sen-material: slides/slides04.tex@0516bffd3f5f (annotated)

41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1	\documentclass[dvipsnames,14pt,t]{beamer}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	2	\usepackage{../slides}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	3	\usepackage{../graphics}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	4	\usepackage{../langs}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	5	\usetikzlibrary{arrows}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	6	\usetikzlibrary{shapes}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	7
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	8	\setmonofont[Scale=.88]{Consolas}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	9	\newfontfamily{\consolas}{Consolas}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	10
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	11	\hfuzz=220pt
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	12
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	13	% beamer stuff
381 036a762b02cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 252 diff changeset	14	\renewcommand{\slidecaption}{SEN 04, King's College London}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	15	\newcommand{\bl}[1]{\textcolor{blue}{#1}}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	16
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	17	\begin{document}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	18
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	19	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	20	\begin{frame}[t]
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	21	\frametitle{%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	22	\begin{tabular}{@ {}c@ {}}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	23	\\
381 036a762b02cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 252 diff changeset	24	\LARGE Security Engineering (4)\\[-3mm]
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	25	\end{tabular}}\bigskip\bigskip\bigskip
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	26
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	27	\normalsize
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	28	\begin{center}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	29	\begin{tabular}{ll}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	30	Email: & christian.urban at kcl.ac.uk\\
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	31	Office: & S1.27 (1st floor Strand Building)\\
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	32	Slides: & KEATS (also home work is there)\\
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	33	\end{tabular}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	34	\end{center}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	35
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	36	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	37	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	38
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	39	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	40	\begin{frame}[c]
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	41
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	42	\begin{center}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	43	\includegraphics[scale=0.34]{../pics/trainwreck.jpg}\\
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	44	last week: buffer overflow attacks
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	45	\end{center}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	46
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	47	\begin{itemize}
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	48	\item no ``cheating'' needed for format string attacks
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	49	\item the main point: no cheating to start with
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	50	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	51
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	52	\end{frame}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	53	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	54
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	55	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	56	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	57
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	58	\begin{bubble}[10cm]\small How do we implement BOAs? On a
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	59	webpage login, for example Facebook, we can't do this. The
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	60	script will not let us enter hexadecimal numbers where email
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	61	or username is required and plus it will have a max length,
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	62	like 32 characters only. In this case, what can we do, since
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	63	the method you showed us wouldn't work?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	64	\end{bubble}\bigskip\bigskip\pause
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	65
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	66	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	67	\item Facebook no
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	68	\item printers, routers, cars, IoT etc likely
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	69	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	70
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	71
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	72	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	73	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	74
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	75	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	76	\begin{frame}[c]
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	77	\frametitle{Survey: Thanks!}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	78	\small
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	79
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	80	\begin{itemize}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	81	\item ``Would be good, if you provide more detailed explanations. I feel
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	82	your slides are not as structured as they could be.''
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	83	\item ``Please consider reference book chapters to cover core subject
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	84	areas.''\pause
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	85	\item ``The homework questions don't come directly from the
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	86	slides. So must go look things up.''
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	87	\item ``Could you please put the homework answers online, perhaps
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	88	just before the exam. That's late enough where we should have done
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	89	it and if not, we're screwed already then.''
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	90	\item ``Could you provide a brief basic answers to sheets for reference
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	91	and not to be relied on.''
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	92	\end{itemize}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	93
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	94	\end{frame}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	95	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	96
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	97	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	98	\begin{frame}[c]
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	99
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	100	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	101	\includegraphics[scale=0.45]{../pics/trainwreck.jpg}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	102	last week: buffer overflow attacks
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	103	\end{center}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	104
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	105	\end{frame}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	106	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	107
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	108	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	109	\begin{frame}[c]
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	110	\frametitle{\begin{tabular}{c}Two General Counter\\[-1mm]
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	111	Measures against BOAs etc\end{tabular}}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	112
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	113	Both try to reduce the attack surface:\bigskip
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	114
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	115	\begin{itemize}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	116	\item \alert{\bf unikernels} -- the idea is to not have
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	117	an operating system at all
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	118	\item all functionality of the server is implemented in a
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	119	single, stand-alone program
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	120	\item all functionality an operating system would normally
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	121	provide (network stack, file system) is available through
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	122	libraries
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	123	\item the best known unikernel is MirageOS using Ocaml
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	124	(\url{https://mirage.io})
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	125	\end{itemize}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	126
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	127	\end{frame}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	128	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	129
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	130
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	131	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	132	\begin{frame}[c]
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	133	\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm]
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	134	Privilege Separation\end{tabular}}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	135
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	136
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	137	\begin{center}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	138	\begin{tikzpicture}[scale=1]
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	139
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	140	\draw[line width=1mm] (-.3, 0) rectangle (1.5,2);
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	141	\draw (4.7,1) node {Internet};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	142	\draw (-2.7,1.7) node {\footnotesize Application};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	143	\draw (0.6,1.7) node {\footnotesize Interface};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	144	\draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	145	\draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	146
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	147	\draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	148
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	149	\draw[white] (1.7,1) node (X) {};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	150	\draw[white] (3.7,1) node (Y) {};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	151	\draw[red, <->, line width = 2mm] (X) -- (Y);
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	152
