sen-material: slides/slides04.tex@07e4d8f64ca8 (annotated)

41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1	\documentclass[dvipsnames,14pt,t]{beamer}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	2	\usepackage{../slides}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	3	\usepackage{../graphics}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	4	\usepackage{../langs}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	5	\usetikzlibrary{arrows}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	6	\usetikzlibrary{shapes}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	7
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	8	\setmonofont[Scale=.88]{Consolas}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	9	\newfontfamily{\consolas}{Consolas}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	10
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	11	\hfuzz=220pt
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	12
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	13	% beamer stuff
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	14	\renewcommand{\slidecaption}{APP 04, King's College London}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	15	\newcommand{\bl}[1]{\textcolor{blue}{#1}}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	16
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	17	\begin{document}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	18
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	19	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	20	\begin{frame}[t]
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	21	\frametitle{%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	22	\begin{tabular}{@ {}c@ {}}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	23	\\
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	24	\LARGE Access Control and \\[-3mm]
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	25	\LARGE Privacy Policies (4)\\[-6mm]
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	26	\end{tabular}}\bigskip\bigskip\bigskip
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	27
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	28	\normalsize
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	29	\begin{center}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	30	\begin{tabular}{ll}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	31	Email: & christian.urban at kcl.ac.uk\\
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	32	Office: & S1.27 (1st floor Strand Building)\\
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	33	Slides: & KEATS (also home work is there)\\
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	34	\end{tabular}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	35	\end{center}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	36
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	37	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	38	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	39
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	40	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	41	\begin{frame}[c]
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	42
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	43	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	44	\includegraphics[scale=0.45]{../pics/trainwreck.jpg}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	45	last week: buffer overflow attacks
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	46	\end{center}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	47
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	48	\end{frame}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	49	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	50
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	51	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	52	\begin{frame}[fragile]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	53	\frametitle{D-Link Wifi Router, BOA}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	54	\small
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	55
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	56	As a proof-of-concept, the following URL allows
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	57	attackers to control the return value saved on
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	58	the stack (the vulnerability is triggered when
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	59	executing "/usr/sbin/widget"):
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	60
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	61	\begin{center}\footnotesize
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	62	\pcode{curl http://<target ip>/post_login.xml?hash=AAA...AAABBBB}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	63	\end{center}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	64
121 01f7e799e6ce added slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 120 diff changeset	65	The value of the "hash" HTTP GET parameter consists of
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	66	292 occurrences of the \pcode{'A'} character, followed by four
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	67	occurrences of character \pcode{'B'}. In our lab setup, characters
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	68	\pcode{'B'} overwrite the saved program counter (\pcode{\%ra}).\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	69
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	70
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	71	\begin{tabular}{@{}ll}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	72	Discovery date: & 06/03/2013\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	73	Release date: & 02/08/2013
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	74	\end{tabular}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	75
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	76
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	77
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	78	\hfill\url{http://roberto.greyhats.it/advisories/20130801-dlink-dir645.txt}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	79	\end{frame}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	80	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	81
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	82	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	83	\begin{frame}[fragile]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	84	\frametitle{D-Link Backdoors}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	85
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	86	D-Link router flaw lets anyone login through "Joel's Backdoor":\medskip
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	87
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	88	\begin{quote}\rm\small
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	89	If you tell your browser to identify itself as Joel's backdoor, instead of (say)
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	90	as Mozilla/5.0 AppleWebKit/536.30.1 Version/6.0.5, you're in without authentication.\medskip
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	91
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	92	"What is this string," I hear you ask?
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	93
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	94	You will laugh: it is
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	95
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	96	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	97	\pcode{xmlset_roodkcableoj28840ybtide}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	98	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	99	\end{quote}\bigskip\bigskip
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	100
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	101	\hfill\footnotesize October 15, 2013\\
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	102	\hfill\footnotesize\url{http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	103
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	104	\end{frame}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	105	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	106
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	107	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	108	\begin{frame}[fragile]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	109
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	110	CVE-2014-0476 chkrootkit vulnerability 4 Jun'14\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	111
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	112	\begin{quote}\rm\small
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	113	Hi,
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	114
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	115	we just found a serious vulnerability in the chkrootkit package, which
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	116	may allow local attackers to gain root access to a box in certain
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	117	configurations (\pcode{/tmp} not mounted noexec). Steps to reproduce:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	118
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	119	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	120	\item Put an executable file named \pcode{update} with non-root owner in /tmp (not
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	121	mounted noexec, obviously)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	122	\item Run chkrootkit (as uid 0)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	123	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	124
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	125	Result: The file \pcode{/tmp/update} will be executed as root, thus effectively
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	126	rooting your box, if malicious content is placed inside the file.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	127
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	128	If an attacker knows you are periodically running chkrootkit (like in
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	129	cron.daily) and has write access to \pcode{/tmp} (not mounted noexec), he may
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	130	easily take advantage of this.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	131	\end{quote}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	132	\mbox{}\\[-10mm]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	133
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	134	\hfill\footnotesize\url{http://seclists.org/oss-sec/2014/q2/430}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	135
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	136	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	137	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	138
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	139	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	140	\begin{frame}[c]
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	141	\frametitle{Access Control in Unix}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	142
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	143	\begin{itemize}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	144	\item access control provided by the OS
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	145	\item authenticate principals (login)
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	146	\item mediate access to files, ports, processes according to \alert{roles} (user ids)\\
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	147	\item roles get attached with privileges\bigskip\\%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	148	\hspace{8mm}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	149	\begin{bubble}[8cm]
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	150	\alert{principle of least privilege:}\\
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	151	users and programs should only have as much privilege as they need
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	152	\end{bubble}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	153	\end{itemize}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	154
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	155	\end{frame}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	156	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	157
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	158	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	159	\mode<presentation>{
