating users
Authenticating Users
  • User proves they are a worthwhile person by having a legitimate email address
    • Not everyone who has an email address is worthwhile
    • Its not too hard to snoop (or intercept) someone’s email
  • But, provides much better authenticating than just the honor system

CS 200 Spring 2003

registering for account
Registering for Account
  • User enters email address
  • Account is marked as “Inactive”
  • Send an email with an unguessable URL URL that activates the account

$encryptedpass = md5 ($password . $username);

$query = "INSERT INTO users (username, password, email, activated)

VALUES ('$username', '$encryptedpass', '$email', 0)";

CS 200 Spring 2003

php code register process php
PHP Code (register-process.php)

A string only the server

should know. (Hard to

really keep this secret…)

Why not just use


$actcode = md5 ($username . $secret);

$url = "http://" . $_SERVER['HTTP_HOST']

. dirname ($_SERVER['PHP_SELF'])

. "/activate.php?user=$username&code=$actcode";

mail ($email, // User’s email address

"WahooChat Account Activation", // Subject Line

"To activate your account visit $url", // Message body

"From: wahoochat-bot@virginia.edu"); // From address

CS 200 Spring 2003

activate php

$result = mysql_query ("SELECT activated FROM users WHERE username='$user'");

$rows = mysql_num_rows ($result);

if ($rows == 0) { error ("No account for username: $user");}

else {

$activated = mysql_result ($result, 0, 0);

if ($activated != 0) { error ("Account $username is already activated.");}

else {

$actcode = md5 ($user . $secret);

if ($code == $actcode) {

$result = mysql_query ("UPDATE users SET activated=1

WHERE username='$user'");

if ($result != 1) { error ("Database update failed: $result"); }

else { print "Your account is now activated!<br><p>"; }

} else {

print "Invalid account code!<br>";




CS 200 Spring 2003

  • HTTP is stateless: every request is independent
  • Don’t want user to keep having to enter password every time
  • A cookie is data that is stored on the browser’s machine, and sent to the web server when a matching page is visited

CS 200 Spring 2003

using cookies
Using Cookies
  • Look at the example PHP code
  • Cookie must be sent before any HTML is sent
  • Be careful how you use cookies – anyone can generate any data they want in a cookie
    • Make sure they can’t be tampered with: use md5 hash with secret to authenticate
    • Don’t reuse cookies - easy to intercept them (or steal them from disks): use a counter than changes every time a cookie is used

CS 200 Spring 2003

problems left
Problems Left
  • The database password is visible in plaintext in the PHP code
    • No way around this (with UVa mysql server)
    • Anyone who can read UVa filesystem can access your database
  • The password is transmitted unencrypted over the Internet (next class)
  • Proving you can read an email account is not good enough to authenticate for important applications

CS 200 Spring 2003

authentication for remote voting

Authenticationfor Remote Voting

Nathanael Paul

David Evans

University of Virginia

[nrpaul, evans]@cs.virginia.edu

Avi Rubin

Johns Hopkins University


Dan Wallach

Rice University


types of authentication
Types of Authentication
  • Something you know
    • passwords
    • Example: login to schedule of classes
  • Something you are
    • Biometrics
    • Examples: iris scanner, fingerprint reader
  • Something you have
    • This: a transparency

CS 200 Spring 2003

authentication for remote voting28
Authentication for remote voting
  • Remote voting offers convenience
    • 69% votes cast by mail in 2001 in state of Washington
  • Electronic voting is cheaper and faster
    • More secure?
    • New problems: virus, worm, spoofing, denial of service
  • Mutual authentication
    • Voter authenticated to server
    • Server authenticated to voter

CS 200 Spring 2003

doing encryption without computers
Doing Encryption without Computers
  • Can’t trust voters to have trustworthy computers
    • Viruses can tamper with their software
  • Need to do authentication in a way that doesn’t depend on correctness of user’s software
  • Lorenz cipher: use XOR to encrypt
    • Is there a way to do lots of XOR’s without a computer?

CS 200 Spring 2003

visual cryptography naor shamir 1994
Visual cryptography (Naor & Shamir, 1994)
  • Perfectly secure (one-time pad)
  • Server can encode anything knowing voter’s layer

Option 1

Option 2





Encodes a clear (grey) square

Encodes a dark square

CS 200 Spring 2003

remote voting system
Remote Voting System

Each voter is sent a key, ki



Ek (k1)



ki =





STEP 3 – if ki valid…




client machine

client machine

CS 200 Spring 2003

  • Mutual authentication
    • Authentication of user to server
    • Authentication of server to user
  • Involves the human (as opposed to machine)
  • Anonymity by proper use of layered images
  • You will get a transparency on Wednesday

CS 200 Spring 2003