In this lesson we'll give you a Mini Capstone project to do.
We'll show how to design, show the design for,
of a registration website based on the famous Ashley Madison website story.
This is a dating website that was attacked by The Impact Team group,
July 2015 and generated a lot of news,
and we will show how they can be enhanced with CryptoAPI you just learned.
In July 2015, a group calling itself
The Impact Team stole the user data from the Ashley Madison,
which is a commercial website that billed as enabling extramarital affairs.
And they actually was accused,
the group actually accused the company requiring customer to
pay in order to remove their profile from their site.
But they can actually,
they cannot really protect those customers' privacy.
In that hacking, they stolen 5.5 million female account,
5.9 million male account and their email information was stolen.
And actually, without shutting down their website based on the demand of the hacker,
the hacker released via BitTorrent on that website last August 15.
And following that, a lot of internet vigilante,
extortionist target the people in the list and
blackmail them requesting bitcoin payment, something like $200.
And the result of that visibility,
actually a couple of people committed suicide, unfortunately.
The data analysis is done by Annalee Newitz,
actually show most of the account actually are fake.
And with the little,
especially female one, with
either little activity or activity that generated by the bots.
So there is a deceive and activity here.
None of the account on the website
require email verification for the profile to be created,
and therefore many of them are fake or they
are created by someone disguised as a different persons.
And the result of that big publicity,
many people got framed even though they didn't log into the website or create an account.
One example is a husband of a newlywed,
find that out and he need to tell his wife
it is not true that he has account on that notorious website in their honeymoons at Maui.
What a shame. You have to do this.
Preserve the privacy and security of website as indicate here, is very critical.
They are HIPAA and government regulations dealing with how to handle
the case with these personal identified information,
or PII for short.
When this is stolen,
they need to set up ID set protection in order to protect their users,
and they are very expensive.
Next, we all focus on making the design and implementation of the reservation webpage,
website function more robust by using email confirmations.
And we are going to use the crypto function we just discussed and implement.
A typical registration webpage of a website,
we ask the user to enter their email, password,
and some other profile information.
And then when user click,
the server side will take in and save that into a database.
But to ensure the applicant indeed who they are,
we send from the server side script to the email they
indicate with a confirmation email to the email account,
and in the email body we including a link for the user for the applicant to click.
When the applicant click on the link,
it trigger a http request coming back to our server,
and our server will run the corresponding server side script to change the pending status
from pending to confirm because the message is
coming back from the mail account with the particular mails.
And we will also verify something in the return messages,
http required message, and make sure this is not sent by a hacker.
And they are embedded with a special information in the request,
so that we can verify.
To avoid hackers hijack the request,
or faking the account request,
the url of the links must contain information that are specifically generated for
that particular applicant specific to that email they included
and so that they are not easy to be forged, and guessed.
The url can contain query strings,
and if they are using get message,
the url is pass followed by question mark,
then you can start to list name=value pair multiple of them.
They will be concurring it based on ampersand sign symbol
and within its name=value pair there is a name equal for by the values.
And these can be read by the server side scripts for
verification purpose and that's very similar to user fill in the web form.
Click the submit button.
Exact, the same first string will be submitted to the server.
To satisfy the first security requirement,
we must include the email address using email equal
the actual content of the email address in one of the name=value pair of the url.
To satisfy the second security requirement,
we need to including a token that cannot be disguised easily by
the hackers and sending the fake email request.
So we, in this case,
we design using AES encrypted with a known string.
We use AES because it's faster than RSA, right?
To avoid being hacked,
we also send original email with a secure connections,
so they won't be intercept by hacker.
The url we send back as email should also use https and therefore, the hacker can,
in the middle cannot see what are the actual content being sent,
what is the actual token even though those are encrypted.
First, in this design,
we need to create a secure token. So let's design that.
We design by first encrypt the plaintext but we try to send for
by ;UcLion
some sort of secrets string.
And so this secret string we'll prefix with
the email and email address of the applicants.
So we use semicolon to separate
the secret string and the email address so that we can separate them and do a comparison.
To reduce the storage requirement on the server we
did not create different secret string for each users,
also to make it more secure, you can do that.
We generate 256 AES key with mnemonic string.
Here we use more by web programming as
show string and then the function will produce exactly 256 bit.
We encrypt these, the plaintext we just created was email and
secret string using AES 256 key with is a CPC cipher block turning mode.