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	160	\begin{frame}[c]
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	161	\frametitle{Access Control in Unix (2)}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	162
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	163
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	164	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	165	\item privileges are specified by file access permissions (``everything is a file'')\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	166	\item there are 9 (plus 2) bits that specify the permissions of a file
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	167
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	168	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	169	\begin{tabular}{l}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	170	\texttt{\$ ls -la}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	171	\texttt{-rwxrw-r-{}- \hspace{3mm} foo\_file.txt}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	172	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	173	\end{center}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	174	\end{itemize}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	175
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	176	\end{frame}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	177	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	178
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	179	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	180	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	181	\frametitle{Login Process}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	182
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	183
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	184	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	185	\item login processes run under UID $=$ \pcode{0}\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	186	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	187	\texttt{ps -axl \| grep login}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	188	\end{center}\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	189
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	190	\item after login, shells run under UID $=$ user (e.g.~501)\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	191	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	192	\texttt{id cu}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	193	\end{center}\medskip\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	194
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	195	\item non-root users are not allowed to change the UID --- would break
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	196	access control
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	197	\item but needed for example for \texttt{passwd}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	198	\end{itemize}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	199
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	200	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	201	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	202
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	203	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	204	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	205	\frametitle{Setuid and Setgid}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	206
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	207	The solution is that Unix file permissions are 9 + \underline{2 Bits}:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	208	\alert{Setuid} and \alert{Setgid} Bits
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	209
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	210	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	211	\item When a file with setuid is executed, the resulting process will
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	212	assume the UID given to the owner of the file.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	213	\item This enables users to create processes as root (or another
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	214	user).\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	215
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	216	\item Essential for changing passwords, for example.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	217	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	218
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	219	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	220	\texttt{chmod 4755 fobar\_file}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	221	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	222
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	223	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	224	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	225
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	226	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	227	\begin{frame}[c]
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	228	\frametitle{Access Control}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	229
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	230	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	231	\item \bl{Discretionary Access Control:}\mbox{}\medskip\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	232
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	233	\small Access to objects (files, directories, devices, etc.) is permitted
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	234	based on user identity. Each object is owned by a user. Owners can
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	235	specify freely (at their discretion) how they want to share their objects
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	236	with other users, by specifying which other users can have which
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	237	form of access to their objects.\medskip
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	238
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	239	Discretionary access control is implemented on any multi-user OS
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	240	(Unix, Windows NT, etc.).
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	241	\end{itemize}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	242
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	243	\end{frame}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	244	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	245
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	246	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	247	\begin{frame}[c]
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	248	\frametitle{Access Control}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	249
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	250	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	251	\item \bl{Mandatory Access Control:}\mbox{}\medskip\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	252
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	253	\small Access to objects is controlled by a system-wide policy, for example
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	254	to prevent certain flows of information. In some forms, the system maintains
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	255	security labels for both objects and subjects (processes, users), based on
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	256	which access is granted or denied. Labels can change as the result of an
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	257	access. Security policies are enforced without the cooperation of users or
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	258	application programs.\medskip
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	259
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	260	This is implemented today in special military operating system versions
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	261	(SELinux).
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	262	\end{itemize}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	263
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	264	\end{frame}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	265	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	266
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	267	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	268	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	269	\frametitle{\Large Discretionary Access Control}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	270
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	271	In its most generic form usually given by an Access Control Matrix
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	272	of the form
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	273
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	274	\begin{center}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	275	\begin{tabular}{r\|c\|c\|c}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	276	& /mail/jane & edit.exe & sendmail \\\hline
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	277	jane & r, w & r, x & r, x\\\hline
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	278	john & $\varnothing$ & r, w, x& r, x\\\hline
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	279	sendmail & a & $\varnothing$ & r, x\\
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	280	\end{tabular}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	281	\end{center}
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	282
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	283	access privileges: {\bf r}ead, {\bf w}rite, e{\bf x}ecute, {\bf a}ppend
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	284	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	285	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	286
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	287	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	288	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	289	\small
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	290
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	291	\lstinputlisting[numbers=none,xleftmargin=-6mm]{lst}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	292
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	293
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	294	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	295	\begin{tabular}{ll}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	296	Members of group staff: & ping, bob, emma\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	297	Members of group students: & emma\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	298	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	299	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	300
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	301	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	302	\begin{tabular}{@{\hspace{-7mm}}r\|c\|c\|c\|c\|c@{}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	303	& manual.txt & report.txt & microedit & src/code.c & src/code.h \\\hline
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	304	ping & & & & &\\\hline
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	305	bob & & & & &\\\hline
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	306	emma & & & & &\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	307	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	308	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	309
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	310	\end{frame}
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	311	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	312
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	313	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	314	\begin{frame}[c]
59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	315	\frametitle{Mandatory Access Control}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	316	\small
45 24d08d7c582f added Christian Urban <urbanc@in.tum.de> parents: 44 diff changeset	317
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	318	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	319	\item Restrictions to allowed information flows are not decided at the
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	320	user's discretion (as with Unix \pcode{chmod}), but instead enforced
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	321	by system policies.
