Descrizione
Fifth laboratory for the Computer Network Security (CNS) course at Tor Vergata during scholar year 2022-2023.
In the laboratory we discussed why public-key cryptography by itself is not enough to protect real world communications against Man-in-The-Middle (MiTM) attackers. To solve the remaining issues we introduce the notion of a cryptographic certificate, which is use to bind mathematics to the real world. The infrastructure which manages certificate is then called the Public-Key-Infrastructure (PKI).
In the context of the SSL/TLS protocol, the X.509 has been choosen as the standard format for public certifificates. At the end of the lecture we show how to setup an HTTPs server using OpenSSL and nginx.
Timestamps
00:00:00 Introduction
00:01:40 Limitations of asymmetric cryptography
00:08:24 What is a certificate?
00:15:30 The X.509 certificate standard
00:24:00 pyOpenSSL example to download certificates
00:31:00 The Public Key Infrastructure (PKI)
00:35:00 Trust in the PKI
00:39:30 Certificate Authorities
00:43:15 Certificate Signing Requests (CSRs)
00:49:30 The hierarchy of the PKI
01:00:30 Certificates in SSL/TLS
01:04:00 Hands-On 1: HTTPs Web Server (Nginx+OpenSSL)
01:21:40 Hands-On 2: TLS Exporters (RFC 5246)
Riferimenti / Materiale
https://github.com/LeonardoE95/yt-it/tree/main/src/2022-12-09-università-teaching-2022-2023-cns-05
https://teaching.leonardotamiano.xyz/cns/labs/lab_05_pki/