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	153	\draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1);
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	154	\end{tikzpicture}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	155	\end{center}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	156
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	157	\begin{itemize}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	158	\item the idea is make the attack surface smaller and mitigate the
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	159	consequences of an attack
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	160	\end{itemize}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	161	\end{frame}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	162	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	163
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	164	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	165	\begin{frame}[c]
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	166	\frametitle{Access Control in Unix}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	167
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	168	\begin{itemize}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	169	\item access control provided by the OS
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	170	\item authenticate principals
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	171	\item mediate access to files, ports, processes etc according to
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	172	\alert{roles} (user ids)\\
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	173	\item roles get attached with privileges (some special roles: root)\bigskip\\
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	174
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	175	\hspace{8mm}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	176	\begin{bubble}[8cm]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	177	\alert{\bf principle of least privilege:}\\
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	178	users and programs should only have as much privilege as they need to
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	179	accomplish a task
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	180	\end{bubble}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	181	\end{itemize}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	182
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	183	\end{frame}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	184	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	185
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	186	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	187	\begin{frame}[c]
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	188	\frametitle{Access Control in Unix (2)}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	189
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	190
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	191	\begin{itemize}
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	192	\item privileges are specified by file access permissions (``everything is a file'')\medskip
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	193	\item there are 9 (plus 2) bits that specify the permissions of a file
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	194	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	195
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	196	\begin{center}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	197	${\underbrace{\LARGE\texttt{-}}_{\text{\makebox[0mm]{directory}}}}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	198	\;{\underbrace{\LARGE\texttt{r{}-{}-}}_{\text{user}}}\,
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	199	{\underbrace{\LARGE\texttt{r{}w{}-}}_{\text{group}}}\,
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	200	{\underbrace{\LARGE\texttt{r{}w{}x}}_{\text{other}}}\;\;\;
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	201	\LARGE\texttt{bob}\;\;\texttt{staff}\;\;\texttt{file}$
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	202	\end{center}
388 770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	203
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	204	\end{frame}
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	205	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	206
388 770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	207
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	208	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	209	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	210	\frametitle{Unix-Style Access Control}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	211	\small
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	212
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	213	\begin{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	214	\item
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	215	Q: ``I am using Windows. Why should I care?'' \\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	216	A: In Windows you have similar AC:
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	217
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	218	\begin{center}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	219	\begin{tabular}{l}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	220	administrators group\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	221	\hspace{5mm}(has complete control over the machine)\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	222	authenticated users\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	223	server operators\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	224	power users\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	225	network configuration operators
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	226	\end{tabular}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	227	\end{center}\medskip
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	228
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	229	\item Modern versions of Windows have more fine-grained AC than Unix;
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	230	they do not have a setuid bit, but have \texttt{runas} (asks for a
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	231	password).\pause
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	232
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	233	\item OS-provided access control can \alert{\bf add} to your security.
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	234	(defence in depth)
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	235	\end{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	236
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	237	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	238	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	239
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	240	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	241	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	242	\frametitle{Weaknesses of Unix AC}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	243
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	244	Not just restricted to Unix:
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	245
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	246	\begin{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	247	\item if you have too many roles (i.e.~too finegrained AC), then
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	248	hierarchy is too complex\\ \textcolor{gray}{you invite situations
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	249	like\ldots let's be root}\bigskip
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	250
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	251	\item you can still abuse the system\ldots
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	252	\end{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	253
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	254	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	255	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	256
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	257	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	258	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	259	\frametitle{A ``Cron''-Attack}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	260
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	261	The idea is to trick a privileged person to do something on your
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	262	behalf:
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	263
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	264	\begin{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	265	\item root:\\\texttt{rm /tmp//}\bigskip\bigskip\pause
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	266
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	267	\footnotesize
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	268	\begin{minipage}{1.1\textwidth}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	269	\textcolor{gray}{the shell behind the scenes:}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	270	\textcolor{gray}{\texttt{rm /tmp/dir$_1$/file$_1$ /tmp/dir$_1$/file$_2$ /tmp/dir$_2$/file$_1$ \ldots}}\bigskip\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	271
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	272	\textcolor{gray}{this takes time}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	273	\end{minipage}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	274	\end{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	275
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	276	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	277	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	278
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	279	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	280	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	281	\frametitle{A ``Cron''-Attack}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	282
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	283	\begin{enumerate}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	284	\item attacker \textcolor{gray}{(creates a fake passwd file)}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	285	\texttt{mkdir /tmp/a; cat > /tmp/a/passwd}\medskip
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	286	\item root \textcolor{gray}{(does the daily cleaning)}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	287	\texttt{rm /tmp//}\medskip\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	288	\hspace{2cm}\textcolor{gray}{\small records that \texttt{/tmp/a/passwd}}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	289	\hspace{2cm}\textcolor{gray}{\small should be deleted, but does not do it yet}\medskip\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	290
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	291	\item attacker \textcolor{gray}{(meanwhile deletes the fake passwd file, and establishes a link to
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	292	the real passwd file)}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	293	\texttt{rm /tmp/a/passwd; rmdir /tmp/a;}\\\texttt{ln -s /etc /tmp/a}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	294	\item root now deletes the real passwd file
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	295	\end{enumerate}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	296
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	297	\only<2>{
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	298	\begin{textblock}{11}(2,5)
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	299	\begin{bubble}[8cm]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	300	\normalsize To prevent this kind of attack, you need additional
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	301	policies (don't do such operations as root).