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	322
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	323	\item Mandatory access control mechanisms are aimed in particular at
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	324	preventing policy violations by untrusted application software,
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	325	which typically have at least the same access privileges as the
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	326	invoking user.\medskip
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	327
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	328	Simple example: Air Gap Security. Uses completely separate network
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	329	and computer hardware for different application classes.
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	330	\end{itemize}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	331
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	332	\end{frame}
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	333	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	334
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	335
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	336	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	337	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	338	\frametitle{The Bell/LaPadula Model}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	339
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	340	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	341	\item Formal policy model for mandatory access control in a military
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	342	multi-level security environment. All subjects (processes, users,
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	343	terminals, files, windows, connections) are labeled
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	344	with a confidentiality level, e.g.
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	345	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	346	unclassified < confidential < secret < top secret
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	347	\end{center}\medskip
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	348
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	349	\item The system policy automatically prevents the flow of information
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	350	from high-level objects to lower levels. A process that reads top
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	351	secret data becomes tagged as top secret by the operating system, as
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	352	will be all files into which it writes afterwards.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	353	%Each user has a maximum allowed confidentiality level specified and
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	354	%cannot receive data beyond that level. A selected set of trusted
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	355	%subjects is allowed to bypass the restrictions, in order to permit
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	356	%the declassification of information.
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	357	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	358
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	359	\end{frame}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	360	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	361
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	362	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	363	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	364	\frametitle{Bell-LaPadula}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	365	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	366
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	367	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	368	\item \alert{Read Rule}: A principal \bl{$P$} can read an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	369	\bl{$P$}'s security level is at least as high as \bl{$O$}'s.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	370	\item \alert{Write Rule}: A principal \bl{$P$} can write an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	371	\bl{$O$}'s security level is at least as high as \bl{$P$}'s.\medskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	372
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	373	\item Meta-Rule: All principals in a system should have a sufficiently high security level
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	374	in order to access an object.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	375	\end{itemize}\bigskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	376
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	377	This restricts information flow $\Rightarrow$ military\bigskip\bigskip\pause
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	378
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	379	Bell-LaPadula: {\bf `no read up'} - {\bf `no write down'}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	380
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	381	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	382	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	383
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	384	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	385	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	386	\frametitle{\begin{tabular}{c}Principle of\\[-2mm] Least Privilege\end{tabular}}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	387
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	388	\begin{bubble}[10cm]
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	389	A principal should have as few privileges as possible to access a resource.
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	390	\end{bubble}\bigskip\bigskip
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	391	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	392
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	393	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	394	\item Bob ($T\!S$) and Alice ($S$) want to communicate
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	395	\item[] $\Rightarrow$ Bob should lower his security level
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	396	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	397
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	398	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	399	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	400
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	401	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	402	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	403	\frametitle{Biba Policy}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	404	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	405
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	406	Data Integrity (rather than data confidentiality)
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	407
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	408	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	409	\item Biba: {\bf `no read down'} - {\bf `no write up'}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	410	\item \alert{Read Rule}: A principal \bl{$P$} can read an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	411	\bl{$P$}'s security level is lower or equal than \bl{$O$}'s.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	412	\item \alert{Write Rule}: A principal \bl{$P$} can write an object \bl{$O$} if and only if
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	413	\bl{$O$}'s security level is lower or equal than \bl{$P$}'s.
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	414	\end{itemize}\bigskip\bigskip\pause
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	415
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	416	E.g.~Firewalls: you can read from inside the firewall, but not from outside\\
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	417	Phishing: you can look at an approved PDF, but not one from a random email\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	418
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	419	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	420	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	421
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	422	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	423	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	424	\frametitle{Security Levels (2)}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	425
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	426	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	427	\item Bell-La Padula preserves data secrecy, but not data
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	428	integrity\bigskip\pause
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	429
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	430	\item Biba model is for data integrity
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	431
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	432	\begin{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	433	\item read: your own level and above
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	434	\item write: your own level and below
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	435	\end{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	436	\end{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	437
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	438	\end{frame}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	439	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	440
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	441	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	442	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	443	\frametitle{Shared Access Control}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	444
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	445	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	446	\includegraphics[scale=0.7]{../pics/pointsplane.jpg}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	447	\end{center}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	448
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	449	\begin{textblock}{11}(10.5,10.5)
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	450	\small
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	451	To take an action you\\[-1mm]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	452	need at least either:
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	453	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	454	\item 1 CEO\\[-5mm]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	455	\item 2 MDs, or\\[-5mm]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	456	\item 3 Ds
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	457	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	458	\end{textblock}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	459
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	460	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	461	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
117 59d3bf386a6d added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 105 diff changeset	462
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	463	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	464	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	465	\frametitle{\Large Lessons from Access Control}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	466
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	467	Not just restricted to Unix:
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	468
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	469	\begin{itemize}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	470	\item if you have too many roles (i.e.~too finegrained AC), then
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	471	hierarchy is too complex\\
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	472	\textcolor{gray}{you invite situations like\ldots lets be root}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	473
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	474	\item you can still abuse the system\ldots\bigskip\pause
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	475
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	476	\item
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	477	policies (a finite system)\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	478	computer system (infinite)\medskip\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	479	Q: Does your policy ensure that a tainted file cannot affect your
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	480	core system files?
