sen-material: slides/slides04.tex@06f91010fe1e (annotated)

41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1	\documentclass[dvipsnames,14pt,t]{beamer}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	2	\usepackage{../slides}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	3	\usepackage{../graphics}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	4	\usepackage{../langs}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	5	\usetikzlibrary{arrows}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	6	\usetikzlibrary{shapes}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	7
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	8	\setmonofont[Scale=.88]{Consolas}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	9	\newfontfamily{\consolas}{Consolas}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	10
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	11	\hfuzz=220pt
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	12
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	13	% beamer stuff
381 036a762b02cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 252 diff changeset	14	\renewcommand{\slidecaption}{SEN 04, King's College London}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	15	\newcommand{\bl}[1]{\textcolor{blue}{#1}}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	16
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	17	\begin{document}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	18
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	19	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	20	\begin{frame}[t]
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	21	\frametitle{%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	22	\begin{tabular}{@ {}c@ {}}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	23	\\
381 036a762b02cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 252 diff changeset	24	\LARGE Security Engineering (4)\\[-3mm]
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	25	\end{tabular}}\bigskip\bigskip\bigskip
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	26
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	27	\normalsize
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	28	\begin{center}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	29	\begin{tabular}{ll}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	30	Email: & christian.urban at kcl.ac.uk\\
518 e1fcfba63a31 updated Christian Urban <urbanc@in.tum.de> parents: 483 diff changeset	31	Office: & N7.07 (North Wing, Bush House)\\
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	32	Slides: & KEATS (also home work is there)\\
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	33	\end{tabular}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	34	\end{center}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	35
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	36	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	37	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	38
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	39	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	40	\begin{frame}[c]
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	41
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	42	\begin{center}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	43	\includegraphics[scale=0.34]{../pics/trainwreck.jpg}\\
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	44	last week: buffer overflow attacks
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	45	\end{center}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	46
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	47	\begin{itemize}
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	48	%\item no ``cheating'' needed for format string attacks
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	49	\item required some cheating on modern OS
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	50	\item the main point: no cheating in practice\pause
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	51	\item one class of attacks not mentioned last week
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	52	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	53
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	54	\end{frame}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	55	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	56
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	57	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	58	\begin{frame}[c]
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	59	\frametitle{Format String Vulnerability}
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	60
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	61	\small
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	62	\texttt{string} is nowhere used:\bigskip
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	63
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	64	{\footnotesize\lstinputlisting[language=C]{../progs/C4.c}}\bigskip
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	65
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	66	this vulnerability can be used to read out the stack and even
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	67	modify it
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	68
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	69	\end{frame}
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	70	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	71
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	72
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	73	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	74	\begin{frame}[c]
408 9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	75	\frametitle{Case-In-Point: Android}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	76
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	77	\begin{itemize}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	78	\item a list of common Android vulnerabilities
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	79	(5 BOAs out of 35 vulnerabilities; all from 2013 and later):
408 9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	80
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	81	\begin{center}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	82	\url{http://androidvulnerabilities.org/}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	83	\end{center}\bigskip
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	84
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	85	\item a paper that attempts to measure the security of Android phones:
408 9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	86
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	87	\begin{quote}\small\it ``We find that on average 87.7\% of Android
408 9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	88	devices are exposed to at least one of 11 known critical
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	89	vulnerabilities\ldots''
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	90	\end{quote}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	91
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	92	\begin{center}\small
411 542116a239cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 409 diff changeset	93	\makebox[0mm]
542116a239cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 409 diff changeset	94	{\url{https://www.cl.cam.ac.uk/~drt24/papers/spsm-scoring.pdf}}
408 9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	95	\end{center}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	96	\end{itemize}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	97
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	98	\end{frame}
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	99	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	100
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	101
9332d1e54360 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 407 diff changeset	102	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	103	%\begin{frame}[c]
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	104	%
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	105	%A student asked:
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	106	%
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	107	%\begin{bubble}[10cm]\small How do we implement BOAs? On a
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	108	%webpage login, for example Facebook, we can't do this.
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	109	%I am sure the script will stop us even before we reach the
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	110	%server. The
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	111	%script will not let us enter hexadecimal numbers where email
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	112	%or username is required and plus it will have a max length,
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	113	%like 32 characters only. In this case, what can we do, since
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	114	%the method you showed us wouldn't work?