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	302	\end{bubble}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	303	\end{textblock}}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	304
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	305	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	306	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	307
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	308	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	309	\begin{frame}[c]
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	310	\frametitle{\begin{tabular}{c}Infamous Security Flaws\\[-1mm]
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	311	in Unix\end{tabular}}
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	312
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	313
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	314	\begin{itemize}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	315	\item \texttt{lpr} unfortunately runs with root privileges; you had the option to delete files after printing \ldots\pause
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	316	\item for debugging purposes (FreeBSD) Unix provides a ``core dump'', but allowed to follow links \ldots\pause
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	317	\item \texttt{mkdir foo} is owned by root\medskip
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	318	\begin{center}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	319	\texttt{-rwxr-xr-x 1 root wheel /bin/mkdir}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	320	\end{center}\medskip
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	321	it first creates an i-node as root and then changes to ownership to the user's id\\ \textcolor{gray}{\small (race condition -- can be automated with a shell script)}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	322	\end{itemize}
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	323
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	324	\only<4->{
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	325	\begin{textblock}{1}(3,7)
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	326	\begin{tikzpicture}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	327	\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	328	{\begin{minipage}{8cm}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	329	Only failure makes us experts.
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	330	-- Theo de Raadt (OpenBSD, OpenSSH)
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	331	\end{minipage}};
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	332	\end{tikzpicture}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	333	\end{textblock}}
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	334
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	335	\end{frame}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	336	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	337
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	338	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	339	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	340	\frametitle{Subtleties}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	341
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	342
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	343	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	344	\item<1-> Can Bob write \pcode{file}?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	345	\item<2-> What if Bob is member of \pcode{staff}?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	346	\end{itemize}\bigskip
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	347
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	348	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	349	${\underbrace{\Large\texttt{-}}_{\text{\makebox[0mm]{directory}}}}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	350	\;{\underbrace{\Large\texttt{r{}-{}-}}_{\text{user}}}\,
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	351	{\underbrace{\Large\texttt{r{}w{}-}}_{\text{group}}}\,
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	352	{\underbrace{\Large\texttt{r{}w{}x}}_{\text{other}}}\;\;\;
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	353	\Large\texttt{bob}\;\;\texttt{staff}\;\;\texttt{file}$
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	354	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	355
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	356	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	357	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	358
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	359	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	360	\begin{frame}[c]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	361	\frametitle{Login Processes}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	362
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	363
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	364	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	365	\item login processes run under UID $=$ \pcode{0}\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	366	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	367	\texttt{ps -axl \| grep login}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	368	\end{center}\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	369
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	370	\item after login, shells run under UID $=$ user (e.g.~501)\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	371	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	372	\texttt{id cu}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	373	\end{center}\medskip\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	374
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	375	\item non-root users are not allowed to change the UID --- would break
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	376	access control
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	377	\item but needed for example for accessing \texttt{passwd}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	378	\end{itemize}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	379
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	380	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	381	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	382
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	383	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	384	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	385	\frametitle{Setuid and Setgid}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	386
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	387	The solution is that Unix file permissions are 9 + \underline{2 Bits}:
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	388	\alert{\bf Setuid} and \alert{\bf Setgid} bits
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	389
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	390	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	391	\item When a file with setuid is executed, the resulting process will
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	392	assume the UID given to the \underline{owner} of the file.
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	393	\item This enables users to create processes as root (or another
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	394	user).\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	395
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	396	\item Essential for changing passwords, for example.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	397	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	398
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	399	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	400	\texttt{chmod 4755 fobar\_file}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	401	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	402
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	403	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	404	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	405
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	406	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	407	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	408	\small
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	409
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	410	\lstinputlisting[language={},numbers=none,xleftmargin=-6mm]{lst}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	411
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	412
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	413	\begin{center}
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	414	\begin{tabular}{@{\hspace{-24mm}}ll}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	415	members of group staff: & ping, bob, emma\\
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	416	members of group students: & emma\\
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	417	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	418	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	419
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	420	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	421	\begin{tabular}{@{\hspace{-7mm}}r\|c\|c\|c\|c\|c@{}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	422	& manual.txt & report.txt & microedit & src/code.c & src/code.h \\\hline
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	423	ping & & & & &\\\hline
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	424	bob & & & & &\\\hline
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	425	emma & & & & &\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	426	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	427	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	428
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	429	\end{frame}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	430	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	431
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	432	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	433	\begin{frame}[c]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	434	\frametitle{\Large Discretionary Access Control}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	435
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	436	\small
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	437	\begin{itemize}
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	438	\item Access to objects (files, directories, devices, etc.) is
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	439	permitted based on user identity. Each object is owned by a
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	440	user. Owners can specify freely (at their discretion) how they want to
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	441	share their objects with other users, by specifying which other users
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	442	can have which form of access to their objects.\medskip
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	443
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	444	\item Discretionary access control is implemented on any modern multi-user
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	445	OS (Unix, Windows NT, etc.).
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	446	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	447
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	448	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	449	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	450
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	451	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	452	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	453	\frametitle{\Large Mandatory Access Control}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	454
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	455	\small
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	456	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	457	\item Access to objects is controlled by a system-wide policy, for
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	458	example to prevent certain flows of information. In some forms, the
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	459	system maintains security labels for both objects and subjects
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	460	(processes, users) based on which access is granted or
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	461	denied. Labels can change as the result of an access. Security
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	462	policies are enforced without the cooperation of users or
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	463	programs.\medskip
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	464
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	465	\item This is implemented in banking or military operating system
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	466	versions (SELinux).\pause
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	467	\item A simple example: Air Gap Security. Uses a completely separate network
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	468	and computer hardware for different application classes (Bin Laden, Bruce Schneier had
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	469	airgaps).\pause
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	470	\item What do we want to protect: Secrecy or Integrity?