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	481
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	482	\end{itemize}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	483
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	484	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	485	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	486
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	487	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	488	\begin{frame}[t]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	489	\frametitle{Protocols}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	490
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	491	\mbox{}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	492
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	493	\begin{tabular}{l}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	494	{\Large \bl{$A\;\rightarrow\; B : \ldots$}}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	495	\onslide<2->{\Large \bl{$B\;\rightarrow\; A : \ldots$}}\\
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	496	\onslide<2->{\Large \;\;\;\;\;\bl{$:$}}\bigskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	497	\end{tabular}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	498
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	499	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	500	\item by convention \bl{$A$}, \bl{$B$} are named principals \bl{Alice\ldots}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	501	but most likely they are programs, which just follow some instructions (they are more like roles)\bigskip
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	502	\item<2-> indicates one ``protocol run'', or session, which specifies some
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	503	order in the communication
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	504	\item<2-> there can be several sessions in parallel (think of wifi routers)
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	505	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	506
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	507	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	508	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	509
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	510	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	511	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	512	\frametitle{\Large Cryptographic Protocol Failures}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	513
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	514	Ross Anderson and Roger Needham wrote:\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	515
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	516	\begin{quote}\rm
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	517	\alert{A lot of the recorded frauds were the result of this kind of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	518	blunder, or from management negligence pure and simple.} However,
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	519	there have been a significant number of cases where the designers
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	520	protected the right things, used cryptographic algorithms which were
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	521	not broken, and yet found that their systems were still successfully
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	522	attacked.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	523	\end{quote}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	524
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	525	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	526	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	527
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	528	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	529	\begin{frame}<1-3>[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	530	\frametitle{Oyster Cards}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	531
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	532	\includegraphics[scale=0.4]{../pics/oysterc.jpg}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	533
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	534	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	535	\item good example of a bad protocol\\ (security by obscurity)\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	536	\item<3-> ``Breaching security on Oyster cards should not
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	537	allow unauthorised use for more than a day, as TfL promises to turn
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	538	off any cloned cards within 24 hours\ldots''
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	539	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	540
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	541	\only<2>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	542	\begin{textblock}{12}(0.5,0.5)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	543	\begin{bubble}[11cm]\footnotesize
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	544	{\bf Wirelessly Pickpocketing a Mifare Classic Card}\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	545
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	546	The Mifare Classic is the most widely used contactless smartcard on the
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	547	market. The stream cipher CRYPTO1 used by the Classic has recently been
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	548	reverse engineered and serious attacks have been proposed. The most serious
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	549	of them retrieves a secret key in under a second. In order to clone a card,
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	550	previously proposed attacks require that the adversary either has access to
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	551	an eavesdropped communication session or executes a message-by-message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	552	man-in-the-middle attack between the victim and a legitimate
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	553	reader. Although this is already disastrous from a cryptographic point of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	554	view, system integrators maintain that these attacks cannot be performed
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	555	undetected.\smallskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	556
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	557	This paper proposes four attacks that can be executed by an adversary having
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	558	only wireless access to just a card (and not to a legitimate reader). The
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	559	most serious of them recovers a secret key in less than a second on ordinary
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	560	hardware. Besides the cryptographic weaknesses, we exploit other weaknesses
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	561	in the protocol stack. A vulnerability in the computation of parity bits
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	562	allows an adversary to establish a side channel. Another vulnerability
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	563	regarding nested authentications provides enough plaintext for a speedy
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	564	known-plaintext attack.\hfill{}(a paper from 2009)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	565	\end{bubble}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	566	\end{textblock}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	567
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	568	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	569	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	570
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	571	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	572	\begin{frame}<1->[t]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	573	\frametitle{Another Example}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	574
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	575	In an email from Ross Anderson\bigskip\small
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	576
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	577	\begin{tabular}{l}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	578	From: Ross Anderson <Ross.Anderson@cl.cam.ac.uk>\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	579	Sender: cl-security-research-bounces@lists.cam.ac.uk\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	580	To: cl-security-research@lists.cam.ac.uk\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	581	Subject: Birmingham case\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	582	Date: Tue, 13 Aug 2013 15:13:17 +0100\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	583	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	584
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	585
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	586	\only<2>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	587	\begin{textblock}{12}(0.5,0.8)
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	588	\begin{bubble}[11cm]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	589	\footnotesize
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	590	As you may know, Volkswagen got an injunction against the University of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	591	Birmingham suppressing the publication of the design of a weak cipher
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	592	used in the remote key entry systems in its recent-model cars. The paper
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	593	is being given today at Usenix, minus the cipher design.\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	594
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	595	I've been contacted by Birmingham University's lawyers who seek to prove
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	596	that the cipher can be easily obtained anyway. They are looking for a
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	597	student who will download the firmware from any newish VW, disassemble
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	598	it and look for the cipher. They'd prefer this to be done by a student
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	599	rather than by a professor to emphasise how easy it is.\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	600
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	601	Volkswagen's argument was that the Birmingham people had reversed a
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	602	locksmithing tool produced by a company in Vietnam, and since their key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	603	fob chip is claimed to be tamper-resistant, this must have involved a
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	604	corrupt insider at VW or at its supplier Thales. Birmingham's argument
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	605	is that this is nonsense as the cipher is easy to get hold of. Their
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	606	lawyers feel this argument would come better from an independent
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	607	outsider.\medskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	608
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	609	Let me know if you're interested in having a go, and I'll put you in
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	610	touch
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	611
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	612	Ross
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	613	\end{bubble}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	614	\end{textblock}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	615
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	616	\end{frame}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	617	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	618
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	619	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	620	\mode<presentation>{
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	621	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	622	\frametitle{Authentication Protocols}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	623