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	115	%\end{bubble}\bigskip\bigskip\pause
411 542116a239cf updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 409 diff changeset	116
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	117	%\begin{itemize}
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	118	%\item Facebook no
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	119	%\item printers, routers, cars, IoT etc likely\pause
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	120	%\item I do not want to teach you hacking, rather defending
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	121	%\end{itemize}
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	122	%
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	123	%\end{frame}
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	124	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	125
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	126	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	127	\begin{frame}[c]
407 272dd46ff9b2 added survey Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 406 diff changeset	128	\frametitle{Survey}
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	129
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	130	\end{frame}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	131	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	132
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	133	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	134	%\begin{frame}[c]
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	135	%
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	136	%\begin{center}
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	137	%\includegraphics[scale=0.45]{../pics/trainwreck.jpg}\\
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	138	%last week: buffer overflow attacks
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	139	%\end{center}
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	140	%
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	141	%\end{frame}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	142	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	143
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	144	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	145	\begin{frame}[c]
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	146	\frametitle{\begin{tabular}{c}\LARGE Two General Counter\\[-1mm]
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	147	\LARGE Measures against BOAs etc\end{tabular}}
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	148
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	149	Both try to reduce the attack surface (trusted computing base):\bigskip
404 4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	150
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	151	\begin{itemize}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	152	\item \alert{\bf unikernels} -- the idea is to not have
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	153	an operating system at all
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	154	\item all functionality of the server is implemented in a
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	155	single, stand-alone program
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	156	\item all functionality an operating system would normally
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	157	provide (network stack, file system) is available through
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	158	libraries
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	159	\item the best known unikernel is MirageOS using Ocaml
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	160	(\url{https://mirage.io})
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	161	\end{itemize}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	162
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	163	\end{frame}
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	164	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
4e3bc09748f7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 391 diff changeset	165
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	166
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	167	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	168	\begin{frame}[c]
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	169	\frametitle{\begin{tabular}{c}Network Applications:\\[-1mm]
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	170	Privilege Separation\end{tabular}}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	171
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	172
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	173	\begin{center}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	174	\begin{tikzpicture}[scale=1]
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	175
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	176	\draw[line width=1mm] (-.3, 0) rectangle (1.5,2);
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	177	\draw (4.7,1) node {Internet};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	178	\draw (-2.7,1.7) node {\footnotesize Application};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	179	\draw (0.6,1.7) node {\footnotesize Interface};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	180	\draw (0.6,-0.4) node {\footnotesize \begin{tabular}{c}unprivileged\\[-1mm] process\end{tabular}};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	181	\draw (-2.7,-0.4) node {\footnotesize \begin{tabular}{c}privileged\\[-1mm] process\end{tabular}};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	182
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	183	\draw[line width=1mm] (-1.8, 0) rectangle (-3.6,2);
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	184
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	185	\draw[white] (1.7,1) node (X) {};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	186	\draw[white] (3.7,1) node (Y) {};
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	187	\draw[red, <->, line width = 2mm] (X) -- (Y);
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	188
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	189	\draw[red, <->, line width = 1mm] (-0.6,1) -- (-1.6,1);
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	190	\end{tikzpicture}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	191	\end{center}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	192
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	193	\begin{itemize}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	194	\item the idea is make the attack surface smaller and mitigate the
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	195	consequences of an attack
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	196	\end{itemize}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	197	\end{frame}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	198	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	199
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	200	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	201	\begin{frame}[c]
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	202	\frametitle{Access Control in Unix}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	203
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	204	\begin{itemize}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	205	\item access control provided by the OS
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	206	\item authenticate principals
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	207	\item mediate access to files, ports, processes etc according to
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	208	\alert{roles} (user ids)\\
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	209	\item roles get attached with privileges (some special roles: root)\bigskip\\
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	210
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	211	\hspace{8mm}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	212	\begin{bubble}[8cm]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	213	\alert{\bf principle of least privilege:}\\
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	214	users and programs should only have as much privilege as they need to
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	215	accomplish a task
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	216	\end{bubble}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	217	\end{itemize}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	218
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	219	\end{frame}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	220	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	221
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	222	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	223	\begin{frame}[c]
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	224	\frametitle{Access Control in Unix (2)}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	225
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	226
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	227	\begin{itemize}
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	228	\item privileges are specified by file access permissions (``everything is a file'')\medskip
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	229	\item there are 9 (plus 2) bits that specify the permissions of a file
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	230	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	231
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	232	\begin{center}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	233	${\underbrace{\LARGE\texttt{-}}_{\text{\makebox[0mm]{directory}}}}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	234	\;{\underbrace{\LARGE\texttt{r{}-{}-}}_{\text{user}}}\,
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	235	{\underbrace{\LARGE\texttt{r{}w{}-}}_{\text{group}}}\,
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	236	{\underbrace{\LARGE\texttt{r{}w{}x}}_{\text{other}}}\;\;\;
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	237	\LARGE\texttt{bob}\;\;\texttt{staff}\;\;\texttt{file}$
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	238	\end{center}
388 770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	239
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	240	\end{frame}
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	241	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	242
388 770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	243
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	244	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	245	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	246	\frametitle{Unix-Style Access Control}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	247	\small
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	248
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	249	\begin{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	250	\item
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	251	Q: ``I am using Windows. Why should I care?'' \\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	252	A: In Windows you have similar AC:
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	253
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	254	\begin{center}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	255	\begin{tabular}{l}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	256	administrators group\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	257	\hspace{5mm}(has complete control over the machine)\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	258	authenticated users\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	259	server operators\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	260	power users\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	261	network configuration operators
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	262	\end{tabular}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	263	\end{center}\medskip
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	264
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	265	\item Modern versions of Windows have more fine-grained AC than Unix;
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	266	they do not have a setuid bit, but have \texttt{runas} (asks for a
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	267	password).\pause
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	268
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	269	\item OS-provided access control can \alert{\bf add} to your security.