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	471	\end{itemize}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	472
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	473	\end{frame}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	474	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	475
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	476
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	477	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	478	\begin{frame}[c]
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	479	\frametitle{The Bell-LaPadula Model}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	480	\small
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	481
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	482	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	483	\item Formal policy model for mandatory access control in a military
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	484	multi-level security environment. All subjects (processes, users,
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	485	terminals, files, windows, connections) are labeled
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	486	with a confidentiality level, e.g.
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	487	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	488	unclassified < confidential < secret < top secret
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	489	\end{center}\medskip
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	490
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	491	\item The system policy automatically prevents the flow of information
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	492	from high-level objects to lower levels. A process that reads top
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	493	secret data becomes tagged as top secret by the operating system, as
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	494	will be all files into which it writes afterwards.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	495	%Each user has a maximum allowed confidentiality level specified and
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	496	%cannot receive data beyond that level. A selected set of trusted
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	497	%subjects is allowed to bypass the restrictions, in order to permit
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	498	%the declassification of information.
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	499	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	500
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	501	\end{frame}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	502	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	503
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	504	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	505	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	506	\frametitle{Bell-LaPadula}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	507	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	508
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	509	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	510	\item \alert{Read Rule}: A principal \bl{$P$} can read an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	511	\bl{$P$}'s security level is at least as high as \bl{$O$}'s.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	512	\item \alert{Write Rule}: A principal \bl{$P$} can write an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	513	\bl{$O$}'s security level is at least as high as \bl{$P$}'s.\medskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	514
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	515	%\item Meta-Rule: All principals in a system should have a sufficiently high security level
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	516	%in order to access an object.
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	517	\end{itemize}\bigskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	518
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	519	This restricts information flow $\Rightarrow$ military\bigskip\bigskip\pause
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	520
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	521	Bell-LaPadula: {\bf `no read up'} - {\bf `no write down'}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	522
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	523	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	524	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	525
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	526	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	527	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	528	\frametitle{\begin{tabular}{c}Principle of\\[-2mm] Least Privilege\end{tabular}}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	529
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	530	\begin{bubble}[10cm]
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	531	A principal should have as few privileges as possible to access a resource.
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	532	\end{bubble}\bigskip\bigskip
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	533	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	534
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	535	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	536	\item Bob ($T\!S$) and Alice ($S$) want to communicate
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	537	\item[] $\Rightarrow$ Bob should lower his security level
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	538	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	539
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	540	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	541	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	542
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	543	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	544	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	545	\frametitle{Biba Policy}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	546	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	547
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	548	Data Integrity (rather than data secrecy)
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	549
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	550	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	551	\item Biba: {\bf `no read down'} - {\bf `no write up'}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	552	\item \alert{Read Rule}: A principal \bl{$P$} can read an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	553	\bl{$P$}'s security level is lower or equal than \bl{$O$}'s.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	554	\item \alert{Write Rule}: A principal \bl{$P$} can write an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	555	\bl{$O$}'s security level is lower or equal than \bl{$P$}'s.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	556	\end{itemize}\bigskip\bigskip\pause
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	557
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	558	E.g.~Firewalls: you can read from inside the firewall, but not from outside\\
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	559	Phishing: you can look at an approved PDF, but not one from a random email\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	560
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	561	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	562	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	563
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	564	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	565	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	566	\frametitle{Security Levels (2)}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	567
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	568	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	569	\item Bell-La Padula preserves data secrecy, but not data
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	570	integrity\bigskip\pause
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	571
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	572	\item Biba model is for data integrity
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	573
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	574	\begin{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	575	\item read: your own level and above
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	576	\item write: your own level and below
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	577	\end{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	578	\end{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	579
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	580	\end{frame}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	581	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	582
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	583	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	584	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	585	\frametitle{Shared Access Control}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	586
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	587	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	588	\includegraphics[scale=0.7]{../pics/pointsplane.jpg}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	589	\end{center}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	590
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	591	\begin{textblock}{11}(10.5,10.5)
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	592	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	593	To take an action you\\[-1mm]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	594	need at least either:
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	595	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	596	\item 1 CEO\\[-5mm]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	597	\item 2 MDs, or\\[-5mm]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	598	\item 3 Ds
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	599	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	600	\end{textblock}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	601
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	602	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	603	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	604
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	605	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	606	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	607	\frametitle{\Large Lessons from Access Control}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	608
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	609	Not just restricted to Unix:
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	610
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	611	\begin{itemize}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	612	\item if you have too many roles (i.e.~too finegrained AC), then
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	613	hierarchy is too complex\\
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	614	\textcolor{gray}{you invite situations like\ldots lets be root}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	615
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	616	\item you can still abuse the system\ldots
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	617	\end{itemize}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	618
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	619	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	620	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	621
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	622	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	623	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	624	\frametitle{Protocols}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	625
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	626	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	627	\includegraphics[scale=0.11]{../pics/keyfob.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	628	\quad
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	629	\includegraphics[scale=0.3025]{../pics/startstop.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	630	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	631
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	632	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	633	\item Other examples: Wifi, Http-request, TCP-request,
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	634	card readers, RFID (passports)\medskip\pause
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	635
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	636	\item The point is that we cannot control the network: An attacker
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	637	can install a packet sniffer, inject packets, modify packets,
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	638	replay messages\ldots{}fake pretty much everything.