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	624
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	625	Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	626
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	627	Passwords:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	628
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	629	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	630	\bl{$B \rightarrow A: K_{AB}$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	631	\end{center}\pause\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	632
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	633	Problem: Eavesdropper can capture the secret and replay it; \bl{$A$} cannot confirm the
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	634	identity of \bl{$B$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	635
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	636	\end{frame}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	637	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	638
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	639	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	640	\mode<presentation>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	641	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	642	\frametitle{Authentication Protocols}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	643
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	644	Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	645
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	646	Simple Challenge Response:
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	647
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	648	\begin{center}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	649	\begin{tabular}{ll}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	650	\bl{$A \rightarrow B:$} & \bl{$N$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	651	\bl{$B \rightarrow A:$} & \bl{$\{N\}_{K_{AB}}$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	652	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	653	\end{center}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	654
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	655
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	656	\end{frame}}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	657	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	658
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	659	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	660	\mode<presentation>{
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	661	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	662	\frametitle{Authentication Protocols}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	663
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	664	Alice (\bl{$A$}) and Bob (\bl{$B$}) share a secret key \bl{$K_{AB}$}\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	665
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	666	Mutual Challenge Response:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	667
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	668	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	669	\begin{tabular}{ll}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	670	\bl{$A \rightarrow B:$} & \bl{$N_A$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	671	\bl{$B \rightarrow A:$} & \bl{$\{N_A, N_B\}_{K_{AB}}$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	672	\bl{$A \rightarrow B:$} & \bl{$N_B$}\\
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	673	\end{tabular}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	674	\end{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	675
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	676	%\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	677	%An attacker \bl{$E$} can launch an impersonation attack by
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	678	%intercepting all messages for \bl{$B$} and make \bl{$A$} decrypt her
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	679	%own challenges.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	680
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	681	\end{frame}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	682	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	683
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	684	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	685	\begin{frame}[c]
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	686	\frametitle{Nonces}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	687
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	688	\begin{enumerate}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	689	\item I generate a nonce (random number) and send it to you encrypted with a key we share
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	690	\item you increase it by one, encrypt it under a key I know and send
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	691	it back to me
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	692	\end{enumerate}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	693
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	694
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	695	I can infer:
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	696
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	697	\begin{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	698	\item you must have received my message
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	699	\item you could only have generated your answer after I send you my initial
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	700	message
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	701	\item if only you and me know the key, the message must have come from you
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	702	\end{itemize}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	703
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	704	\end{frame}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	705	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	706
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	707	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	708	\mode<presentation>{
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	709	\begin{frame}[c]
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	710
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	711	\begin{center}
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	712	\begin{tabular}{ll}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	713	\bl{$A \rightarrow B$:} & \bl{$N_a$}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	714	\bl{$B \rightarrow A$:} & \bl{$\{N_a, N_b\}_{K_{ab}}$}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	715	\bl{$A \rightarrow B$:} & \bl{$N_b$}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	716	\end{tabular}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	717	\end{center}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	718
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	719	The attack (let $A$ decrypt her own messages):
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	720
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	721	\begin{center}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	722	\begin{tabular}{ll}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	723	\bl{$A \rightarrow E$:} & \bl{$N_a$}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	724	\textcolor{gray}{$E \rightarrow A$:} & \textcolor{gray}{$N_a$}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	725	\textcolor{gray}{$A \rightarrow E$:} & \textcolor{gray}{$\{N_a, N_a\}_{K_{ab}}$}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	726	\bl{$E \rightarrow A$:} & \bl{$\{N_a, N_a\}_{K_{ab}}$}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	727	\bl{$A \rightarrow E$:} & \bl{$N_a \;\;(= N_b)$}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	728	\end{tabular}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	729	\end{center}\pause
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	730
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	731	\small Solutions: \bl{$K_{ab} \not= K_{ba}$} or include an id in the second message
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	732	\end{frame}}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	733	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	734
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	735	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	736	\mode<presentation>{
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	737	\begin{frame}[c]
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	738	\frametitle{Encryption to the Rescue?}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	739
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	740
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	741	\begin{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	742	\item \bl{$A \,\rightarrow\, B : \{A, N_A\}_{K_{AB}}$}\hspace{1cm} encrypted\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	743	\item \bl{$B\,\rightarrow\, A : \{N_A, K'_{AB}\}_{K_{AB}}$}\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	744	\item \bl{$A \,\rightarrow\, B : \{N_A\}_{K'_{AB}}$}\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	745	\end{itemize}\pause
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	746
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	747	means you need to send separate ``Hello'' signals (bad), or worse
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	748	share a single key between many entities
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	749	\end{frame}}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	750	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	751
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	752	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	753	\mode<presentation>{
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	754	\begin{frame}[c]
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	755	\frametitle{Protocol Attacks}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	756
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	757	\begin{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	758	\item replay attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	759	\item reflection attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	760	\item man-in-the-middle attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	761	\item timing attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	762	\item parallel session attacks
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	763	\item binding attacks (public key protocols)
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	764	\item changing environment / changing assumptions\bigskip
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	765
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	766	\item (social engineering attacks)
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	767	\end{itemize}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	768	\end{frame}}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	769	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	770
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	771
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	772	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	773	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	774	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	775	\frametitle{Public-Key Infrastructure}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	776
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	777	\begin{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	778	\item the idea is to have a certificate authority (CA)
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	779	\item you go to the CA to identify yourself
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	780	\item CA: ``I, the CA, have verified that public key \bl{$P^{pub}_{Bob}$} belongs to Bob''\bigskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	781	\item CA must be trusted by everybody
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	782	\item What happens if CA issues a false certificate? Who pays in case of loss? (VeriSign
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	783	explicitly limits liability to \$100.)