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	270	(defence in depth)
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	271	\end{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	272
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	273	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	274	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	275
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	276	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	277	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	278	\frametitle{Weaknesses of Unix AC}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	279
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	280	Not just restricted to Unix:
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	281
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	282	\begin{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	283	\item if you have too many roles (i.e.~too finegrained AC), then
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	284	hierarchy is too complex\\ \textcolor{gray}{you invite situations
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	285	like\ldots let's be root}\bigskip
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	286
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	287	\item you can still abuse the system\ldots
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	288	\end{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	289
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	290	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	291	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	292
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	293	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	294	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	295	\frametitle{A ``Cron''-Attack}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	296
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	297	The idea is to trick a privileged person to do something on your
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	298	behalf:
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	299
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	300	\begin{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	301	\item root:\\\texttt{rm /tmp//}\bigskip\bigskip\pause
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	302
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	303	\footnotesize
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	304	\begin{minipage}{1.1\textwidth}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	305	\textcolor{gray}{the shell behind the scenes:}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	306	\textcolor{gray}{\texttt{rm /tmp/dir$_1$/file$_1$ /tmp/dir$_1$/file$_2$ /tmp/dir$_2$/file$_1$ \ldots}}\bigskip\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	307
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	308	\textcolor{gray}{this takes time}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	309	\end{minipage}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	310	\end{itemize}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	311
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	312	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	313	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	314
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	315	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	316	\begin{frame}[c]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	317	\frametitle{A ``Cron''-Attack}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	318
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	319	\begin{enumerate}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	320	\item attacker \textcolor{gray}{(creates a fake passwd file)}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	321	\texttt{mkdir /tmp/a; cat > /tmp/a/passwd}\medskip
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	322	\item root \textcolor{gray}{(does the daily cleaning)}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	323	\texttt{rm /tmp//}\medskip\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	324	\hspace{2cm}\textcolor{gray}{\small records that \texttt{/tmp/a/passwd}}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	325	\hspace{2cm}\textcolor{gray}{\small should be deleted, but does not do it yet}\medskip\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	326
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	327	\item attacker \textcolor{gray}{(meanwhile deletes the fake passwd file, and establishes a link to
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	328	the real passwd file)}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	329	\texttt{rm /tmp/a/passwd; rmdir /tmp/a;}\\\texttt{ln -s /etc /tmp/a}\\
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	330	\item root now deletes the real passwd file
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	331	\end{enumerate}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	332
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	333	\only<2>{
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	334	\begin{textblock}{11}(2,5)
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	335	\begin{bubble}[8cm]
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	336	\normalsize To prevent this kind of attack, you need additional
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	337	policies (don't do such operations as root).
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	338	\end{bubble}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	339	\end{textblock}}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	340
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	341	\end{frame}
770b58a7d754 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 381 diff changeset	342	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	343
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	344	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	345	\begin{frame}[c]
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	346	\frametitle{\begin{tabular}{c}Infamous Security Flaws\\[-1mm]
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	347	in Unix\end{tabular}}
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	348
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	349
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	350	\begin{itemize}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	351	\item \texttt{lpr} unfortunately runs with root privileges; you had the option to delete files after printing \ldots\pause
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	352	\item for debugging purposes (FreeBSD) Unix provides a ``core dump'', but allowed to follow links \ldots\pause
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	353	\item \texttt{mkdir foo} is owned by root\medskip
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	354	\begin{center}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	355	\texttt{-rwxr-xr-x 1 root wheel /bin/mkdir}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	356	\end{center}\medskip
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	357	it first creates an i-node as root and then changes to ownership to the user's id\\ \textcolor{gray}{\small (race condition -- can be automated with a shell script)}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	358	\end{itemize}
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	359
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	360	\only<4->{
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	361	\begin{textblock}{1}(3,7)
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	362	\begin{tikzpicture}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	363	\draw (0,0) node[inner sep=2mm,fill=cream, ultra thick, draw=red, rounded corners=2mm]
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	364	{\begin{minipage}{8cm}
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	365	Only failure makes us experts.\\
a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	366	\hfill\small-- Theo de Raadt (OpenBSD, OpenSSH)
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	367	\end{minipage}};
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	368	\end{tikzpicture}
6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	369	\end{textblock}}
391 a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	370
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	371	\end{frame}
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	372	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a612dd3ddc81 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 388 diff changeset	373
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	374	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	375	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	376	\frametitle{Subtleties}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	377
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	378	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	379	\item<1-> Can Bob write \pcode{file}?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	380	\item<2-> What if Bob is member of \pcode{staff}?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	381	\end{itemize}\bigskip
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	382
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	383	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	384	${\underbrace{\Large\texttt{-}}_{\text{\makebox[0mm]{directory}}}}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	385	\;{\underbrace{\Large\texttt{r{}-{}-}}_{\text{user}}}\,
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	386	{\underbrace{\Large\texttt{r{}w{}-}}_{\text{group}}}\,
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	387	{\underbrace{\Large\texttt{r{}w{}x}}_{\text{other}}}\;\;\;
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	388	\Large\texttt{bob}\;\;\texttt{staff}\;\;\texttt{file}$
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	389	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	390
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	391	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	392	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	393
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	394	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	395	\begin{frame}[c]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	396	\frametitle{Login Processes}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	397
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	398
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	399	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	400	\item login processes run under UID $=$ \pcode{0}\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	401	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	402	\texttt{ps -axl \| grep login}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	403	\end{center}\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	404
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	405	\item after login, shells run under UID $=$ user (e.g.~501)\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	406	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	407	\texttt{id cu}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	408	\end{center}\medskip\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	409
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	410	\item non-root users are not allowed to change the UID --- would break
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	411	access control
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	412	\item but needed for example for accessing \texttt{passwd}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	413	\end{itemize}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	414
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	415	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	416	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	417
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	418	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	419	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	420	\frametitle{Setuid and Setgid}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	421
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	422	The solution is that Unix file permissions are 9 + \underline{2 Bits}:
405 6a54ee8b74c3 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 404 diff changeset	423	\alert{\bf Setuid} and \alert{\bf Setgid} bits
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	424
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	425	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	426	\item When a file with setuid is executed, the resulting process will
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	427	assume the UID given to the \underline{owner} of the file.