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	639	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	640
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	641	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	642	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	643
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	644	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	645	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	646	\frametitle{Keyless Car Transponders}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	647
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	648	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	649	\includegraphics[scale=0.1]{../pics/keyfob.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	650	\quad
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	651	\includegraphics[scale=0.27]{../pics/startstop.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	652	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	653
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	654	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	655	\item There are two security mechanisms: one remote central
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	656	locking system and one passive RFID tag (engine immobiliser).
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	657	\item How can I get in? How can thieves be kept out?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	658	How to avoid MITM attacks?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	659	\end{itemize}\medskip
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	660
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	661	\footnotesize
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	662	\hfill Papers: Gone in 360 Seconds: Hijacking with Hitag2,\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	663	\hfill Dismantling Megamos Crypto: Wirelessly Lockpicking\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	664	\hfill a Vehicle Immobilizer
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	665
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	666	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	667	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	668
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	669	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	670	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	671	\frametitle{HTTPS / GSM}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	672
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	673	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	674	\includegraphics[scale=0.25]{../pics/barclays.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	675	\quad
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	676	\includegraphics[scale=0.25]{../pics/phone-signal.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	677	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	678
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	679	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	680	\item I am sitting at Starbuck. How can I be sure I am really
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	681	visiting Barclays? I have no control of the access
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	682	point.
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	683	\item How can I achieve that a secret key is established in
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	684	order to encrypt my mobile conversation? I have no
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	685	control over the access points.
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	686	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	687
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	688	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	689	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	690	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	691	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	692	\frametitle{Handshakes}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	693
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	694	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	695	\item starting a TCP connection between a client and a server
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	696	initiates the following three-way handshake protocol:
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	697	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	698
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	699	\begin{columns}[t]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	700	\begin{column}{5cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	701	\begin{minipage}[t]{4cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	702	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	703	\raisebox{-2cm}{\includegraphics[scale=0.5]{../pics/handshake.png}}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	704	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	705	\end{minipage}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	706	\end{column}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	707	\begin{column}{5cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	708	\begin{tabular}[t]{rl}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	709	Alice: & Hello server!\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	710	Server: & I heard you\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	711	Alice: & Thanks
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	712	\end{tabular}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	713	\end{column}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	714	\end{columns}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	715
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	716	\only<2>{
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	717	\begin{textblock}{3}(11,5)
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	718	\begin{bubble}[3.2cm]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	719	SYNflood attacks:\medskip\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	720	\includegraphics[scale=0.4]{../pics/synflood.png}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	721	\end{bubble}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	722	\end{textblock}}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	723
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	724	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	725	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	726
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	727	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	728	\begin{frame}[t]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	729	\frametitle{Protocols}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	730
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	731	\mbox{}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	732
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	733	\begin{tabular}{l}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	734	{\Large \bl{$A\;\rightarrow\; B : \ldots$}}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	735	\onslide<2->{\Large \bl{$B\;\rightarrow\; A : \ldots$}}\\
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	736	\onslide<2->{\Large \;\;\;\;\;\bl{$:$}}\bigskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	737	\end{tabular}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	738
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	739	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	740	\item by convention \bl{$A$}, \bl{$B$} are named principals \bl{Alice\ldots}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	741	but most likely they are programs, which just follow some instructions (they are more like roles)\bigskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	742	\item<2-> indicates one ``protocol run'', or session, which specifies some
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	743	order in the communication
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	744	\item<2-> there can be several sessions in parallel (think of wifi routers)
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	745	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	746
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	747	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	748	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	749
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	750	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	751	\begin{frame}[c]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	752	\frametitle{Handshakes}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	753
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	754	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	755	\item starting a TCP connection between a client and a server
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	756	initiates the following three-way handshake protocol:
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	757	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	758
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	759	\begin{columns}[t]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	760	\begin{column}{5cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	761	\begin{minipage}[t]{4cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	762	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	763	\raisebox{-2cm}{\includegraphics[scale=0.5]{../pics/handshake.png}}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	764	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	765	\end{minipage}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	766	\end{column}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	767	\begin{column}{5cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	768	\begin{tabular}[t]{rl}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	769	Alice: & Hello server!\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	770	Server: & I heard you\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	771	Alice: & Thanks
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	772	\end{tabular}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	773	\end{column}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	774	\end{columns}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	775
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	776	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	777	\begin{tabular}{rl}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	778	\bl{$A \rightarrow S$}: & \bl{SYN}\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	779	\bl{$S \rightarrow A$}: & \bl{SYN-ACK}\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	780	\bl{$A \rightarrow S$}: & \bl{ACK}\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	781	\end{tabular}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	782	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	783
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	784	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	785	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	786
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	787	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	788	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	789	\frametitle{\Large Cryptographic Protocol Failures}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	790
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	791	Ross Anderson and Roger Needham wrote:\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	792
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	793	\begin{quote}\rm
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	794	A lot of the recorded frauds were the result of this kind of
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	795	blunder, or from management negligence pure and simple.