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	784	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	785
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	786	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	787	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	788
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	789	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	790	\mode<presentation>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	791	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	792	\frametitle{Person-in-the-Middle}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	793
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	794	``Normal'' protocol run:\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	795
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	796	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	797	\item \bl{$A$} sends public key to \bl{$B$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	798	\item \bl{$B$} sends public key to \bl{$A$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	799	\item \bl{$A$} sends message encrypted with \bl{$B$}'s public key, \bl{$B$} decrypts it
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	800	with its private key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	801	\item \bl{$B$} sends message encrypted with \bl{$A$}'s public key, \bl{$A$} decrypts it
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	802	with its private key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	803	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	804
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	805	\end{frame}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	806	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	807
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	808	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	809	\mode<presentation>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	810	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	811	\frametitle{Person-in-the-Middle}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	812
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	813	Attack:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	814
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	815	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	816	\item \bl{$A$} sends public key to \bl{$B$} --- \bl{$C$} intercepts this message and send his own public key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	817	\item \bl{$B$} sends public key to \bl{$A$} --- \bl{$C$} intercepts this message and send his own public key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	818	\item \bl{$A$} sends message encrypted with \bl{$C$}'s public key, \bl{$C$} decrypts it
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	819	with its private key, re-encrypts with \bl{$B$}'s public key
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	820	\item similar for other direction
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	821	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	822
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	823	\end{frame}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	824	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	825
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	826	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	827	\mode<presentation>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	828	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	829	\frametitle{Person-in-the-Middle}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	830
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	831	Prevention:
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	832
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	833	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	834	\item \bl{$A$} sends public key to \bl{$B$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	835	\item \bl{$B$} sends public key to \bl{$A$}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	836	\item \bl{$A$} encrypts message with \bl{$B$}'s public key, send's {\bf half} of the message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	837	\item \bl{$B$} encrypts message with \bl{$A$}'s public key, send's {\bf half} of the message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	838	\item \bl{$A$} sends other half, \bl{$B$} can now decrypt entire message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	839	\item \bl{$B$} sends other half, \bl{$A$} can now decrypt entire message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	840	\end{itemize}\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	841
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	842	\bl{$C$} would have to invent a totally new message
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	843
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	844	\end{frame}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	845	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	846
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	847	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	848	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	849	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	850	\frametitle{Binding Attacks}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	851
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	852	with public-private keys it is important that the public key is \alert{bound}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	853	to the right owner (verified by a certification authority \bl{$CA$})
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	854
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	855	\begin{center}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	856	\begin{tabular}{l}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	857	\bl{$A \rightarrow CA :$} \bl{$A, B, N_A$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	858	\bl{$CA \rightarrow A :$} \bl{$CA, \{CA, A, N_A, K^{pub}_{B}\}_{K^{pub}_{A}}$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	859	\end{tabular}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	860	\end{center}\bigskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	861
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	862	\bl{$A$} knows \bl{$K^{priv}_A$} and can verify the message came from \bl{$CA$}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	863	in response to \bl{$A$}'s message and trusts \bl{$K^{pub}_{B}$} is \bl{$B$}'s public key
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	864
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	865
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	866	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	867	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	868
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	869
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	870
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	871	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	872	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	873	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	874	\frametitle{Binding Attacks}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	875
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	876	\begin{center}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	877	\begin{tabular}{l}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	878	\bl{$A \rightarrow I(CA) :$} \bl{$A, B, N_A$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	879	\bl{$I(A) \rightarrow CA :$} \bl{$A, I, N_A$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	880	\bl{$CA \rightarrow I(A) :$} \bl{$CA, \{CA, A, N_A, K^{pub}_{I}\}_{K^{pub}_{A}}$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	881	\bl{$I(CA) \rightarrow A :$} \bl{$CA, \{CA, A, N_A, K^{pub}_{I}\}_{K^{pub}_{A}}$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	882	\end{tabular}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	883	\end{center}\pause
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	884
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	885	\bl{$A$} now encrypts messages for \bl{$B$} with the public key of \bl{$I$}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	886	(which happily decrypts them with its private key)
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	887
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	888	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	889	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	890
119 0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	891
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	892	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	893	\mode<presentation>{
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	894	\begin{frame}[c]
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	895	\frametitle{Replay Attacks}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	896