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	428	\item This enables users to create processes as root (or another
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	429	user).\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	430
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	431	\item Essential for changing passwords, for example.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	432	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	433
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	434	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	435	\texttt{chmod 4755 fobar\_file}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	436	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	437
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	438	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	439	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	440
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	441	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	442	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	443	\small
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	444
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	445	\lstinputlisting[language={},numbers=none,xleftmargin=-6mm]{lst}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	446
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	447
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	448	\begin{center}
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	449	\begin{tabular}{@{\hspace{-24mm}}ll}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	450	members of group staff: & ping, bob, emma\\
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	451	members of group students: & emma\\
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	452	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	453	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	454
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	455	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	456	\begin{tabular}{@{\hspace{-7mm}}r\|c\|c\|c\|c\|c@{}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	457	& manual.txt & report.txt & microedit & src/code.c & src/code.h \\\hline
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	458	ping & & & & &\\\hline
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	459	bob & & & & &\\\hline
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	460	emma & & & & &\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	461	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	462	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	463
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	464	\end{frame}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	465	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	466
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	467	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	468	\begin{frame}[c]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	469	\frametitle{\Large Discretionary Access Control}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	470
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	471	\small
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	472	\begin{itemize}
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	473	\item Access to objects (files, directories, devices, etc.) is
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	474	permitted based on user identity. Each object is owned by a
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	475	user. Owners can specify freely (at their discretion) how they want to
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	476	share their objects with other users, by specifying which other users
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	477	can have which form of access to their objects.\medskip
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	478
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	479	\item Discretionary access control is implemented on any modern multi-user
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	480	OS (Unix, Windows NT, etc.).
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	481	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	482
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	483	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	484	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	485
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	486	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	487	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	488	\frametitle{\Large Mandatory Access Control}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	489
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	490	\small
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	491	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	492	\item Access to objects is controlled by a system-wide policy, for
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	493	example to prevent certain flows of information. In some forms, the
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	494	system maintains security labels for both objects and subjects
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	495	(processes, users) based on which access is granted or
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	496	denied. Labels can change as the result of an access. Security
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	497	policies are enforced without the cooperation of users or
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	498	programs.\medskip
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	499
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	500	\item This is implemented in banking or military operating system
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	501	versions (SELinux).\pause
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	502	\item A simple example: Air Gap Security. Uses a completely separate network
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	503	and computer hardware for different application classes (Bin Laden, Bruce Schneier had
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	504	airgaps).\pause
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	505	\item What do we want to protect: Secrecy or Integrity?
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	506	\end{itemize}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	507
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	508	\end{frame}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	509	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	510
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	511
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	512	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	513	\begin{frame}[c]
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	514	\frametitle{The Bell-LaPadula Model}
dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	515	\small
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	516
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	517	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	518	\item Formal policy model for mandatory access control in a military
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	519	multi-level security environment. All subjects (processes, users,
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	520	terminals, files, windows, connections) are labeled
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	521	with a confidentiality level, e.g.
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	522	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	523	unclassified < confidential < secret < top secret
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	524	\end{center}\medskip
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	525
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	526	\item The system policy automatically prevents the flow of information
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	527	from high-level objects to lower levels. A process that reads top
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	528	secret data becomes tagged as top secret by the operating system, as
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	529	will be all files into which it writes afterwards.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	530	%Each user has a maximum allowed confidentiality level specified and
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	531	%cannot receive data beyond that level. A selected set of trusted
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	532	%subjects is allowed to bypass the restrictions, in order to permit
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	533	%the declassification of information.
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	534	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	535
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	536	\end{frame}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	537	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	538
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	539	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	540	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	541	\frametitle{Bell-LaPadula}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	542	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	543
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	544	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	545	\item \alert{Read Rule}: A principal \bl{$P$} can read an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	546	\bl{$P$}'s security level is at least as high as \bl{$O$}'s.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	547	\item \alert{Write Rule}: A principal \bl{$P$} can write an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	548	\bl{$O$}'s security level is at least as high as \bl{$P$}'s.\medskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	549
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	550	%\item Meta-Rule: All principals in a system should have a sufficiently high security level
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	551	%in order to access an object.
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	552	\end{itemize}\bigskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	553
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	554	This restricts information flow $\Rightarrow$ military\bigskip\bigskip\pause
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	555
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	556	Bell-LaPadula: {\bf `no read up'} - {\bf `no write down'}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	557
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	558	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	559	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	560
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	561	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	562	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	563	\frametitle{\begin{tabular}{c}Principle of\\[-2mm] Least Privilege\end{tabular}}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	564
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	565	\begin{bubble}[10cm]
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	566	A principal should have as few privileges as possible to access a resource.
