This is the archived Fall 2013 version of the course.
For the most recent version, see

Class 17: Trick-or-Treat Protocols

Action Items

Problem Set 3 is due Tuesday, 29 October at 11:59pm. Submit using this form.

You should be making progress on ideas for your project and forming your team. The Project Proposals are due Monday, 4 November at 11:59pm.

Trick-or-Treat Protocols

What's a protocol?

f is a one-way fuction if it is easy to computed f(x) for any input x, but given y it is hard to find x such that f(x) = y.

Is factoring a one-way function?

RSA Cryptosystem

Ee, n(M) = Me mod n
Dd, n(C) = Cd mod n

n = pq (p and q are large, randomly-selected prime numbers)
d is relatively prime to (p - 1)(q - 1)
ed ≡ 1 mod (p - 1)(q - 1)

As long as factoring is hard, it is hard to compute d given e and n. The public key is (e, n). The private key is (d, n) where d must be kept secret.

SSL/TLS Protocol

  1. Client → Server: "Hello"
  2. Server → Client: SCertificate Authority("", KUserver). The server sends the client a certificate signed by a trusted certificate authority that contains the server's identify and public key (e and n values). The signature is signed using the private key of the certificate authority.
  3. The client verifies the certificate (checks the signature using the public key of the certificate authority, and checks the server identity matches the expected identity).
  4. The client generates a new random session key, k.
  5. Client → Server: EKUserver(k).
  6. The server decrypts this message using its private key, and the client and server use k as the key for a symmetric encryption algorithm (e.g., AES) to establish a secure, authenticated (in one direction) channel.

When your browser gives an error when you connect to which step is failing?

How did your browser obtain the public key of the certificate authority used to verify the certificate in step 3?


Measuring Password Guessability for an Entire University by Michelle L. Mazurek, Saranga Komanduri, Timothy Vidas, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Patrick Gage Kelley, Richard Shay, and Blase Ur (22 October, 2013).

Do their results really prove that Computer Science students (at least at CMU) are 800 times smarter than Business students?

Java VM Security

What is the Trusted Computing Base?

What does it mean for your security if there is a flaw in the Trusted Computing Base?

DRAM Errors in the Wild: A Large-Scale Field Study by Bianca Schroeder, Eduardo Pinheiro, and Wolf-Dietrich Weber (SIGMETRICS 2009).

How serious of a problem is it if an attacker can cause a bit in memory to flip?

Using Memory Errors to Attack a Virtual Machine by Sudhakar Govindavajhala and Andrew W. Appel (IEEE Symposium on Security and Privacy (Oakland) 2003). See Sudhakar's website for some discussion about questions about the paper.


Attacks break assumptions upon which security relies. Very few assumptions are unbreakable.

In Thursday's class, Karsten Nohl will talk about a more practical attack on SIM card virtual machines.