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	897	Schroeder-Needham protocol: exchange of a symmetric key with a trusted 3rd-party \bl{$S$}:
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	898
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	899	\begin{center}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	900	\begin{tabular}{r@ {\hspace{1mm}}l}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	901	\bl{$A \rightarrow S :$} & \bl{$A, B, N_A$}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	902	\bl{$S \rightarrow A :$} & \bl{$\{N_A, B, K_{AB},\{K_{AB}, A\}_{K_{BS}} \}_{K_{AS}}$}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	903	\bl{$A \rightarrow B :$} & \bl{$\{K_{AB}, A\}_{K_{BS}} $}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	904	\bl{$B \rightarrow A :$} & \bl{$\{N_B\}_{K_{AB}}$}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	905	\bl{$A \rightarrow B :$} & \bl{$\{N_B-1\}_{K_{AB}}$}\\
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	906	\end{tabular}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	907	\end{center}\bigskip\pause
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	908
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	909	at the end of the protocol both \bl{$A$} and \bl{$B$} should be in the possession of the secret key
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	910	\bl{$K_{AB}$} and know that the other principal has the key
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	911
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	912	\end{frame}}
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	913	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	914
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	915
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	916	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	917	\mode<presentation>{
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	918	\begin{frame}[c]
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	919
0cea882f03c7 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 118 diff changeset	920	\begin{center}
118 a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	921	\begin{tabular}{l}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	922	\bl{$A \rightarrow S :$} \bl{$A, B, N_A$}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	923	\bl{$S \rightarrow A :$} \bl{$\{N_A, B, K_{AB},\{K_{AB}, A\}_{K_{BS}} \}_{K_{AS}}$}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	924	\bl{$A \rightarrow B :$} \bl{$\{K_{AB}, A\}_{K_{BS}} $}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	925	\bl{$B \rightarrow A :$} \bl{$\{N_B\}_{K_{AB}}$}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	926	\bl{$A \rightarrow B :$} \bl{$\{N_B-1\}_{K_{AB}}$}\pause\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	927	\hspace{5cm}compromise \bl{$K_{AB}$}\pause\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	928	\bl{$A \rightarrow S :$} \bl{$A, B, N'_A$}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	929	\bl{$S \rightarrow A :$} \bl{$\{N'_A, B, K'_{AB},\{K'_{AB}, A\}_{K_{BS}} \}_{K_{AS}}$}\pause\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	930	\bl{$I(A) \rightarrow B :$} \bl{$\{K_{AB}, A\}_{K_{BS}} $}\hspace{0.5cm} replay of older run\pause\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	931	\bl{$B \rightarrow I(A) :$} \bl{$\{N'_B\}_{K_{AB}}$}\\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	932	\bl{$I(A) \rightarrow B :$} \bl{$\{N'_B-1\}_{K_{AB}}$}\
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	933	\end{tabular}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	934	\end{center}\pause
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	935
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	936	\bl{$B$} believes it is following the correct protocol,
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	937	intruder \bl{$I$} can form the correct response because it knows \bl{$K_{AB}$} and
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	938	talks to \bl{$B$} masquerading as \bl{$A$}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	939	\end{frame}}
a42bbdfe5dd9 more slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 117 diff changeset	940	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	941
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	942	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	943	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	944	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	945	\frametitle{Time-Stamps}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	946
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	947	The Schroeder-Needham protocol can be fixed by including a time-stamp (e.g., in Kerberos):
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	948
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	949	\begin{center}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	950	\begin{tabular}{r@ {\hspace{1mm}}l}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	951	\bl{$A \rightarrow S :$} & \bl{$A, B, N_A$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	952	\bl{$S \rightarrow A :$} & \bl{$\{N_A, B, K_{AB},\{K_{AB}, A, T_S\}_{K_{BS}} \}_{K_{AS}}$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	953	\bl{$A \rightarrow B :$} & \bl{$\{K_{AB}, A, T_S\}_{K_{BS}} $}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	954	\bl{$B \rightarrow A :$} & \bl{$\{N_B\}_{K_{AB}}$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	955	\bl{$A \rightarrow B :$} & \bl{$\{N_B-1\}_{K_{AB}}$}\\
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	956	\end{tabular}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	957	\end{center}\bigskip\pause
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	958
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	959	but nothing is for free: then you need to synchronise time and possibly become a victim to
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	960	timing attacks
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	961
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	962	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	963	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	964
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	965	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	966	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	967	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	968
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	969	A Man-in-the-middle attack in real life:
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	970
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	971	\begin{itemize}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	972	\item the card only says yes to the terminal if the PIN is correct
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	973	\item trick the card in thinking transaction is verified by signature
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	974	\item trick the terminal in thinking the transaction was verified by PIN
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	975	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	976
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	977	\begin{minipage}{1.1\textwidth}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	978	\begin{center}
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	979	\mbox{}\hspace{-6mm}\includegraphics[scale=0.5]{../pics/chip-attack.png}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	980	\includegraphics[scale=0.3]{../pics/chipnpinflaw.png}
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	981	\end{center}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	982	\end{minipage}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	983
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	984	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	985	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	986
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	987	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	988	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	989	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	990	\frametitle{Problems with EMV}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	991
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	992	\begin{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	993	\item it is a wrapper for many protocols
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	994	\item specification by consensus (resulted unmanageable complexity)
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	995	\item its specification is 700 pages in English plus 2000+ pages for testing, additionally some
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	996	further parts are secret
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	997	\item other attacks have been found
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	998	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	999