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	567	\end{bubble}\bigskip\bigskip
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	568	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	569
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	570	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	571	\item Bob ($T\!S$) and Alice ($S$) want to communicate
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	572	\item[] $\Rightarrow$ Bob should lower his security level
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	573	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	574
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	575	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	576	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	577
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	578	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	579	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	580	\frametitle{Biba Policy}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	581	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	582
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	583	Data Integrity (rather than data secrecy)
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	584
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	585	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	586	\item Biba: {\bf `no read down'} - {\bf `no write up'}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	587	\item \alert{Read Rule}: A principal \bl{$P$} can read an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	588	\bl{$P$}'s security level is lower or equal than \bl{$O$}'s.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	589	\item \alert{Write Rule}: A principal \bl{$P$} can write an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	590	\bl{$O$}'s security level is lower or equal than \bl{$P$}'s.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	591	\end{itemize}\bigskip\bigskip\pause
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	592
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	593	E.g.~Firewalls: you can read from inside the firewall, but not from outside\\
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	594	Phishing: you can look at an approved PDF, but not one from a random email\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	595
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	596	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	597	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	598
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	599	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	600	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	601	\frametitle{Security Levels (2)}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	602
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	603	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	604	\item Bell-La Padula preserves data secrecy, but not data
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	605	integrity\bigskip\pause
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	606
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	607	\item Biba model is for data integrity
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	608
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	609	\begin{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	610	\item read: your own level and above
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	611	\item write: your own level and below
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	612	\end{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	613	\end{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	614
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	615	\end{frame}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	616	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	617
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	618	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	619	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	620	\frametitle{Shared Access Control}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	621
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	622	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	623	\includegraphics[scale=0.7]{../pics/pointsplane.jpg}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	624	\end{center}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	625
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	626	\begin{textblock}{11}(10.5,10.5)
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	627	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	628	To take an action you\\[-1mm]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	629	need at least either:
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	630	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	631	\item 1 CEO\\[-5mm]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	632	\item 2 MDs, or\\[-5mm]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	633	\item 3 Ds
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	634	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	635	\end{textblock}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	636
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	637	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	638	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	639
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	640	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	641	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	642	\frametitle{\Large Lessons from Access Control}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	643
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	644	Not just restricted to Unix:
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	645
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	646	\begin{itemize}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	647	\item if you have too many roles (i.e.~too finegrained AC), then
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	648	hierarchy is too complex\\
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	649	\textcolor{gray}{you invite situations like\ldots lets be root}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	650
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	651	\item you can still abuse the system\ldots
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	652	\end{itemize}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	653
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	654	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	655	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	656
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	657	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	658	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	659	\frametitle{Protocols}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	660
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	661	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	662	\includegraphics[scale=0.11]{../pics/keyfob.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	663	\quad
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	664	\includegraphics[scale=0.3025]{../pics/startstop.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	665	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	666
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	667	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	668	\item Other examples: Wifi, Http-request, TCP-request,
409 0c04ec017892 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 408 diff changeset	669	card readers, RFID (passports)\ldots\medskip\pause
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	670
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	671	\item The point is that we cannot control the network: An attacker
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	672	can install a packet sniffer, inject packets, modify packets,
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	673	replay messages\ldots{}fake pretty much everything.
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	674	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	675
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	676	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	677	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	678
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	679	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	680	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	681	\frametitle{Keyless Car Transponders}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	682
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	683	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	684	\includegraphics[scale=0.1]{../pics/keyfob.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	685	\quad
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	686	\includegraphics[scale=0.27]{../pics/startstop.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	687	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	688
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	689	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	690	\item There are two security mechanisms: one remote central
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	691	locking system and one passive RFID tag (engine immobiliser).
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	692	\item How can I get in? How can thieves be kept out?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	693	How to avoid MITM attacks?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	694	\end{itemize}\medskip
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	695
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	696	\footnotesize
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	697	\hfill Papers: Gone in 360 Seconds: Hijacking with Hitag2,\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	698	\hfill Dismantling Megamos Crypto: Wirelessly Lockpicking\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	699	\hfill a Vehicle Immobilizer
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	700
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	701	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	702	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	703
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	704	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	705	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	706	\frametitle{HTTPS / GSM}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	707
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	708	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	709	\includegraphics[scale=0.25]{../pics/barclays.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	710	\quad
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	711	\includegraphics[scale=0.25]{../pics/phone-signal.jpg}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	712	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	713
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	714	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	715	\item I am sitting at Starbuck. How can I be sure I am really
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	716	visiting Barclays? I have no control of the access
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	717	point.
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	718	\item How can I achieve that a secret key is established in
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	719	order to encrypt my mobile conversation? I have no
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	720	control over the access points.
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	721	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	722
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	723	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	724	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
415 56bc53ba7c5b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 411 diff changeset	725
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	726	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	727	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	728	\frametitle{Handshakes}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	729
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	730	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	731	\item starting a TCP connection between a client and a server
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	732	initiates the following three-way handshake protocol:
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	733	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	734
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	735	\begin{columns}[t]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	736	\begin{column}{5cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	737	\begin{minipage}[t]{4cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	738	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	739	\raisebox{-2cm}{\includegraphics[scale=0.5]{../pics/handshake.png}}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	740	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	741	\end{minipage}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	742	\end{column}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	743	\begin{column}{5cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	744	\begin{tabular}[t]{rl}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	745	Alice: & Hello server!\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	746	Server: & I heard you\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	747	Alice: & Thanks
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	748	\end{tabular}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	749	\end{column}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	750	\end{columns}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	751
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	752	\only<2>{
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	753	\begin{textblock}{3}(11,5)
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	754	\begin{bubble}[3.2cm]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	755	SYNflood attacks:\medskip\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	756	\includegraphics[scale=0.4]{../pics/synflood.png}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	757	\end{bubble}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	758	\end{textblock}}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	759
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	760	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	761	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	762
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	763	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	764	\begin{frame}[t]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	765	\frametitle{Protocols}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	766
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	767	\mbox{}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	768
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	769	\begin{tabular}{l}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	770	{\Large \bl{$A\;\rightarrow\; B : \ldots$}}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	771	\onslide<2->{\Large \bl{$B\;\rightarrow\; A : \ldots$}}\\
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	772	\onslide<2->{\Large \;\;\;\;\;\bl{$:$}}\bigskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	773	\end{tabular}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	774
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	775	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	776	\item by convention \bl{$A$}, \bl{$B$} are named principals \bl{Alice\ldots}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	777	but most likely they are programs, which just follow some instructions (they are more like roles)\bigskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	778	\item<2-> indicates one ``protocol run'', or session, which specifies some
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	779	order in the communication
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	780	\item<2-> there can be several sessions in parallel (think of wifi routers)
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	781	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	782
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	783	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	784	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	785
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	786	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	787	\begin{frame}[c]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	788	\frametitle{Handshakes}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	789
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	790	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	791	\item starting a TCP connection between a client and a server
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	792	initiates the following three-way handshake protocol:
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	793	\end{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	794
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	795	\begin{columns}[t]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	796	\begin{column}{5cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	797	\begin{minipage}[t]{4cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	798	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	799	\raisebox{-2cm}{\includegraphics[scale=0.5]{../pics/handshake.png}}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	800	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	801	\end{minipage}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	802	\end{column}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	803	\begin{column}{5cm}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	804	\begin{tabular}[t]{rl}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	805	Alice: & Hello server!\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	806	Server: & I heard you\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	807	Alice: & Thanks
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	808	\end{tabular}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	809	\end{column}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	810	\end{columns}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	811
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	812	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	813	\begin{tabular}{rl}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	814	\bl{$A \rightarrow S$}: & \bl{SYN}\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	815	\bl{$S \rightarrow A$}: & \bl{SYN-ACK}\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	816	\bl{$A \rightarrow S$}: & \bl{ACK}\\
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	817	\end{tabular}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	818	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	819
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	820	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	821	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	822
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	823	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	824	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	825	\frametitle{\Large Cryptographic Protocol Failures}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	826
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	827	Ross Anderson and Roger Needham wrote:\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	828
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	829	\begin{quote}\rm
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	830	A lot of the recorded frauds were the result of this kind of
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	831	blunder, or from management negligence pure and simple.