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	796	\alert{However,
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	797	there have been a significant number of cases where the designers
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	798	protected the right things, used cryptographic algorithms which were
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	799	not broken, and yet found that their systems were still successfully
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	800	attacked.}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	801	\end{quote}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	802
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	803	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	804	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	805
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	806	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	807	\begin{frame}<1-3>[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	808	\frametitle{Oyster Cards}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	809
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	810	\includegraphics[scale=0.4]{../pics/oysterc.jpg}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	811
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	812	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	813	\item good example of a bad protocol\\ (security by obscurity)\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	814	\item<3-> ``Breaching security on Oyster cards should not
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	815	allow unauthorised use for more than a day, as TfL promises to turn
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	816	off any cloned cards within 24 hours\ldots''
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	817	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	818
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	819	\only<2>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	820	\begin{textblock}{12}(0.5,0.5)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	821	\begin{bubble}[11cm]\footnotesize
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	822	{\bf Wirelessly Pickpocketing a Mifare Classic Card}\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	823
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	824	The Mifare Classic is the most widely used contactless smartcard on the
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	825	market. The stream cipher CRYPTO1 used by the Classic has recently been
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	826	reverse engineered and serious attacks have been proposed. The most serious
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	827	of them retrieves a secret key in under a second. In order to clone a card,
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	828	previously proposed attacks require that the adversary either has access to
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	829	an eavesdropped communication session or executes a message-by-message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	830	man-in-the-middle attack between the victim and a legitimate
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	831	reader. Although this is already disastrous from a cryptographic point of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	832	view, system integrators maintain that these attacks cannot be performed
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	833	undetected.\smallskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	834
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	835	This paper proposes four attacks that can be executed by an adversary having
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	836	only wireless access to just a card (and not to a legitimate reader). The
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	837	most serious of them recovers a secret key in less than a second on ordinary
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	838	hardware. Besides the cryptographic weaknesses, we exploit other weaknesses
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	839	in the protocol stack. A vulnerability in the computation of parity bits
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	840	allows an adversary to establish a side channel. Another vulnerability
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	841	regarding nested authentications provides enough plaintext for a speedy
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	842	known-plaintext attack.\hfill{}(a paper from 2009)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	843	\end{bubble}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	844	\end{textblock}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	845
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	846	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	847	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	848
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	849	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	850	\begin{frame}<1->[t]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	851	\frametitle{Another Example}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	852
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	853	In an email from Ross Anderson\bigskip\small
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	854
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	855	\begin{tabular}{l}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	856	From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	857	Sender: cl-security-research-bounces@lists.cam.ac.uk\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	858	To: cl-security-research@lists.cam.ac.uk\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	859	Subject: Birmingham case\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	860	Date: Tue, 13 Aug 2013 15:13:17 +0100\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	861	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	862
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	863
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	864	\only<2>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	865	\begin{textblock}{12}(0.5,0.8)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	866	\begin{bubble}[11cm]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	867	\footnotesize
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	868	As you may know, Volkswagen got an injunction against the University of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	869	Birmingham suppressing the publication of the design of a weak cipher
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	870	used in the remote key entry systems in its recent-model cars. The paper
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	871	is being given today at Usenix, minus the cipher design.\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	872
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	873	I've been contacted by Birmingham University's lawyers who seek to prove
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	874	that the cipher can be easily obtained anyway. They are looking for a
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	875	student who will download the firmware from any newish VW, disassemble
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	876	it and look for the cipher. They'd prefer this to be done by a student
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	877	rather than by a professor to emphasise how easy it is.\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	878
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	879	Volkswagen's argument was that the Birmingham people had reversed a
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	880	locksmithing tool produced by a company in Vietnam, and since their key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	881	fob chip is claimed to be tamper-resistant, this must have involved a
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	882	corrupt insider at VW or at its supplier Thales. Birmingham's argument
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	883	is that this is nonsense as the cipher is easy to get hold of. Their
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	884	lawyers feel this argument would come better from an independent
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	885	outsider.\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	886
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	887	Let me know if you're interested in having a go, and I'll put you in
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	888	touch
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	889
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	890	Ross
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	891	\end{bubble}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	892	\end{textblock}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	893
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	894	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	895	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	896
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	897	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	898	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	899	\frametitle{Authentication Protocols}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	900
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	901
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	902	Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	903
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	904	Passwords:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	905
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	906	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	907	\bl{$B \rightarrow A: K_{AB}$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	908	\end{center}\pause\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	909
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	910	Problem: Eavesdropper can capture the secret and replay it; \bl{$A$} cannot confirm the
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	911	identity of \bl{$B$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	912
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	913	\end{frame}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	914	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	915
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	916	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	917	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	918	\frametitle{Authentication?}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	919
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	920	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	921	\raisebox{-2cm}{\includegraphics[scale=0.4]{../pics/dogs.jpg}}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	922	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	923
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	924	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	925	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	926
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	927	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	928	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	929	\frametitle{Authentication Protocols}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	930
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	931	Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	932
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	933	Simple Challenge Response:
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	934
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	935	\begin{center}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	936	\begin{tabular}{ll}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	937	\bl{$A \rightarrow B:$} & \bl{$N$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	938	\bl{$B \rightarrow A:$} & \bl{$\{N\}_{K_{AB}}$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	939	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	940	\end{center}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	941
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	942
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	943	\end{frame}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	944	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	945
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	946	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	947	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	948	\frametitle{Authentication Protocols}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	949