Note that here we have in the news
the crypto API for such encryption and decryption already.
Additional thing to be taken care is the web app processing,
and because doing the web applications or processing,
both side, client and server side,
they do the url encoding that they will be
encoded by url using the url encoding method by the kind.
The server will do you url decoding.
And in the encoding method,
the space will be replaced with a plus sign,
any spatial symbol will be represented by the three character code,
percent sign followed by the hexadecimal.
Our encrypting data need to be processed by the Base64 because the binary data are
generated by the encryption method could have a spatial symbol and could
be controlled character and trigger the spatial function doing the transmission.
So we use basically for convert a binary eight bit binary data into a six bit.
So every three bit,
a suite binary byte will be converted to four byte or basically four characters.
And after that, because Base64 using
equal sign which is symbol and simple for a where you pay a delimiter,
we need to do url encoding.
Here, we discuss PHP code for generating the secure token.
We first create secret string with email containing the ;UcLuin.
We then use hash function to generate a key with sha256 method
digest using name on a key mobileWeb as the input.
We then using mcrypt_get_iv_size to get the actual IP size which is 128 bit.
Given the AES method and CPC operating mode.
Initial back to iv is then generate with
mcrypt_create_iv so that we can have
some renderings not easy for people to guess doing the transmission.
Given the size, it take the parameters of
the size of the iv and the source of the renderings,
which is coming from the slash tv slash urandom file.
The plaintext is then encrypted with
mcrypt_encrypt function given the iv and the key as a parameter.
The ciphertext is then prefix with iv to be
saved in the sending between what kind and server,
we first use base64_encode function and then encrypt the
resulting so that we encode the binary data in
basically for format to avoid a control character.
And then we don't use url encode to encode the data sent to the web server,
since we definitely need the server side script,
we would do the IO decode.
Here is a PHP code formulate the email messages with
the url link containing the email address
where you encrypt token we just introduced in the last slide.
And here in the $domain where we see
the current server domain name from the global hash array underscore server,
given the key HTP_HOST it is very convenient to use this
because since we sometimes moving
the server from one machine to the others with a different domain name,
by using this function,
this hash array query,
we get exactly right domain name.
And because in the url we send to the user,
there will be a domain name of the server they send it back.
The /php/confirmk.php is a server side script,
identifies a server side script to receive
these http request coming back when you click on the link.
It has two name=value pair after a question mark which
identify the query string within a big url.
The two name=value pair,
the one contain the email address,
the other contains encrypted secret token for
confirmk.php to verify indeed this is sent by the corresponding applicants.
Mail function is then used to send that email as you send it within html format.
You can see in the header they are using that content-type text/html and allow that to be
displayed nicely and also allow them to be clicked if
its no more text mode then we cannot create that click effects.
Here, we show the web server side script confirmk.php portion of it not the whole thing.
This confirmk.php process the sv request
send by everytime when they click the link in the email.
In php is a way to receive the value
of a name value pair in the query string of url is to use
the $_GET and because
the query string will be hand over by
the web server like PHP a party to a PHP interpreter.
The first thing that PHP interepreter would do
is take those query string passing it and then
say those name- the value of the name=value pair into a hash array using name as a key.
Now here we- once we hand over to the server side script for processing,
the server side script can retrieve back that particular value.
Know that the php interepret automatically perform the url encoding decoding on
the incoming value and save them in the global array hash array get.
If the message is used by the web browser send in is good,
if the send in message is post,
the resolve name=value pair will also in a different hash array underscore post.
And we get cyber attacks in basically for encoding format.
And since is in a basic format,
we need recover back the binary data.
We use basically 40 code to do that.
And the code is then for all that
a decryption code present in previous lecture on the PHP crypto API.
And here we verify the token value receive to see if it contains
the email address and secret string ;UcLion.
Since there is a pending character at the end of that is
crypt block and because
always a decrypted block are always sitting by, right?
And in this value case it happened to be not multiple of 16.
They are pairing tag as they are.
And one way to figure this out is
try to figure out what is the origin you know string plaintext.
And then we remove the remaining zero in when we receive the decrypt string, okay?
And after we update that there are based on
the applicant status the code is not displayed here,
but the words show machines you are going to clone on AWS.
We all have complete Rejnk.PHP and convert up
PHP code we demonstrate here in the last couple of slides.