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	832	\alert{However,
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	833	there have been a significant number of cases where the designers
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	834	protected the right things, used cryptographic algorithms which were
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	835	not broken, and yet found that their systems were still successfully
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	836	attacked.}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	837	\end{quote}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	838
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	839	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	840	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	841
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	842	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	843	\begin{frame}<1-3>[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	844	\frametitle{Oyster Cards}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	845
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	846	\includegraphics[scale=0.4]{../pics/oysterc.jpg}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	847
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	848	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	849	\item good example of a bad protocol\\ (security by obscurity)\bigskip
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	850	\item<3-> {\it``Breaching security on Oyster cards should not
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	851	allow unauthorised use for more than a day, as TfL promises to turn
481 a7a7d6b0150b updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 415 diff changeset	852	off any cloned cards within 24 hours\ldots''}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	853	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	854
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	855	\only<2>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	856	\begin{textblock}{12}(0.5,0.5)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	857	\begin{bubble}[11cm]\footnotesize
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	858	{\bf Wirelessly Pickpocketing a Mifare Classic Card}\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	859
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	860	The Mifare Classic is the most widely used contactless smartcard on the
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	861	market. The stream cipher CRYPTO1 used by the Classic has recently been
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	862	reverse engineered and serious attacks have been proposed. The most serious
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	863	of them retrieves a secret key in under a second. In order to clone a card,
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	864	previously proposed attacks require that the adversary either has access to
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	865	an eavesdropped communication session or executes a message-by-message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	866	man-in-the-middle attack between the victim and a legitimate
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	867	reader. Although this is already disastrous from a cryptographic point of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	868	view, system integrators maintain that these attacks cannot be performed
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	869	undetected.\smallskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	870
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	871	This paper proposes four attacks that can be executed by an adversary having
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	872	only wireless access to just a card (and not to a legitimate reader). The
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	873	most serious of them recovers a secret key in less than a second on ordinary
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	874	hardware. Besides the cryptographic weaknesses, we exploit other weaknesses
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	875	in the protocol stack. A vulnerability in the computation of parity bits
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	876	allows an adversary to establish a side channel. Another vulnerability
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	877	regarding nested authentications provides enough plaintext for a speedy
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	878	known-plaintext attack.\hfill{}(a paper from 2009)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	879	\end{bubble}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	880	\end{textblock}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	881
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	882	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	883	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	884
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	885	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	886	\begin{frame}<1->[t]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	887	\frametitle{Another Example}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	888
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	889	In an email from Ross Anderson\bigskip\small
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	890
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	891	\begin{tabular}{l}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	892	From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	893	Sender: cl-security-research-bounces@lists.cam.ac.uk\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	894	To: cl-security-research@lists.cam.ac.uk\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	895	Subject: Birmingham case\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	896	Date: Tue, 13 Aug 2013 15:13:17 +0100\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	897	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	898
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	899
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	900	\only<2>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	901	\begin{textblock}{12}(0.5,0.8)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	902	\begin{bubble}[11cm]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	903	\footnotesize
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	904	As you may know, Volkswagen got an injunction against the University of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	905	Birmingham suppressing the publication of the design of a weak cipher
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	906	used in the remote key entry systems in its recent-model cars. The paper
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	907	is being given today at Usenix, minus the cipher design.\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	908
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	909	I've been contacted by Birmingham University's lawyers who seek to prove
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	910	that the cipher can be easily obtained anyway. They are looking for a
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	911	student who will download the firmware from any newish VW, disassemble
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	912	it and look for the cipher. They'd prefer this to be done by a student
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	913	rather than by a professor to emphasise how easy it is.\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	914
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	915	Volkswagen's argument was that the Birmingham people had reversed a
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	916	locksmithing tool produced by a company in Vietnam, and since their key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	917	fob chip is claimed to be tamper-resistant, this must have involved a
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	918	corrupt insider at VW or at its supplier Thales. Birmingham's argument
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	919	is that this is nonsense as the cipher is easy to get hold of. Their
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	920	lawyers feel this argument would come better from an independent
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	921	outsider.\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	922
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	923	Let me know if you're interested in having a go, and I'll put you in
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	924	touch
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	925
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	926	Ross
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	927	\end{bubble}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	928	\end{textblock}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	929
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	930	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	931	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	932
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	933	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
243 dd94cbf9eba7 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 241 diff changeset	934	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	935	\frametitle{Authentication Protocols}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	936
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	937
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	938	Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	939
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	940	Passwords:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	941
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	942	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	943	\bl{$B \rightarrow A: K_{AB}$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	944	\end{center}\pause\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	945
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	946	Problem: Eavesdropper can capture the secret and replay it; \bl{$A$} cannot confirm the
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	947	identity of \bl{$B$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	948
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	949	\end{frame}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	950	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	951
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	952	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	953	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	954	\frametitle{Authentication?}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	955