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	950	Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	951
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	952	Mutual Challenge Response:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	953
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	954	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	955	\begin{tabular}{ll}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	956	\bl{$A \rightarrow B:$} & \bl{$N_A$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	957	\bl{$B \rightarrow A:$} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	958	\bl{$A \rightarrow B:$} & \bl{$N_B$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	959	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	960	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	961
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	962	%\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	963	%An attacker \bl{$E$} can launch an impersonation attack by
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	964	%intercepting all messages for \bl{$B$} and make \bl{$A$} decrypt her
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	965	%own challenges.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	966
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	967	\end{frame}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	968	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	969
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	970	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	971	\begin{frame}[c]
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	972	\frametitle{Nonces}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	973
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	974	\begin{enumerate}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	975	\item I generate a nonce (random number) and send it to you encrypted with a key we share
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	976	\item you increase it by one, encrypt it under a key I know and send
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	977	it back to me
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	978	\end{enumerate}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	979
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	980
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	981	I can infer:
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	982
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	983	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	984	\item you must have received my message
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	985	\item you could only have generated your answer after I send you my initial
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	986	message
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	987	\item if only you and me know the key, the message must have come from you
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	988	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	989
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	990	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	991	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	992
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	993	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	994	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	995
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	996	\begin{center}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	997	\begin{tabular}{ll}
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	998	\bl{$A \rightarrow B$:} & \bl{$N_A$}\\
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	999	\bl{$B \rightarrow A$:} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1000	\bl{$A \rightarrow B$:} & \bl{$N_B$}\\
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1001	\end{tabular}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1002	\end{center}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1003
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1004	The attack (let $A$ decrypt her own messages):
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1005
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1006	\begin{center}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1007	\begin{tabular}{ll}
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1008	\bl{$A \rightarrow E$:} & \bl{$N_A$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1009	\textcolor{gray}{$E \rightarrow A$:} & \textcolor{gray}{$N_A$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1010	\textcolor{gray}{$A \rightarrow E$:} & \textcolor{gray}{$\{N_A, N_A'\}_{K_{AB}}$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1011	\bl{$E \rightarrow A$:} & \bl{$\{N_A, N_A'\}_{K_{AB}}$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1012	\bl{$A \rightarrow E$:} & \bl{$N_A' \;\;(= N_B)$}\\
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1013	\end{tabular}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1014	\end{center}\pause
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1015
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1016	\small Solutions: \bl{$K_{AB} \not= K_{BA}$} or include an id in the second message
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1017	\end{frame}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1018	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1019
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1020	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1021	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1022	\frametitle{Encryption to the Rescue?}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1023
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1024
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1025	\begin{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1026	\item \bl{$A \,\rightarrow\, B : \{A, N_A\}_{K_{AB}}$}\hspace{1cm} encrypted\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1027	\item \bl{$B\,\rightarrow\, A : \{N_A, K'_{AB}\}_{K_{AB}}$}\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1028	\item \bl{$A \,\rightarrow\, B : \{N_A\}_{K'_{AB}}$}\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1029	\end{itemize}\pause
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1030
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1031	means you need to send separate ``Hello'' signals (bad), or worse
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1032	share a single key between many entities
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1033	\end{frame}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1034	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1035
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1036	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1037	\begin{frame}[c]
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1038	\frametitle{Protocol Attacks}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1039
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1040	\begin{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1041	\item replay attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1042	\item reflection attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1043	\item man-in-the-middle attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1044	\item timing attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1045	\item parallel session attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1046	\item binding attacks (public key protocols)
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1047	\item changing environment / changing assumptions\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1048
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1049	\item (social engineering attacks)
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1050	\end{itemize}
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1051	\end{frame}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1052	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1053
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1054	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
252 fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1055	\begin{frame}[c]
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1056	\frametitle{Public-Key Infrastructure}
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1057
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1058	\begin{itemize}
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1059	\item the idea is to have a certificate authority (CA)
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1060	\item you go to the CA to identify yourself
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1061	\item CA: ``I, the CA, have verified that public key \bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1062	\item CA must be trusted by everybody
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1063	\item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1064	explicitly limits liability to \$100.)
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1065	\end{itemize}
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1066
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1067	\end{frame}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1068	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1069
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1070	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1071	\begin{frame}[c]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1072	\frametitle{Man-in-the-Middle}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1073
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1074	``Normal'' protocol run:\bigskip
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1075
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1076	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1077	\item \bl{$A$} sends public key to \bl{$B$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1078	\item \bl{$B$} sends public key to \bl{$A$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1079	\item \bl{$A$} sends message encrypted with \bl{$B$}'s public key, \bl{$B$} decrypts it
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1080	with its private key
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1081	\item \bl{$B$} sends message encrypted with \bl{$A$}'s public key, \bl{$A$} decrypts it
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1082	with its private key
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1083	\end{itemize}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1084
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1085	\end{frame}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1086	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1087
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1088	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1089	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1090	\frametitle{Man-in-the-Middle}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1091
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1092	Attack:
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1093
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1094	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1095	\item \bl{$A$} sends public key to \bl{$B$} --- \bl{$C$} intercepts this message and send his own public key
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1096	\item \bl{$B$} sends public key to \bl{$A$} --- \bl{$C$} intercepts this message and send his own public key
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1097	\item \bl{$A$} sends message encrypted with \bl{$C$}'s public key, \bl{$C$} decrypts it
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1098	with its private key, re-encrypts with \bl{$B$}'s public key
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1099	\item similar for other direction
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1100	\end{itemize}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1101
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1102	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1103	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1104
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1105	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1106	\begin{frame}[c]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1107	\frametitle{Man-in-the-Middle}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1108
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1109	Potential Prevention?