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1000	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1001	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1002
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1003
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1004	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1005	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1006	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1007	\frametitle{\begin{tabular}{@{}c@{}}Problems with WEP (Wifi)\end{tabular}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1008
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1009	\begin{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1010	\item a standard ratified in 1999
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1011	\item the protocol was designed by a committee not including cryptographers
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1012	\item it used the RC4 encryption algorithm which is a stream cipher requiring a unique nonce
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1013	\item WEP did not allocate enough bits for the nonce
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1014	\item for authenticating packets it used CRC checksum which can be easily broken
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1015	\item the network password was used to directly encrypt packages (instead of a key negotiation protocol)\bigskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1016	\item encryption was turned off by default
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1017	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1018
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1019	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1020	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1021
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1022
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1023	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1024	\mode<presentation>{
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1025	\begin{frame}[c]
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1026	\frametitle{Protocols are Difficult}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1027
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1028	\begin{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1029	\item even the systems designed by experts regularly fail\medskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1030	\item try to make everything explicit (you need to authenticate all data you might rely on)\medskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1031	\item the one who can fix a system should also be liable for the losses\medskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1032	\item cryptography is often not {\bf the} answer\bigskip\bigskip
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1033	\end{itemize}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1034
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1035	\end{frame}}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1036	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1037
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1038	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1039	\mode<presentation>{
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1040	\begin{frame}[c]
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1041	\frametitle{Best Practices}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1042
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1043	{\bf Principle 1:} Every message should say what it means: the interpretation of
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1044	a message should not depend on the context.\bigskip\pause
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1045
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1046	{\bf Principle 2:} If the identity of a principal is essential to the meaning of a message, it is prudent
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1047	to mention the principal’s name explicitly in the message (though difficult).\bigskip
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1048
120 99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1049
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1050	\end{frame}}
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1051	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
99d408cfcfb3 added new slides Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 119 diff changeset	1052
43 de3e32e10628 added Christian Urban <urbanc@in.tum.de> parents: 41 diff changeset	1053	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
de3e32e10628 added Christian Urban <urbanc@in.tum.de> parents: 41 diff changeset	1054	\mode<presentation>{
de3e32e10628 added Christian Urban <urbanc@in.tum.de> parents: 41 diff changeset	1055	\begin{frame}[c]
de3e32e10628 added Christian Urban <urbanc@in.tum.de> parents: 41 diff changeset	1056
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1057	{\bf Principle 3:} Be clear about why encryption is being
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1058	done. Encryption is not cheap, and not asking precisely why it is
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1059	being done can lead to redundancy. Encryption is not synonymous with
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1060	security.
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1061
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1062	\begin{center}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1063	Possible Uses of Encryption
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1064
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1065	\begin{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1066	\item Preservation of confidentiality: \bl{$\{X\}_K$} only those that have \bl{$K$} may recover \bl{$X$}.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1067	\item Guarantee authenticity: The partner is indeed some particular principal.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1068	\item Guarantee confidentiality and authenticity: binds two parts of a message ---
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1069	\bl{$\{X,Y\}_K$} is not the same as \bl{$\{X\}_K$} and \bl{$\{Y\}_K$}.
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1070	\end{itemize}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1071	\end{center}
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1072
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1073
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1074
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1075	\end{frame}}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1076	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1077
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1078	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1079	\mode<presentation>{
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1080	\begin{frame}[c]
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1081	\frametitle{Best Practices}
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1082
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1083	{\bf Principle 4:} The protocol designer should know which trust relations his protocol depends on, and why the dependence is necessary. The reasons for particular trust relations being acceptable should be explicit though they will be founded on judgment and policy rather than on logic.\bigskip
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1084
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1085
241 07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1086	Example Certification Authorities: CAs are trusted to certify a key only after proper steps
07e4d8f64ca8 updated Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 121 diff changeset	1087	have been taken to identify the principal that owns it.
105 40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1088
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1089	\end{frame}}
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1090	%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
40c51038c9e4 added Christian Urban <christian dot urban at kcl dot ac dot uk> parents: 90 diff changeset	1091
41 b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1092	\end{document}
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1093
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1094	%%% Local Variables:
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1095	%%% mode: latex
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1096	%%% TeX-master: t
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1097	%%% End:
b44341c0a7bb slides Christian Urban <urbanc@in.tum.de> parents: diff changeset	1098

author	Christian Urban <christian dot urban at kcl dot ac dot uk>
	Tue, 14 Oct 2014 06:20:39 +0100
changeset 241	07e4d8f64ca8
parent 121	01f7e799e6ce
child 243	dd94cbf9eba7
permissions	-rw-r--r--