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	956	\begin{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	957	\raisebox{-2cm}{\includegraphics[scale=0.4]{../pics/dogs.jpg}}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	958	\end{center}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	959
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	960	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	961	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	962
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	963	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	964	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	965	\frametitle{Authentication Protocols}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	966
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	967	Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	968
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	969	Simple Challenge Response:
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	970
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	971	\begin{center}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	972	\begin{tabular}{ll}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	973	\bl{$A \rightarrow B:$} & \bl{$N$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	974	\bl{$B \rightarrow A:$} & \bl{$\{N\}_{K_{AB}}$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	975	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	976	\end{center}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	977
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	978
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	979	\end{frame}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	980	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	981
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	982	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	983	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	984	\frametitle{Authentication Protocols}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	985
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	986	Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	987
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	988	Mutual Challenge Response:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	989
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	990	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	991	\begin{tabular}{ll}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	992	\bl{$A \rightarrow B:$} & \bl{$N_A$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	993	\bl{$B \rightarrow A:$} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	994	\bl{$A \rightarrow B:$} & \bl{$N_B$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	995	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	996	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	997
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	998	%\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	999	%An attacker \bl{$E$} can launch an impersonation attack by
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1000	%intercepting all messages for \bl{$B$} and make \bl{$A$} decrypt her
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1001	%own challenges.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1002
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1003	\end{frame}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1004	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1005
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1006	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1007	\begin{frame}[c]
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1008	\frametitle{Nonces}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1009
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1010	\begin{enumerate}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1011	\item I generate a nonce (random number) and send it to you encrypted with a key we share
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1012	\item you increase it by one, encrypt it under a key I know and send
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1013	it back to me
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1014	\end{enumerate}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1015
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1016
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1017	I can infer:
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1018
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1019	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1020	\item you must have received my message
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1021	\item you could only have generated your answer after I send you my initial
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1022	message
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1023	\item if only you and me know the key, the message must have come from you
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1024	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1025
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1026	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1027	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1028
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1029	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1030	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1031
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1032	\begin{center}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1033	\begin{tabular}{ll}
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1034	\bl{$A \rightarrow B$:} & \bl{$N_A$}\\
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1035	\bl{$B \rightarrow A$:} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1036	\bl{$A \rightarrow B$:} & \bl{$N_B$}\\
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1037	\end{tabular}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1038	\end{center}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1039
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1040	The attack (let $A$ decrypt her own messages):
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1041
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1042	\begin{center}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1043	\begin{tabular}{ll}
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1044	\bl{$A \rightarrow E$:} & \bl{$N_A$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1045	\textcolor{gray}{$E \rightarrow A$:} & \textcolor{gray}{$N_A$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1046	\textcolor{gray}{$A \rightarrow E$:} & \textcolor{gray}{$\{N_A, N_A'\}_{K_{AB}}$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1047	\bl{$E \rightarrow A$:} & \bl{$\{N_A, N_A'\}_{K_{AB}}$}\\
9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1048	\bl{$A \rightarrow E$:} & \bl{$N_A' \;\;(= N_B)$}\\
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1049	\end{tabular}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1050	\end{center}\pause
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1051
244 9fc6ec22ad82 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 243 diff changeset	1052	\small Solutions: \bl{$K_{AB} \not= K_{BA}$} or include an id in the second message
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1053	\end{frame}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1054	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1055
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1056	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1057	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1058	\frametitle{Encryption to the Rescue?}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1059
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1060
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1061	\begin{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1062	\item \bl{$A \,\rightarrow\, B : \{A, N_A\}_{K_{AB}}$}\hspace{1cm} encrypted\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1063	\item \bl{$B\,\rightarrow\, A : \{N_A, K'_{AB}\}_{K_{AB}}$}\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1064	\item \bl{$A \,\rightarrow\, B : \{N_A\}_{K'_{AB}}$}\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1065	\end{itemize}\pause
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1066
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1067	means you need to send separate ``Hello'' signals (bad), or worse
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1068	share a single key between many entities
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1069	\end{frame}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1070	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1071
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1072	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1073	\begin{frame}[c]
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1074	\frametitle{Protocol Attacks}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1075
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1076	\begin{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1077	\item replay attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1078	\item reflection attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1079	\item man-in-the-middle attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1080	\item timing attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1081	\item parallel session attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1082	\item binding attacks (public key protocols)
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1083	\item changing environment / changing assumptions\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1084
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1085	\item (social engineering attacks)
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1086	\end{itemize}
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1087	\end{frame}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1088	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1089
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1090	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
252 fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1091	\begin{frame}[c]
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1092	\frametitle{Public-Key Infrastructure}
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1093
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1094	\begin{itemize}
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1095	\item the idea is to have a certificate authority (CA)
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1096	\item you go to the CA to identify yourself
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1097	\item CA: ``I, the CA, have verified that public key \bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1098	\item CA must be trusted by everybody
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1099	\item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1100	explicitly limits liability to \$100.)