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1110
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1111	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1112	\item \bl{$A$} sends public key to \bl{$B$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1113	\item \bl{$B$} sends public key to \bl{$A$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1114	\item \bl{$A$} encrypts message with \bl{$B$}'s public key, send's {\bf half} of the message
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1115	\item \bl{$B$} encrypts message with \bl{$A$}'s public key, send's {\bf half} of the message
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1116	\item \bl{$A$} sends other half, \bl{$B$} can now decrypt entire message
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1117	\item \bl{$B$} sends other half, \bl{$A$} can now decrypt entire message
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1118	\end{itemize}\pause
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1119
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1120	%\bl{$C$} would have to invent a totally new message
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1121	\alert{Under which circumstances does this protocol prevent
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1122	MiM-attacks, or does it?}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1123
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1124	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1125	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1126
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1127	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1128	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1129	\frametitle{Car Transponder (HiTag2)}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1130
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1131	\begin{enumerate}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1132	\item \bl{$C$} generates a random number \bl{$N$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1133	\item \bl{$C$} calculates \bl{$(F,G) = \{N\}_K$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1134	\item \bl{$C \to T$}: \bl{$N, F$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1135	\item \bl{$T$} calculates \bl{$(F',G') = \{N\}_K$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1136	\item \bl{$T$} checks that \bl{$F = F'$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1137	\item \bl{$T \to C$}: \bl{$N, G'$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1138	\item \bl{$C$} checks that \bl{$G = G'$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1139	\end{enumerate}\pause
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1140
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1141	\small
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1142	This process means that the transponder believes the car knows
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1143	the key \bl{$K$}, and the car believes the transponder knows
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1144	the key \bl{$K$}. They have authenticated themselves
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1145	to each other, or have they?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1146
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1147	\end{frame}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1148	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1149
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1150	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1151	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1152
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1153	A Man-in-the-middle attack in real life:
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1154
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1155	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1156	\item the card only says yes to the terminal if the PIN is correct
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1157	\item trick the card in thinking transaction is verified by signature
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1158	\item trick the terminal in thinking the transaction was verified by PIN
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1159	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1160
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1161	\begin{minipage}{1.1\textwidth}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1162	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1163	\mbox{}\hspace{-6mm}\includegraphics[scale=0.5]{../pics/chip-attack.png}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1164	\includegraphics[scale=0.3]{../pics/chipnpinflaw.png}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1165	\end{center}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1166	\end{minipage}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1167
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1168	\end{frame}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1169	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1170
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1171	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1172	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1173	\frametitle{Problems with EMV}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1174
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1175	\begin{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1176	\item it is a wrapper for many protocols
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1177	\item specification by consensus (resulted unmanageable complexity)
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1178	\item its specification is 700 pages in English plus 2000+ pages for testing, additionally some
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1179	further parts are secret
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1180	\item other attacks have been found
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1181	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1182
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1183	\end{frame}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1184	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1185
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1186
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1187	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1188	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1189	\frametitle{Protocols are Difficult}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1190
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1191	\begin{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1192	\item even the systems designed by experts regularly fail\medskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1193	\item try to make everything explicit (you need to authenticate all data you might rely on)\medskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1194	\item the one who can fix a system should also be liable for the losses\medskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1195	\item cryptography is often not {\bf the} answer\bigskip\bigskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1196	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1197
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1198	\end{frame}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1199	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1200
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1201	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1202	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1203	\frametitle{Best Practices}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1204
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1205	{\bf Principle 1:} Every message should say what it means: the interpretation of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1206	a message should not depend on the context.\bigskip\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1207
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1208	{\bf Principle 2:} If the identity of a principal is essential to the meaning of a message, it is prudent
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1209	to mention the principal’s name explicitly in the message (though difficult).\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1210
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1211	\end{frame}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1212	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1213
43 de3e32e10628 added Christian Urban <urbanc@in.tum.de> parents: 41 diff changeset	1214	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
de3e32e10628 added Christian Urban <urbanc@in.tum.de> parents: 41 diff changeset	1215	\begin{frame}[c]
de3e32e10628 added Christian Urban <urbanc@in.tum.de> parents: 41 diff changeset	1216
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1217	{\bf Principle 3:} Be clear about why encryption is being
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1218	done. Encryption is not cheap, and not asking precisely why it is
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1219	being done can lead to redundancy. Encryption is not synonymous with
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1220	security.
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1221
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1222	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1223	Possible Uses of Encryption
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1224
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1225	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1226	\item Preservation of confidentiality: \bl{$\{X\}_K$} only those that have \bl{$K$} may recover \bl{$X$}.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1227	\item Guarantee authenticity: The partner is indeed some particular principal.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1228	\item Guarantee confidentiality and authenticity: binds two parts of a message ---
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1229	\bl{$\{X,Y\}_K$} is not the same as \bl{$\{X\}_K$} and \bl{$\{Y\}_K$}.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1230	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1231	\end{center}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1232
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1233	\end{frame}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1234	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1235
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1236	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1237	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1238	\frametitle{Best Practices}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1239
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1240	{\bf Principle 4:} The protocol designer should know which trust relations his protocol depends on, and why the dependence is necessary. The reasons for particular trust relations being acceptable should be explicit though they will be founded on judgment and policy rather than on logic.\bigskip
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1241
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1242
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1243	Example Certification Authorities: CAs are trusted to certify a key only after proper steps
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1244	have been taken to identify the principal that owns it.
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1245
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1246	\end{frame}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1247	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1248
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1249	\end{document}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1250
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1251	%%% Local Variables:
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1252	%%% mode: latex
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1253	%%% TeX-master: t
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1254	%%% End:
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1255

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Thu, 15 Oct 2015 01:41:33 +0100
changeset 406	0516bffd3f5f
parent 405	6a54ee8b74c3
child 407	272dd46ff9b2
permissions	-rw-r--r--