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1101	\end{itemize}
fa151c0a3cf4 updated slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 244 diff changeset	1102
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1103	\end{frame}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1104	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1105
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1106	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1107	\begin{frame}[c]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1108	\frametitle{Man-in-the-Middle}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1109
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1110	``Normal'' protocol run:\bigskip
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1111
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1112	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1113	\item \bl{$A$} sends public key to \bl{$B$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1114	\item \bl{$B$} sends public key to \bl{$A$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1115	\item \bl{$A$} sends message encrypted with \bl{$B$}'s public key, \bl{$B$} decrypts it
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1116	with its private key
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1117	\item \bl{$B$} sends message encrypted with \bl{$A$}'s public key, \bl{$A$} decrypts it
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1118	with its private key
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1119	\end{itemize}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1120
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1121	\end{frame}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1122	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1123
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1124	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1125	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1126	\frametitle{Man-in-the-Middle}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1127
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1128	Attack:
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	1129
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1130	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1131	\item \bl{$A$} sends public key to \bl{$B$} --- \bl{$C$} intercepts this message and send his own public key
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1132	\item \bl{$B$} sends public key to \bl{$A$} --- \bl{$C$} intercepts this message and send his own public key
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1133	\item \bl{$A$} sends message encrypted with \bl{$C$}'s public key, \bl{$C$} decrypts it
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1134	with its private key, re-encrypts with \bl{$B$}'s public key
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1135	\item similar for other direction
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1136	\end{itemize}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1137
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1138	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	1139	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1140
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1141	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1142	\begin{frame}[c]
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1143	\frametitle{Man-in-the-Middle}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1144
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1145	Potential Prevention?
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1146
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1147	\begin{itemize}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1148	\item \bl{$A$} sends public key to \bl{$B$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1149	\item \bl{$B$} sends public key to \bl{$A$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1150	\item \bl{$A$} encrypts message with \bl{$B$}'s public key, send's {\bf half} of the message
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1151	\item \bl{$B$} encrypts message with \bl{$A$}'s public key, send's {\bf half} of the message
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1152	\item \bl{$A$} sends other half, \bl{$B$} can now decrypt entire message
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1153	\item \bl{$B$} sends other half, \bl{$A$} can now decrypt entire message
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1154	\end{itemize}\pause
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1155
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1156	%\bl{$C$} would have to invent a totally new message
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1157	\alert{Under which circumstances does this protocol prevent
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1158	MiM-attacks, or does it?}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1159
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1160	\end{frame}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1161	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1162
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1163	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1164	\begin{frame}[c]
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1165	\frametitle{Car Transponder (HiTag2)}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1166
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1167	\begin{enumerate}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1168	\item \bl{$C$} generates a random number \bl{$N$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1169	\item \bl{$C$} calculates \bl{$(F,G) = \{N\}_K$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1170	\item \bl{$C \to T$}: \bl{$N, F$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1171	\item \bl{$T$} calculates \bl{$(F',G') = \{N\}_K$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1172	\item \bl{$T$} checks that \bl{$F = F'$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1173	\item \bl{$T \to C$}: \bl{$N, G'$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1174	\item \bl{$C$} checks that \bl{$G = G'$}
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1175	\end{enumerate}\pause
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1176
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1177	\small
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1178	This process means that the transponder believes the car knows
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1179	the key \bl{$K$}, and the car believes the transponder knows
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1180	the key \bl{$K$}. They have authenticated themselves
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1181	to each other, or have they?
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1182
0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1183	\end{frame}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1184	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1185
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1186	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1187	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1188
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1189	A Man-in-the-middle attack in real life:
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1190
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1191	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1192	\item the card only says yes to the terminal if the PIN is correct
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1193	\item trick the card in thinking transaction is verified by signature
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1194	\item trick the terminal in thinking the transaction was verified by PIN
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1195	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1196
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1197	\begin{minipage}{1.1\textwidth}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1198	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1199	\mbox{}\hspace{-6mm}\includegraphics[scale=0.5]{../pics/chip-attack.png}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1200	\includegraphics[scale=0.3]{../pics/chipnpinflaw.png}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1201	\end{center}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1202	\end{minipage}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1203
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1204	\end{frame}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1205	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1206
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1207	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1208	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1209	\frametitle{Problems with EMV}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1210
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1211	\begin{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1212	\item it is a wrapper for many protocols
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1213	\item specification by consensus (resulted unmanageable complexity)
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1214	\item its specification is 700 pages in English plus 2000+ pages for testing, additionally some
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1215	further parts are secret
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1216	\item other attacks have been found
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1217	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1218
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1219	\end{frame}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1220	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1221
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1222
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1223	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1224	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1225	\frametitle{Protocols are Difficult}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1226
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1227	\begin{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1228	\item even the systems designed by experts regularly fail\medskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1229	\item the one who can fix a system should also be liable for the losses\medskip
483 337a8f5cb1ad updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 481 diff changeset	1230	\item cryptography is often not the problem\bigskip\bigskip
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1231	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1232
406 0516bffd3f5f updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 405 diff changeset	1233	\end{frame}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1234	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1235
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1236
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1237	\end{document}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1238
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1239	%%% Local Variables:
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1240	%%% mode: latex
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1241	%%% TeX-master: t
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1242	%%% End:
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1243

author	Christian Urban <urbanc@in.tum.de>
	Sat, 23 Sep 2017 13:36:20 +0100
changeset 519	06f91010fe1e
parent 518	e1fcfba63a31
child 548	ac3e4ea33627
permissions	-rw-r--r--